From owner-svn-ports-head@FreeBSD.ORG Sat Nov 22 18:30:18 2014 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9324CC0E; Sat, 22 Nov 2014 18:30:18 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7EDA7276; Sat, 22 Nov 2014 18:30:18 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id sAMIUIWj017687; Sat, 22 Nov 2014 18:30:18 GMT (envelope-from riggs@FreeBSD.org) Received: (from riggs@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id sAMIUIDE017684; Sat, 22 Nov 2014 18:30:18 GMT (envelope-from riggs@FreeBSD.org) Message-Id: <201411221830.sAMIUIDE017684@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: riggs set sender to riggs@FreeBSD.org using -f From: Thomas Zander Date: Sat, 22 Nov 2014 18:30:18 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r373085 - in head/security/pam_google_authenticator: . files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Nov 2014 18:30:18 -0000 Author: riggs Date: Sat Nov 22 18:30:17 2014 New Revision: 373085 URL: https://svnweb.freebsd.org/changeset/ports/373085 QAT: https://qat.redports.org/buildarchive/r373085/ Log: Introduce non-default OPTION for variable time steps besides the 30 seconds default PR: 194723 Submitted by: paul@dokas.name Approved by: maintainer timeout Added: head/security/pam_google_authenticator/files/patch-pam_google_authenticator.c (contents, props changed) Modified: head/security/pam_google_authenticator/Makefile Modified: head/security/pam_google_authenticator/Makefile ============================================================================== --- head/security/pam_google_authenticator/Makefile Sat Nov 22 18:25:09 2014 (r373084) +++ head/security/pam_google_authenticator/Makefile Sat Nov 22 18:30:17 2014 (r373085) @@ -3,6 +3,7 @@ PORTNAME= pam_google_authenticator PORTVERSION= 20140826 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= LOCAL/riggs/google-authenticator DISTNAME= google-authenticator-${PORTVERSION} @@ -12,10 +13,16 @@ COMMENT= PAM module for two-step authent LICENSE= APACHE20 +OPTIONS_DEFINE= STEPSIZE +STEPSIZE_DESC= Allow time steps other than the default of 30 seconds +STEPSIZE_CFLAGS= -DSTEPSIZE + USES= gmake PLIST_FILES= bin/google-authenticator lib/pam_google_authenticator.so +.include + do-install: ${INSTALL_PROGRAM} ${WRKSRC}/google-authenticator \ ${STAGEDIR}${PREFIX}/bin/google-authenticator Added: head/security/pam_google_authenticator/files/patch-pam_google_authenticator.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/pam_google_authenticator/files/patch-pam_google_authenticator.c Sat Nov 22 18:30:17 2014 (r373085) @@ -0,0 +1,67 @@ +--- pam_google_authenticator.c.orig 2014-01-30 15:17:38.000000000 +0000 ++++ pam_google_authenticator.c 2014-11-04 17:05:55.000000000 +0000 +@@ -503,10 +503,6 @@ + } + #endif + +-static int get_timestamp(void) { +- return get_time()/30; +-} +- + static int comparator(const void *a, const void *b) { + return *(unsigned int *)a - *(unsigned int *)b; + } +@@ -538,6 +534,41 @@ + return NULL; + } + ++#if !defined(STEPSIZE) ++static int get_timestamp(void) { ++ return get_time()/30; ++} ++#else ++static int get_timestamp(pam_handle_t *pamh, const char *secret_filename, ++ const char *buf) { ++ const char *value = get_cfg_value(pamh, "STEP_SIZE", buf); ++ if (!value) { ++ // Default step size is 30. ++ free((void *)value); ++ return get_time()/30; ++ } else if (value == &oom) { ++ // Out of memory. This is a fatal error. ++ return 0; ++ } ++ ++ char *endptr; ++ errno = 0; ++ int step = (int)strtoul(value, &endptr, 10); ++ if (errno || !*value || value == endptr || ++ (*endptr && *endptr != ' ' && *endptr != '\t' && ++ *endptr != '\n' && *endptr != '\r') || ++ step < 1 || step > 60) { ++ free((void *)value); ++ log_message(LOG_ERR, pamh, "Invalid STEP_SIZE option in \"%s\"", ++ secret_filename); ++ return 0; ++ } ++ free((void *)value); ++ ++ return get_time()/step; ++} ++#endif ++ + static int set_cfg_value(pam_handle_t *pamh, const char *key, const char *val, + char **buf) { + size_t key_len = strlen(key); +@@ -1162,7 +1193,11 @@ + } + + // Compute verification codes and compare them with user input ++#if !defined(STEPSIZE) + const int tm = get_timestamp(); ++#else ++ const int tm = get_timestamp(pamh, secret_filename, *buf); ++#endif + const char *skew_str = get_cfg_value(pamh, "TIME_SKEW", *buf); + if (skew_str == &oom) { + // Out of memory. This is a fatal error