From 31ebf57de99785e0835b730ff3c4235e0664c997 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Dec 08 2015 10:26:03 +0000 Subject: import mod_authnz_pam-0.9.3-5.el7_2 --- diff --git a/SOURCES/mod_authnz_pam-otp.patch b/SOURCES/mod_authnz_pam-otp.patch new file mode 100644 index 0000000..8982944 --- /dev/null +++ b/SOURCES/mod_authnz_pam-otp.patch @@ -0,0 +1,27 @@ +commit 6de21466287c3e77850ab1d66f076405971ba4f3 +Author: Jan Pazdziora +Date: Mon Nov 9 21:14:54 2015 +0100 + + Only put the password to the first response (factor). + + When modules start to support pre-auth, we would put the password+code + (in case of OTP setup) to both first and second factor, leading to + PAM_CRED_ERR / Failure setting user credentials. + +diff --git a/mod_authnz_pam.c b/mod_authnz_pam.c +index 968b567..87d3150 100644 +--- a/mod_authnz_pam.c ++++ b/mod_authnz_pam.c +@@ -61,7 +61,11 @@ static int pam_authenticate_conv(int num_msg, const struct pam_message ** msg, s + response[i].resp = 0; + response[i].resp_retcode = 0; + if (msg[i]->msg_style == PAM_PROMPT_ECHO_OFF) { +- response[i].resp = strdup(appdata_ptr); ++ if (i == 0) { ++ response[i].resp = strdup(appdata_ptr); ++ } else { ++ response[i].resp = NULL; ++ } + } else { + free(response); + return PAM_CONV_ERR; diff --git a/SPECS/mod_authnz_pam.spec b/SPECS/mod_authnz_pam.spec index feed6e1..8077169 100644 --- a/SPECS/mod_authnz_pam.spec +++ b/SPECS/mod_authnz_pam.spec @@ -8,11 +8,12 @@ Summary: PAM authorization checker and PAM Basic Authentication provider Name: mod_authnz_pam Version: 0.9.3 -Release: 1%{?dist} +Release: 5%{?dist} License: ASL 2.0 Group: System Environment/Daemons URL: http://www.adelton.com/apache/mod_authnz_pam/ Source0: http://www.adelton.com/apache/mod_authnz_pam/%{name}-%{version}.tar.gz +Patch1: mod_authnz_pam-otp.patch BuildRequires: httpd-devel BuildRequires: pam-devel BuildRequires: pkgconfig @@ -33,6 +34,7 @@ can also be used as full Basic Authentication provider which runs the %prep %setup -q -n %{name}-%{version} +%patch1 -p1 %build %{_httpd_apxs} -c -Wc,"%{optflags} -Wall -pedantic -std=c99" -lpam mod_authnz_pam.c @@ -62,6 +64,9 @@ install -Dp -m 0644 authnz_pam.confx $RPM_BUILD_ROOT%{_httpd_confdir}/authnz_pam %{_httpd_moddir}/*.so %changelog +* Thu Nov 19 2015 Jan Pazdziora - 0.9.3-5 +- 1279591 - Fix OTP use case for modules with pre-auth. + * Mon Jun 23 2014 Jan Pazdziora - 0.9.3-1 - Fix module loading/configuration for Apache 2.4. - Set PAM_RHOST.