From e3b7c425ea3b4bc5130944b78e17d9c53e350fe7 Mon Sep 17 00:00:00 2001 From: Dane Smith Date: Mon, 13 May 2013 13:19:34 -0400 Subject: Allow time configuration. --- sys-auth/libpam-google-authenticator/Manifest | 6 +- .../files/allow_time_config.patch | 65 ++++++++++++++++++++++ .../libpam-google-authenticator-1.0.ebuild | 14 ++++- 3 files changed, 80 insertions(+), 5 deletions(-) create mode 100644 sys-auth/libpam-google-authenticator/files/allow_time_config.patch diff --git a/sys-auth/libpam-google-authenticator/Manifest b/sys-auth/libpam-google-authenticator/Manifest index bd20b65..5ca2680 100644 --- a/sys-auth/libpam-google-authenticator/Manifest +++ b/sys-auth/libpam-google-authenticator/Manifest @@ -1,2 +1,4 @@ -DIST libpam-google-authenticator-1.0-source.tar.bz2 32708 RMD160 ce26a2f805f36a82a7ab3d930116a73fb444e037 SHA1 017b7d89989f1624e360abe02d6b27a6298d285d SHA256 80426045d13ce7a2bf56c692ccfb1751cef3c7484752ad40738facf729264d4b -EBUILD libpam-google-authenticator-1.0.ebuild 627 RMD160 95b8b8c213930976e5a47d624ae7ad0aaa852582 SHA1 63048eeef57535f1079e7596b72797fa91545bad SHA256 859bd5f93cc36c154b8bddaa7ccc9788da8bec0d329986be1108ae729d201b7c +AUX allow_time_config.patch 2229 SHA256 b6baddfe1c30f3a4d4f3326795693fff8504c7f8bf0d8b5bc2d5eadced31fddc SHA512 b1f00fdee909f1020dbc662474c2380d6e69639845df97d162df6a90d8b44bdec9d6664adf3ee179f517132520558cbf15116c7a01fd311d66f1ddd19d6ecb9c WHIRLPOOL a81ad7c079455e54d4eb6cba402f3477eec54bfee19d33d3ab231db524ae00c1cd2074a1b83640cd10cf11c720381ab0e96a4b3b5edfa94f8b076f3139a8f3e2 +DIST libpam-google-authenticator-1.0-source.tar.bz2 32708 SHA256 80426045d13ce7a2bf56c692ccfb1751cef3c7484752ad40738facf729264d4b SHA512 92ec473b07e2e46f969cd0a1a6f5707892800418442ad7d046ebc1195bbd1654e396f53245056c7eee38decaeb1997102f9aa988b7da1d734dcd2b104402ef8c WHIRLPOOL fff94006035d0751ff690f81d827a33c5d304f86a48809fa889138bb29ae1f9c47315fb0c3548d29dae545cac63db9f35a9bb6e439f49cd4a6571241a43e4c6a +EBUILD libpam-google-authenticator-1.0.ebuild 758 SHA256 48b78cc12150732399906633f99c564106557ac8af9ba84d9fe0a7abe2b12c87 SHA512 a60ac6e15d8f992bade946d239a34dfb36d8a2be40186189e50ab6e29125c72b6cc8311b72273caef44c1e823d2a0583afc0a25074615bb6605c90c3b40fac53 WHIRLPOOL 7e690d6a2026f12e6796e329ab764a9f8f84439958f8ec0f5428ca43a6b046f595a4340eb3fda32cbb4c75ab29480b45cd44f6afeda207c2d880da7f1bc8cc2a +MISC TODO 23 SHA256 4929fa9118a621134d43b84969fe4c79c89a342ab5f56447cf936ff07eefbf58 SHA512 0422ce060bf4aa0506429c4e0a66df2e511b3e8f29ecddc76e5258f7f29003f4a62998269588f86c5d6cee0a5e271082a5f72edd0332018ca95c0689824d457b WHIRLPOOL f4deebbeb38a5ddf0d7cb89a82821d075e624587a453cc0978faf23d88224033280b1cff44ef818c707c5cf106228fdafe7cf0b1ea60b4685333a8c9981e063b diff --git a/sys-auth/libpam-google-authenticator/files/allow_time_config.patch b/sys-auth/libpam-google-authenticator/files/allow_time_config.patch new file mode 100644 index 0000000..85c48b0 --- /dev/null +++ b/sys-auth/libpam-google-authenticator/files/allow_time_config.patch @@ -0,0 +1,65 @@ +From ab2b4ba85e417eb0b4a497da84cd31b7e4a2bbe8 Mon Sep 17 00:00:00 2001 +From: Brian Ristuccia +Date: Tue, 14 Aug 2012 11:42:55 -0400 +Subject: [PATCH] Add configuration option for TOTP time step size. Previously the time step + was hardcoded to 30 seconds, which is now the default. + +--- + libpam/FILEFORMAT | 2 ++ + libpam/pam_google_authenticator.c | 19 ++++++++++++++++--- + 2 files changed, 18 insertions(+), 3 deletions(-) + +diff --git a/libpam/FILEFORMAT b/libpam/FILEFORMAT +index 0f0ad8a..b267b68 100644 +--- a/libpam/FILEFORMAT ++++ b/libpam/FILEFORMAT +@@ -54,6 +54,8 @@ Currently, the following options are recognized: + for most users as invalid login attempts and generated-but-not-used + tokens both contribute to synchronization problems. + ++ TIME_STEP_SIZE n ++ the default value time step size is 30 seconds. + + Any all-numeric sequence of eight-digit numbers are randomly generated + one-time tokens. The user can enter any arbitrary one-time code +diff --git a/libpam/pam_google_authenticator.c b/libpam/pam_google_authenticator.c +index 159e89e..e8dd5ab 100644 +--- a/libpam/pam_google_authenticator.c ++++ b/libpam/pam_google_authenticator.c +@@ -502,8 +502,8 @@ static time_t get_time(void) { + } + #endif + +-static int get_timestamp(void) { +- return get_time()/30; ++static int get_timestamp(int step_size) { ++ return get_time()/step_size; + } + + static int comparator(const void *a, const void *b) { +@@ -1160,8 +1160,21 @@ static int check_timebased_code(pam_handle_t *pamh, const char*secret_filename, + return 1; + } + ++ const char *step_size_str = get_cfg_value(pamh, "TIME_STEP_SIZE", *buf); ++ if (step_size_str == &oom) { ++ // Out of memory. This is a fatal error ++ return -1; ++ } ++ ++ // Default step size of 30s ++ int step_size = 30; ++ if (step_size_str) { ++ step_size = (int)strtol(step_size_str, NULL, 10); ++ } ++ free((void *)step_size_str); ++ + // Compute verification codes and compare them with user input +- const int tm = get_timestamp(); ++ const int tm = get_timestamp(step_size); + const char *skew_str = get_cfg_value(pamh, "TIME_SKEW", *buf); + if (skew_str == &oom) { + // Out of memory. This is a fatal error +-- +1.7.2.5 + diff --git a/sys-auth/libpam-google-authenticator/libpam-google-authenticator-1.0.ebuild b/sys-auth/libpam-google-authenticator/libpam-google-authenticator-1.0.ebuild index e716524..6a6a31a 100644 --- a/sys-auth/libpam-google-authenticator/libpam-google-authenticator-1.0.ebuild +++ b/sys-auth/libpam-google-authenticator/libpam-google-authenticator-1.0.ebuild @@ -3,7 +3,7 @@ # $Header: $ EAPI=4 -inherit pam +inherit eutils pam toolchain-funcs DESCRIPTION="Google Authentiator PAM plugin" HOMEPAGE="http://code.google.com/p/google-authenticator/" @@ -17,7 +17,15 @@ IUSE="" DEPEND="sys-libs/pam" RDEPEND="${DEPEND}" -src_install(){ +src_prepare() { + epatch "${FILESDIR}/allow_time_config.patch" +} + +src_compile() { + emake CC=$(tc-getCC) +} + +src_install() { insinto $(getpam_mod_dir) doins pam_google_authenticator.so dobin google-authenticator @@ -25,6 +33,6 @@ src_install(){ dodoc README } -pkg_postinst(){ +pkg_postinst() { elog "For setup information check the installed README" } -- cgit v1.2.3