Added initial content.

.gitignore

@@ -0,0 +1,39 @@
+*.bak
+*.lo
+*.log
+*.o
+*.trs
+*~
+.deps
+.libs
+ChangeLog
+INSTALL
+Makefile
+Makefile.in
+aclocal.m4
+autom4te.cache/
+build-aux/ar-lib
+build-aux/compile
+build-aux/config.guess
+build-aux/config.sub
+build-aux/depcomp
+build-aux/install-sh
+build-aux/ltmain.sh
+build-aux/missing
+build-aux/test-driver
+config.log
+config.status
+configure
+libtool
+libu2f-server-*.tar.xz*
+m4/libtool.m4
+m4/ltoptions.m4
+m4/ltsugar.m4
+m4/ltversion.m4
+m4/lt~obsolete.m4
+tests/.deps/
+tests/Makefile
+tests/Makefile.in
+tests/basic
+pam_u2f.la
+pam_u2f.8

AUTHORS

@@ -0,0 +1 @@
+Alessio Di Mauro <alessio@yubico.com>

BLURB

@@ -0,0 +1,7 @@
+Author: Yubico
+Basename: pam-u2f
+Homepage: https://developers.yubico.com/pam-u2f/
+License: PAM
+Name: pam-u2f
+Project: pam-u2f
+Summary: Pluggable Authentication Module (PAM) Universal 2nd Factor (U2F)

COPYING

@@ -0,0 +1,26 @@
+Copyright (c) 2014 Yubico AB
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+ * Redistributions of source code must retain the above copyright
+   notice, this list of conditions and the following disclaimer.
+
+ * Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the
+   distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Makefile.am

@@ -0,0 +1,68 @@
+#  Copyright (C) 2014 Yubico AB - See COPYING
+
+SUBDIRS = . tests
+
+ACLOCAL_AMFLAGS = -I m4
+
+AM_CFLAGS = $(WARN_CFLAGS)
+
+libdir = $(PAMDIR)
+
+lib_LTLIBRARIES = pam_u2f.la
+
+pam_u2f_la_SOURCES = pam-u2f.c
+pam_u2f_la_SOURCES += util.c util.h
+# XXX add -Wl,-x too?  PAM documentation suggests it.
+pam_u2f_la_LIBADD = -lpam
+pam_u2f_la_LIBADD += $(LIBU2FHOST_LIBS) $(LIBU2FSERVER_LIBS)
+pam_u2f_la_LDFLAGS = -module -avoid-version
+
+DEFS = -DDEBUG_PAM -DPAM_DEBUG @DEFS@
+
+dist_man8_MANS = pam_u2f.8
+DISTCLEANFILES = $(dist_man8_MANS)
+
+MANSOURCES = pam_u2f.8.txt
+EXTRA_DIST = $(MANSOURCES)
+
+SUFFIXES = .1.txt .1 .8.txt .8
+
+.8.txt.8:
+	$(A2X) --format=manpage -a revdate="Version $(VERSION)" $<
+
+# Release
+
+indent:
+	indent -kr -nut -i2 *.c *.h
+	indent -kr -nut -i2 *.c *.h
+
+ChangeLog:
+	cd $(srcdir) && git2cl > ChangeLog
+
+PROJECT = pam-u2f
+
+release:
+	@if test -z "$(KEYID)"; then \
+		echo "Try this instead:"; \
+		echo "  make release KEYID=[PGPKEYID]"; \
+		echo "For example:"; \
+		echo "  make release KEYID=2117364A"; \
+		exit 1; \
+	fi
+	@head -3 $(srcdir)/NEWS | grep -q "Version $(VERSION) .released `date -I`" || \
+		(echo 'error: Update date/version in $(srcdir)/NEWS.'; exit 1)
+	@if test ! -d "$(YUBICO_WWW_REPO)"; then \
+		echo "WWW repo not found!"; \
+		echo "Make sure that YUBICO_WWW_REPO is set"; \
+		exit 1; \
+		fi
+	rm -f ChangeLog
+	make check-doc-dist ChangeLog distcheck
+	gpg --detach-sign --default-key $(KEYID) $(PACKAGE)-$(VERSION).tar.gz
+	gpg --verify $(PACKAGE)-$(VERSION).tar.gz.sig
+	cd $(srcdir) && git push
+	cd $(srcdir) && git tag -u $(KEYID) -m $(VERSION) $(VERSION)
+	cd $(srcdir) && git push --tags
+	$(YUBICO_GITHUB_REPO)/save-mans $(PROJECT) $(MANSOURCES)
+	$(YUBICO_GITHUB_REPO)/publish $(PROJECT) $(VERSION) $(PACKAGE)-$(VERSION).tar.gz*
+

NEWS

@@ -0,0 +1,7 @@
+Copyright (c) 2014 Yubico AB - See COPYING
+
+pam-u2f NEWS -- History of user-visible changes.          -*- outline -*-
+
+* Version 0.0.0 (unreleased)
+
+** Initial release.

README

@@ -0,0 +1,193 @@
+Pluggable Authentication Module (PAM) Universal 2nd Factor (U2F)
+================================================================
+
+The PAM U2F module provides an easy way to integrate the Yubikey (or
+other U2F-compliant authenticators) into your existing user
+authentication infrastructure. PAM is used by GNU/Linux, Solaris and
+Mac OS X for user authentication.
+
+Introduction
+------------
+
+This module implements PAM authentication over U2F. Registration should
+be performed using other tools. Multiple devices are supported, for
+details check the <<devices, Multiple Devices>> section.
+
+For more information visit the project page
+https://developers.yubico.com/pam-u2f/[pam-u2f project].
+
+License
+-------
+
+The project is licensed under a BSD license. See the file COPYING for
+exact wording. For any copyright year range specified as YYYY-ZZZZ in
+this package note that the range specifies every single year in that
+closed interval.
+
+[[building]]
+Building
+--------
+
+This project uses 'autoconf', 'automake' and 'libtool' to achieve
+portability and ease of use.  If you downloaded a tarball, build it as
+follows.
+
+-----------
+  $ ./configure
+  $ make check
+-----------
+
+Both the Yubico U2F host and server libaries are needed
+https://developers.yubico.com/libu2f-host[libu2f-host]
+https://developers.yubico.com/libuwf-server[libu2f-server]
+
+Building from Git
+-----------------
+
+You may check out the sources using Git with the following command:
+
+-----------
+  $ git clone git://github.com/Yubico/pam-u2f.git
+-----------
+
+This will create a directory 'pam-u2f'. Enter the directory:
+
+-----------
+  $ cd pam-u2f
+-----------
+
+Autoconf, automake and libtool must be installed. AsciiDoc is used to
+generate the manpages.
+
+  Debian:   apt-get install autoconf automake libtool asciidoc
+
+Generate the build system using:
+
+-----------
+  $ autoreconf --install
+-----------
+
+Then build as usual, see above under <<building,Building>>.
+
+Installation
+------------
+
+Once the module is built copy the file +pam_u2f.so+ to the correct
+directory for your system. Typically +/lib/security/ or
++/lib/x86_64-linux-gnu/security/+.
+
+Create a file for a new service in +/etc/pam.d/+ or edit an already
+existing one by adding a line similar to this:
+
+----
+auth sufficient pam_u2f.so debug
+----
+
+Supported parameters for the module are:
+
+[horizontal]
+debug::
+Turns on debugging to STDOUT
+
+origin=origin::
+Set the origin for the U2F authentication procedure.
+If no value is specified, the origin "http://localhost" is used.
+
+appid=appid::
+Set the application ID for the U2F authentication procedure.
+If no value is specified, the same value used for origin is taken
+("http://localhost" if also origin is not specified).
+
+authfile=file::
+Set the location of the file that holds the mappings of user names
+to keyHandles and user keys.  The format is
++username:first_keyHandle,first_public_key:
+second_keyHandle,second_public_key:...+ the default location of the
+file is $HOME/.yubico/u2f_keys
+(more on <<files,Authorization Mapping Files>>).
+
+alwaysok::
+Set to enable all authentication attempts to succeed (aka presentation mode).
+
+max_devices=n_devices::
+Maximum number of devices allowed per user (default is 24). Devices specified
+in the authentication file that exceed this value will be ignored.
+
+[[files]]
+Authorization Mapping Files
+---------------------------
+A mapping must be made between the YubiKey token and the user name.
+There are two ways to do this, either centrally in one file, or
+individually, where users can create the mapping in their home directories.
+If the central authorization mapping file is being used, user home directory
+mappings will not be used and the opposite applies if user home directory
+mappings are being used, the central authorization mappings file will not
+be used.
+
+== Central authorization mapping
+Create a file e.g. `/etc/u2f_mappings`., The file must contain
+a user name, the number of registered Yubikeys and the information
+obtained during the registration procedure.
+
+The mappings should look like this, one per line:
+
+ <username1>:<KeyHandle1>,<UserKey1>:<KeyHandle2>,<UserKey2>:...
+ <username2>:<KeyHandle1>,<UserKey1>:<KeyHandle2>,<UserKey2>:...
+
+Now add `authfile=/etc/u2f_mappings` to your PAM configuration line, so it
+looks like:
+
+ auth sufficient pam_u2f.so authfile=/etc/u2f_mappings
+
+== Individual authorization mapping by user
+Each user creates a `~/.yubico/u2f_keys` file inside of their home
+directory and places the mapping in that file, the file must have only one
+line:
+
+ <username>:<KeyHandle1>,<UserKey1>:<KeyHandle2>,<UserKey2>:...
+
+This is much the same concept as the SSH authorized_keys file.
+
+Obtaining key-handles and public keys
+-------------------------------------
+
+In order to obtain the required information for the authentication procedure,
+a token should be first registered. This can be done by using the command line
+tools provided with libu2f-host and libu2f-server. For example the command:
+
+----
+$ u2f-server -aregister -ohttp://localhost \
+-ihttp://localhost -kkeyhandle.dat -puserkey.dat
+----
+
+will produce two files with the required information. The content of
+the key-handle file can be used as it is since it is Base64 encoded.
+The content of the user key file must be first ASCII encoded.
+One way of doing so is by invoking the following command:
+
+----
+$ xxd -p userkey.dat
+----
+
+or
+
+----
+$ hexdump -e '65/1 "%02x " "\n"' userkey.dat
+----
+
+The output can then be copied into the authentication file.
+
+Multiple Devices
+----------------
+
+Multiple devices are supported. If more than one device is specified,
+authentication against them is attempted sequentially as they are defined
+in the configuration file of the module. If during an authentication
+attempt a connected device is removed or a new device is plugged in,
+the authentication restarts from the top of the list.
+
+Portability
+-----------
+
+The main development platforms are Debian GNU/Linux and Ubuntu and they
+should be well supported.

README.adoc

@@ -0,0 +1 @@
+README