From 6ef00250733e80b2ac9a507e70d147060fbc6e62 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaroslav=20=C5=A0karvada?= <jskarvad@redhat.com>
Date: Mon, 4 May 2020 11:46:38 +0200
Subject: [PATCH] Added support for configurable lock file locations and set
 the default path   Resolves: rhbz#1178036

---
 oath-toolkit-2.6.2-lockfile.patch | 195 ++++++++++++++++++++++++++++++
 oath-toolkit.spec                 |   8 +-
 2 files changed, 202 insertions(+), 1 deletion(-)
 create mode 100644 oath-toolkit-2.6.2-lockfile.patch

diff --git a/oath-toolkit-2.6.2-lockfile.patch b/oath-toolkit-2.6.2-lockfile.patch
new file mode 100644
index 0000000..ef672bf
--- /dev/null
+++ b/oath-toolkit-2.6.2-lockfile.patch
@@ -0,0 +1,195 @@
+diff --git a/liboath/global.c b/liboath/global.c
+index 6fb51fd..251ad15 100644
+--- a/liboath/global.c
++++ b/liboath/global.c
+@@ -25,9 +25,12 @@
+ 
+ #include <stdio.h>		/* For snprintf, getline. */
+ #include <string.h>		/* For strverscmp. */
++#include <stdlib.h>		/* For free. */
+ 
+ #include "gc.h"
+ 
++char *oath_lockfile_path = NULL;
++
+ /**
+  * oath_init:
+  *
+@@ -52,6 +55,8 @@ oath_init (void)
+   if (gc_init () != GC_OK)
+     return OATH_CRYPTO_ERROR;
+ 
++  oath_lockfile_path = NULL;
++
+   return OATH_OK;
+ }
+ 
+@@ -71,6 +76,11 @@ oath_done (void)
+ {
+   gc_done ();
+ 
++  if (oath_lockfile_path)
++  {
++    free(oath_lockfile_path);
++    oath_lockfile_path = NULL;
++  }
+   return OATH_OK;
+ }
+ 
+@@ -99,3 +109,23 @@ oath_check_version (const char *req_version)
+ 
+   return NULL;
+ }
++
++int
++oath_set_lockfile_path(const char *lockfile)
++{
++  int l;
++
++  if (oath_lockfile_path)
++  {
++    free(oath_lockfile_path);
++    oath_lockfile_path = NULL;
++  }
++
++  if (lockfile)
++  {
++    l = asprintf (&oath_lockfile_path, "%s", lockfile);
++    if (oath_lockfile_path == NULL || ((size_t) l) != strlen (lockfile))
++        return OATH_PRINTF_ERROR;
++  }
++  return OATH_OK;
++}
+diff --git a/liboath/liboath.map b/liboath/liboath.map
+index 010c512..fd32e07 100644
+--- a/liboath/liboath.map
++++ b/liboath/liboath.map
+@@ -75,6 +75,7 @@ LIBOATH_2.2.0
+   global:
+     oath_totp_validate3;
+     oath_totp_validate3_callback;
++    oath_set_lockfile_path;
+ } LIBOATH_1.12.0;
+ 
+ LIBOATH_2.6.0
+diff --git a/liboath/oath.h b/liboath/oath.h
+index 7819c02..8bb5fc6 100644
+--- a/liboath/oath.h
++++ b/liboath/oath.h
+@@ -136,11 +136,15 @@ typedef enum
+ 
+ /* Global */
+ 
++extern char *oath_lockfile_path;
++
+ extern OATHAPI int oath_init (void);
+ extern OATHAPI int oath_done (void);
+ 
+ extern OATHAPI const char *oath_check_version (const char *req_version);
+ 
++extern OATHAPI int oath_set_lockfile_path(const char *lockfile);
++
+ /* Error handling */
+ 
+ extern OATHAPI const char *oath_strerror (int err);
+diff --git a/liboath/oath.h.in b/liboath/oath.h.in
+index 524e9ac..4d5cddc 100644
+--- a/liboath/oath.h.in
++++ b/liboath/oath.h.in
+@@ -136,11 +136,15 @@ typedef enum
+ 
+ /* Global */
+ 
++extern char *oath_lockfile_path;
++
+ extern OATHAPI int oath_init (void);
+ extern OATHAPI int oath_done (void);
+ 
+ extern OATHAPI const char *oath_check_version (const char *req_version);
+ 
++extern OATHAPI int oath_set_lockfile_path(const char *lockfile);
++
+ /* Error handling */
+ 
+ extern OATHAPI const char *oath_strerror (int err);
+diff --git a/liboath/usersfile.c b/liboath/usersfile.c
+index 3442fd2..066f936 100644
+--- a/liboath/usersfile.c
++++ b/liboath/usersfile.c
+@@ -323,9 +323,18 @@ update_usersfile (const char *usersfile,
+   {
+     int l;
+ 
+-    l = asprintf (&lockfile, "%s.lock", usersfile);
+-    if (lockfile == NULL || ((size_t) l) != strlen (usersfile) + 5)
+-      return OATH_PRINTF_ERROR;
++    if (oath_lockfile_path)
++    {
++      l = asprintf (&lockfile, "%s", oath_lockfile_path);
++      if (lockfile == NULL || ((size_t) l) != strlen (oath_lockfile_path))
++        return OATH_PRINTF_ERROR;
++    }
++    else
++    {
++      l = asprintf (&lockfile, "%s.lock", usersfile);
++      if (lockfile == NULL || ((size_t) l) != strlen (usersfile) + 5)
++        return OATH_PRINTF_ERROR;
++    }
+ 
+     lockfh = fopen (lockfile, "w");
+     if (!lockfh)
+diff --git a/pam_oath/pam_oath.c b/pam_oath/pam_oath.c
+index 57fd33c..aa041e3 100644
+--- a/pam_oath/pam_oath.c
++++ b/pam_oath/pam_oath.c
+@@ -70,6 +70,7 @@ struct cfg
+   int try_first_pass;
+   int use_first_pass;
+   char *usersfile;
++  char *lockfile;
+   unsigned digits;
+   unsigned window;
+ };
+@@ -84,6 +85,7 @@ parse_cfg (int flags, int argc, const char **argv, struct cfg *cfg)
+   cfg->try_first_pass = 0;
+   cfg->use_first_pass = 0;
+   cfg->usersfile = NULL;
++  cfg->lockfile = NULL;
+   cfg->digits = -1;
+   cfg->window = 5;
+ 
+@@ -99,6 +101,8 @@ parse_cfg (int flags, int argc, const char **argv, struct cfg *cfg)
+ 	cfg->use_first_pass = 1;
+       if (strncmp (argv[i], "usersfile=", 10) == 0)
+ 	cfg->usersfile = (char *) argv[i] + 10;
++      if (strncmp (argv[i], "lockfile=", 9) == 0)
++	cfg->lockfile = (char *) argv[i] + 9;
+       if (strncmp (argv[i], "digits=", 7) == 0)
+ 	cfg->digits = atoi (argv[i] + 7);
+       if (strncmp (argv[i], "window=", 7) == 0)
+@@ -124,6 +128,7 @@ parse_cfg (int flags, int argc, const char **argv, struct cfg *cfg)
+       D (("try_first_pass=%d", cfg->try_first_pass));
+       D (("use_first_pass=%d", cfg->use_first_pass));
+       D (("usersfile=%s", cfg->usersfile ? cfg->usersfile : "(null)"));
++      D (("lockfile=%s", cfg->lockfile ? cfg->lockfile : "(null)"));
+       D (("digits=%d", cfg->digits));
+       D (("window=%d", cfg->window));
+     }
+@@ -189,6 +194,17 @@ pam_sm_authenticate (pam_handle_t * pamh,
+       goto done;
+     }
+ 
++  if (cfg.lockfile)
++    rc = oath_set_lockfile_path(cfg.lockfile);
++  else
++    rc = oath_set_lockfile_path("/var/lock/pam_oath.lock");
++  if (rc != OATH_OK)
++    {
++      DBG (("oath_set_lockfile_path() failed (%d)", rc));
++      retval = PAM_AUTHINFO_UNAVAIL;
++      goto done;
++    }
++
+   if (password == NULL)
+     {
+       retval = pam_get_item (pamh, PAM_CONV, (const void **) &conv);
diff --git a/oath-toolkit.spec b/oath-toolkit.spec
index 040a662..71e4357 100644
--- a/oath-toolkit.spec
+++ b/oath-toolkit.spec
@@ -1,6 +1,6 @@
 Name:          oath-toolkit
 Version:       2.6.2
-Release:       4%{?dist}
+Release:       5%{?dist}
 License:       GPLv3+
 Summary:       One-time password components
 BuildRequires: pam-devel, gtk-doc, libtool, libtool-ltdl-devel
@@ -15,6 +15,7 @@ Patch0:        oath-toolkit-2.0.2-man-fix.patch
 Patch1:        oath-toolkit-2.4.1-retain-original-xmldoc.patch
 # rhbz#1605276
 Patch2:        oath-toolkit-2.6.2-build-fix.patch
+Patch3:        oath-toolkit-2.6.2-lockfile.patch
 
 %description
 The OATH Toolkit provide components for building one-time password
@@ -113,6 +114,7 @@ A PAM module for pluggable login authentication for OATH.
 %patch0 -p1 -b .man-fix
 %patch1 -p1 -b .retain-original-xmldoc
 %patch2 -p1 -b .build-fix
+%patch3 -p1 -b .lockfile
 
 %build
 autoreconf -fi
@@ -184,6 +186,10 @@ mkdir -p -m 0600 %{buildroot}%{_sysconfdir}/liboath
 %{_libdir}/security/pam_oath.so
 
 %changelog
+* Mon May  4 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2.6.2-5
+- Added support for configurable lock file locations and set the default path
+  Resolves: rhbz#1178036
+
 * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.2-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild