diff --git a/.oath-toolkit.metadata b/.oath-toolkit.metadata new file mode 100644 index 0000000..78e1a7f --- /dev/null +++ b/.oath-toolkit.metadata @@ -0,0 +1 @@ +43daea1daab55ff3d5282fdcaec5f23764ff8fb4 SOURCES/oath-toolkit-2.6.7.tar.gz diff --git a/SOURCES/oath-toolkit-2.6.7-lockfile.patch b/SOURCES/oath-toolkit-2.6.7-lockfile.patch new file mode 100644 index 0000000..0cd459a --- /dev/null +++ b/SOURCES/oath-toolkit-2.6.7-lockfile.patch @@ -0,0 +1,195 @@ +diff --git a/liboath/global.c b/liboath/global.c +index d442cf3..cfe1cee 100644 +--- a/liboath/global.c ++++ b/liboath/global.c +@@ -25,9 +25,12 @@ + + #include /* For snprintf, getline. */ + #include /* For strverscmp. */ ++#include /* For free. */ + + #include "gc.h" + ++char *oath_lockfile_path = NULL; ++ + /** + * oath_init: + * +@@ -52,6 +55,8 @@ oath_init (void) + if (gc_init () != GC_OK) + return OATH_CRYPTO_ERROR; + ++ oath_lockfile_path = NULL; ++ + return OATH_OK; + } + +@@ -71,6 +76,11 @@ oath_done (void) + { + gc_done (); + ++ if (oath_lockfile_path) ++ { ++ free(oath_lockfile_path); ++ oath_lockfile_path = NULL; ++ } + return OATH_OK; + } + +@@ -99,3 +109,23 @@ oath_check_version (const char *req_version) + + return NULL; + } ++ ++int ++oath_set_lockfile_path(const char *lockfile) ++{ ++ int l; ++ ++ if (oath_lockfile_path) ++ { ++ free(oath_lockfile_path); ++ oath_lockfile_path = NULL; ++ } ++ ++ if (lockfile) ++ { ++ l = asprintf (&oath_lockfile_path, "%s", lockfile); ++ if (oath_lockfile_path == NULL || ((size_t) l) != strlen (lockfile)) ++ return OATH_PRINTF_ERROR; ++ } ++ return OATH_OK; ++} +diff --git a/liboath/liboath.map b/liboath/liboath.map +index 2f247ff..e8f8cdf 100644 +--- a/liboath/liboath.map ++++ b/liboath/liboath.map +@@ -75,6 +75,7 @@ LIBOATH_2.2.0 + global: + oath_totp_validate3; + oath_totp_validate3_callback; ++ oath_set_lockfile_path; + } LIBOATH_1.12.0; + + LIBOATH_2.6.0 +diff --git a/liboath/oath.h b/liboath/oath.h +index fe93b9e..6660fb3 100644 +--- a/liboath/oath.h ++++ b/liboath/oath.h +@@ -159,11 +159,15 @@ typedef enum + + /* Global */ + ++extern char *oath_lockfile_path; ++ + extern OATHAPI int oath_init (void); + extern OATHAPI int oath_done (void); + + extern OATHAPI const char *oath_check_version (const char *req_version); + ++extern OATHAPI int oath_set_lockfile_path(const char *lockfile); ++ + /* Error handling */ + + extern OATHAPI const char *oath_strerror (int err); +diff --git a/liboath/oath.h.in b/liboath/oath.h.in +index eee284c..536cd30 100644 +--- a/liboath/oath.h.in ++++ b/liboath/oath.h.in +@@ -159,11 +159,15 @@ typedef enum + + /* Global */ + ++extern char *oath_lockfile_path; ++ + extern OATHAPI int oath_init (void); + extern OATHAPI int oath_done (void); + + extern OATHAPI const char *oath_check_version (const char *req_version); + ++extern OATHAPI int oath_set_lockfile_path(const char *lockfile); ++ + /* Error handling */ + + extern OATHAPI const char *oath_strerror (int err); +diff --git a/liboath/usersfile.c b/liboath/usersfile.c +index ef03f39..7cc4347 100644 +--- a/liboath/usersfile.c ++++ b/liboath/usersfile.c +@@ -323,9 +323,18 @@ update_usersfile (const char *usersfile, + { + int l; + +- l = asprintf (&lockfile, "%s.lock", usersfile); +- if (lockfile == NULL || ((size_t) l) != strlen (usersfile) + 5) +- return OATH_PRINTF_ERROR; ++ if (oath_lockfile_path) ++ { ++ l = asprintf (&lockfile, "%s", oath_lockfile_path); ++ if (lockfile == NULL || ((size_t) l) != strlen (oath_lockfile_path)) ++ return OATH_PRINTF_ERROR; ++ } ++ else ++ { ++ l = asprintf (&lockfile, "%s.lock", usersfile); ++ if (lockfile == NULL || ((size_t) l) != strlen (usersfile) + 5) ++ return OATH_PRINTF_ERROR; ++ } + + lockfh = fopen (lockfile, "w"); + if (!lockfh) +diff --git a/pam_oath/pam_oath.c b/pam_oath/pam_oath.c +index b2afed7..307ffc2 100644 +--- a/pam_oath/pam_oath.c ++++ b/pam_oath/pam_oath.c +@@ -75,6 +75,7 @@ struct cfg + int try_first_pass; + int use_first_pass; + char *usersfile; ++ char *lockfile; + unsigned digits; + unsigned window; + }; +@@ -89,6 +90,7 @@ parse_cfg (int flags, int argc, const char **argv, struct cfg *cfg) + cfg->try_first_pass = 0; + cfg->use_first_pass = 0; + cfg->usersfile = NULL; ++ cfg->lockfile = NULL; + cfg->digits = -1; + cfg->window = 5; + +@@ -104,6 +106,8 @@ parse_cfg (int flags, int argc, const char **argv, struct cfg *cfg) + cfg->use_first_pass = 1; + if (strncmp (argv[i], "usersfile=", 10) == 0) + cfg->usersfile = (char *) argv[i] + 10; ++ if (strncmp (argv[i], "lockfile=", 9) == 0) ++ cfg->lockfile = (char *) argv[i] + 9; + if (strncmp (argv[i], "digits=", 7) == 0) + cfg->digits = atoi (argv[i] + 7); + if (strncmp (argv[i], "window=", 7) == 0) +@@ -129,6 +133,7 @@ parse_cfg (int flags, int argc, const char **argv, struct cfg *cfg) + D (("try_first_pass=%d", cfg->try_first_pass)); + D (("use_first_pass=%d", cfg->use_first_pass)); + D (("usersfile=%s", cfg->usersfile ? cfg->usersfile : "(null)")); ++ D (("lockfile=%s", cfg->lockfile ? cfg->lockfile : "(null)")); + D (("digits=%d", cfg->digits)); + D (("window=%d", cfg->window)); + } +@@ -327,6 +332,17 @@ pam_sm_authenticate (pam_handle_t * pamh, + goto done; + } + ++ if (cfg.lockfile) ++ rc = oath_set_lockfile_path(cfg.lockfile); ++ else ++ rc = oath_set_lockfile_path("/var/lock/pam_oath.lock"); ++ if (rc != OATH_OK) ++ { ++ DBG (("oath_set_lockfile_path() failed (%d)", rc)); ++ retval = PAM_AUTHINFO_UNAVAIL; ++ goto done; ++ } ++ + if (password == NULL) + { + retval = pam_get_item (pamh, PAM_CONV, (const void **) &conv); diff --git a/SPECS/oath-toolkit.spec b/SPECS/oath-toolkit.spec new file mode 100644 index 0000000..87f4eed --- /dev/null +++ b/SPECS/oath-toolkit.spec @@ -0,0 +1,316 @@ +Name: oath-toolkit +Version: 2.6.7 +Release: 3%{?dist} +License: GPLv3+ +Summary: One-time password components +BuildRequires: make +BuildRequires: pam-devel +BuildRequires: gtk-doc +BuildRequires: libtool +BuildRequires: libtool-ltdl-devel +BuildRequires: xmlsec1-devel +BuildRequires: xmlsec1-openssl-devel +BuildRequires: autoconf +BuildRequires: automake +Source0: https://download.savannah.nongnu.org/releases/%{name}/%{name}-%{version}.tar.gz +URL: https://www.nongnu.org/oath-toolkit/ +Patch0: oath-toolkit-2.6.7-lockfile.patch + +%description +The OATH Toolkit provide components for building one-time password +authentication systems. It contains shared libraries, command line tools and a +PAM module. Supported technologies include the event-based HOTP algorithm +(RFC4226) and the time-based TOTP algorithm (RFC6238). OATH stands for Open +AuTHentication, which is the organization that specify the algorithms. For +managing secret key files, the Portable Symmetric Key Container (PSKC) format +described in RFC6030 is supported. + +%package -n liboath +Summary: Library for OATH handling +License: LGPLv2+ +# https://fedorahosted.org/fpc/ticket/174 +Provides: bundled(gnulib) + +%description -n liboath +OATH stands for Open AuTHentication, which is the organization that +specify the algorithms. Supported technologies include the event-based +HOTP algorithm (RFC4226) and the time-based TOTP algorithm (RFC6238). + +%package -n liboath-devel +Summary: Development files for liboath +License: LGPLv2+ +Requires: liboath%{?_isa} = %{version}-%{release} + +%description -n liboath-devel +Development files for liboath. + +%package -n liboath-doc +Summary: Documentation files for liboath +License: LGPLv2+ +Requires: liboath = %{version}-%{release} +Requires: gtk-doc +BuildArch: noarch + +%description -n liboath-doc +Documentation files for liboath. + +%package -n libpskc +Summary: Library for PSKC handling +License: LGPLv2+ +Requires: xml-common +# https://fedorahosted.org/fpc/ticket/174 +Provides: bundled(gnulib) + +%description -n libpskc +Library for managing secret key files, the Portable Symmetric Key +Container (PSKC) format described in RFC6030 is supported. + +%package -n libpskc-devel +Summary: Development files for libpskc +License: LGPLv2+ +Requires: libpskc%{?_isa} = %{version}-%{release} + +%description -n libpskc-devel +Development files for libpskc. + +%package -n libpskc-doc +Summary: Documentation files for libpskc +License: LGPLv2+ +Requires: libpskc = %{version}-%{release} +Requires: gtk-doc +BuildArch: noarch + +%description -n libpskc-doc +Documentation files for libpskc. + +%package -n oathtool +Summary: A command line tool for generating and validating OTPs +License: GPLv3+ +# https://fedorahosted.org/fpc/ticket/174 +Provides: bundled(gnulib) + +%description -n oathtool +A command line tool for generating and validating OTPs. + +%package -n pskctool +Summary: A command line tool for manipulating PSKC data +# https://fedorahosted.org/fpc/ticket/174 +Provides: bundled(gnulib) +Requires: xmlsec1-openssl%{?_isa} + +%description -n pskctool +A command line tool for manipulating PSKC data. + +%package -n pam_oath +Summary: A PAM module for pluggable login authentication for OATH +Requires: pam + +%description -n pam_oath +A PAM module for pluggable login authentication for OATH. + +%prep +%setup -q +%patch0 -p1 -b .lockfile + +%build +autoreconf -fi +%configure --with-pam-dir=%{_libdir}/security + +# Kill rpaths and link with --as-needed +for d in liboath libpskc pskctool oathtool pam_oath +do + sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' $d/libtool + sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' $d/libtool + sed -i 's| -shared | -Wl,--as-needed\0|g' $d/libtool +done + +make %{?_smp_mflags} + +%install +make %{?_smp_mflags} DESTDIR=%{buildroot} install + +# Remove static objects and libtool files +rm -f %{buildroot}%{_libdir}/*.{a,la} +rm -f %{buildroot}%{_libdir}/security/*.la + +# Make /etc/liboath directory +mkdir -p -m 0600 %{buildroot}%{_sysconfdir}/liboath + +%ldconfig_scriptlets -n liboath + +%ldconfig_scriptlets -n libpskc + +%files -n liboath +%doc liboath/COPYING +%attr(0600, root, root) %dir %{_sysconfdir}/liboath +%{_libdir}/liboath.so.* + +%files -n liboath-devel +%{_includedir}/liboath +%{_libdir}/liboath.so +%{_libdir}/pkgconfig/liboath.pc + +%files -n liboath-doc +%{_mandir}/man3/oath* +%{_datadir}/gtk-doc/html/liboath/* + +%files -n libpskc +%doc libpskc/README +%{_libdir}/libpskc.so.* +%{_datadir}/xml/pskc + +%files -n libpskc-devel +%{_includedir}/pskc +%{_libdir}/libpskc.so +%{_libdir}/pkgconfig/libpskc.pc + +%files -n libpskc-doc +%{_mandir}/man3/pskc* +%{_datadir}/gtk-doc/html/libpskc/* + +%files -n oathtool +%doc oathtool/COPYING +%{_bindir}/oathtool +%{_mandir}/man1/oathtool.* + +%files -n pskctool +%{_bindir}/pskctool +%{_mandir}/man1/pskctool.* + +%files -n pam_oath +%doc pam_oath/README pam_oath/COPYING +%{_libdir}/security/pam_oath.so + +%changelog +* Wed Sep 15 2021 Kaleb S. KEITHLEY - 2.6.7-3 +- rebuild with git+lookaside + +* Thu Jul 22 2021 Fedora Release Engineering - 2.6.7-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Mon May 3 2021 Jaroslav Škarvada - 2.6.7-1 +- New version + Resolves: rhbz#1955967 + +* Tue Jan 26 2021 Fedora Release Engineering - 2.6.6-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Wed Jan 20 2021 Jaroslav Škarvada - 2.6.6-1 +- New version + Resolves: rhbz#1918498 +- Updated source URL + +* Mon Jan 4 2021 Jaroslav Škarvada - 2.6.5-1 +- New version + Resolves: rhbz#1911419 + +* Thu Nov 12 2020 Jaroslav Škarvada - 2.6.4-1 +- New version + Resolves: rhbz#1896920 + +* Mon Nov 9 2020 Jaroslav Škarvada - 2.6.3-1 +- New version + Resolves: rhbz#1895618 + +* Tue Jul 28 2020 Fedora Release Engineering - 2.6.2-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Mon May 4 2020 Jaroslav Škarvada - 2.6.2-5 +- Added support for configurable lock file locations and set the default path + Resolves: rhbz#1178036 + +* Wed Jan 29 2020 Fedora Release Engineering - 2.6.2-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Thu Jul 25 2019 Fedora Release Engineering - 2.6.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Fri Feb 01 2019 Fedora Release Engineering - 2.6.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Fri Jul 20 2018 Jaroslav Škarvada - 2.6.2-1 +- New version +- Fixed FTBFS + Resolves: rhbz#1605276 + +* Fri Jul 13 2018 Fedora Release Engineering - 2.6.1-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Thu Feb 08 2018 Fedora Release Engineering - 2.6.1-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Thu Aug 03 2017 Fedora Release Engineering - 2.6.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 2.6.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Sat Feb 11 2017 Fedora Release Engineering - 2.6.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Thu Feb 04 2016 Fedora Release Engineering - 2.6.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Tue Aug 4 2015 Jaroslav Škarvada - 2.6.1-1 +- New version + +* Wed Jun 17 2015 Fedora Release Engineering - 2.6.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Thu May 21 2015 Jaroslav Škarvada - 2.6.0-1 +- New version +- Dropped strdup-null-check patch (upstreamed) + +* Fri Jan 30 2015 Jaroslav Škarvada - 2.4.1-9 +- Fixed invalid reads in libpskc due to references to old (freed) xmlDoc + (by retain-original-xmldoc patch), patch provided by David Woodhouse + Resolves: rhbz#1129491 + +* Tue Nov 11 2014 Jaroslav Škarvada - 2.4.1-8 +- Removed RHEL conditionals (not needed any more) + +* Fri Nov 7 2014 Jaroslav Škarvada - 2.4.1-7 +- Added check for strdup failure (by strdup-null-check patch) + Resolves: rhbz#1161360 + +* Sun Aug 17 2014 Fedora Release Engineering - 2.4.1-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Tue Aug 5 2014 Jaroslav Škarvada - 2.4.1-5 +- Added support for RHEL (i.e. no PSKC yet on RHEL) + +* Sat Jun 07 2014 Fedora Release Engineering - 2.4.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Thu Feb 20 2014 Jaroslav Škarvada - 2.4.1-3 +- Added xmlsec1-openssl to requires + Resolves: rhbz#1066477 + +* Mon Feb 17 2014 Jaroslav Škarvada - 2.4.1-2 +- Added xmlsec1-openssl-devel to buildrequires + +* Thu Feb 13 2014 Jaroslav Škarvada - 2.4.1-1 +- New version + Resolves: rhbz#1064764 + +* Sat Aug 03 2013 Fedora Release Engineering - 2.4.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Tue Jul 23 2013 Jaroslav Škarvada - 2.4.0-1 +- New version + Resolves: rhbz#987378 + +* Wed Jul 10 2013 Jaroslav Škarvada - 2.2.0-1 +- New version + Resolves: rhbz#982986 + +* Wed Jun 5 2013 Jaroslav Škarvada - 2.0.2-3 +- Fixed requirements according to reviewer comments +- Linked with --as-needed +- Fixed man pages (by man-fix patch) + +* Mon Apr 8 2013 Jaroslav Škarvada - 2.0.2-2 +- Added /etc/liboath directory to hold configuration / user lists + +* Sun Apr 07 2013 Jaroslav Škarvada - 2.0.2-1 +- Initial version