Skip to content
Commits on Jun 29, 2016
  1. @xdesai

    Removed too many retries in connection

    Added test to check number of retries
    xdesai committed Jun 27, 2016
Commits on Jun 1, 2016
  1. @mschwager

    Merge pull request #80 from ViaSat/sni_support

    Add SNI support to API calls
    mschwager committed Jun 1, 2016
  2. @skemper
Commits on Mar 3, 2016
  1. @mschwager

    Correct LD_PRELOAD .so location

    Smells like copypasta fail.
    mschwager committed Feb 5, 2016
Commits on Feb 16, 2016
  1. @mschwager

    Merge pull request #77 from lisa/lisa-handle_missing_login_shell

    Handle a missing shell from getpwuid
    mschwager committed Feb 16, 2016
Commits on Feb 14, 2016
  1. @lisa

    Handle a missing shell from getpwuid

    It is legal for the passwd.pw_shell struct element to be NULL. In this
    case the behaviour should mirror the default system behaviour and use a
    default shell (`/bin/sh` in this case).
    
    This includes a test case for a missing shell.
    lisa committed Feb 4, 2016
Commits on Jan 21, 2016
  1. @mschwager

    Release 1.9.18

    mschwager committed Jan 21, 2016
Commits on Jan 20, 2016
  1. @mschwager

    Fix groups-0.t test on Solaris

    Solaris uses different `LD_PRELOAD` environment variables for different
    processes, we need to set them accordingly.
    mschwager committed Jan 13, 2016
Commits on Jan 19, 2016
  1. @mschwager

    Revert "QR code enrollment for login_duo"

    This reverts commit 41078a0.
    mschwager committed Jan 19, 2016
  2. @mschwager
  3. @mschwager

    Revert "Fixed qrencode configuration option help string"

    This reverts commit 159cd97.
    mschwager committed Jan 19, 2016
  4. @mschwager

    Revert "Updated LICENSE to include parson license"

    This reverts commit 3d92143.
    mschwager committed Jan 19, 2016
  5. @mschwager

    Check error conditions when attempting proxy connection

    When attempting to `read` from proxy connections we should check for errors
    as we do elsewhere. This issue resulted in high CPU usage due to busy-waiting
    on a proxy response, and process hanging due to an unconditional wait.
    mschwager committed Jan 18, 2016
Commits on Jan 15, 2016
  1. @mschwager

    Const correctness for various implementations of PAM

    Variables that will be passed to a pam_* function should be marked as
    duopam_const to account for different implementation. For example, Linux
    distros include the const qualifier, whereas AIX and Solaris based OSs do
    not include the qualifier.
    
    Variables that won't be passed to a pam_* function should unconditionally be
    const.
    mschwager committed Jan 11, 2016
Commits on Jan 14, 2016
  1. @mschwager

    Ensure socket library exists

    Fixes #57
    
    We are using the `socket.h` header and `socket` function, so it
    can't hurt to ensure they exist.
    
    I removed the check for `gethostbyname` since that function no longer
    exists in the codebase. Looks like it was removed at b876884.
    mschwager committed Jan 13, 2016
Commits on Jan 5, 2016
  1. @mschwager
  2. @mschwager
  3. @mschwager

    Include the `Date` header in hash calculations if necessary

    Duo API v2 calls require the `Date` header whereas API v1 do not. The
    enroll call is v2 whereas the rest of Duo Unix still uses v1. Our mock
    HTTP server used for testing should be able to calculate the correct
    hash for both API versions.
    
    The reason we don't perform `Date` checks if we don't have to is a
    practical one. Many servers that run Duo applications have their time
    out of sync, which raises many issues. Some applications run in
    environments where it's diffcult to correct the time sync issue (managed
    Wordpress servers, etc) so we decided to forgo it if possible.
    mschwager committed Jan 4, 2016
Commits on Jan 4, 2016
  1. @mschwager
Commits on Dec 29, 2015
  1. @mschwager

    QR code enrollment for login_duo

    `login_duo` now has the ability to print out a QR code similar to the
    iframe for camera consumption. To enable this feature you must have
    additional libraries installed and the flag enabled. You must have the
    `libqrencode` development libraries installed. To compile with QR capabilites
    you must include the `--with-qrenroll` flag when running `configure`.
    Something like:
    
    `./configure --prefix=/usr --with-qrenroll`
    
    After compiling and installing you must set the `qr_enroll` flag to
    `yes` in your configuration file. Like:
    
    `qr_enroll = yes`
    
    After both of these step have been completed you should see an ASCII QR
    code appear when trying to log in as an unenrolled user. You can use the
    Duo Mobile app to scan this code and complete enrollment.
    mschwager committed Dec 18, 2015
Commits on Nov 16, 2015
  1. @mschwager

    Separate targets for building, installing, and enabling SELinux module

    Typically these 3 targets are separate (i.e. `make` vs. `make install`). We can
    also reduce the scope of using a priviledged user, since building the module
    doesn't require su priviledges, but enabling does. Finally, this will make it
    easier on our package building process.
    mschwager committed Nov 13, 2015
Commits on Oct 30, 2015
  1. @mschwager

    1.9.17 release

    mschwager committed Oct 30, 2015
  2. @mschwager

    Revert "Update pam_duo.c"

    Returning PAM_IGNORE instead of PAM_SUCCESS led to issues with groups
    bypass configuration. Consider the following common PAM configuration:
    
    ...
    auth sufficient pam_duo.so
    ...
    auth required pam_deny.so
    
    If groups bypass is configured and pam_duo.so returns PAM_IGNORE, then
    it will continue down the stack and likely end at pam_deny.so when it
    should be a successful authentication that bypassed Duo.
    mschwager committed Oct 30, 2015
Commits on Oct 7, 2015
  1. @mschwager

    1.9.16 release

    mschwager committed Oct 7, 2015
  2. @mschwager
  3. @mschwager

    Additional LD_PRELOAD file opening symbol overrides

    Overriding `open` and `fopen` isn't sufficient to cover all ways that a file
    may be opened. On some 32-bit systems we see `fopen64` and `open64` used. This
    commit adds these two functions to those that are overwritten.
    mschwager committed Oct 6, 2015
Commits on Oct 2, 2015
  1. @mschwager

    Correct username returned from mocked out function

    Recent work with the GECOS field changed the output that our tests rely
    on. The tests should return a `passwd` object with the username
    correctly set to the value passed in.
    mschwager committed Oct 2, 2015
Commits on Sep 1, 2015
  1. @mschwager

    1.9.15 release

    mschwager committed Sep 1, 2015
  2. @mschwager @mschwager

    Include SELinux module in dist build

    This file was missed when creating the dist tarball, which caused the
    `make -C pam_duo/ semodule` command to fail. Thus, an SELinux exception for Duo
    connections wasn't created.
    mschwager committed with mschwager Sep 1, 2015
Commits on Aug 21, 2015
  1. Removed the ENTRUST root from duo_unix.

    Major Sapp committed Aug 21, 2015
Commits on Aug 18, 2015
  1. @BradleyHiggins

    Merge pull request #67 from philsnow/master

    Add a config option to pam_duo that sends GECOS instead of username
    BradleyHiggins committed Aug 18, 2015
Commits on Aug 15, 2015
  1. @philsnow
Commits on Jul 31, 2015
  1. @philsnow

    Add a config option to pam_duo that sends GECOS instead of username

    For whatever reason, it may be that your Duo usernames do not match
    your unix usernames, so you might want to tell Duo some other
    username.  Put that other username in the GECOS field in /etc/passwd
    and turn this on.
    philsnow committed Jul 31, 2015
Commits on Apr 29, 2015
  1. @mschwager

    Merge pull request #64 from rmoorecpcc/rmoorecpcc-patch-duogrpchk-1

    If group membership doesn't match, return PAM_IGNORE
    mschwager committed Apr 29, 2015
Commits on Apr 21, 2015
  1. @rmoorecpcc

    Update pam_duo.c

    rmoorecpcc committed Apr 21, 2015
Something went wrong with that request. Please try again.