public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
From: Ralf Ertzinger <ralf@skytale.net>
To: git-commits@fedoraproject.org
Subject: [rpms/pam_url] epel10: Add patches to support connect and request timeouts
Date: Sat, 13 Jun 2026 18:25:18 GMT [thread overview]
Message-ID: <178137511878.1.5723521258176384023.rpms-pam_url-96aeea009b23@fedoraproject.org> (raw)
A new commit has been pushed.
Repo : rpms/pam_url
Branch : epel10
Commit : 96aeea009b2319221eb09b7c4a6e52188446f532
Author : Ralf Ertzinger <ralf@skytale.net>
Date : 2023-10-12T20:59:27+02:00
Stats : +84/-3 in 3 file(s)
URL : https://src.fedoraproject.org/rpms/pam_url/c/96aeea009b2319221eb09b7c4a6e52188446f532?branch=epel10
Log:
Add patches to support connect and request timeouts
---
diff --git a/pam_url-0.3.3-curl-timeout.patch b/pam_url-0.3.3-curl-timeout.patch
new file mode 100644
index 0000000..a0ba50c
--- /dev/null
+++ b/pam_url-0.3.3-curl-timeout.patch
@@ -0,0 +1,57 @@
+diff --git a/examples/pam_url.conf b/examples/pam_url.conf
+index 15439cc..1d43d59 100644
+--- a/examples/pam_url.conf
++++ b/examples/pam_url.conf
+@@ -10,6 +10,10 @@ pam_url:
+ passwdfield = "token"; # passwdfield name to send
+ extradata = "&do=login"; # extra data to send
+ prompt = "Token: "; # password prompt
++ connect_timeout_ms = 2000; # Connect timeout of 2000ms
++ timeout_ms = 10000; # Overall timeout of 10000ms
++ # Take into consideration that the remote end might delay a response on
++ # purpose when the password is incorrect, to limit brute force attempts
+ };
+
+ ssl:
+diff --git a/pam_url.c b/pam_url.c
+index c1da689..2a0918d 100644
+--- a/pam_url.c
++++ b/pam_url.c
+@@ -120,6 +120,11 @@ int parse_opts(pam_url_opts *opts, int argc, const char *argv[], int mode)
+ if(config_lookup_string(&config, "pam_url.settings.extradata", (const char **)&opts->extra_field) == CONFIG_FALSE)
+ opts->extra_field = DEF_EXTRA;
+
++ if(config_lookup_int(&config, "pam_url.settings.connect_timeout_ms", &opts->connect_timeout_ms) == CONFIG_FALSE)
++ opts->connect_timeout_ms = 0; // Select cURL lib default
++
++ if(config_lookup_int(&config, "pam_url.settings.timeout_ms", &opts->timeout_ms) == CONFIG_FALSE)
++ opts->connect_timeout_ms = 0; // Select cURL lib default
+
+ // SSL Options
+ if(config_lookup_string(&config, "pam_url.ssl.client_cert", &opts->ssl_cert) == CONFIG_FALSE)
+@@ -286,6 +291,12 @@ int fetch_url(pam_handle_t *pamh, pam_url_opts opts)
+ if( CURLE_OK != curl_easy_setopt(eh, CURLOPT_CAINFO, opts.ca_cert) )
+ goto curl_error;
+
++ if( CURLE_OK != curl_easy_setopt(eh, CURLOPT_CONNECTTIMEOUT_MS, opts.connect_timeout_ms) )
++ goto curl_error;
++
++ if( CURLE_OK != curl_easy_setopt(eh, CURLOPT_TIMEOUT_MS, opts.timeout_ms) )
++ goto curl_error;
++
+ if( opts.ssl_verify_host == true )
+ {
+ if( CURLE_OK != curl_easy_setopt(eh, CURLOPT_SSL_VERIFYHOST, 2) )
+diff --git a/pam_url.h b/pam_url.h
+index 39bc286..8cb32d6 100644
+--- a/pam_url.h
++++ b/pam_url.h
+@@ -99,6 +99,8 @@ typedef struct pam_url_opts_ {
+ int use_first_pass;
+ int prepend_first_pass;
+ char *first_pass;
++ int connect_timeout_ms;
++ int timeout_ms;
+
+ int ssl_verify_peer;
+ int ssl_verify_host;
diff --git a/pam_url-0.3.3-nolibcheck.patch b/pam_url-0.3.3-nolibcheck.patch
new file mode 100644
index 0000000..395ee62
--- /dev/null
+++ b/pam_url-0.3.3-nolibcheck.patch
@@ -0,0 +1,18 @@
+diff -uNr a/pam_url.h b/pam_url.h
+--- a/pam_url.h 2023-10-04 21:39:59.468015142 +0200
++++ b/pam_url.h 2023-10-04 21:40:31.172698499 +0200
+@@ -29,14 +29,7 @@
+ #endif
+
+ #include <curl/curl.h>
+-#ifndef __CURL_CURL_H
+- #error libcurl headers not found on this system. Giving up.
+-#endif
+-
+ #include <libconfig.h>
+-#ifndef __libconfig_h
+- #error libconfig headers not found on this system. Giving up.
+-#endif
+
+ #ifndef __USE_XOPEN_EXTENDED
+ # define __USE_XOPEN_EXTENDED
diff --git a/pam_url.spec b/pam_url.spec
index e1d4e79..07c8b0e 100644
--- a/pam_url.spec
+++ b/pam_url.spec
@@ -7,12 +7,15 @@
Summary: PAM module to authenticate with HTTP servers
Name: pam_url
Version: 0.3.3
-Release: 19%{?dist}
+Release: 20%{?dist}
Epoch: 1
License: GPLv2
URL: %{forgeurl}
Source: %{forgesource}
+Patch0: pam_url-0.3.3-curl-timeout.patch
+Patch1: pam_url-0.3.3-nolibcheck.patch
+
Requires: pam
BuildRequires: make
@@ -27,8 +30,8 @@ such as totpcgi.
%prep
%forgesetup
-
-sed -i 's/#ifndef __CURL_CURL_H/#ifndef CURLINC_CURL_H/g' pam_url.h
+%patch -P 0 -p 1
+%patch -P 1 -p 1
%build
CFLAGS="%{optflags} -std=c99" make %{?_smp_mflags} pamlib=%{_lib}/security all
@@ -43,6 +46,9 @@ make DESTDIR=%{buildroot} pamlib=%{_lib}/security install
%changelog
+* Thu Oct 12 2023 Ralf Ertzinger <ralf@skytale.net> - 1:0.3.3-20
+- Add patches to support connect and request timeouts
+
* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.3.3-19
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
reply other threads:[~2026-06-13 18:25 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=178137511878.1.5723521258176384023.rpms-pam_url-96aeea009b23@fedoraproject.org \
--to=ralf@skytale.net \
--cc=git-commits@fedoraproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox