packages/oath-toolkit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Package init

Browse Source
This commit is contained in:
markeryang 2021-01-19 19:14:48 +08:00
parent c763b8b323
commit 5636260c55
6 changed files with 375 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

195
0001-oath-toolkit-2.6.5-lockfile.patch Executable file
View File

@ -0,0 +1,195 @@
diff --git a/liboath/global.c b/liboath/global.c
index 89c18c5..7fc7b8a 100644
--- a/liboath/global.c
+++ b/liboath/global.c
@@ -25,9 +25,12 @@
#include <stdio.h> /* For snprintf, getline. */
#include <string.h> /* For strverscmp. */
+#include <stdlib.h> /* For free. */
#include "gc.h"
+char *oath_lockfile_path = NULL;
+
/**
* oath_init:
*
@@ -52,6 +55,8 @@ oath_init (void)
if (gc_init () != GC_OK)
return OATH_CRYPTO_ERROR;
+ oath_lockfile_path = NULL;
+
return OATH_OK;
}
@@ -71,6 +76,11 @@ oath_done (void)
{
gc_done ();
+ if (oath_lockfile_path)
+ {
+ free(oath_lockfile_path);
+ oath_lockfile_path = NULL;
+ }
return OATH_OK;
}
@@ -99,3 +109,23 @@ oath_check_version (const char *req_version)
return NULL;
}
+
+int
+oath_set_lockfile_path(const char *lockfile)
+{
+ int l;
+
+ if (oath_lockfile_path)
+ {
+ free(oath_lockfile_path);
+ oath_lockfile_path = NULL;
+ }
+
+ if (lockfile)
+ {
+ l = asprintf (&oath_lockfile_path, "%s", lockfile);
+ if (oath_lockfile_path == NULL || ((size_t) l) != strlen (lockfile))
+ return OATH_PRINTF_ERROR;
+ }
+ return OATH_OK;
+}
diff --git a/liboath/liboath.map b/liboath/liboath.map
index 5e31cef..436cd65 100644
--- a/liboath/liboath.map
+++ b/liboath/liboath.map
@@ -75,6 +75,7 @@ LIBOATH_2.2.0
global:
oath_totp_validate3;
oath_totp_validate3_callback;
+ oath_set_lockfile_path;
} LIBOATH_1.12.0;
LIBOATH_2.6.0
diff --git a/liboath/oath.h b/liboath/oath.h
index 9d1a277..7ceeaa7 100644
--- a/liboath/oath.h
+++ b/liboath/oath.h
@@ -136,11 +136,15 @@ typedef enum
/* Global */
+extern char *oath_lockfile_path;
+
extern OATHAPI int oath_init (void);
extern OATHAPI int oath_done (void);
extern OATHAPI const char *oath_check_version (const char *req_version);
+extern OATHAPI int oath_set_lockfile_path(const char *lockfile);
+
/* Error handling */
extern OATHAPI const char *oath_strerror (int err);
diff --git a/liboath/oath.h.in b/liboath/oath.h.in
index 8654342..17fddd3 100644
--- a/liboath/oath.h.in
+++ b/liboath/oath.h.in
@@ -136,11 +136,15 @@ typedef enum
/* Global */
+extern char *oath_lockfile_path;
+
extern OATHAPI int oath_init (void);
extern OATHAPI int oath_done (void);
extern OATHAPI const char *oath_check_version (const char *req_version);
+extern OATHAPI int oath_set_lockfile_path(const char *lockfile);
+
/* Error handling */
extern OATHAPI const char *oath_strerror (int err);
diff --git a/liboath/usersfile.c b/liboath/usersfile.c
index 9da30fe..d9bd943 100644
--- a/liboath/usersfile.c
+++ b/liboath/usersfile.c
@@ -323,9 +323,18 @@ update_usersfile (const char *usersfile,
{
int l;
- l = asprintf (&lockfile, "%s.lock", usersfile);
- if (lockfile == NULL || ((size_t) l) != strlen (usersfile) + 5)
- return OATH_PRINTF_ERROR;
+ if (oath_lockfile_path)
+ {
+ l = asprintf (&lockfile, "%s", oath_lockfile_path);
+ if (lockfile == NULL || ((size_t) l) != strlen (oath_lockfile_path))
+ return OATH_PRINTF_ERROR;
+ }
+ else
+ {
+ l = asprintf (&lockfile, "%s.lock", usersfile);
+ if (lockfile == NULL || ((size_t) l) != strlen (usersfile) + 5)
+ return OATH_PRINTF_ERROR;
+ }
lockfh = fopen (lockfile, "w");
if (!lockfh)
diff --git a/pam_oath/pam_oath.c b/pam_oath/pam_oath.c
index 89310b5..def004f 100644
--- a/pam_oath/pam_oath.c
+++ b/pam_oath/pam_oath.c
@@ -70,6 +70,7 @@ struct cfg
int try_first_pass;
int use_first_pass;
char *usersfile;
+ char *lockfile;
unsigned digits;
unsigned window;
};
@@ -84,6 +85,7 @@ parse_cfg (int flags, int argc, const char **argv, struct cfg *cfg)
cfg->try_first_pass = 0;
cfg->use_first_pass = 0;
cfg->usersfile = NULL;
+ cfg->lockfile = NULL;
cfg->digits = -1;
cfg->window = 5;
@@ -99,6 +101,8 @@ parse_cfg (int flags, int argc, const char **argv, struct cfg *cfg)
cfg->use_first_pass = 1;
if (strncmp (argv[i], "usersfile=", 10) == 0)
cfg->usersfile = (char *) argv[i] + 10;
+ if (strncmp (argv[i], "lockfile=", 9) == 0)
+ cfg->lockfile = (char *) argv[i] + 9;
if (strncmp (argv[i], "digits=", 7) == 0)
cfg->digits = atoi (argv[i] + 7);
if (strncmp (argv[i], "window=", 7) == 0)
@@ -124,6 +128,7 @@ parse_cfg (int flags, int argc, const char **argv, struct cfg *cfg)
D (("try_first_pass=%d", cfg->try_first_pass));
D (("use_first_pass=%d", cfg->use_first_pass));
D (("usersfile=%s", cfg->usersfile ? cfg->usersfile : "(null)"));
+ D (("lockfile=%s", cfg->lockfile ? cfg->lockfile : "(null)"));
D (("digits=%d", cfg->digits));
D (("window=%d", cfg->window));
}
@@ -209,6 +214,17 @@ pam_sm_authenticate (pam_handle_t * pamh,
goto done;
}
+ if (cfg.lockfile)
+ rc = oath_set_lockfile_path(cfg.lockfile);
+ else
+ rc = oath_set_lockfile_path("/var/lock/pam_oath.lock");
+ if (rc != OATH_OK)
+ {
+ DBG (("oath_set_lockfile_path() failed (%d)", rc));
+ retval = PAM_AUTHINFO_UNAVAIL;
+ goto done;
+ }
+
if (password == NULL)
{
retval = pam_get_item (pamh, PAM_CONV, (const void **) &conv);

36
README.en.md
View File

@ -1,36 +0,0 @@
# oath-toolkit
#### Description
The OATH Toolkit provide components for building one-time password authentication systems.It contains shared libraries,command line tools and a PAM module.
#### Software Architecture
Software architecture description
#### Installation
1. xxxx
2. xxxx
3. xxxx
#### Instructions
1. xxxx
2. xxxx
3. xxxx
#### Contribution
1. Fork the repository
2. Create Feat_xxx branch
3. Commit your code
4. Create Pull Request
#### Gitee Feature
1. You can use Readme\_XXX.md to support different languages, such as Readme\_en.md, Readme\_zh.md
2. Gitee blog [blog.gitee.com](https://blog.gitee.com)
3. Explore open source project [https://gitee.com/explore](https://gitee.com/explore)
4. The most valuable open source project [GVP](https://gitee.com/gvp)
5. The manual of Gitee [https://gitee.com/help](https://gitee.com/help)
6. The most popular members [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/)

37
README.md
View File

@ -1,37 +0,0 @@
# oath-toolkit
#### 介绍
The OATH Toolkit provide components for building one-time password authentication systems.It contains shared libraries,command line tools and a PAM module.
#### 软件架构
软件架构说明
#### 安装教程
1. xxxx
2. xxxx
3. xxxx
#### 使用说明
1. xxxx
2. xxxx
3. xxxx
#### 参与贡献
1. Fork 本仓库
2. 新建 Feat_xxx 分支
3. 提交代码
4. 新建 Pull Request
#### 特技
1. 使用 Readme\_XXX.md 来支持不同的语言,例如 Readme\_en.md, Readme\_zh.md
2. Gitee 官方博客 [blog.gitee.com](https://blog.gitee.com)
3. 你可以 [https://gitee.com/explore](https://gitee.com/explore) 这个地址来了解 Gitee 上的优秀开源项目
4. [GVP](https://gitee.com/gvp) 全称是 Gitee 最有价值开源项目,是综合评定出的优秀开源项目
5. Gitee 官方提供的使用手册 [https://gitee.com/help](https://gitee.com/help)
6. Gitee 封面人物是一档用来展示 Gitee 会员风采的栏目 [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/)

BIN
oath-toolkit-2.6.5.tar.gz Executable file
View File

Binary file not shown.

176
oath-toolkit.spec Executable file
View File

@ -0,0 +1,176 @@
Name: oath-toolkit
Version: 2.6.5
Release: 1%{?dist}
License: GPLv3+
Summary: One-time password components
BuildRequires: pam-devel, gtk-doc, libtool, libtool-ltdl-devel
BuildRequires: xmlsec1-devel, xmlsec1-openssl-devel, autoconf, automake
Source0: http://download.savannah.gnu.org/releases/%{name}/%{name}-%{version}.tar.gz
URL: http://www.nongnu.org/oath-toolkit/
Patch1: 0001-oath-toolkit-2.6.5-lockfile.patch
%description
The OATH Toolkit provide components for building one-time password
authentication systems. It contains shared libraries, command line tools and a
PAM module. Supported technologies include the event-based HOTP algorithm
(RFC4226) and the time-based TOTP algorithm (RFC6238). OATH stands for Open
AuTHentication, which is the organization that specify the algorithms. For
managing secret key files, the Portable Symmetric Key Container (PSKC) format
described in RFC6030 is supported.
%package -n liboath
Summary: Library for OATH handling
License: LGPLv2+
Provides: bundled(gnulib)
%description -n liboath
OATH stands for Open AuTHentication, which is the organization that
specify the algorithms. Supported technologies include the event-based
HOTP algorithm (RFC4226) and the time-based TOTP algorithm (RFC6238).
%package -n liboath-devel
Summary: Development files for liboath
License: LGPLv2+
Requires: liboath%{?_isa} = %{version}-%{release}
%description -n liboath-devel
Development files for liboath.
%package -n liboath-doc
Summary: Documentation files for liboath
License: LGPLv2+
Requires: liboath = %{version}-%{release}
Requires: gtk-doc
BuildArch: noarch
%description -n liboath-doc
Documentation files for liboath.
%package -n libpskc
Summary: Library for PSKC handling
License: LGPLv2+
Requires: xml-common
Provides: bundled(gnulib)
%description -n libpskc
Library for managing secret key files, the Portable Symmetric Key
Container (PSKC) format described in RFC6030 is supported.
%package -n libpskc-devel
Summary: Development files for libpskc
License: LGPLv2+
Requires: libpskc%{?_isa} = %{version}-%{release}
%description -n libpskc-devel
Development files for libpskc.
%package -n libpskc-doc
Summary: Documentation files for libpskc
License: LGPLv2+
Requires: libpskc = %{version}-%{release}
Requires: gtk-doc
BuildArch: noarch
%description -n libpskc-doc
Documentation files for libpskc.
%package -n oathtool
Summary: A command line tool for generating and validating OTPs
License: GPLv3+
Provides: bundled(gnulib)
%description -n oathtool
A command line tool for generating and validating OTPs.
%package -n pskctool
Summary: A command line tool for manipulating PSKC data
Provides: bundled(gnulib)
Requires: xmlsec1-openssl%{?_isa}
%description -n pskctool
A command line tool for manipulating PSKC data.
%package -n pam_oath
Summary: A PAM module for pluggable login authentication for OATH
Requires: pam
%description -n pam_oath
A PAM module for pluggable login authentication for OATH.
%prep
%setup -q
%patch1 -p1 -b .lockfile
%build
autoreconf -fi
%configure --with-pam-dir=%{_libdir}/security
# Kill rpaths and link with --as-needed
for d in liboath libpskc pskctool oathtool pam_oath
do
sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' $d/libtool
sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' $d/libtool
sed -i 's| -shared | -Wl,--as-needed\0|g' $d/libtool
done
make %{?_smp_mflags}
%install
make %{?_smp_mflags} DESTDIR=%{buildroot} install
# Remove static objects and libtool files
rm -f %{buildroot}%{_libdir}/*.{a,la}
rm -f %{buildroot}%{_libdir}/security/*.la
# Make /etc/liboath directory
mkdir -p -m 0600 %{buildroot}%{_sysconfdir}/liboath
%ldconfig_scriptlets -n liboath
%ldconfig_scriptlets -n libpskc
%files -n liboath
%doc liboath/COPYING
%attr(0600, root, root) %dir %{_sysconfdir}/liboath
%{_libdir}/liboath.so.*
%files -n liboath-devel
%{_includedir}/liboath
%{_libdir}/liboath.so
%{_libdir}/pkgconfig/liboath.pc
%files -n liboath-doc
%{_mandir}/man3/oath*
%{_datadir}/gtk-doc/html/liboath/*
%files -n libpskc
%doc libpskc/README
%{_libdir}/libpskc.so.*
%{_datadir}/xml/pskc
%files -n libpskc-devel
%{_includedir}/pskc
%{_libdir}/libpskc.so
%{_libdir}/pkgconfig/libpskc.pc
%files -n libpskc-doc
%{_mandir}/man3/pskc*
%{_datadir}/gtk-doc/html/libpskc/*
%files -n oathtool
%doc oathtool/COPYING
%{_bindir}/oathtool
%{_mandir}/man1/oathtool.*
%files -n pskctool
%{_bindir}/pskctool
%{_mandir}/man1/pskctool.*
%files -n pam_oath
%doc pam_oath/README pam_oath/COPYING
%{_libdir}/security/pam_oath.so
%changelog
* Tue Jan 19 2021 yanglongkang <yanglongkang@huawei.com> - 2.6.5-1
- Package init

4
oath-toolkit.yaml Executable file
View File

@ -0,0 +1,4 @@
version_control: git
src_repo: https://gitlab.com/oath-toolkit/oath-toolkit.git
tag_prefix: oath-toolkit
separator: "-"