File pam_u2f.patch of Package pam-config

Overview Repositories Revisions Requests Users Attributes Meta

File pam_u2f.patch of Package pam-config

diff -uNr pam-config-0.88-xx/src/Makefile.am pam-config-0.88-u2f/src/Makefile.am
--- pam-config-0.88-xx/src/Makefile.am	2015-06-08 16:06:41.344066830 +0200
+++ pam-config-0.88-u2f/src/Makefile.am	2015-06-09 11:47:31.704784830 +0200
@@ -31,7 +31,7 @@
 	mod_pam_csync.c mod_pam_fp.c mod_pam_fprint.c mod_pam_pwhistory.c \
 	mod_pam_selinux.c mod_pam_gnome_keyring.c mod_pam_passwdqc.c \
 	mod_pam_exec.c mod_pam_sss.c mod_pam_fprintd.c mod_pam_systemd.c \
-	mod_pam_ecryptfs.c mod_pam_access.c mod_pam_google_authenticator.c mod_pam_yubico.c
+	mod_pam_ecryptfs.c mod_pam_access.c mod_pam_google_authenticator.c mod_pam_yubico.c mod_pam_u2f.c
 
 noinst_HEADERS = pam-config.h pam-module.h
 
diff -uNr pam-config-0.88-xx/src/Makefile.in pam-config-0.88-u2f/src/Makefile.in
--- pam-config-0.88-xx/src/Makefile.in	2015-06-08 16:06:41.345066835 +0200
+++ pam-config-0.88-u2f/src/Makefile.in	2015-06-09 11:47:14.173713284 +0200
@@ -128,7 +128,7 @@
 	mod_pam_passwdqc.$(OBJEXT) mod_pam_exec.$(OBJEXT) \
 	mod_pam_sss.$(OBJEXT) mod_pam_fprintd.$(OBJEXT) \
 	mod_pam_systemd.$(OBJEXT) mod_pam_ecryptfs.$(OBJEXT) \
-	mod_pam_access.$(OBJEXT) mod_pam_google_authenticator.$(OBJEXT) mod_pam_yubico.$(OBJEXT)
+	mod_pam_access.$(OBJEXT) mod_pam_google_authenticator.$(OBJEXT) mod_pam_yubico.$(OBJEXT) mod_pam_u2f.$(OBJEXT)
 pam_config_OBJECTS = $(am_pam_config_OBJECTS)
 pam_config_LDADD = $(LDADD)
 AM_V_P = $(am__v_P_@AM_V@)
diff -uNr pam-config-0.88-xx/src/mod_pam_u2f.c pam-config-0.88-u2f/src/mod_pam_u2f.c
--- pam-config-0.88-xx/src/mod_pam_u2f.c	1970-01-01 01:00:00.000000000 +0100
+++ pam-config-0.88-u2f/src/mod_pam_u2f.c	2015-06-09 12:04:26.496150507 +0200
@@ -0,0 +1,91 @@
+/* Copyright (C) 2015 Torsten Gruner
+   Author: Torsten Gruner
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License version 2 as
+   published by the Free Software Foundation.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software Foundation,
+   Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.  */
+
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <sys/stat.h>
+
+#include "pam-config.h"
+#include "pam-module.h"
+
+
+static int 
+fexists (char *name) 
+{
+  struct stat buffer;   
+  return (stat (name, &buffer) == 0); 
+}
+
+static int
+write_config_u2f (pam_module_t *this, enum write_type op, FILE *fp)
+{
+  option_set_t *opt_set = this->get_opt_set (this, op);
+  
+  if (debug)
+    debug_write_call (this, op);
+
+  if (!opt_set->is_enabled (opt_set, "is_enabled"))
+    return 0;
+
+  if (op != AUTH)
+    return 0;
+  
+  if (fexists("/etc/pam.d/u2f-required"))
+  {
+    fprintf (fp, "auth\trequired\tpam_u2f.so\t");
+  }
+  else
+  {
+    fprintf (fp, "auth\tsufficient\tpam_u2f.so\t");
+  }
+
+  WRITE_CONFIG_OPTIONS
+
+  return 0;
+}
+
+GETOPT_START_1(AUTH)
+GETOPT_END_1(AUTH)
+
+PRINT_ARGS("u2f")
+PRINT_XMLHELP("u2f")
+
+/* ---- contruct module object ---- */
+DECLARE_BOOL_OPTS_7 (is_enabled, debug, nouserok, alwaysok, interactive, manual, cue);
+DECLARE_STRING_OPTS_4 (origin, appid, authfile, max_devices);
+DECLARE_OPT_SETS;
+
+static module_helptext_t helptext[] = {{"", NULL, "pam_u2f for auth access rules"},
+				       {"", NULL, "Create the file 'u2f-required' in '/etc/pam.d/' to use the control-flag 'required'"},
+				       {"", NULL, "Rename or remove the file 'u2f-required' in '/etc/pam.d/' to use the control-flag 'sufficient'"},
+				       {NULL, NULL, NULL}};
+
+/* at last construct the complete module object */
+pam_module_t mod_pam_u2f = { "pam_u2f.so", opt_sets, helptext,
+			      &def_parse_config,
+			      &def_print_module,
+			      &write_config_u2f,
+			      &get_opt_set,
+			      &getopt,
+			      &print_args,
+			      &print_xmlhelp};
diff -uNr pam-config-0.88-xx/src/pam-module.h pam-config-0.88-u2f/src/pam-module.h
--- pam-config-0.88-xx/src/pam-module.h	2015-06-08 16:06:41.346066830 +0200
+++ pam-config-0.88-u2f/src/pam-module.h	2015-06-09 12:03:35.263329249 +0200
@@ -240,6 +240,12 @@
   GENERIC_OPT_SET_3( password,	string, STRING_DEFAULT,OPT_1,OPT_2,OPT_3); \
   GENERIC_OPT_SET_3( session,	string, STRING_DEFAULT,OPT_1,OPT_2,OPT_3);
 
+#define DECLARE_STRING_OPTS_4(OPT_1,OPT_2,OPT_3,OPT_4)	\
+  GENERIC_OPT_SET_4( auth,	string, STRING_DEFAULT, OPT_1, OPT_2,OPT_3,OPT_4 );	\
+  GENERIC_OPT_SET_4( account,	string, STRING_DEFAULT, OPT_1, OPT_2,OPT_3,OPT_4 );	\
+  GENERIC_OPT_SET_4( password,	string, STRING_DEFAULT, OPT_1, OPT_2,OPT_3,OPT_4 );	\
+  GENERIC_OPT_SET_4( session,	string, STRING_DEFAULT, OPT_1, OPT_2,OPT_3,OPT_4 );
+
 #define DECLARE_STRING_OPTS_5(OPT_1,OPT_2,OPT_3,OPT_4,OPT_5)	\
   GENERIC_OPT_SET_5( auth,	string, STRING_DEFAULT, OPT_1, OPT_2,OPT_3,OPT_4,OPT_5 );	\
   GENERIC_OPT_SET_5( account,	string, STRING_DEFAULT, OPT_1, OPT_2,OPT_3,OPT_4,OPT_5 );	\
diff -uNr pam-config-0.88-xx/src/supported-modules.h pam-config-0.88-u2f/src/supported-modules.h
--- pam-config-0.88-xx/src/supported-modules.h	2015-06-08 16:06:41.347066835 +0200
+++ pam-config-0.88-u2f/src/supported-modules.h	2015-06-09 11:37:41.689604054 +0200
@@ -29,6 +29,7 @@
 extern pam_module_t mod_pam_succeed_if;
 extern pam_module_t mod_pam_thinkfinger;
 extern pam_module_t mod_pam_time;
+extern pam_module_t mod_pam_u2f;
 extern pam_module_t mod_pam_umask;
 extern pam_module_t mod_pam_unix2;
 extern pam_module_t mod_pam_unix;
@@ -76,6 +77,7 @@
   &mod_pam_succeed_if,
   &mod_pam_systemd,
   &mod_pam_thinkfinger,
+  &mod_pam_u2f,
   &mod_pam_umask,
   &mod_pam_unix,
   &mod_pam_unix2,
@@ -100,6 +102,7 @@
 
 static pam_module_t *module_list_auth[] = {
   &mod_pam_yubico,
+  &mod_pam_u2f,
   &mod_pam_env,
   &mod_pam_group,
   &mod_pam_pkcs11,

Places

File pam_u2f.patch of Package pam-config

Places