debian/0000755000000000000000000000000012231503733007165 5ustar debian/README.Debian0000644000000000000000000000347612136542364011247 0ustar After installation, you need to configure your PAM stack to use the Barada module for authorization. In the /etc/pam.d/ directory you will find a list of programs which use PAM. If, for instance, you would like to use this in conjunction with SSH, you'd edit the file /etc/pam.d/sshd -- which should already exist. Just above the line: @include common-auth ...you would add the line: auth sufficient pam_barada.so This means that when sshd calls out to the PAM stack for authorization, the barada module will be used before the standard password-based authorization module. Here we have listed it as "sufficient," which means that should the authorization succeed it will be considered successful, but if it fails it will continue on with the rest of the PAM stack to try and find a success. This means that at any time you can use a OTP credential or your password. Once you have PAM configured, you need to setup the Barada credentials for the users you would like to make it available for. The program "barada-add" in /usr/bin/ should be run as such: $ sudo barada-add ...where username is the name of the user that you want to have Barada access, and pin is an arbitrary-length pin number for that user's credentials. barada-add should then print a result like: $ sudo barada-add someUser 1234 Added someUser with key: 94102985ae8690d28348702459ef4057 $ The key printed here needs to be installed on the user's device. The best way to do it is to read it off the screen here and type it in directly when the Android-based client software prompts you for it. This is the only time that you'll have to enter the key. After that, you'll just need to enter the PIN each time you want an OTP. At this point, you should be ready to go. Send questions, comments, concerns, suggestions to moxie@thoughtcrime.org debian/libpam-barada.dirs0000644000000000000000000000002612136542364012531 0ustar etc/barada.d usr/sbin debian/source/0000755000000000000000000000000012136542364010474 5ustar debian/source/format0000644000000000000000000000001412136542364011702 0ustar 3.0 (quilt) debian/libpam-barada.install0000644000000000000000000000004512136542364013237 0ustar lib/security/*.so usr/bin/* usr/sbin debian/copyright0000644000000000000000000000216312136542364011131 0ustar This package was debianized by Andrew Pollock on Tue, 13 Jan 2009 17:48:50 -0800. It was downloaded from Upstream Authors: Moxie Marlinspike Stuart Anderson Copyright: Copyright (c) 2008 Moxie Marlinspike License: GPLv3 "In addition, as a special exception, Moxie Marlinspike gives permission to link the code of its release of barada with the OpenSSL project's "OpenSSL" library (or with modified versions of it that use the same license as the "OpenSSL" library), and distribute the linked executables. You must obey the GNU General Public License in all respects for all of the code used other than "OpenSSL". If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version." The Debian packaging is (C) 2009, Andrew Pollock and is licensed under the GPL, see `/usr/share/common-licenses/GPL-3'. install-sh: Copyright (C) 1994 X Consortium debian/changelog0000644000000000000000000000241512231503733011041 0ustar barada-pam (0.5-3.1build2) trusty; urgency=low * No change rebuild for Boost 1.54 transition. -- Dmitrijs Ledkovs Tue, 22 Oct 2013 15:12:43 +0100 barada-pam (0.5-3.1build1) saucy; urgency=low * No change rebuild for Boost 1.53 transition. -- Dmitrijs Ledkovs Fri, 26 Apr 2013 19:18:39 +0100 barada-pam (0.5-3.1) unstable; urgency=low * Non-maintainer upload. * Update patch to really fix FTBFS with gold or ld --no-add-needed (Closes: #615696) -- Dmitrijs Ledkovs Thu, 31 May 2012 18:54:17 +0100 barada-pam (0.5-3) unstable; urgency=low * debian/rules: add build-{arch,indep} targets * debian/rules: substituted deprecated dh_clean -k call for dh_prep -- Andrew Pollock Sun, 12 Feb 2012 23:22:36 -0800 barada-pam (0.5-2) unstable; urgency=low * Convert to 3.0 (quilt) source format * debian/control: bump Standards-Version (no changes) * Add patch from Andreas Moog to fix FTBFS with gold or ld --no-add-needed (closes: #615696) -- Andrew Pollock Wed, 25 May 2011 21:59:46 -0700 barada-pam (0.5-1) unstable; urgency=low * Initial release (Closes: #564820) -- Andrew Pollock Tue, 16 Feb 2010 21:13:26 -0800 debian/control0000644000000000000000000000243212136542401010570 0ustar Source: barada-pam Priority: extra Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Andrew Pollock Build-Depends: debhelper (>= 6.0.7~), autotools-dev, libboost-serialization-dev, libpam-dev, libssl-dev, libboost-filesystem-dev Standards-Version: 3.9.2 Section: libs Homepage: http://barada.sourceforge.net/ Package: libpam-barada Section: libs Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Description: PAM module to provide two-factor authentication based on HOTP Use HOTP (RFC4226) two-factor authentication with PAM. . In addition to a normal password, users are also assigned a 128 bit key and arbitrary-length PIN number. Every time you'd like to login using a OTP, you calculate a secure hash based on your assigned PIN and an increasing counter, the result of which is a six character one time password. . While this module could be used in conjunction with many different client devices, it was written specifically with Android devices in mind. There is companion software which runs on Android, so that your phone essentially becomes a SecureID token. All you need to do is open up the software, type in your PIN, and you get back a 6-character number that you can use to login to your system. debian/rules0000755000000000000000000000502412136542364010255 0ustar #!/usr/bin/make -f # -*- makefile -*- # Sample debian/rules that uses debhelper. # This file was originally written by Joey Hess and Craig Small. # As a special exception, when this file is copied by dh-make into a # dh-make output file, you may use that output file without restriction. # This special exception was added by Craig Small in version 0.37 of dh-make. # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 # These are used for cross-compiling and for saving the configure script # from having to guess our platform (since we know it already) DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) CFLAGS = -Wall -g ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) CFLAGS += -O0 else CFLAGS += -O2 endif config.status: configure dh_testdir # Add here commands to configure the package. ifneq "$(wildcard /usr/share/misc/config.sub)" "" cp -f /usr/share/misc/config.sub config.sub endif ifneq "$(wildcard /usr/share/misc/config.guess)" "" cp -f /usr/share/misc/config.guess config.guess endif ./configure --host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE) --prefix=/usr --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info CFLAGS="$(CFLAGS)" LDFLAGS="-Wl,-z,defs" build: build-arch build-indep build-arch: build-stamp build-indep: build-stamp build-stamp: config.status dh_testdir # Add here commands to compile the package. $(MAKE) touch $@ clean: dh_testdir dh_testroot rm -f build-stamp # Add here commands to clean up after the build process. [ ! -f Makefile ] || $(MAKE) distclean rm -f config.sub config.guess dh_clean install: build dh_testdir dh_testroot dh_prep dh_installdirs # Add here commands to install the package into debian/tmp $(MAKE) DESTDIR=$(CURDIR)/debian/tmp install # barada-add goes and makes /etc/barada.d 0600 because the keys # to the castle are stored there chmod 600 $(CURDIR)/debian/libpam-barada/etc/barada.d # Build architecture-independent files here. binary-indep: build install # We have nothing to do by default. # Build architecture-dependent files here. binary-arch: build install dh_testdir dh_testroot dh_installchangelogs dh_installdocs dh_installexamples dh_install --sourcedir=debian/tmp dh_installpam dh_installman dh_link dh_strip dh_compress dh_fixperms -X etc/barada.d dh_lintian dh_installdeb dh_shlibdeps dh_gencontrol dh_md5sums dh_builddeb binary: binary-indep binary-arch .PHONY: build clean binary-indep binary-arch binary install debian/watch0000644000000000000000000000125512136542364010230 0ustar # Example watch control file for uscan # Rename this file to "watch" and then you can run the "uscan" command # to check for upstream updates and more. # See uscan(1) for format # Compulsory line, this is a version 3 file version=3 # Uncomment to examine a Webpage # #http://www.example.com/downloads.php barada-pam-(.*)\.tar\.gz # Uncomment to examine a Webserver directory #http://www.example.com/pub/barada-pam-(.*)\.tar\.gz # Uncommment to examine a FTP server #ftp://ftp.example.com/pub/barada-pam-(.*)\.tar\.gz debian uupdate # Uncomment to find new files on sourceforge, for devscripts >= 2.9 http://sf.net/barada-pam/barada-pam-(.*)\.tar\.gz debian/libpam-barada.lintian-overrides0000644000000000000000000000010012136542364015217 0ustar libpam-barada: non-standard-dir-perm etc/barada.d/ 0600 != 0755 debian/patches/0000755000000000000000000000000012136542364010623 5ustar debian/patches/fix_6156960000644000000000000000000000244712136542364012203 0ustar Description: explicitly link with boost_system and boost_filesystem to fix a FTBFS Author: Andreas Moog , Dmitrijs Ledkovs Bug-Ubuntu: https://bugs.launchpad.net/bugs/765927 Bug-Debian: http://bugs.debian.org/615696 Index: barada-pam/Makefile.am =================================================================== --- barada-pam.orig/Makefile.am 2011-05-28 17:05:27.364231843 +0200 +++ barada-pam/Makefile.am 2011-05-28 17:05:05.345349346 +0200 @@ -10,6 +10,8 @@ barada_add_LDFLAGS = $(BOOST_FILESYSTEM) +LIBS += $(BOOST_FILESYSTEM) -lboost_system + pam_barada_sodir = /lib/security/ pam_barada_so_PROGRAMS = pam_barada.so @@ -18,4 +20,4 @@ pam_barada_so_LDFLAGS = -shared -HexTest_SOURCES = HexTest.cpp Util.cpp \ No newline at end of file +HexTest_SOURCES = HexTest.cpp Util.cpp Index: barada-pam/Makefile.in =================================================================== --- barada-pam.orig/Makefile.in 2011-05-28 17:05:27.434228322 +0200 +++ barada-pam/Makefile.in 2011-05-28 17:05:24.674367340 +0200 @@ -127,7 +127,7 @@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LDFLAGS = @LDFLAGS@ LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ +LIBS = @LIBS@ $(BOOST_FILESYSTEM) -lboost_system LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ debian/patches/series0000644000000000000000000000001312136542364012032 0ustar fix_615696 debian/docs0000644000000000000000000000001412136542364010042 0ustar NEWS README debian/compat0000644000000000000000000000000212136542364010372 0ustar 5