Date: Sat, 22 Nov 2014 18:30:18 +0000 (UTC) From: Thomas Zander <riggs@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r373085 - in head/security/pam_google_authenticator: . files Message-ID: <201411221830.sAMIUIDE017684@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: riggs Date: Sat Nov 22 18:30:17 2014 New Revision: 373085 URL: https://svnweb.freebsd.org/changeset/ports/373085 QAT: https://qat.redports.org/buildarchive/r373085/ Log: Introduce non-default OPTION for variable time steps besides the 30 seconds default PR: 194723 Submitted by: paul@dokas.name Approved by: maintainer timeout Added: head/security/pam_google_authenticator/files/patch-pam_google_authenticator.c (contents, props changed) Modified: head/security/pam_google_authenticator/Makefile Modified: head/security/pam_google_authenticator/Makefile ============================================================================== --- head/security/pam_google_authenticator/Makefile Sat Nov 22 18:25:09 2014 (r373084) +++ head/security/pam_google_authenticator/Makefile Sat Nov 22 18:30:17 2014 (r373085) @@ -3,6 +3,7 @@ PORTNAME= pam_google_authenticator PORTVERSION= 20140826 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= LOCAL/riggs/google-authenticator DISTNAME= google-authenticator-${PORTVERSION} @@ -12,10 +13,16 @@ COMMENT= PAM module for two-step authent LICENSE= APACHE20 +OPTIONS_DEFINE= STEPSIZE +STEPSIZE_DESC= Allow time steps other than the default of 30 seconds +STEPSIZE_CFLAGS= -DSTEPSIZE + USES= gmake PLIST_FILES= bin/google-authenticator lib/pam_google_authenticator.so +.include <bsd.port.options.mk> + do-install: ${INSTALL_PROGRAM} ${WRKSRC}/google-authenticator \ ${STAGEDIR}${PREFIX}/bin/google-authenticator Added: head/security/pam_google_authenticator/files/patch-pam_google_authenticator.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/pam_google_authenticator/files/patch-pam_google_authenticator.c Sat Nov 22 18:30:17 2014 (r373085) @@ -0,0 +1,67 @@ +--- pam_google_authenticator.c.orig 2014-01-30 15:17:38.000000000 +0000 ++++ pam_google_authenticator.c 2014-11-04 17:05:55.000000000 +0000 +@@ -503,10 +503,6 @@ + } + #endif + +-static int get_timestamp(void) { +- return get_time()/30; +-} +- + static int comparator(const void *a, const void *b) { + return *(unsigned int *)a - *(unsigned int *)b; + } +@@ -538,6 +534,41 @@ + return NULL; + } + ++#if !defined(STEPSIZE) ++static int get_timestamp(void) { ++ return get_time()/30; ++} ++#else ++static int get_timestamp(pam_handle_t *pamh, const char *secret_filename, ++ const char *buf) { ++ const char *value = get_cfg_value(pamh, "STEP_SIZE", buf); ++ if (!value) { ++ // Default step size is 30. ++ free((void *)value); ++ return get_time()/30; ++ } else if (value == &oom) { ++ // Out of memory. This is a fatal error. ++ return 0; ++ } ++ ++ char *endptr; ++ errno = 0; ++ int step = (int)strtoul(value, &endptr, 10); ++ if (errno || !*value || value == endptr || ++ (*endptr && *endptr != ' ' && *endptr != '\t' && ++ *endptr != '\n' && *endptr != '\r') || ++ step < 1 || step > 60) { ++ free((void *)value); ++ log_message(LOG_ERR, pamh, "Invalid STEP_SIZE option in \"%s\"", ++ secret_filename); ++ return 0; ++ } ++ free((void *)value); ++ ++ return get_time()/step; ++} ++#endif ++ + static int set_cfg_value(pam_handle_t *pamh, const char *key, const char *val, + char **buf) { + size_t key_len = strlen(key); +@@ -1162,7 +1193,11 @@ + } + + // Compute verification codes and compare them with user input ++#if !defined(STEPSIZE) + const int tm = get_timestamp(); ++#else ++ const int tm = get_timestamp(pamh, secret_filename, *buf); ++#endif + const char *skew_str = get_cfg_value(pamh, "TIME_SKEW", *buf); + if (skew_str == &oom) { + // Out of memory. This is a fatal error
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201411221830.sAMIUIDE017684>