diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2020-04-12 03:41:30 +0100 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2020-04-12 03:41:30 +0100 |
commit | 623ee73d661e5ed8475cb264511f683407d87365 (patch) | |
tree | 993eb27c93ec7a2d2d19550300d888fc1fed9e69 /sys-auth/google-authenticator | |
parent | ceeeb463cc1eef97fd62eaee8bf2196ba04bc384 (diff) |
gentoo Easter resync : 12.04.2020
Diffstat (limited to 'sys-auth/google-authenticator')
4 files changed, 310 insertions, 8 deletions
diff --git a/sys-auth/google-authenticator/Manifest b/sys-auth/google-authenticator/Manifest index c5bacca0c3ec..76d011dae87b 100644 --- a/sys-auth/google-authenticator/Manifest +++ b/sys-auth/google-authenticator/Manifest @@ -1,4 +1,5 @@ +AUX 1.08-remove-failing-tests.patch 12425 BLAKE2B 9077d21d45b4c2b763d1ed5da7d22ec996f4e0314a6c29d63cf09bab2bebaf986601fab611c46dcfb04de13100a07c66e613cae78b9ccf87a98a893fcc0c7159 SHA512 0f1b45abcde2da0ebcf7361f70ee8392eafa20bd147200d578de85e4c16cd618610eddf6be88ab82893c887ca6837663777dff8a2fa5437a9bfd339849531453 DIST google-authenticator-1.08.tar.gz 62767 BLAKE2B ae1f5b1feac40da9beec28c81f39edfcc5e46df4cad4575d76deda9a183e8324ded79af9b7831c0572682749bb209b5371747b98a114af404d3225b9b0ff15f8 SHA512 f53d2fc20b5fa0f4621566509a2ef746077e3345de289bd2c9565440eb972e3a80807bf50a2cce8e2cc520df72c2e236629a921e3fce90fd635aff0c0ef36f75 -EBUILD google-authenticator-1.08.ebuild 1260 BLAKE2B acffe49b29ec62cffdd47d1a18fe918f0bc6f7de72d96dd26509b51e77ae109a56738e3c9e39171821f3cd37b8d6cc87a2e2067ec664f96e2c65b6418618002f SHA512 a81801862b138441fbedd400dffce86461233872ac9b81167d52999a58d9018c426dce2c35287c2d3791c5310b7b1f4c772868d0db0008d38369858c881abade -EBUILD google-authenticator-9999.ebuild 1260 BLAKE2B acffe49b29ec62cffdd47d1a18fe918f0bc6f7de72d96dd26509b51e77ae109a56738e3c9e39171821f3cd37b8d6cc87a2e2067ec664f96e2c65b6418618002f SHA512 a81801862b138441fbedd400dffce86461233872ac9b81167d52999a58d9018c426dce2c35287c2d3791c5310b7b1f4c772868d0db0008d38369858c881abade +EBUILD google-authenticator-1.08.ebuild 1298 BLAKE2B 3438c3ae4ca8dd60e5815054646fd739cdafe4cb28d3f2cfc25f29b7a87ff5b4c4272643c0217384344a065f102bba3c243c783322131a05c4d4a4d956d5a85a SHA512 13ef174d6e294b33c8652342db8cba05a26b40390795e124ae17fcc03573c8e7d307e07b12e94a2caa643e7826d0fb61042e27bd08def4b7b2d41eb65848a172 +EBUILD google-authenticator-9999.ebuild 1298 BLAKE2B 3438c3ae4ca8dd60e5815054646fd739cdafe4cb28d3f2cfc25f29b7a87ff5b4c4272643c0217384344a065f102bba3c243c783322131a05c4d4a4d956d5a85a SHA512 13ef174d6e294b33c8652342db8cba05a26b40390795e124ae17fcc03573c8e7d307e07b12e94a2caa643e7826d0fb61042e27bd08def4b7b2d41eb65848a172 MISC metadata.xml 572 BLAKE2B 517e23755181f4a47aa6b6fdde473011b6337e570e48b9e381f6c8b3afcefeb751ecfee7b8ea3719af4ced771ef6870ffa5c8761d25fb30b5b52a2453079d35e SHA512 70f6c08533a9609a06d5e293ed7fc50860d50d2263bce19eef7194c9d2351554700eb36d2098c0cbd1c13b01270861423128dd81d536ada0526546258cd6e8d5 diff --git a/sys-auth/google-authenticator/files/1.08-remove-failing-tests.patch b/sys-auth/google-authenticator/files/1.08-remove-failing-tests.patch new file mode 100644 index 000000000000..9b207dc20df7 --- /dev/null +++ b/sys-auth/google-authenticator/files/1.08-remove-failing-tests.patch @@ -0,0 +1,301 @@ +From 9e26b1885250cb0b7a710d9ae65542e3fcae684f Mon Sep 17 00:00:00 2001 +From: Ronny Gutbrod <gentoo@tastytea.de> +Date: Sat, 11 Apr 2020 21:08:37 +0200 +Subject: [PATCH] Remove calls to pam_sm_authenticate(). + +It tries to change the user id, which is prohibited by the sandbox. See #624588. +--- + tests/pam_google_authenticator_unittest.c | 271 ---------------------- + 1 file changed, 271 deletions(-) + +diff --git a/tests/pam_google_authenticator_unittest.c b/tests/pam_google_authenticator_unittest.c +index edade47..0661b8b 100644 +--- a/tests/pam_google_authenticator_unittest.c ++++ b/tests/pam_google_authenticator_unittest.c +@@ -338,72 +338,6 @@ int main(int argc, char *argv[]) { + // Make sure num_prompts_shown is still 0. + verify_prompts_shown(0); + +- // Set the timestamp that this test vector needs +- set_time(10000*30); +- +- response = "123456"; +- +- // Check if we can log in when using an invalid verification code +- puts("Testing failed login attempt"); +- assert(pam_sm_authenticate(NULL, 0, targc, targv) == PAM_AUTH_ERR); +- verify_prompts_shown(expected_bad_prompts_shown); +- +- // Check required number of digits +- if (conv_mode == TWO_PROMPTS) { +- puts("Testing required number of digits"); +- response = "50548"; +- assert(pam_sm_authenticate(NULL, 0, targc, targv) == PAM_AUTH_ERR); +- verify_prompts_shown(expected_bad_prompts_shown); +- response = "0050548"; +- assert(pam_sm_authenticate(NULL, 0, targc, targv) == PAM_AUTH_ERR); +- verify_prompts_shown(expected_bad_prompts_shown); +- response = "00050548"; +- assert(pam_sm_authenticate(NULL, 0, targc, targv) == PAM_AUTH_ERR); +- verify_prompts_shown(expected_bad_prompts_shown); +- } +- +- // Test a blank response +- puts("Testing a blank response"); +- response = ""; +- assert(pam_sm_authenticate(NULL, 0, targc, targv) == PAM_AUTH_ERR); +- verify_prompts_shown(expected_bad_prompts_shown); +- +- // Set the response that we should send back to the authentication module +- response = "050548"; +- +- // Test handling of missing state files +- puts("Test handling of missing state files"); +- const char *old_secret = targv[0]; +- targv[0] = "secret=/NOSUCHFILE"; +- assert(pam_sm_authenticate(NULL, 0, targc, targv) == PAM_AUTH_ERR); +- verify_prompts_shown(password_is_provided_from_external ? 0 : expected_bad_prompts_shown); +- targv[targc++] = "nullok"; +- targv[targc] = NULL; +- assert(pam_sm_authenticate(NULL, 0, targc, targv) == PAM_IGNORE); +- verify_prompts_shown(0); +- targv[--targc] = NULL; +- targv[0] = old_secret; +- +- // Check if we can log in when using a valid verification code +- puts("Testing successful login"); +- assert(pam_sm_authenticate(NULL, 0, targc, targv) == PAM_SUCCESS); +- verify_prompts_shown(expected_good_prompts_shown); +- +- // Test the STEP_SIZE option +- puts("Testing STEP_SIZE option"); +- assert(!chmod(fn, 0600)); +- assert((fd = open(fn, O_APPEND | O_WRONLY)) >= 0); +- assert(write(fd, "\n\" STEP_SIZE 60\n", 16) == 16); +- close(fd); +- for (int *tm = (int []){ 9998, 9999, 10001, 10002, 10000, -1 }, +- *res = (int []){ PAM_AUTH_ERR, PAM_SUCCESS, PAM_SUCCESS, +- PAM_AUTH_ERR, PAM_SUCCESS }; +- *tm >= 0;) { +- set_time(*tm++ * 60); +- assert(pam_sm_authenticate(NULL, 0, targc, targv) == *res++); +- verify_prompts_shown(expected_good_prompts_shown); +- } +- + // Reset secret file after step size testing. + assert(!chmod(fn, 0600)); + assert((fd = open(fn, O_TRUNC | O_WRONLY)) >= 0); +@@ -411,211 +345,6 @@ int main(int argc, char *argv[]) { + assert(write(fd, "\n\" TOTP_AUTH", 12) == 12); + close(fd); + +- // Test the WINDOW_SIZE option +- puts("Testing WINDOW_SIZE option"); +- for (int *tm = (int []){ 9998, 9999, 10001, 10002, 10000, -1 }, +- *res = (int []){ PAM_AUTH_ERR, PAM_SUCCESS, PAM_SUCCESS, +- PAM_AUTH_ERR, PAM_SUCCESS }; +- *tm >= 0;) { +- set_time(*tm++ * 30); +- assert(pam_sm_authenticate(NULL, 0, targc, targv) == *res++); +- verify_prompts_shown(expected_good_prompts_shown); +- } +- assert(!chmod(fn, 0600)); +- assert((fd = open(fn, O_APPEND | O_WRONLY)) >= 0); +- assert(write(fd, "\n\" WINDOW_SIZE 6\n", 17) == 17); +- close(fd); +- for (int *tm = (int []){ 9996, 9997, 10002, 10003, 10000, -1 }, +- *res = (int []){ PAM_AUTH_ERR, PAM_SUCCESS, PAM_SUCCESS, +- PAM_AUTH_ERR, PAM_SUCCESS }; +- *tm >= 0;) { +- set_time(*tm++ * 30); +- assert(pam_sm_authenticate(NULL, 0, targc, targv) == *res++); +- verify_prompts_shown(expected_good_prompts_shown); +- } +- +- // Test the DISALLOW_REUSE option +- puts("Testing DISALLOW_REUSE option"); +- assert(pam_sm_authenticate(NULL, 0, targc, targv) == PAM_SUCCESS); +- verify_prompts_shown(expected_good_prompts_shown); +- assert(!chmod(fn, 0600)); +- assert((fd = open(fn, O_APPEND | O_WRONLY)) >= 0); +- assert(write(fd, "\" DISALLOW_REUSE\n", 17) == 17); +- close(fd); +- assert(pam_sm_authenticate(NULL, 0, targc, targv) == PAM_SUCCESS); +- verify_prompts_shown(expected_good_prompts_shown); +- assert(pam_sm_authenticate(NULL, 0, targc, targv) == PAM_AUTH_ERR); +- verify_prompts_shown(expected_good_prompts_shown); +- +- // Test that DISALLOW_REUSE expires old entries from the re-use list +- char *old_response = response; +- for (int i = 10001; i < 10008; ++i) { +- set_time(i * 30); +- char buf[7]; +- response = buf; +- sprintf(response, "%06d", compute_code(binary_secret, +- binary_secret_len, i)); +- assert(pam_sm_authenticate(NULL, 0, targc, targv) == PAM_SUCCESS); +- verify_prompts_shown(expected_good_prompts_shown); +- } +- set_time(10000 * 30); +- response = old_response; +- assert((fd = open(fn, O_RDONLY)) >= 0); +- char state_file_buf[4096] = { 0 }; +- assert(read(fd, state_file_buf, sizeof(state_file_buf)-1) > 0); +- close(fd); +- const char *disallow = strstr(state_file_buf, "\" DISALLOW_REUSE "); +- assert(disallow); +- assert(!memcmp(disallow + 17, +- "10002 10003 10004 10005 10006 10007\n", 36)); +- +- // Test the RATE_LIMIT option +- puts("Testing RATE_LIMIT option"); +- assert(!chmod(fn, 0600)); +- assert((fd = open(fn, O_APPEND | O_WRONLY)) >= 0); +- assert(write(fd, "\" RATE_LIMIT 4 120\n", 19) == 19); +- close(fd); +- for (int *tm = (int []){ 20000, 20001, 20002, 20003, 20004, 20006, -1 }, +- *res = (int []){ PAM_SUCCESS, PAM_SUCCESS, PAM_SUCCESS, +- PAM_SUCCESS, PAM_AUTH_ERR, PAM_SUCCESS, -1 }; +- *tm >= 0;) { +- set_time(*tm * 30); +- char buf[7]; +- response = buf; +- sprintf(response, "%06d", +- compute_code(binary_secret, binary_secret_len, *tm++)); +- assert(pam_sm_authenticate(NULL, 0, targc, targv) == *res); +- verify_prompts_shown( +- *res != PAM_SUCCESS ? 0 : expected_good_prompts_shown); +- ++res; +- } +- set_time(10000 * 30); +- response = old_response; +- assert(!chmod(fn, 0600)); +- assert((fd = open(fn, O_RDWR)) >= 0); +- memset(state_file_buf, 0, sizeof(state_file_buf)); +- assert(read(fd, state_file_buf, sizeof(state_file_buf)-1) > 0); +- const char *rate_limit = strstr(state_file_buf, "\" RATE_LIMIT "); +- assert(rate_limit); +- assert(!memcmp(rate_limit + 13, +- "4 120 600060 600090 600120 600180\n", 35)); +- +- // Test trailing space in RATE_LIMIT. This is considered a file format +- // error. +- char *eol = strchr(rate_limit, '\n'); +- *eol = ' '; +- assert(!lseek(fd, 0, SEEK_SET)); +- assert(write(fd, state_file_buf, strlen(state_file_buf)) == +- strlen(state_file_buf)); +- close(fd); +- assert(pam_sm_authenticate(NULL, 0, targc, targv) == PAM_AUTH_ERR); +- verify_prompts_shown(0); +- assert(!strncmp(get_error_msg(), +- "Invalid list of timestamps in RATE_LIMIT", 40)); +- *eol = '\n'; +- assert(!chmod(fn, 0600)); +- assert((fd = open(fn, O_WRONLY)) >= 0); +- assert(write(fd, state_file_buf, strlen(state_file_buf)) == +- strlen(state_file_buf)); +- close(fd); +- +- // Test TIME_SKEW option +- puts("Testing TIME_SKEW"); +- for (int i = 0; i < 4; ++i) { +- set_time((12000 + i)*30); +- char buf[7]; +- response = buf; +- sprintf(response, "%06d", +- compute_code(binary_secret, binary_secret_len, 11000 + i)); +- assert(pam_sm_authenticate(NULL, 0, targc, targv) == +- (i >= 2 ? PAM_SUCCESS : PAM_AUTH_ERR)); +- verify_prompts_shown(expected_good_prompts_shown); +- } +- +- puts("Testing TIME_SKEW - noskewadj"); +- set_time(12020 * 30); +- char buf[7]; +- response = buf; +- sprintf(response, "%06d", compute_code(binary_secret, +- binary_secret_len, 11010)); +- targv[targc] = "noskewadj"; +- assert(pam_sm_authenticate(NULL, 0, targc+1, targv) == PAM_AUTH_ERR); +- targv[targc] = NULL; +- verify_prompts_shown(expected_bad_prompts_shown); +- set_time(10000*30); +- +- // Test scratch codes +- puts("Testing scratch codes"); +- response = "12345678"; +- assert(pam_sm_authenticate(NULL, 0, targc, targv) == PAM_AUTH_ERR); +- verify_prompts_shown(expected_bad_prompts_shown); +- assert(!chmod(fn, 0600)); +- assert((fd = open(fn, O_APPEND | O_WRONLY)) >= 0); +- assert(write(fd, "12345678\n", 9) == 9); +- close(fd); +- assert(pam_sm_authenticate(NULL, 0, targc, targv) == PAM_SUCCESS); +- verify_prompts_shown(expected_good_prompts_shown); +- assert(pam_sm_authenticate(NULL, 0, targc, targv) == PAM_AUTH_ERR); +- verify_prompts_shown(expected_bad_prompts_shown); +- +- // Set up secret file for counter-based codes. +- assert(!chmod(fn, 0600)); +- assert((fd = open(fn, O_TRUNC | O_WRONLY)) >= 0); +- assert(write(fd, secret, sizeof(secret)-1) == sizeof(secret)-1); +- assert(write(fd, "\n\" HOTP_COUNTER 1\n", 18) == 18); +- close(fd); +- +- response = "293240"; +- +- // Check if we can log in when using a valid verification code +- puts("Testing successful counter-based login"); +- assert(pam_sm_authenticate(NULL, 0, targc, targv) == PAM_SUCCESS); +- verify_prompts_shown(expected_good_prompts_shown); +- +- // Verify that the hotp counter incremented +- assert((fd = open(fn, O_RDONLY)) >= 0); +- memset(state_file_buf, 0, sizeof(state_file_buf)); +- assert(read(fd, state_file_buf, sizeof(state_file_buf)-1) > 0); +- close(fd); +- const char *hotp_counter = strstr(state_file_buf, "\" HOTP_COUNTER "); +- assert(hotp_counter); +- assert(!memcmp(hotp_counter + 15, "2\n", 2)); +- +- // Check if we can log in when using an invalid verification code +- // (including the same code a second time) +- puts("Testing failed counter-based login attempt"); +- assert(pam_sm_authenticate(NULL, 0, targc, targv) == PAM_AUTH_ERR); +- verify_prompts_shown(expected_bad_prompts_shown); +- +- // Verify that the hotp counter incremented +- assert((fd = open(fn, O_RDONLY)) >= 0); +- memset(state_file_buf, 0, sizeof(state_file_buf)); +- assert(read(fd, state_file_buf, sizeof(state_file_buf)-1) > 0); +- close(fd); +- hotp_counter = strstr(state_file_buf, "\" HOTP_COUNTER "); +- assert(hotp_counter); +- assert(!memcmp(hotp_counter + 15, "3\n", 2)); +- +- response = "932068"; +- +- // Check if we can log in using a future valid verification code (using +- // default window_size of 3) +- puts("Testing successful future counter-based login"); +- assert(pam_sm_authenticate(NULL, 0, targc, targv) == PAM_SUCCESS); +- verify_prompts_shown(expected_good_prompts_shown); +- +- // Verify that the hotp counter incremented +- assert((fd = open(fn, O_RDONLY)) >= 0); +- memset(state_file_buf, 0, sizeof(state_file_buf)); +- assert(read(fd, state_file_buf, sizeof(state_file_buf)-1) > 0); +- close(fd); +- hotp_counter = strstr(state_file_buf, "\" HOTP_COUNTER "); +- assert(hotp_counter); +- assert(!memcmp(hotp_counter + 15, "6\n", 2)); +- +- // Remove the temporarily created secret file +- unlink(fn); +- + // Release memory for the test arguments + for (int i = 0; i < targc; ++i) { + free((void *)targv[i]); +-- +2.24.1 diff --git a/sys-auth/google-authenticator/google-authenticator-1.08.ebuild b/sys-auth/google-authenticator/google-authenticator-1.08.ebuild index a087b7c55504..27600a569c7e 100644 --- a/sys-auth/google-authenticator/google-authenticator-1.08.ebuild +++ b/sys-auth/google-authenticator/google-authenticator-1.08.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2019 Gentoo Authors +# Copyright 1999-2020 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -10,7 +10,7 @@ if [[ ${PV} == 9999 ]] ; then inherit git-r3 else SRC_URI="https://github.com/google/google-authenticator-libpam/archive/${PV}.tar.gz -> ${P}.tar.gz" - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86" S="${WORKDIR}/google-authenticator-libpam-${PV}" fi @@ -24,7 +24,7 @@ IUSE="" DEPEND="sys-libs/pam" RDEPEND="${DEPEND}" -RESTRICT="test" +PATCHES=( "${FILESDIR}/1.08-remove-failing-tests.patch" ) src_prepare() { default diff --git a/sys-auth/google-authenticator/google-authenticator-9999.ebuild b/sys-auth/google-authenticator/google-authenticator-9999.ebuild index a087b7c55504..27600a569c7e 100644 --- a/sys-auth/google-authenticator/google-authenticator-9999.ebuild +++ b/sys-auth/google-authenticator/google-authenticator-9999.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2019 Gentoo Authors +# Copyright 1999-2020 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -10,7 +10,7 @@ if [[ ${PV} == 9999 ]] ; then inherit git-r3 else SRC_URI="https://github.com/google/google-authenticator-libpam/archive/${PV}.tar.gz -> ${P}.tar.gz" - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86" S="${WORKDIR}/google-authenticator-libpam-${PV}" fi @@ -24,7 +24,7 @@ IUSE="" DEPEND="sys-libs/pam" RDEPEND="${DEPEND}" -RESTRICT="test" +PATCHES=( "${FILESDIR}/1.08-remove-failing-tests.patch" ) src_prepare() { default |