Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Simmphonie:yubico
pam-config
pam_yubico.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File pam_yubico.patch of Package pam-config
diff -uNr pam-config-0.88-orig/src/Makefile.am pam-config-0.88/src/Makefile.am --- pam-config-0.88-orig/src/Makefile.am 2014-08-04 10:46:25.000000000 +0200 +++ pam-config-0.88/src/Makefile.am 2015-06-08 16:06:41.000000000 +0200 @@ -31,7 +31,7 @@ mod_pam_csync.c mod_pam_fp.c mod_pam_fprint.c mod_pam_pwhistory.c \ mod_pam_selinux.c mod_pam_gnome_keyring.c mod_pam_passwdqc.c \ mod_pam_exec.c mod_pam_sss.c mod_pam_fprintd.c mod_pam_systemd.c \ - mod_pam_ecryptfs.c mod_pam_access.c mod_pam_google_authenticator.c + mod_pam_ecryptfs.c mod_pam_access.c mod_pam_google_authenticator.c mod_pam_yubico.c noinst_HEADERS = pam-config.h pam-module.h diff -uNr pam-config-0.88-orig/src/Makefile.in pam-config-0.88/src/Makefile.in --- pam-config-0.88-orig/src/Makefile.in 2014-09-25 14:55:47.000000000 +0200 +++ pam-config-0.88/src/Makefile.in 2015-06-08 16:06:41.000000000 +0200 @@ -128,7 +128,7 @@ mod_pam_passwdqc.$(OBJEXT) mod_pam_exec.$(OBJEXT) \ mod_pam_sss.$(OBJEXT) mod_pam_fprintd.$(OBJEXT) \ mod_pam_systemd.$(OBJEXT) mod_pam_ecryptfs.$(OBJEXT) \ - mod_pam_access.$(OBJEXT) mod_pam_google_authenticator.$(OBJEXT) + mod_pam_access.$(OBJEXT) mod_pam_google_authenticator.$(OBJEXT) mod_pam_yubico.$(OBJEXT) pam_config_OBJECTS = $(am_pam_config_OBJECTS) pam_config_LDADD = $(LDADD) AM_V_P = $(am__v_P_@AM_V@) @@ -355,7 +355,7 @@ mod_pam_csync.c mod_pam_fp.c mod_pam_fprint.c mod_pam_pwhistory.c \ mod_pam_selinux.c mod_pam_gnome_keyring.c mod_pam_passwdqc.c \ mod_pam_exec.c mod_pam_sss.c mod_pam_fprintd.c mod_pam_systemd.c \ - mod_pam_ecryptfs.c mod_pam_access.c + mod_pam_ecryptfs.c mod_pam_access.c mod_pam_yubico.c noinst_HEADERS = pam-config.h pam-module.h all: all-am diff -uNr pam-config-0.88-orig/src/mod_pam_yubico.c pam-config-0.88/src/mod_pam_yubico.c --- pam-config-0.88-orig/src/mod_pam_yubico.c 1970-01-01 01:00:00.000000000 +0100 +++ pam-config-0.88/src/mod_pam_yubico.c 2015-06-09 09:30:51.000000000 +0200 @@ -0,0 +1,102 @@ +/* Copyright (C) 2015 Torsten Gruner + Author: Torsten Gruner + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License version 2 as + published by the Free Software Foundation. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software Foundation, + Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ + + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <ctype.h> +#include <sys/stat.h> + +#include "pam-config.h" +#include "pam-module.h" + + +static int +fexists (char *name) +{ + struct stat buffer; + return (stat (name, &buffer) == 0); +} + +static int +write_config_yubico (pam_module_t *this, enum write_type op, FILE *fp) +{ + option_set_t *opt_set = this->get_opt_set (this, op); + char *opt; + + if (debug) + debug_write_call (this, op); + + if (!opt_set->is_enabled (opt_set, "is_enabled")) + return 0; + + if (op != AUTH) + return 0; + + if (fexists("/etc/pam.d/yubico-required")) + { + fprintf (fp, "auth\trequired\tpam_yubico.so\t"); + } + else + { + fprintf (fp, "auth\tsufficient\tpam_yubico.so\t"); + } + + if ((opt = opt_set->get_opt (opt_set, "mode"))) + { + if (strcmp (opt, "challenge-response") == 0) + opt_set->set_opt (opt_set, "mode", opt); + else if (strcmp (opt, "client") == 0) + opt_set->set_opt (opt_set, "mode", opt); + else + opt_set->set_opt (opt_set, "mode", "challenge-response"); + } + + WRITE_CONFIG_OPTIONS + + return 0; +} + +GETOPT_START_1(AUTH) +GETOPT_END_1(AUTH) + +PRINT_ARGS("yubico") +PRINT_XMLHELP("yubico") + +/* ---- contruct module object ---- */ +DECLARE_BOOL_OPTS_6 (is_enabled, debug, alwaysok, try_first_pass, use_first_pass, verbose_otp); +DECLARE_STRING_OPTS_14 (mode, chalresp_path, authfile, id, key, urllist, url, capath, ldap_uri, ldapdn, user_attr, yubi_attr, yubi_attr_prefix, token_id_length); +DECLARE_OPT_SETS; + +static module_helptext_t helptext[] = {{"", NULL, "pam_yubico for auth access rules"}, + {"", NULL, "Create the file 'yubico-required' in '/etc/pam.d/' to use the control-flag 'required'"}, + {"", NULL, "Rename or remove the file 'yubico-required' in '/etc/pam.d/' to use the control-flag 'sufficient'"}, + {NULL, NULL, NULL}}; + +/* at last construct the complete module object */ +pam_module_t mod_pam_yubico = { "pam_yubico.so", opt_sets, helptext, + &def_parse_config, + &def_print_module, + &write_config_yubico, + &get_opt_set, + &getopt, + &print_args, + &print_xmlhelp}; diff -uNr pam-config-0.88-orig/src/pam-module.h pam-config-0.88/src/pam-module.h --- pam-config-0.88-orig/src/pam-module.h 2014-08-04 10:46:25.000000000 +0200 +++ pam-config-0.88/src/pam-module.h 2015-06-08 16:06:41.000000000 +0200 @@ -85,6 +85,7 @@ #define INIT_OPT_8(PREFIX,TYPE,DEFAULT,a,b,c,d,e,f,g,h) INIT_OPT_4(PREFIX,TYPE,DEFAULT,a,b,c,d); INIT_OPT_4(PREFIX,TYPE,DEFAULT,e,f,g,h) #define INIT_OPT_10(PREFIX,TYPE,DEFAULT,a,b,c,d,e,f,g,h,i,j) INIT_OPT_5(PREFIX,TYPE,DEFAULT,a,b,c,d,e); INIT_OPT_5(PREFIX,TYPE,DEFAULT,f,g,h,i,j) #define INIT_OPT_11(PREFIX,TYPE,DEFAULT,a,b,c,d,e,f,g,h,i,j,k) INIT_OPT_6(PREFIX,TYPE,DEFAULT,a,b,c,d,e,f); INIT_OPT_5(PREFIX,TYPE,DEFAULT,g,h,i,j,k) +#define INIT_OPT_14(PREFIX,TYPE,DEFAULT,a,b,c,d,e,f,g,h,i,j,k,l,m,n) INIT_OPT_8(PREFIX,TYPE,DEFAULT,a,b,c,d,e,f,g,h); INIT_OPT_6(PREFIX,TYPE,DEFAULT,i,j,k,l,m,n) #define INIT_OPT_16(PREFIX,TYPE,DEFAULT,a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p) INIT_OPT_8(PREFIX,TYPE,DEFAULT,a,b,c,d,e,f,g,h); INIT_OPT_8(PREFIX,TYPE,DEFAULT,i,j,k,l,m,n,o,p) #define OPT_SET_START(PREFIX, TYPE) static TYPE ## _option_t * PREFIX ## _ ## TYPE ## _opts[] = { @@ -100,6 +101,7 @@ #define OPT_SET_BODY_8(PREFIX, a,b,c,d,e,f,g,h) OPT_SET_BODY_2(PREFIX,a,b), OPT_SET_BODY_6(PREFIX, c,d,e,f,g,h) #define OPT_SET_BODY_10(PREFIX, a,b,c,d,e,f,g,h,i,j) OPT_SET_BODY_5(PREFIX,a,b,c,d,e), OPT_SET_BODY_5(PREFIX, f,g,h,i,j) #define OPT_SET_BODY_11(PREFIX, a,b,c,d,e,f,g,h,i,j,k) OPT_SET_BODY_5(PREFIX,a,b,c,d,e), OPT_SET_BODY_6(PREFIX, f,g,h,i,j,k) +#define OPT_SET_BODY_14(PREFIX, a,b,c,d,e,f,g,h,i,j,k,l,m,n) OPT_SET_BODY_8(PREFIX,a,b,c,d,e,f,g,h), OPT_SET_BODY_6(PREFIX, i,j,k,l,m,n) #define OPT_SET_BODY_16(PREFIX, a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p) OPT_SET_BODY_8(PREFIX,a,b,c,d,e,f,g,h), OPT_SET_BODY_8(PREFIX, i,j,k,l,m,n,o,p) #define GENERIC_OPT_SET_1(PREFIX,TYPE,DEFAULT,a) INIT_OPT_1(PREFIX, TYPE, DEFAULT, a); \ @@ -146,6 +148,11 @@ OPT_SET_BODY_11(PREFIX,a,b,c,d,e,f,g,h,i,j,k), \ OPT_SET_END +#define GENERIC_OPT_SET_14(PREFIX, TYPE, DEFAULT,a,b,c,d,e,f,g,h,i,j,k,l,m,n) INIT_OPT_14(PREFIX,TYPE,DEFAULT,a,b,c,d,e,f,g,h,i,j,k,l,m,n); \ + OPT_SET_START(PREFIX, TYPE) \ + OPT_SET_BODY_14(PREFIX,a,b,c,d,e,f,g,h,i,j,k,l,m,n), \ + OPT_SET_END + #define GENERIC_OPT_SET_16(PREFIX, TYPE, DEFAULT,a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p) \ INIT_OPT_16(PREFIX,TYPE,DEFAULT,a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p); \ OPT_SET_START(PREFIX, TYPE) \ @@ -263,7 +270,13 @@ GENERIC_OPT_SET_11( password, string, STRING_DEFAULT, OPT_1, OPT_2,OPT_3,OPT_4,OPT_5,OPT_6,OPT_7,OPT_8,OPT_9,OPT_10,OPT_11 ); \ GENERIC_OPT_SET_11( session, string, STRING_DEFAULT, OPT_1, OPT_2,OPT_3,OPT_4,OPT_5,OPT_6,OPT_7,OPT_8,OPT_9,OPT_10,OPT_11 ); +#define DECLARE_STRING_OPTS_14(OPT_1,OPT_2,OPT_3,OPT_4,OPT_5,OPT_6,OPT_7,OPT_8,OPT_9,OPT_10,OPT_11,OPT_12,OPT_13,OPT_14) \ + GENERIC_OPT_SET_14( auth, string, STRING_DEFAULT, OPT_1, OPT_2,OPT_3,OPT_4,OPT_5,OPT_6,OPT_7,OPT_8,OPT_9,OPT_10,OPT_11,OPT_12,OPT_13,OPT_14 ); \ + GENERIC_OPT_SET_14( account, string, STRING_DEFAULT, OPT_1, OPT_2,OPT_3,OPT_4,OPT_5,OPT_6,OPT_7,OPT_8,OPT_9,OPT_10,OPT_11,OPT_12,OPT_13,OPT_14 ); \ + GENERIC_OPT_SET_14( password, string, STRING_DEFAULT, OPT_1, OPT_2,OPT_3,OPT_4,OPT_5,OPT_6,OPT_7,OPT_8,OPT_9,OPT_10,OPT_11,OPT_12,OPT_13,OPT_14 ); \ + GENERIC_OPT_SET_14( session, string, STRING_DEFAULT, OPT_1, OPT_2,OPT_3,OPT_4,OPT_5,OPT_6,OPT_7,OPT_8,OPT_9,OPT_10,OPT_11,OPT_12,OPT_13,OPT_14 ); + #define DECLARE_OPT_SETS \ static option_set_t auth_opts = { auth_bool_opts, auth_string_opts, &is_enabled, &enable, &get_opt, &set_opt }; \ static option_set_t account_opts = { account_bool_opts, account_string_opts, &is_enabled, &enable, &get_opt, &set_opt }; \ diff -uNr pam-config-0.88-orig/src/supported-modules.h pam-config-0.88/src/supported-modules.h --- pam-config-0.88-orig/src/supported-modules.h 2014-09-25 14:33:02.000000000 +0200 +++ pam-config-0.88/src/supported-modules.h 2015-06-09 11:08:06.226640381 +0200 @@ -33,6 +33,7 @@ extern pam_module_t mod_pam_unix2; extern pam_module_t mod_pam_unix; extern pam_module_t mod_pam_winbind; +extern pam_module_t mod_pam_yubico; /* modules for single services only. */ @@ -78,6 +79,7 @@ &mod_pam_unix, &mod_pam_unix2, &mod_pam_winbind, + &mod_pam_yubico, NULL }; @@ -96,6 +98,7 @@ }; static pam_module_t *module_list_auth[] = { + &mod_pam_yubico, &mod_pam_env, &mod_pam_group, &mod_pam_pkcs11,
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor