File pam_yubico.patch of Package pam-config

Overview Repositories Revisions Requests Users Attributes Meta

File pam_yubico.patch of Package pam-config

diff -uNr pam-config-0.88-orig/src/Makefile.am pam-config-0.88/src/Makefile.am
--- pam-config-0.88-orig/src/Makefile.am	2014-08-04 10:46:25.000000000 +0200
+++ pam-config-0.88/src/Makefile.am	2015-06-08 16:06:41.000000000 +0200
@@ -31,7 +31,7 @@
 	mod_pam_csync.c mod_pam_fp.c mod_pam_fprint.c mod_pam_pwhistory.c \
 	mod_pam_selinux.c mod_pam_gnome_keyring.c mod_pam_passwdqc.c \
 	mod_pam_exec.c mod_pam_sss.c mod_pam_fprintd.c mod_pam_systemd.c \
-	mod_pam_ecryptfs.c mod_pam_access.c mod_pam_google_authenticator.c
+	mod_pam_ecryptfs.c mod_pam_access.c mod_pam_google_authenticator.c mod_pam_yubico.c
 
 noinst_HEADERS = pam-config.h pam-module.h
 
diff -uNr pam-config-0.88-orig/src/Makefile.in pam-config-0.88/src/Makefile.in
--- pam-config-0.88-orig/src/Makefile.in	2014-09-25 14:55:47.000000000 +0200
+++ pam-config-0.88/src/Makefile.in	2015-06-08 16:06:41.000000000 +0200
@@ -128,7 +128,7 @@
 	mod_pam_passwdqc.$(OBJEXT) mod_pam_exec.$(OBJEXT) \
 	mod_pam_sss.$(OBJEXT) mod_pam_fprintd.$(OBJEXT) \
 	mod_pam_systemd.$(OBJEXT) mod_pam_ecryptfs.$(OBJEXT) \
-	mod_pam_access.$(OBJEXT) mod_pam_google_authenticator.$(OBJEXT)
+	mod_pam_access.$(OBJEXT) mod_pam_google_authenticator.$(OBJEXT) mod_pam_yubico.$(OBJEXT)
 pam_config_OBJECTS = $(am_pam_config_OBJECTS)
 pam_config_LDADD = $(LDADD)
 AM_V_P = $(am__v_P_@AM_V@)
@@ -355,7 +355,7 @@
 	mod_pam_csync.c mod_pam_fp.c mod_pam_fprint.c mod_pam_pwhistory.c \
 	mod_pam_selinux.c mod_pam_gnome_keyring.c mod_pam_passwdqc.c \
 	mod_pam_exec.c mod_pam_sss.c mod_pam_fprintd.c mod_pam_systemd.c \
-	mod_pam_ecryptfs.c mod_pam_access.c
+	mod_pam_ecryptfs.c mod_pam_access.c mod_pam_yubico.c 
 
 noinst_HEADERS = pam-config.h pam-module.h
 all: all-am
diff -uNr pam-config-0.88-orig/src/mod_pam_yubico.c pam-config-0.88/src/mod_pam_yubico.c
--- pam-config-0.88-orig/src/mod_pam_yubico.c	1970-01-01 01:00:00.000000000 +0100
+++ pam-config-0.88/src/mod_pam_yubico.c	2015-06-09 09:30:51.000000000 +0200
@@ -0,0 +1,102 @@
+/* Copyright (C) 2015 Torsten Gruner
+   Author: Torsten Gruner
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License version 2 as
+   published by the Free Software Foundation.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software Foundation,
+   Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.  */
+
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <sys/stat.h>
+
+#include "pam-config.h"
+#include "pam-module.h"
+
+
+static int 
+fexists (char *name) 
+{
+  struct stat buffer;   
+  return (stat (name, &buffer) == 0); 
+}
+
+static int
+write_config_yubico (pam_module_t *this, enum write_type op, FILE *fp)
+{
+  option_set_t *opt_set = this->get_opt_set (this, op);
+  char *opt;
+  
+  if (debug)
+    debug_write_call (this, op);
+
+  if (!opt_set->is_enabled (opt_set, "is_enabled"))
+    return 0;
+
+  if (op != AUTH)
+    return 0;
+  
+  if (fexists("/etc/pam.d/yubico-required"))
+  {
+    fprintf (fp, "auth\trequired\tpam_yubico.so\t");
+  }
+  else
+  {
+    fprintf (fp, "auth\tsufficient\tpam_yubico.so\t");
+  }
+
+  if ((opt = opt_set->get_opt (opt_set, "mode")))
+  {
+    if (strcmp (opt, "challenge-response") == 0)
+      opt_set->set_opt (opt_set, "mode", opt);
+    else if (strcmp (opt, "client") == 0)
+      opt_set->set_opt (opt_set, "mode", opt);
+    else
+    opt_set->set_opt (opt_set, "mode", "challenge-response");
+  }
+  
+  WRITE_CONFIG_OPTIONS
+
+  return 0;
+}
+
+GETOPT_START_1(AUTH)
+GETOPT_END_1(AUTH)
+
+PRINT_ARGS("yubico")
+PRINT_XMLHELP("yubico")
+
+/* ---- contruct module object ---- */
+DECLARE_BOOL_OPTS_6 (is_enabled, debug, alwaysok, try_first_pass, use_first_pass, verbose_otp);
+DECLARE_STRING_OPTS_14 (mode, chalresp_path, authfile, id, key, urllist, url, capath, ldap_uri, ldapdn, user_attr, yubi_attr, yubi_attr_prefix, token_id_length);
+DECLARE_OPT_SETS;
+
+static module_helptext_t helptext[] = {{"", NULL, "pam_yubico for auth access rules"},
+				       {"", NULL, "Create the file 'yubico-required' in '/etc/pam.d/' to use the control-flag 'required'"},
+				       {"", NULL, "Rename or remove the file 'yubico-required' in '/etc/pam.d/' to use the control-flag 'sufficient'"},
+				       {NULL, NULL, NULL}};
+
+/* at last construct the complete module object */
+pam_module_t mod_pam_yubico = { "pam_yubico.so", opt_sets, helptext,
+			      &def_parse_config,
+			      &def_print_module,
+			      &write_config_yubico,
+			      &get_opt_set,
+			      &getopt,
+			      &print_args,
+			      &print_xmlhelp};
diff -uNr pam-config-0.88-orig/src/pam-module.h pam-config-0.88/src/pam-module.h
--- pam-config-0.88-orig/src/pam-module.h	2014-08-04 10:46:25.000000000 +0200
+++ pam-config-0.88/src/pam-module.h	2015-06-08 16:06:41.000000000 +0200
@@ -85,6 +85,7 @@
 #define INIT_OPT_8(PREFIX,TYPE,DEFAULT,a,b,c,d,e,f,g,h) INIT_OPT_4(PREFIX,TYPE,DEFAULT,a,b,c,d); INIT_OPT_4(PREFIX,TYPE,DEFAULT,e,f,g,h)
 #define INIT_OPT_10(PREFIX,TYPE,DEFAULT,a,b,c,d,e,f,g,h,i,j) INIT_OPT_5(PREFIX,TYPE,DEFAULT,a,b,c,d,e); INIT_OPT_5(PREFIX,TYPE,DEFAULT,f,g,h,i,j)
 #define INIT_OPT_11(PREFIX,TYPE,DEFAULT,a,b,c,d,e,f,g,h,i,j,k) INIT_OPT_6(PREFIX,TYPE,DEFAULT,a,b,c,d,e,f); INIT_OPT_5(PREFIX,TYPE,DEFAULT,g,h,i,j,k)
+#define INIT_OPT_14(PREFIX,TYPE,DEFAULT,a,b,c,d,e,f,g,h,i,j,k,l,m,n) INIT_OPT_8(PREFIX,TYPE,DEFAULT,a,b,c,d,e,f,g,h); INIT_OPT_6(PREFIX,TYPE,DEFAULT,i,j,k,l,m,n)
 #define INIT_OPT_16(PREFIX,TYPE,DEFAULT,a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p) INIT_OPT_8(PREFIX,TYPE,DEFAULT,a,b,c,d,e,f,g,h); INIT_OPT_8(PREFIX,TYPE,DEFAULT,i,j,k,l,m,n,o,p)
 
 #define OPT_SET_START(PREFIX, TYPE) static TYPE ## _option_t * PREFIX ## _ ## TYPE ## _opts[] = {
@@ -100,6 +101,7 @@
 #define OPT_SET_BODY_8(PREFIX, a,b,c,d,e,f,g,h) OPT_SET_BODY_2(PREFIX,a,b), OPT_SET_BODY_6(PREFIX, c,d,e,f,g,h)
 #define OPT_SET_BODY_10(PREFIX, a,b,c,d,e,f,g,h,i,j) OPT_SET_BODY_5(PREFIX,a,b,c,d,e), OPT_SET_BODY_5(PREFIX, f,g,h,i,j)
 #define OPT_SET_BODY_11(PREFIX, a,b,c,d,e,f,g,h,i,j,k) OPT_SET_BODY_5(PREFIX,a,b,c,d,e), OPT_SET_BODY_6(PREFIX, f,g,h,i,j,k)
+#define OPT_SET_BODY_14(PREFIX, a,b,c,d,e,f,g,h,i,j,k,l,m,n) OPT_SET_BODY_8(PREFIX,a,b,c,d,e,f,g,h), OPT_SET_BODY_6(PREFIX, i,j,k,l,m,n)
 #define OPT_SET_BODY_16(PREFIX, a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p) OPT_SET_BODY_8(PREFIX,a,b,c,d,e,f,g,h), OPT_SET_BODY_8(PREFIX, i,j,k,l,m,n,o,p)
 
 #define GENERIC_OPT_SET_1(PREFIX,TYPE,DEFAULT,a)	      INIT_OPT_1(PREFIX, TYPE, DEFAULT, a); \
@@ -146,6 +148,11 @@
 							          OPT_SET_BODY_11(PREFIX,a,b,c,d,e,f,g,h,i,j,k), \
 								  OPT_SET_END
 
+#define GENERIC_OPT_SET_14(PREFIX, TYPE, DEFAULT,a,b,c,d,e,f,g,h,i,j,k,l,m,n)  INIT_OPT_14(PREFIX,TYPE,DEFAULT,a,b,c,d,e,f,g,h,i,j,k,l,m,n); \
+							          OPT_SET_START(PREFIX, TYPE) \
+							          OPT_SET_BODY_14(PREFIX,a,b,c,d,e,f,g,h,i,j,k,l,m,n), \
+								  OPT_SET_END
+
 #define GENERIC_OPT_SET_16(PREFIX, TYPE, DEFAULT,a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p) \
                                                                   INIT_OPT_16(PREFIX,TYPE,DEFAULT,a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p);	\
 							          OPT_SET_START(PREFIX, TYPE) \
@@ -263,7 +270,13 @@
   GENERIC_OPT_SET_11( password,	string, STRING_DEFAULT, OPT_1, OPT_2,OPT_3,OPT_4,OPT_5,OPT_6,OPT_7,OPT_8,OPT_9,OPT_10,OPT_11 ); \
   GENERIC_OPT_SET_11( session,	string, STRING_DEFAULT, OPT_1, OPT_2,OPT_3,OPT_4,OPT_5,OPT_6,OPT_7,OPT_8,OPT_9,OPT_10,OPT_11 );
 
+#define DECLARE_STRING_OPTS_14(OPT_1,OPT_2,OPT_3,OPT_4,OPT_5,OPT_6,OPT_7,OPT_8,OPT_9,OPT_10,OPT_11,OPT_12,OPT_13,OPT_14) \
+  GENERIC_OPT_SET_14( auth,	string, STRING_DEFAULT, OPT_1, OPT_2,OPT_3,OPT_4,OPT_5,OPT_6,OPT_7,OPT_8,OPT_9,OPT_10,OPT_11,OPT_12,OPT_13,OPT_14 ); \
+  GENERIC_OPT_SET_14( account,	string, STRING_DEFAULT, OPT_1, OPT_2,OPT_3,OPT_4,OPT_5,OPT_6,OPT_7,OPT_8,OPT_9,OPT_10,OPT_11,OPT_12,OPT_13,OPT_14 ); \
+  GENERIC_OPT_SET_14( password,	string, STRING_DEFAULT, OPT_1, OPT_2,OPT_3,OPT_4,OPT_5,OPT_6,OPT_7,OPT_8,OPT_9,OPT_10,OPT_11,OPT_12,OPT_13,OPT_14 ); \
+  GENERIC_OPT_SET_14( session,	string, STRING_DEFAULT, OPT_1, OPT_2,OPT_3,OPT_4,OPT_5,OPT_6,OPT_7,OPT_8,OPT_9,OPT_10,OPT_11,OPT_12,OPT_13,OPT_14 );
 
+  
 #define DECLARE_OPT_SETS						\
   static option_set_t auth_opts	    = { auth_bool_opts,	    auth_string_opts,	  &is_enabled, &enable, &get_opt, &set_opt }; \
   static option_set_t account_opts  = { account_bool_opts,  account_string_opts,  &is_enabled, &enable, &get_opt, &set_opt }; \
diff -uNr pam-config-0.88-orig/src/supported-modules.h pam-config-0.88/src/supported-modules.h
--- pam-config-0.88-orig/src/supported-modules.h	2014-09-25 14:33:02.000000000 +0200
+++ pam-config-0.88/src/supported-modules.h	2015-06-09 11:08:06.226640381 +0200
@@ -33,6 +33,7 @@
 extern pam_module_t mod_pam_unix2;
 extern pam_module_t mod_pam_unix;
 extern pam_module_t mod_pam_winbind;
+extern pam_module_t mod_pam_yubico;
 
 
 /* modules for single services only.  */
@@ -78,6 +79,7 @@
   &mod_pam_unix,
   &mod_pam_unix2,
   &mod_pam_winbind,
+  &mod_pam_yubico,
   NULL
 };
 
@@ -96,6 +98,7 @@
 };
 
 static pam_module_t *module_list_auth[] = {
+  &mod_pam_yubico,
   &mod_pam_env,
   &mod_pam_group,
   &mod_pam_pkcs11,

Places

File pam_yubico.patch of Package pam-config

Places