svn commit: r373085 - in head/security/pam_google_authenticator: . files

Sat Nov 22 18:30:18 UTC 2014

Author: riggs
Date: Sat Nov 22 18:30:17 2014
New Revision: 373085
URL: https://svnweb.freebsd.org/changeset/ports/373085
QAT: https://qat.redports.org/buildarchive/r373085/

Log:
  Introduce non-default OPTION for variable time steps
  besides the 30 seconds default
  
  PR:		194723
  Submitted by:	paul at dokas.name
  Approved by:	maintainer timeout

Added:
  head/security/pam_google_authenticator/files/patch-pam_google_authenticator.c   (contents, props changed)
Modified:
  head/security/pam_google_authenticator/Makefile

Modified: head/security/pam_google_authenticator/Makefile
==============================================================================

--- head/security/pam_google_authenticator/Makefile	Sat Nov 22 18:25:09 2014	(r373084)
+++ head/security/pam_google_authenticator/Makefile	Sat Nov 22 18:30:17 2014	(r373085)
@@ -3,6 +3,7 @@
 
 PORTNAME=	pam_google_authenticator
 PORTVERSION=	20140826
+PORTREVISION=	1
 CATEGORIES=	security
 MASTER_SITES=	LOCAL/riggs/google-authenticator
 DISTNAME=	google-authenticator-${PORTVERSION}
@@ -12,10 +13,16 @@ COMMENT=	PAM module for two-step authent
 
 LICENSE=	APACHE20
 
+OPTIONS_DEFINE=	STEPSIZE
+STEPSIZE_DESC=	Allow time steps other than the default of 30 seconds
+STEPSIZE_CFLAGS= -DSTEPSIZE
+
 USES=		gmake
 
 PLIST_FILES=	bin/google-authenticator lib/pam_google_authenticator.so
 
+.include <bsd.port.options.mk>
+
 do-install:
 	${INSTALL_PROGRAM} ${WRKSRC}/google-authenticator \
 		${STAGEDIR}${PREFIX}/bin/google-authenticator

Added: head/security/pam_google_authenticator/files/patch-pam_google_authenticator.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/pam_google_authenticator/files/patch-pam_google_authenticator.c	Sat Nov 22 18:30:17 2014	(r373085)
@@ -0,0 +1,67 @@
+--- pam_google_authenticator.c.orig	2014-01-30 15:17:38.000000000 +0000
++++ pam_google_authenticator.c	2014-11-04 17:05:55.000000000 +0000
+@@ -503,10 +503,6 @@
+ }
+ #endif
+ 
+-static int get_timestamp(void) {
+-  return get_time()/30;
+-}
+-
+ static int comparator(const void *a, const void *b) {
+   return *(unsigned int *)a - *(unsigned int *)b;
+ }
+@@ -538,6 +534,41 @@
+   return NULL;
+ }
+ 
++#if !defined(STEPSIZE)
++static int get_timestamp(void) {
++  return get_time()/30;
++}
++#else
++static int get_timestamp(pam_handle_t *pamh, const char *secret_filename,
++                       const char *buf) {
++  const char *value = get_cfg_value(pamh, "STEP_SIZE", buf);
++  if (!value) {
++    // Default step size is 30.
++    free((void *)value);
++    return get_time()/30;
++  } else if (value == &oom) {
++    // Out of memory. This is a fatal error.
++    return 0;
++  }
++
++  char *endptr;
++  errno = 0;
++  int step = (int)strtoul(value, &endptr, 10);
++  if (errno || !*value || value == endptr ||
++      (*endptr && *endptr != ' ' && *endptr != '\t' &&
++       *endptr != '\n' && *endptr != '\r') ||
++      step < 1 || step > 60) {
++    free((void *)value);
++    log_message(LOG_ERR, pamh, "Invalid STEP_SIZE option in \"%s\"",
++                secret_filename);
++    return 0;
++  }
++  free((void *)value);
++
++  return get_time()/step;
++}
++#endif
++
+ static int set_cfg_value(pam_handle_t *pamh, const char *key, const char *val,
+                          char **buf) {
+   size_t key_len = strlen(key);
+@@ -1162,7 +1193,11 @@
+   }
+ 
+   // Compute verification codes and compare them with user input
++#if !defined(STEPSIZE)
+   const int tm = get_timestamp();
++#else
++  const int tm = get_timestamp(pamh, secret_filename, *buf);
++#endif
+   const char *skew_str = get_cfg_value(pamh, "TIME_SKEW", *buf);
+   if (skew_str == &oom) {
+     // Out of memory. This is a fatal error
