5c65bcd5a9
Changes since 2.4.1: Version 2.6.7 (released 2021-05-01) pam_oath: Support variables in usersfile string parameter. the usersfile string in the pam_oath configuration file. The placeholder values allow the user credentials file to be stored in a file path that is relative to the user, and mimics similar behavior found in google-authenticator-libpam. The motivation for these changes is to allow for non-privileged processes to use pam_oath (e.g., for 2FA with xscreensaver). Non-privileged and non-suid programs are unable to use pam_oath. These changes are a proposed alternative to a suid helper binary as well. Thanks to Jason Graham for the patch. See https://gitlab.com/oath-toolkit/oath-toolkit/-/merge_requests/12. doc: Fix project URL in man pages. Thanks to Jason Graham for the patch. Fixes https://gitlab.com/oath-toolkit/oath-toolkit/-/issues/19. build: Drop use of libxml's AM_PATH_XML2 in favor of pkg-config. build: Modernize autotools usage. Most importantly, no longer use -Werror with AM_INIT_AUTOMAKE to make rebuilding from source more safe with future automake versions. Updated gnulib files. Version 2.6.6 (released 2021-01-20) oathtool: Handle HOTP --counter values larger than 0x7FFFFFFFFFFFFFFF. Thanks to Jason Lai for report. doc: GTK-DOC manual improvements. Updated gnulib files. Fixes test-parse-datetime self-check. Fixes https://gitlab.com/oath-toolkit/oath-toolkit/-/issues/20. Version 2.6.5 (released 2020-12-29) oathtool: Support for reading KEY and OTP from standard input or filename. KEY and OTP may now be given as - to mean stdin, or @FILE to read from a particular file. This is recommended on multi-user systems, since secrets as command line parameters leak. Based on a patch from Ian Jackson. Fixes #6. pam_oath: Fix unlikely logic fail on out of memory conditions. Patch from Matthias Gerstner. Doc fixes. Version 2.6.4 (released 2020-11-11) libpskc: New --with-xmlsec-crypto-engine to hard-code crypto engine. Fixes https://gitlab.com/oath-toolkit/oath-toolkit/-/issues/16. Use it like --with-xmlsec-crypto-engine=gnutls or --with-xmlsec-crypto-engine=openssl if the default dynamic loading fails because of runtime linker search path issues. oathtool --totp --verbose now prints TOTP hash mode. Fixes https://gitlab.com/oath-toolkit/oath-toolkit/-/issues/4. oathtool: Hash names (e.g., SHA256) for --totp are now upper case. Fixes https://gitlab.com/oath-toolkit/oath-toolkit/-/issues/3. Lower/mixed case hash names are supported for compatibility. pam_oath: Fail gracefully for missing users. Fixes https://savannah.nongnu.org/support/index.php?109111. This allows you to incrementally add support for OATH authentication instead of forcing it on all users. See updated pam_oath/README on the [user_unknown=ignore success=ok] parameter that can now be supplied to PAM configuration. Patch by Antoine Beaupra Fix libpskc memory corruption bug. Fixes https://savannah.nongnu.org/support/?108736. Thanks to David Woodhouse and Jaroslav A karvada for report, self check and patch. Fix man pages. Fixes https://savannah.nongnu.org/support/?108312. Thanks to Jaroslav A karvada for the patch. Build fixes. Version 2.6.3 (released 2020-11-07) pam_oath: Fix self-tests. build: Update gnulib. Fix compiler warnings. Doc fixes. Version 2.6.2 (released 2016-08-27) doc: Version controlled source code repository moved to GitLab. Version 2.6.1 (released 2015-07-31) liboath: Fix make check on 32-bit systems. Report and patch by Christian Hesse. Version 2.6.0 (released 2015-05-19) liboath: Support TOTP with HMAC-SHA256 and HMAC-SHA512. This adds new APIs oath_totp_generate2, oath_totp_validate4 and oath_totp_validate4_callback. oathtool: The --totp parameter now take an optional argument to specify MAC. For example use --totp=sha256 to use HMAC-SHA256. When --totp is used the default HMAC-SHA1 is used, as before. pam_oath: Mention in README that you shouldn???t use insecure keys. Suggested by Robin. pam_oath: Check return value from strdup. Patch by Eero Hakkinen. The files gdoc and expect.oath are now included in the tarball. Suggested by Jaroslav A karvada.
24 lines
572 B
C
24 lines
572 B
C
$NetBSD: patch-pam__oath_pam__oath.c,v 1.1 2022/08/22 07:42:52 sborrill Exp $
|
|
|
|
Use local fragment of libpam, from FreeBSD
|
|
|
|
--- pam_oath/pam_oath.c.orig 2021-05-01 17:10:32 UTC
|
|
+++ pam_oath/pam_oath.c
|
|
@@ -21,6 +21,7 @@
|
|
#include <config.h>
|
|
|
|
#include "oath.h"
|
|
+#include "pam_modutil.h"
|
|
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
@@ -42,9 +43,6 @@
|
|
|
|
#ifdef HAVE_SECURITY_PAM_APPL_H
|
|
#include <security/pam_appl.h>
|
|
-#endif
|
|
-#ifdef HAVE_SECURITY_PAM_MODUTIL_H
|
|
-#include <security/pam_modutil.h>
|
|
#endif
|
|
#ifdef HAVE_SECURITY_PAM_MODULES_H
|
|
#include <security/pam_modules.h>
|