|
 |
0a6d4e |
diff --git a/liboath/global.c b/liboath/global.c
|
|
|
0a6d4e |
index d442cf3..cfe1cee 100644
|
|
|
0a6d4e |
--- a/liboath/global.c
|
|
|
0a6d4e |
+++ b/liboath/global.c
|
|
|
0a6d4e |
@@ -25,9 +25,12 @@
|
|
|
0a6d4e |
|
|
|
0a6d4e |
#include <stdio.h> /* For snprintf, getline. */
|
|
|
0a6d4e |
#include <string.h> /* For strverscmp. */
|
|
|
0a6d4e |
+#include <stdlib.h> /* For free. */
|
|
|
0a6d4e |
|
|
|
0a6d4e |
#include "gc.h"
|
|
|
0a6d4e |
|
|
|
0a6d4e |
+char *oath_lockfile_path = NULL;
|
|
|
0a6d4e |
+
|
|
|
0a6d4e |
/**
|
|
|
0a6d4e |
* oath_init:
|
|
|
0a6d4e |
*
|
|
|
0a6d4e |
@@ -52,6 +55,8 @@ oath_init (void)
|
|
|
0a6d4e |
if (gc_init () != GC_OK)
|
|
|
0a6d4e |
return OATH_CRYPTO_ERROR;
|
|
|
0a6d4e |
|
|
|
0a6d4e |
+ oath_lockfile_path = NULL;
|
|
|
0a6d4e |
+
|
|
|
0a6d4e |
return OATH_OK;
|
|
|
0a6d4e |
}
|
|
|
0a6d4e |
|
|
|
0a6d4e |
@@ -71,6 +76,11 @@ oath_done (void)
|
|
|
0a6d4e |
{
|
|
|
0a6d4e |
gc_done ();
|
|
|
0a6d4e |
|
|
|
0a6d4e |
+ if (oath_lockfile_path)
|
|
|
0a6d4e |
+ {
|
|
|
0a6d4e |
+ free(oath_lockfile_path);
|
|
|
0a6d4e |
+ oath_lockfile_path = NULL;
|
|
|
0a6d4e |
+ }
|
|
|
0a6d4e |
return OATH_OK;
|
|
|
0a6d4e |
}
|
|
|
0a6d4e |
|
|
|
0a6d4e |
@@ -99,3 +109,23 @@ oath_check_version (const char *req_version)
|
|
|
0a6d4e |
|
|
|
0a6d4e |
return NULL;
|
|
|
0a6d4e |
}
|
|
|
0a6d4e |
+
|
|
|
0a6d4e |
+int
|
|
|
0a6d4e |
+oath_set_lockfile_path(const char *lockfile)
|
|
|
0a6d4e |
+{
|
|
|
0a6d4e |
+ int l;
|
|
|
0a6d4e |
+
|
|
|
0a6d4e |
+ if (oath_lockfile_path)
|
|
|
0a6d4e |
+ {
|
|
|
0a6d4e |
+ free(oath_lockfile_path);
|
|
|
0a6d4e |
+ oath_lockfile_path = NULL;
|
|
|
0a6d4e |
+ }
|
|
|
0a6d4e |
+
|
|
|
0a6d4e |
+ if (lockfile)
|
|
|
0a6d4e |
+ {
|
|
|
0a6d4e |
+ l = asprintf (&oath_lockfile_path, "%s", lockfile);
|
|
|
0a6d4e |
+ if (oath_lockfile_path == NULL || ((size_t) l) != strlen (lockfile))
|
|
|
0a6d4e |
+ return OATH_PRINTF_ERROR;
|
|
|
0a6d4e |
+ }
|
|
|
0a6d4e |
+ return OATH_OK;
|
|
|
0a6d4e |
+}
|
|
|
0a6d4e |
diff --git a/liboath/liboath.map b/liboath/liboath.map
|
|
|
0a6d4e |
index 2f247ff..e8f8cdf 100644
|
|
|
0a6d4e |
--- a/liboath/liboath.map
|
|
|
0a6d4e |
+++ b/liboath/liboath.map
|
|
|
0a6d4e |
@@ -75,6 +75,7 @@ LIBOATH_2.2.0
|
|
|
0a6d4e |
global:
|
|
|
0a6d4e |
oath_totp_validate3;
|
|
|
0a6d4e |
oath_totp_validate3_callback;
|
|
|
0a6d4e |
+ oath_set_lockfile_path;
|
|
|
0a6d4e |
} LIBOATH_1.12.0;
|
|
|
0a6d4e |
|
|
|
0a6d4e |
LIBOATH_2.6.0
|
|
|
0a6d4e |
diff --git a/liboath/oath.h b/liboath/oath.h
|
|
|
0a6d4e |
index fe93b9e..6660fb3 100644
|
|
|
0a6d4e |
--- a/liboath/oath.h
|
|
|
0a6d4e |
+++ b/liboath/oath.h
|
|
|
0a6d4e |
@@ -159,11 +159,15 @@ typedef enum
|
|
|
0a6d4e |
|
|
|
0a6d4e |
/* Global */
|
|
|
0a6d4e |
|
|
|
0a6d4e |
+extern char *oath_lockfile_path;
|
|
|
0a6d4e |
+
|
|
|
0a6d4e |
extern OATHAPI int oath_init (void);
|
|
|
0a6d4e |
extern OATHAPI int oath_done (void);
|
|
|
0a6d4e |
|
|
|
0a6d4e |
extern OATHAPI const char *oath_check_version (const char *req_version);
|
|
|
0a6d4e |
|
|
|
0a6d4e |
+extern OATHAPI int oath_set_lockfile_path(const char *lockfile);
|
|
|
0a6d4e |
+
|
|
|
0a6d4e |
/* Error handling */
|
|
|
0a6d4e |
|
|
|
0a6d4e |
extern OATHAPI const char *oath_strerror (int err);
|
|
|
0a6d4e |
diff --git a/liboath/oath.h.in b/liboath/oath.h.in
|
|
|
0a6d4e |
index eee284c..536cd30 100644
|
|
|
0a6d4e |
--- a/liboath/oath.h.in
|
|
|
0a6d4e |
+++ b/liboath/oath.h.in
|
|
|
0a6d4e |
@@ -159,11 +159,15 @@ typedef enum
|
|
|
0a6d4e |
|
|
|
0a6d4e |
/* Global */
|
|
|
0a6d4e |
|
|
|
0a6d4e |
+extern char *oath_lockfile_path;
|
|
|
0a6d4e |
+
|
|
|
0a6d4e |
extern OATHAPI int oath_init (void);
|
|
|
0a6d4e |
extern OATHAPI int oath_done (void);
|
|
|
0a6d4e |
|
|
|
0a6d4e |
extern OATHAPI const char *oath_check_version (const char *req_version);
|
|
|
0a6d4e |
|
|
|
0a6d4e |
+extern OATHAPI int oath_set_lockfile_path(const char *lockfile);
|
|
|
0a6d4e |
+
|
|
|
0a6d4e |
/* Error handling */
|
|
|
0a6d4e |
|
|
|
0a6d4e |
extern OATHAPI const char *oath_strerror (int err);
|
|
|
0a6d4e |
diff --git a/liboath/usersfile.c b/liboath/usersfile.c
|
|
|
0a6d4e |
index ef03f39..7cc4347 100644
|
|
|
0a6d4e |
--- a/liboath/usersfile.c
|
|
|
0a6d4e |
+++ b/liboath/usersfile.c
|
|
|
0a6d4e |
@@ -323,9 +323,18 @@ update_usersfile (const char *usersfile,
|
|
|
0a6d4e |
{
|
|
|
0a6d4e |
int l;
|
|
|
0a6d4e |
|
|
|
0a6d4e |
- l = asprintf (&lockfile, "%s.lock", usersfile);
|
|
|
0a6d4e |
- if (lockfile == NULL || ((size_t) l) != strlen (usersfile) + 5)
|
|
|
0a6d4e |
- return OATH_PRINTF_ERROR;
|
|
|
0a6d4e |
+ if (oath_lockfile_path)
|
|
|
0a6d4e |
+ {
|
|
|
0a6d4e |
+ l = asprintf (&lockfile, "%s", oath_lockfile_path);
|
|
|
0a6d4e |
+ if (lockfile == NULL || ((size_t) l) != strlen (oath_lockfile_path))
|
|
|
0a6d4e |
+ return OATH_PRINTF_ERROR;
|
|
|
0a6d4e |
+ }
|
|
|
0a6d4e |
+ else
|
|
|
0a6d4e |
+ {
|
|
|
0a6d4e |
+ l = asprintf (&lockfile, "%s.lock", usersfile);
|
|
|
0a6d4e |
+ if (lockfile == NULL || ((size_t) l) != strlen (usersfile) + 5)
|
|
|
0a6d4e |
+ return OATH_PRINTF_ERROR;
|
|
|
0a6d4e |
+ }
|
|
|
0a6d4e |
|
|
|
0a6d4e |
lockfh = fopen (lockfile, "w");
|
|
|
0a6d4e |
if (!lockfh)
|
|
|
0a6d4e |
diff --git a/pam_oath/pam_oath.c b/pam_oath/pam_oath.c
|
|
|
0a6d4e |
index b2afed7..307ffc2 100644
|
|
|
0a6d4e |
--- a/pam_oath/pam_oath.c
|
|
|
0a6d4e |
+++ b/pam_oath/pam_oath.c
|
|
|
0a6d4e |
@@ -75,6 +75,7 @@ struct cfg
|
|
|
0a6d4e |
int try_first_pass;
|
|
|
0a6d4e |
int use_first_pass;
|
|
|
0a6d4e |
char *usersfile;
|
|
|
0a6d4e |
+ char *lockfile;
|
|
|
0a6d4e |
unsigned digits;
|
|
|
0a6d4e |
unsigned window;
|
|
|
0a6d4e |
};
|
|
|
0a6d4e |
@@ -89,6 +90,7 @@ parse_cfg (int flags, int argc, const char **argv, struct cfg *cfg)
|
|
|
0a6d4e |
cfg->try_first_pass = 0;
|
|
|
0a6d4e |
cfg->use_first_pass = 0;
|
|
|
0a6d4e |
cfg->usersfile = NULL;
|
|
|
0a6d4e |
+ cfg->lockfile = NULL;
|
|
|
0a6d4e |
cfg->digits = -1;
|
|
|
0a6d4e |
cfg->window = 5;
|
|
|
0a6d4e |
|
|
|
0a6d4e |
@@ -104,6 +106,8 @@ parse_cfg (int flags, int argc, const char **argv, struct cfg *cfg)
|
|
|
0a6d4e |
cfg->use_first_pass = 1;
|
|
|
0a6d4e |
if (strncmp (argv[i], "usersfile=", 10) == 0)
|
|
|
0a6d4e |
cfg->usersfile = (char *) argv[i] + 10;
|
|
|
0a6d4e |
+ if (strncmp (argv[i], "lockfile=", 9) == 0)
|
|
|
0a6d4e |
+ cfg->lockfile = (char *) argv[i] + 9;
|
|
|
0a6d4e |
if (strncmp (argv[i], "digits=", 7) == 0)
|
|
|
0a6d4e |
cfg->digits = atoi (argv[i] + 7);
|
|
|
0a6d4e |
if (strncmp (argv[i], "window=", 7) == 0)
|
|
|
0a6d4e |
@@ -129,6 +133,7 @@ parse_cfg (int flags, int argc, const char **argv, struct cfg *cfg)
|
|
|
0a6d4e |
D (("try_first_pass=%d", cfg->try_first_pass));
|
|
|
0a6d4e |
D (("use_first_pass=%d", cfg->use_first_pass));
|
|
|
0a6d4e |
D (("usersfile=%s", cfg->usersfile ? cfg->usersfile : "(null)"));
|
|
|
0a6d4e |
+ D (("lockfile=%s", cfg->lockfile ? cfg->lockfile : "(null)"));
|
|
|
0a6d4e |
D (("digits=%d", cfg->digits));
|
|
|
0a6d4e |
D (("window=%d", cfg->window));
|
|
|
0a6d4e |
}
|
|
|
0a6d4e |
@@ -327,6 +332,17 @@ pam_sm_authenticate (pam_handle_t * pamh,
|
|
|
0a6d4e |
goto done;
|
|
|
0a6d4e |
}
|
|
|
0a6d4e |
|
|
|
0a6d4e |
+ if (cfg.lockfile)
|
|
|
0a6d4e |
+ rc = oath_set_lockfile_path(cfg.lockfile);
|
|
|
0a6d4e |
+ else
|
|
|
0a6d4e |
+ rc = oath_set_lockfile_path("/var/lock/pam_oath.lock");
|
|
|
0a6d4e |
+ if (rc != OATH_OK)
|
|
|
0a6d4e |
+ {
|
|
|
0a6d4e |
+ DBG (("oath_set_lockfile_path() failed (%d)", rc));
|
|
|
0a6d4e |
+ retval = PAM_AUTHINFO_UNAVAIL;
|
|
|
0a6d4e |
+ goto done;
|
|
|
0a6d4e |
+ }
|
|
|
0a6d4e |
+
|
|
|
0a6d4e |
if (password == NULL)
|
|
|
0a6d4e |
{
|
|
|
0a6d4e |
retval = pam_get_item (pamh, PAM_CONV, (const void **) &conv;;
|