Added support for configurable lock file locations and set the default path

Resolves: rhbz#1178036
epel9
Jaroslav Škarvada 5 years ago
parent e66d35a6db
commit 6ef0025073

@ -0,0 +1,195 @@
diff --git a/liboath/global.c b/liboath/global.c
index 6fb51fd..251ad15 100644
--- a/liboath/global.c
+++ b/liboath/global.c
@@ -25,9 +25,12 @@
#include <stdio.h> /* For snprintf, getline. */
#include <string.h> /* For strverscmp. */
+#include <stdlib.h> /* For free. */
#include "gc.h"
+char *oath_lockfile_path = NULL;
+
/**
* oath_init:
*
@@ -52,6 +55,8 @@ oath_init (void)
if (gc_init () != GC_OK)
return OATH_CRYPTO_ERROR;
+ oath_lockfile_path = NULL;
+
return OATH_OK;
}
@@ -71,6 +76,11 @@ oath_done (void)
{
gc_done ();
+ if (oath_lockfile_path)
+ {
+ free(oath_lockfile_path);
+ oath_lockfile_path = NULL;
+ }
return OATH_OK;
}
@@ -99,3 +109,23 @@ oath_check_version (const char *req_version)
return NULL;
}
+
+int
+oath_set_lockfile_path(const char *lockfile)
+{
+ int l;
+
+ if (oath_lockfile_path)
+ {
+ free(oath_lockfile_path);
+ oath_lockfile_path = NULL;
+ }
+
+ if (lockfile)
+ {
+ l = asprintf (&oath_lockfile_path, "%s", lockfile);
+ if (oath_lockfile_path == NULL || ((size_t) l) != strlen (lockfile))
+ return OATH_PRINTF_ERROR;
+ }
+ return OATH_OK;
+}
diff --git a/liboath/liboath.map b/liboath/liboath.map
index 010c512..fd32e07 100644
--- a/liboath/liboath.map
+++ b/liboath/liboath.map
@@ -75,6 +75,7 @@ LIBOATH_2.2.0
global:
oath_totp_validate3;
oath_totp_validate3_callback;
+ oath_set_lockfile_path;
} LIBOATH_1.12.0;
LIBOATH_2.6.0
diff --git a/liboath/oath.h b/liboath/oath.h
index 7819c02..8bb5fc6 100644
--- a/liboath/oath.h
+++ b/liboath/oath.h
@@ -136,11 +136,15 @@ typedef enum
/* Global */
+extern char *oath_lockfile_path;
+
extern OATHAPI int oath_init (void);
extern OATHAPI int oath_done (void);
extern OATHAPI const char *oath_check_version (const char *req_version);
+extern OATHAPI int oath_set_lockfile_path(const char *lockfile);
+
/* Error handling */
extern OATHAPI const char *oath_strerror (int err);
diff --git a/liboath/oath.h.in b/liboath/oath.h.in
index 524e9ac..4d5cddc 100644
--- a/liboath/oath.h.in
+++ b/liboath/oath.h.in
@@ -136,11 +136,15 @@ typedef enum
/* Global */
+extern char *oath_lockfile_path;
+
extern OATHAPI int oath_init (void);
extern OATHAPI int oath_done (void);
extern OATHAPI const char *oath_check_version (const char *req_version);
+extern OATHAPI int oath_set_lockfile_path(const char *lockfile);
+
/* Error handling */
extern OATHAPI const char *oath_strerror (int err);
diff --git a/liboath/usersfile.c b/liboath/usersfile.c
index 3442fd2..066f936 100644
--- a/liboath/usersfile.c
+++ b/liboath/usersfile.c
@@ -323,9 +323,18 @@ update_usersfile (const char *usersfile,
{
int l;
- l = asprintf (&lockfile, "%s.lock", usersfile);
- if (lockfile == NULL || ((size_t) l) != strlen (usersfile) + 5)
- return OATH_PRINTF_ERROR;
+ if (oath_lockfile_path)
+ {
+ l = asprintf (&lockfile, "%s", oath_lockfile_path);
+ if (lockfile == NULL || ((size_t) l) != strlen (oath_lockfile_path))
+ return OATH_PRINTF_ERROR;
+ }
+ else
+ {
+ l = asprintf (&lockfile, "%s.lock", usersfile);
+ if (lockfile == NULL || ((size_t) l) != strlen (usersfile) + 5)
+ return OATH_PRINTF_ERROR;
+ }
lockfh = fopen (lockfile, "w");
if (!lockfh)
diff --git a/pam_oath/pam_oath.c b/pam_oath/pam_oath.c
index 57fd33c..aa041e3 100644
--- a/pam_oath/pam_oath.c
+++ b/pam_oath/pam_oath.c
@@ -70,6 +70,7 @@ struct cfg
int try_first_pass;
int use_first_pass;
char *usersfile;
+ char *lockfile;
unsigned digits;
unsigned window;
};
@@ -84,6 +85,7 @@ parse_cfg (int flags, int argc, const char **argv, struct cfg *cfg)
cfg->try_first_pass = 0;
cfg->use_first_pass = 0;
cfg->usersfile = NULL;
+ cfg->lockfile = NULL;
cfg->digits = -1;
cfg->window = 5;
@@ -99,6 +101,8 @@ parse_cfg (int flags, int argc, const char **argv, struct cfg *cfg)
cfg->use_first_pass = 1;
if (strncmp (argv[i], "usersfile=", 10) == 0)
cfg->usersfile = (char *) argv[i] + 10;
+ if (strncmp (argv[i], "lockfile=", 9) == 0)
+ cfg->lockfile = (char *) argv[i] + 9;
if (strncmp (argv[i], "digits=", 7) == 0)
cfg->digits = atoi (argv[i] + 7);
if (strncmp (argv[i], "window=", 7) == 0)
@@ -124,6 +128,7 @@ parse_cfg (int flags, int argc, const char **argv, struct cfg *cfg)
D (("try_first_pass=%d", cfg->try_first_pass));
D (("use_first_pass=%d", cfg->use_first_pass));
D (("usersfile=%s", cfg->usersfile ? cfg->usersfile : "(null)"));
+ D (("lockfile=%s", cfg->lockfile ? cfg->lockfile : "(null)"));
D (("digits=%d", cfg->digits));
D (("window=%d", cfg->window));
}
@@ -189,6 +194,17 @@ pam_sm_authenticate (pam_handle_t * pamh,
goto done;
}
+ if (cfg.lockfile)
+ rc = oath_set_lockfile_path(cfg.lockfile);
+ else
+ rc = oath_set_lockfile_path("/var/lock/pam_oath.lock");
+ if (rc != OATH_OK)
+ {
+ DBG (("oath_set_lockfile_path() failed (%d)", rc));
+ retval = PAM_AUTHINFO_UNAVAIL;
+ goto done;
+ }
+
if (password == NULL)
{
retval = pam_get_item (pamh, PAM_CONV, (const void **) &conv);

@ -1,6 +1,6 @@
Name: oath-toolkit
Version: 2.6.2
Release: 4%{?dist}
Release: 5%{?dist}
License: GPLv3+
Summary: One-time password components
BuildRequires: pam-devel, gtk-doc, libtool, libtool-ltdl-devel
@ -15,6 +15,7 @@ Patch0: oath-toolkit-2.0.2-man-fix.patch
Patch1: oath-toolkit-2.4.1-retain-original-xmldoc.patch
# rhbz#1605276
Patch2: oath-toolkit-2.6.2-build-fix.patch
Patch3: oath-toolkit-2.6.2-lockfile.patch
%description
The OATH Toolkit provide components for building one-time password
@ -113,6 +114,7 @@ A PAM module for pluggable login authentication for OATH.
%patch0 -p1 -b .man-fix
%patch1 -p1 -b .retain-original-xmldoc
%patch2 -p1 -b .build-fix
%patch3 -p1 -b .lockfile
%build
autoreconf -fi
@ -184,6 +186,10 @@ mkdir -p -m 0600 %{buildroot}%{_sysconfdir}/liboath
%{_libdir}/security/pam_oath.so
%changelog
* Mon May 4 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2.6.2-5
- Added support for configurable lock file locations and set the default path
Resolves: rhbz#1178036
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild

Loading…
Cancel
Save