Attachment #167052 for bug #207229




# $FreeBSD$

PORTNAME=	pam_google_authenticator
PORTVERSION=	1.01.20160208
PORTEPOCH=	1
CATEGORIES=	security
MASTER_SITES=	LOCAL/riggs/google-authenticator
DISTNAME=	google-authenticator-${PORTVERSION}

MAINTAINER=	jnlin@csie.nctu.edu.tw
COMMENT=	PAM module for two-step authentication from Google


LICENSE=	APACHE20

USES=		autoreconf gmake libtool
HAS_CONFIGURE=	YES
STEPSIZE_CFLAGS= -DSTEPSIZE

WRKSRC_SUBDIR=  libpam

USE_GITHUB=     yes
GH_ACCOUNT=     google
GH_PROJECT=     google-authenticator
GH_TAGNAME=     195ddc1

PLIST_FILES=	bin/google-authenticator lib/pam_google_authenticator.so

.include <bsd.port.options.mk>

do-install:
	${INSTALL_PROGRAM} ${WRKSRC}/google-authenticator \
		${STAGEDIR}${PREFIX}/bin/google-authenticator
	${INSTALL_LIB} ${WRKSRC}/.libs/pam_google_authenticator.so \
		${STAGEDIR}${PREFIX}/lib/pam_google_authenticator.so

.include <bsd.port.mk>

Lines 1-2 Link Here

(-)distinfo (-2 / +2 lines)
1	SHA256 (google-authenticator-20140826.tar.gz) = 4988bae896fc48c0ffaa471837289adc5afa1ad6c9f7e3df97907fc134fc2e8d	1	SHA256 (google-google-authenticator-1.01.20160208-195ddc1_GH0.tar.gz) = 65c0ec2dea2191337a921e518e24774058fadd55d52f2a21d60371b5d5a0c2a3
2	SIZE (google-authenticator-20140826.tar.gz) = 38302	2	SIZE (google-google-authenticator-1.01.20160208-195ddc1_GH0.tar.gz) = 1791991




--- Makefile.orig	2012-05-14 21:32:53.000000000 -0400
+++ Makefile	2014-08-26 11:26:55.000000000 -0400
@@ -26,8 +26,6 @@
                 echo ' -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT')              \
               -fvisibility=hidden $(CFLAGS)
 DEF_LDFLAGS := $(shell [ `uname` = SunOS ] && echo ' -mimpure-text') $(LDFLAGS)
-LDL_LDFLAGS := $(shell $(CC) -shared -ldl -xc -o /dev/null /dev/null          \
-                       >/dev/null 2>&1 && echo ' -ldl')
 
 all: google-authenticator pam_google_authenticator.so demo                    \
      pam_google_authenticator_unittest
@@ -70,14 +68,14 @@
 	               libpam-google-authenticator-*-source.tar.bz2
 
 google-authenticator: google-authenticator.o base32.o hmac.o sha1.o
-	$(CC) -g $(DEF_LDFLAGS) -o $@ $+ $(LDL_LDFLAGS)
+	$(CC) -g $(DEF_LDFLAGS) -o $@ $+
 
 demo: demo.o pam_google_authenticator_demo.o base32.o hmac.o sha1.o
-	$(CC) -g $(DEF_LDFLAGS) -rdynamic -o $@ $+ $(LDL_LDFLAGS)
+	$(CC) -g $(DEF_LDFLAGS) -rdynamic -o $@ $+
 
 pam_google_authenticator_unittest: pam_google_authenticator_unittest.o        \
                                    base32.o hmac.o sha1.o
-	$(CC) -g $(DEF_LDFLAGS) -rdynamic -o $@ $+ -lc $(LDL_LDFLAGS)
+	$(CC) -g $(DEF_LDFLAGS) -rdynamic -o $@ $+ -lc
 
 pam_google_authenticator.so: base32.o hmac.o sha1.o
 pam_google_authenticator_testing.so: base32.o hmac.o sha1.o




--- pam_google_authenticator.c.orig	2014-01-30 15:17:38.000000000 +0000
+++ pam_google_authenticator.c	2014-11-04 17:05:55.000000000 +0000
@@ -503,10 +503,6 @@
 }
 #endif
 
-static int get_timestamp(void) {
-  return get_time()/30;
-}
-
 static int comparator(const void *a, const void *b) {
   return *(unsigned int *)a - *(unsigned int *)b;
 }
@@ -538,6 +534,41 @@
   return NULL;
 }
 
+#if !defined(STEPSIZE)
+static int get_timestamp(void) {
+  return get_time()/30;
+}
+#else
+static int get_timestamp(pam_handle_t *pamh, const char *secret_filename,
+                       const char *buf) {
+  const char *value = get_cfg_value(pamh, "STEP_SIZE", buf);
+  if (!value) {
+    // Default step size is 30.
+    free((void *)value);
+    return get_time()/30;
+  } else if (value == &oom) {
+    // Out of memory. This is a fatal error.
+    return 0;
+  }
+
+  char *endptr;
+  errno = 0;
+  int step = (int)strtoul(value, &endptr, 10);
+  if (errno || !*value || value == endptr ||
+      (*endptr && *endptr != ' ' && *endptr != '\t' &&
+       *endptr != '\n' && *endptr != '\r') ||
+      step < 1 || step > 60) {
+    free((void *)value);
+    log_message(LOG_ERR, pamh, "Invalid STEP_SIZE option in \"%s\"",
+                secret_filename);
+    return 0;
+  }
+  free((void *)value);
+
+  return get_time()/step;
+}
+#endif
+
 static int set_cfg_value(pam_handle_t *pamh, const char *key, const char *val,
                          char **buf) {
   size_t key_len = strlen(key);
@@ -1162,7 +1193,11 @@
   }
 
   // Compute verification codes and compare them with user input
+#if !defined(STEPSIZE)
   const int tm = get_timestamp();
+#else
+  const int tm = get_timestamp(pamh, secret_filename, *buf);
+#endif
   const char *skew_str = get_cfg_value(pamh, "TIME_SKEW", *buf);
   if (skew_str == &oom) {
     // Out of memory. This is a fatal error

Return to bug 207229

Lines 2-12 Link Here

(-)Makefile (-9 / +11 lines)
2	# $FreeBSD$	2	# $FreeBSD$
3		3
4	PORTNAME= pam_google_authenticator	4	PORTNAME= pam_google_authenticator
5	PORTVERSION= 20140826	5	PORTVERSION= 1.01.20160208
6	PORTREVISION= 1	6	PORTEPOCH= 1
7	CATEGORIES= security	7	CATEGORIES= security
8	MASTER_SITES= LOCAL/riggs/google-authenticator
9	DISTNAME= google-authenticator-${PORTVERSION}
10		8
11	MAINTAINER= jnlin@csie.nctu.edu.tw	9	MAINTAINER= jnlin@csie.nctu.edu.tw
12	COMMENT= PAM module for two-step authentication from Google	10	COMMENT= PAM module for two-step authentication from Google
Lines 13-24 Link Here
13		11
14	LICENSE= APACHE20	12	LICENSE= APACHE20
15		13
16	OPTIONS_DEFINE= STEPSIZE	14	USES= autoreconf gmake libtool
17	STEPSIZE_DESC= Allow time steps other than the default of 30 seconds	15	HAS_CONFIGURE= YES
18	STEPSIZE_CFLAGS= -DSTEPSIZE
19		16
20	USES= gmake	17	WRKSRC_SUBDIR= libpam
21		18
		19	USE_GITHUB= yes
		20	GH_ACCOUNT= google
		21	GH_PROJECT= google-authenticator
		22	GH_TAGNAME= 195ddc1
		23
22	PLIST_FILES= bin/google-authenticator lib/pam_google_authenticator.so	24	PLIST_FILES= bin/google-authenticator lib/pam_google_authenticator.so
23		25
24	.include <bsd.port.options.mk>	26	.include <bsd.port.options.mk>
Lines 26-32 Link Here
26	do-install:	28	do-install:
27	${INSTALL_PROGRAM} ${WRKSRC}/google-authenticator \	29	${INSTALL_PROGRAM} ${WRKSRC}/google-authenticator \
28	${STAGEDIR}${PREFIX}/bin/google-authenticator	30	${STAGEDIR}${PREFIX}/bin/google-authenticator
29	${INSTALL_LIB} ${WRKSRC}/pam_google_authenticator.so \	31	${INSTALL_LIB} ${WRKSRC}/.libs/pam_google_authenticator.so \
30	${STAGEDIR}${PREFIX}/lib/pam_google_authenticator.so	32	${STAGEDIR}${PREFIX}/lib/pam_google_authenticator.so
31		33
32	.include <bsd.port.mk>	34	.include <bsd.port.mk>

Lines 1-29 Link Here

(-)files/patch-Makefile (-29 lines)
1	--- Makefile.orig 2012-05-14 21:32:53.000000000 -0400
2	+++ Makefile 2014-08-26 11:26:55.000000000 -0400
3	@@ -26,8 +26,6 @@
4	echo ' -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT') \
5	-fvisibility=hidden $(CFLAGS)
6	DEF_LDFLAGS := $(shell [ `uname` = SunOS ] && echo ' -mimpure-text') $(LDFLAGS)
7	-LDL_LDFLAGS := $(shell $(CC) -shared -ldl -xc -o /dev/null /dev/null \
8	- >/dev/null 2>&1 && echo ' -ldl')
9
10	all: google-authenticator pam_google_authenticator.so demo \
11	pam_google_authenticator_unittest
12	@@ -70,14 +68,14 @@
13	libpam-google-authenticator-*-source.tar.bz2
14
15	google-authenticator: google-authenticator.o base32.o hmac.o sha1.o
16	- $(CC) -g $(DEF_LDFLAGS) -o $@ $+ $(LDL_LDFLAGS)
17	+ $(CC) -g $(DEF_LDFLAGS) -o $@ $+
18
19	demo: demo.o pam_google_authenticator_demo.o base32.o hmac.o sha1.o
20	- $(CC) -g $(DEF_LDFLAGS) -rdynamic -o $@ $+ $(LDL_LDFLAGS)
21	+ $(CC) -g $(DEF_LDFLAGS) -rdynamic -o $@ $+
22
23	pam_google_authenticator_unittest: pam_google_authenticator_unittest.o \
24	base32.o hmac.o sha1.o
25	- $(CC) -g $(DEF_LDFLAGS) -rdynamic -o $@ $+ -lc $(LDL_LDFLAGS)
26	+ $(CC) -g $(DEF_LDFLAGS) -rdynamic -o $@ $+ -lc
27
28	pam_google_authenticator.so: base32.o hmac.o sha1.o
29	pam_google_authenticator_testing.so: base32.o hmac.o sha1.o

Lines 1-67 Link Here

(-)files/patch-pam_google_authenticator.c (-67 lines)
1	--- pam_google_authenticator.c.orig 2014-01-30 15:17:38.000000000 +0000
2	+++ pam_google_authenticator.c 2014-11-04 17:05:55.000000000 +0000
3	@@ -503,10 +503,6 @@
4	}
5	#endif
6
7	-static int get_timestamp(void) {
8	- return get_time()/30;
9	-}
10	-
11	static int comparator(const void a, const void b) {
12	return (unsigned int )a - (unsigned int )b;
13	}
14	@@ -538,6 +534,41 @@
15	return NULL;
16	}
17
18	+#if !defined(STEPSIZE)
19	+static int get_timestamp(void) {
20	+ return get_time()/30;
21	+}
22	+#else
23	+static int get_timestamp(pam_handle_t pamh, const char secret_filename,
24	+ const char *buf) {
25	+ const char *value = get_cfg_value(pamh, "STEP_SIZE", buf);
26	+ if (!value) {
27	+ // Default step size is 30.
28	+ free((void *)value);
29	+ return get_time()/30;
30	+ } else if (value == &oom) {
31	+ // Out of memory. This is a fatal error.
32	+ return 0;
33	+ }
34	+
35	+ char *endptr;
36	+ errno = 0;
37	+ int step = (int)strtoul(value, &endptr, 10);
38	+ if (errno \|\| !*value \|\| value == endptr \|\|
39	+ (endptr && endptr != ' ' && *endptr != '\t' &&
40	+ endptr != '\n' && endptr != '\r') \|\|
41	+ step < 1 \|\| step > 60) {
42	+ free((void *)value);
43	+ log_message(LOG_ERR, pamh, "Invalid STEP_SIZE option in \"%s\"",
44	+ secret_filename);
45	+ return 0;
46	+ }
47	+ free((void *)value);
48	+
49	+ return get_time()/step;
50	+}
51	+#endif
52	+
53	static int set_cfg_value(pam_handle_t pamh, const char key, const char *val,
54	char **buf) {
55	size_t key_len = strlen(key);
56	@@ -1162,7 +1193,11 @@
57	}
58
59	// Compute verification codes and compare them with user input
60	+#if !defined(STEPSIZE)
61	const int tm = get_timestamp();
62	+#else
63	+ const int tm = get_timestamp(pamh, secret_filename, *buf);
64	+#endif
65	const char skew_str = get_cfg_value(pamh, "TIME_SKEW", buf);
66	if (skew_str == &oom) {
67	// Out of memory. This is a fatal error