[packages/pam-pam_google-authenticator] - updated to 1.09

hawk hawk at pld-linux.org
Fri Jun 26 18:24:24 CEST 2020 

commit 0ca965930bfddc28043f4401c580ac48e5842e05
Author: Marcin Krol <hawk at tld-linux.org>
Date:   Fri Jun 26 18:22:51 2020 +0200

    - updated to 1.09

 ...-privs-option-to-manage-secret-files-as-r.patch | 47 ----------------
 ...sion-of-PAM-environment-variables-in-secr.patch | 62 ----------------------
 pam-pam_google-authenticator.spec                  |  8 +--
 3 files changed, 2 insertions(+), 115 deletions(-)
---
diff --git a/pam-pam_google-authenticator.spec b/pam-pam_google-authenticator.spec
index 87dc404..7984c0d 100644
--- a/pam-pam_google-authenticator.spec
+++ b/pam-pam_google-authenticator.spec
@@ -6,14 +6,12 @@
 
 Summary:	PAM module for One-time passcode support using open standards
 Name:		pam-pam_google-authenticator
-Version:	1.04
+Version:	1.09
 Release:	1
 License:	Apache v2.0
 Group:		Libraries
 Source0:	https://github.com/google/google-authenticator-libpam/archive/%{version}/google-authenticator-libpam-%{version}.tar.gz
-# Source0-md5:	4b08a0a5dca2835499c790d67bf8f736
-Patch1:		0001-Add-no-drop-privs-option-to-manage-secret-files-as-r.patch
-Patch2:		0002-Allow-expansion-of-PAM-environment-variables-in-secr.patch
+# Source0-md5:	c0a5624f53d64f851775fe7e94732651
 URL:		https://github.com/google/google-authenticator-libpam
 BuildRequires:	autoconf
 BuildRequires:	automake
@@ -37,8 +35,6 @@ algorithm specified in RFC 4226 and the Time-based One-time Password
 
 %prep
 %setup -q -n google-authenticator-libpam-%{version}
-#%patch1 -p1
-#%patch2 -p1
 
 %build
 %{__aclocal} -I build
diff --git a/0001-Add-no-drop-privs-option-to-manage-secret-files-as-r.patch b/0001-Add-no-drop-privs-option-to-manage-secret-files-as-r.patch
deleted file mode 100644
index fe53f5c..0000000
--- a/0001-Add-no-drop-privs-option-to-manage-secret-files-as-r.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From b9dba3310e01a378014520d23e05ed432d0f8266 Mon Sep 17 00:00:00 2001
-From: David Woodhouse <David.Woodhouse at intel.com>
-Date: Sun, 11 Sep 2011 23:10:16 +0100
-Subject: [PATCH] Add no-drop-privs option to manage secret files as root
-
----
- libpam/pam_google_authenticator.c |   10 +++++++---
- 1 files changed, 7 insertions(+), 3 deletions(-)
-
-diff --git a/libpam/pam_google_authenticator.c b/libpam/pam_google_authenticator.c
-index c6b8e58..1b83c38 100644
---- a/src/pam_google_authenticator.c
-+++ b/src/pam_google_authenticator.c
-@@ -60,6 +60,7 @@ typedef struct Params {
-   const char *secret_filename_spec;
-   int        noskewadj;
-   int        echocode;
-+  int        no_drop_privs;
- } Params;
- 
- static char oom;
-@@ -1083,6 +1084,8 @@ static int parse_args(pam_handle_t *pamh, int argc, const char **argv,
-       params->noskewadj = 1;
-     } else if (!strcmp(argv[i], "echo-verification-code")) {
-       params->echocode = PAM_PROMPT_ECHO_ON;
-+    } else if (!strcmp(argv[i], "no-drop-privs")) {
-+      params->no_drop_privs = 1;
-     } else {
-       log_message(LOG_ERR, pamh, "Unrecognized option \"%s\"", argv[i]);
-       return -1;
-@@ -1118,9 +1121,10 @@ static int google_authenticator(pam_handle_t *pamh, int flags,
-   int updated = 0;
-   if ((username = get_user_name(pamh)) &&
-       (secret_filename = get_secret_filename(pamh, &params, username, &uid)) &&
--      (old_uid = drop_privileges(pamh, username, uid)) >= 0 &&
--      (fd = open_secret_file(pamh, secret_filename, username, uid,
--                             &filesize, &mtime)) >= 0 &&
-+      (params.no_drop_privs ||
-+       (old_uid = drop_privileges(pamh, username, uid))) >= 0 &&
-+      (fd = open_secret_file(pamh, secret_filename, params.no_drop_privs?"root":username,
-+			     params.no_drop_privs?0:uid, &filesize, &mtime)) >= 0 &&
-       (buf = read_file_contents(pamh, secret_filename, &fd, filesize)) &&
-       (secret = get_shared_secret(pamh, secret_filename, buf, &secretLen)) &&
-       (rate_limit(pamh, secret_filename, &updated, &buf) >= 0) &&
--- 
-1.7.6
-
diff --git a/0002-Allow-expansion-of-PAM-environment-variables-in-secr.patch b/0002-Allow-expansion-of-PAM-environment-variables-in-secr.patch
deleted file mode 100644
index 2b3c599..0000000
--- a/0002-Allow-expansion-of-PAM-environment-variables-in-secr.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From 82eae28e2fd4f7ddfcbc185c7478db5806b4b4ea Mon Sep 17 00:00:00 2001
-From: David Woodhouse <David.Woodhouse at intel.com>
-Date: Mon, 26 Sep 2011 23:55:55 +0100
-Subject: [PATCH 2/2] Allow expansion of PAM environment variables in secret
- file name
-
-https://bugzilla.mindrot.org/show_bug.cgi?id=983#c43 makes OpenSSH set
-a PAM environment variable indicating which SSH public key was used to
-authenticate. This lets Google Authenticator use that information (or
-anything else in PAM environment variables) to select an appropriate
-secret file.
----
- libpam/Makefile                   |    4 ++--
- libpam/pam_google_authenticator.c |   13 ++++++++++++-
- 2 files changed, 14 insertions(+), 3 deletions(-)
-
-diff --git a/libpam/Makefile b/libpam/Makefile
-index 9137d68..fbe93a8 100644
---- a/libpam/Makefile
-+++ b/libpam/Makefile
-@@ -60,7 +60,7 @@ google-authenticator: google-authenticator.o base32.o hmac.o sha1.o
- 	      echo " -ldl") -o $@ $+
- 
- demo: demo.o pam_google_authenticator_demo.o base32.o hmac.o sha1.o
--	$(CC) -g $(DEF_LDFLAGS) -rdynamic                                     \
-+	$(CC) -g $(DEF_LDFLAGS) -rdynamic -lpam                                    \
- 	      $(shell [ -f /usr/lib/libdl.so ] && echo " -ldl") -o $@ $+
- 
- pam_google_authenticator_unittest: pam_google_authenticator_unittest.o        \
-@@ -92,4 +92,4 @@ sha1.o: sha1.c sha1.h
- .c.o:
- 	$(CC) --std=gnu99 -Wall -O2 -g -fPIC -c $(DEF_CFLAGS) -o $@ $<
- .o.so:
--	$(CC) -shared -g $(DEF_LDFLAGS) -o $@ $+
-+	$(CC) -shared -g $(DEF_LDFLAGS) -lpam -o $@ $+
-diff --git a/libpam/pam_google_authenticator.c b/libpam/pam_google_authenticator.c
-index 1b83c38..4708c1e 100644
---- a/libpam/pam_google_authenticator.c
-+++ b/libpam/pam_google_authenticator.c
-@@ -170,7 +170,18 @@ static char *get_secret_filename(pam_handle_t *pamh, const Params *params,
-       subst = pw->pw_dir;
-       var = cur;
-     } else if (secret_filename[offset] == '$') {
--      if (!memcmp(cur, "${HOME}", 7)) {
-+      if (!memcmp(cur, "${PAM:", 6)) {
-+	char *cls = strchr(cur + 6, '}');
-+	if (cls) {
-+	  char *envname = strndup(cur + 6, cls - cur - 6);
-+	  subst = pam_getenv(pamh, envname);
-+	  if (!subst)
-+	    subst = "";
-+	  free (envname);
-+	  var = cur;
-+	  var_len = cls - cur + 1;
-+	}
-+      } else if (!memcmp(cur, "${HOME}", 7)) {
-         var_len = 7;
-         subst = pw->pw_dir;
-         var = cur;
--- 
-1.7.6.2
-
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/pam-pam_google-authenticator.git/commitdiff/0ca965930bfddc28043f4401c580ac48e5842e05

More information about the pld-cvs-commit mailing list