From 4858c55beff8d1a6e890b3070e6d7deb14fae01d Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@redhat.com>
Date: Tue, 20 Apr 2010 18:08:30 -0400
Subject: - move source into src/

---
 pam_rps.8     |  35 ---------------
 pam_rps.c     | 139 ----------------------------------------------------------
 src/pam_rps.8 |  35 +++++++++++++++
 src/pam_rps.c | 139 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 174 insertions(+), 174 deletions(-)
 delete mode 100644 pam_rps.8
 delete mode 100644 pam_rps.c
 create mode 100644 src/pam_rps.8
 create mode 100644 src/pam_rps.c

diff --git a/pam_rps.8 b/pam_rps.8
deleted file mode 100644
index a3e3c23..0000000
--- a/pam_rps.8
+++ /dev/null
@@ -1,35 +0,0 @@
-.\" Copyright 2003 Red Hat, Inc.
-.\" Written by Nalin Dahyabhai <nalin@redhat.com>
-.TH pam_rps 8 2003/6/30 "Red Hat Linux" "System Administrator's Manual"
-
-.SH NAME
-pam_rps \- challenge-response authentication
-
-.SH SYNOPSIS
-.B auth sufficient pam_rps.so
-
-.SH DESCRIPTION
-pam_rps.so is designed to provide a true challenge-response authentication
-mechanism for PAM-enabled applications.
-
-Without pam_rps, successful authentication can only occur for a user if the
-user has previously established an authentication token for use with the
-server.  Using pam_rps removes this limitation.
-
-.SH ARGUMENTS
-.IP debug
-Enable module debugging.  The module will log its progress to syslog.
-.IP throw=\fInumber\fP
-The challenge issued to the user is derived from a random number.  This
-argument allows the administrator to control which challenge will be presented
-to the user.  This argument is meant for use only when debugging.
-
-.SH NOTES
-Never use this module.
-
-.SH BUGS
-Let's hope not, but if you find any, please report them via the "Bug Track"
-link at http://bugzilla.redhat.com/bugzilla/
-
-.SH AUTHOR
-Nalin Dahyabhai <nalin@redhat.com>
diff --git a/pam_rps.c b/pam_rps.c
deleted file mode 100644
index a68c0ab..0000000
--- a/pam_rps.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/******************************************************************************
- * A truly challenge-response module for PAM.
- *
- * Copyright (c) 2003 Red Hat, Inc.
- * Written by Nalin Dahyabhai <nalin@redhat.com>
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, and the entire permission notice in its entirety,
- *    including the disclaimer of warranties.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. The name of the author may not be used to endorse or promote
- *    products derived from this software without specific prior
- *    written permission.
- *
- * ALTERNATIVELY, this product may be distributed under the terms of
- * the GNU Public License, in which case the provisions of the GPL are
- * required INSTEAD OF the above restrictions.  (This clause is
- * necessary due to a potential bad interaction between the GPL and
- * the restrictions contained in a BSD-style copyright.)
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#include <sys/types.h>
-#include <fcntl.h>
-#include <stdlib.h>
-#include <string.h>
-#include <syslog.h>
-#include <unistd.h>
-#include <errno.h>
-#include <security/pam_modules.h>
-#include <security/_pam_macros.h>
-#include <security/pam_ext.h>
-
-int
-pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
-{
-	const char *values[] = {
-		"\x72\x6f\x63\x6b",
-		"\x70\x61\x70\x65\x72",
-		"\x73\x63\x69\x73\x73\x6f\x72\x73"};
-	char prompt_text[32] = "";
-	const char *want = "";
-	char *response = NULL;
-
-	int debug = 0;
-
-	int ret, fd, r, i;
-	unsigned char c;
-
-	for (i = 0; i < argc; i++) {
-		if (strcmp(argv[i], "debug") == 0) {
-			debug = 1;
-			break;
-		}
-	}
-
-	r = -1;
-	for (i = 0; i < argc; i++) {
-		if (strncmp(argv[i], "throw=", 6) == 0) {
-			r = atol(argv[i] + 6) % 3;
-			break;
-		}
-	}
-	if (r == -1) {
-		r = 0;
-		fd = open("/dev/urandom", O_RDONLY);
-		if (fd != -1) {
-			c = 0;
-			do {
-				ret = read(fd, &c, 1);
-			} while ( ((ret ==  1) && (c == 0xff)) ||
-                                  ((ret == -1) && (errno == EINTR)) );
-			/* We drop 0xff here to avoid a variation on
-			 * Bleichenbacher's attack. */
-			r = c / 85;
-			close(fd);
-		}
-		else /* Something is wrong with /dev/urandom */
-			return PAM_CONV_ERR;
-	}
-	switch (r) {
-	case 0:
-		strcpy(prompt_text, values[0]);
-		want = values[1];
-		break;
-	case 1:
-		strcpy(prompt_text, values[1]);
-		want = values[2];
-		break;
-	case 2:
-		strcpy(prompt_text, values[2]);
-		want = values[0];
-		break;
-	}
-	if (debug) {
-		pam_syslog(pamh, LOG_DEBUG, "challenge is \"%s\", "
-		       "expected response is \"%s\"", prompt_text, want);
-	}
-	ret = pam_prompt(pamh, PAM_PROMPT_ECHO_OFF, &response, "%s: ", prompt_text);
-	if (ret != PAM_SUCCESS) {
-		pam_syslog(pamh, LOG_CRIT,
-			"conversation error");
-		return PAM_CONV_ERR;
-	}
-	if ((response != NULL) &&
-	    (strcasecmp(response, want) == 0)) {
-		ret = PAM_SUCCESS;
-	} else {
-		ret = PAM_AUTH_ERR;
-	}
-        if (response) {
-            _pam_overwrite(response);
-	    free(response);
-        }
-	return ret;
-}
-
-int
-pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
-{
-	return PAM_SUCCESS;
-}
diff --git a/src/pam_rps.8 b/src/pam_rps.8
new file mode 100644
index 0000000..a3e3c23
--- /dev/null
+++ b/src/pam_rps.8
@@ -0,0 +1,35 @@
+.\" Copyright 2003 Red Hat, Inc.
+.\" Written by Nalin Dahyabhai <nalin@redhat.com>
+.TH pam_rps 8 2003/6/30 "Red Hat Linux" "System Administrator's Manual"
+
+.SH NAME
+pam_rps \- challenge-response authentication
+
+.SH SYNOPSIS
+.B auth sufficient pam_rps.so
+
+.SH DESCRIPTION
+pam_rps.so is designed to provide a true challenge-response authentication
+mechanism for PAM-enabled applications.
+
+Without pam_rps, successful authentication can only occur for a user if the
+user has previously established an authentication token for use with the
+server.  Using pam_rps removes this limitation.
+
+.SH ARGUMENTS
+.IP debug
+Enable module debugging.  The module will log its progress to syslog.
+.IP throw=\fInumber\fP
+The challenge issued to the user is derived from a random number.  This
+argument allows the administrator to control which challenge will be presented
+to the user.  This argument is meant for use only when debugging.
+
+.SH NOTES
+Never use this module.
+
+.SH BUGS
+Let's hope not, but if you find any, please report them via the "Bug Track"
+link at http://bugzilla.redhat.com/bugzilla/
+
+.SH AUTHOR
+Nalin Dahyabhai <nalin@redhat.com>
diff --git a/src/pam_rps.c b/src/pam_rps.c
new file mode 100644
index 0000000..a68c0ab
--- /dev/null
+++ b/src/pam_rps.c
@@ -0,0 +1,139 @@
+/******************************************************************************
+ * A truly challenge-response module for PAM.
+ *
+ * Copyright (c) 2003 Red Hat, Inc.
+ * Written by Nalin Dahyabhai <nalin@redhat.com>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, and the entire permission notice in its entirety,
+ *    including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior
+ *    written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions.  (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <sys/types.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <string.h>
+#include <syslog.h>
+#include <unistd.h>
+#include <errno.h>
+#include <security/pam_modules.h>
+#include <security/_pam_macros.h>
+#include <security/pam_ext.h>
+
+int
+pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
+{
+	const char *values[] = {
+		"\x72\x6f\x63\x6b",
+		"\x70\x61\x70\x65\x72",
+		"\x73\x63\x69\x73\x73\x6f\x72\x73"};
+	char prompt_text[32] = "";
+	const char *want = "";
+	char *response = NULL;
+
+	int debug = 0;
+
+	int ret, fd, r, i;
+	unsigned char c;
+
+	for (i = 0; i < argc; i++) {
+		if (strcmp(argv[i], "debug") == 0) {
+			debug = 1;
+			break;
+		}
+	}
+
+	r = -1;
+	for (i = 0; i < argc; i++) {
+		if (strncmp(argv[i], "throw=", 6) == 0) {
+			r = atol(argv[i] + 6) % 3;
+			break;
+		}
+	}
+	if (r == -1) {
+		r = 0;
+		fd = open("/dev/urandom", O_RDONLY);
+		if (fd != -1) {
+			c = 0;
+			do {
+				ret = read(fd, &c, 1);
+			} while ( ((ret ==  1) && (c == 0xff)) ||
+                                  ((ret == -1) && (errno == EINTR)) );
+			/* We drop 0xff here to avoid a variation on
+			 * Bleichenbacher's attack. */
+			r = c / 85;
+			close(fd);
+		}
+		else /* Something is wrong with /dev/urandom */
+			return PAM_CONV_ERR;
+	}
+	switch (r) {
+	case 0:
+		strcpy(prompt_text, values[0]);
+		want = values[1];
+		break;
+	case 1:
+		strcpy(prompt_text, values[1]);
+		want = values[2];
+		break;
+	case 2:
+		strcpy(prompt_text, values[2]);
+		want = values[0];
+		break;
+	}
+	if (debug) {
+		pam_syslog(pamh, LOG_DEBUG, "challenge is \"%s\", "
+		       "expected response is \"%s\"", prompt_text, want);
+	}
+	ret = pam_prompt(pamh, PAM_PROMPT_ECHO_OFF, &response, "%s: ", prompt_text);
+	if (ret != PAM_SUCCESS) {
+		pam_syslog(pamh, LOG_CRIT,
+			"conversation error");
+		return PAM_CONV_ERR;
+	}
+	if ((response != NULL) &&
+	    (strcasecmp(response, want) == 0)) {
+		ret = PAM_SUCCESS;
+	} else {
+		ret = PAM_AUTH_ERR;
+	}
+        if (response) {
+            _pam_overwrite(response);
+	    free(response);
+        }
+	return ret;
+}
+
+int
+pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
+{
+	return PAM_SUCCESS;
+}
-- 
cgit