[rpms/pam_url] epel10.2: Add patches to support connect and request timeouts

public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed

* [rpms/pam_url] epel10.2: Add patches to support connect and request timeouts
@ 2026-06-13 18:43 Ralf Ertzinger
  0 siblings, 0 replies; only message in thread
From: Ralf Ertzinger @ 2026-06-13 18:43 UTC (permalink / raw)
  To: git-commits

A new commit has been pushed.

Repo   : rpms/pam_url
Branch : epel10.2
Commit : 96aeea009b2319221eb09b7c4a6e52188446f532
Author : Ralf Ertzinger <ralf@skytale.net>
Date   : 2023-10-12T20:59:27+02:00
Stats  : +84/-3 in 3 file(s)
URL    : https://src.fedoraproject.org/rpms/pam_url/c/96aeea009b2319221eb09b7c4a6e52188446f532?branch=epel10.2

Log:
Add patches to support connect and request timeouts

---
diff --git a/pam_url-0.3.3-curl-timeout.patch b/pam_url-0.3.3-curl-timeout.patch
new file mode 100644
index 0000000..a0ba50c
--- /dev/null
+++ b/pam_url-0.3.3-curl-timeout.patch
@@ -0,0 +1,57 @@
+diff --git a/examples/pam_url.conf b/examples/pam_url.conf
+index 15439cc..1d43d59 100644
+--- a/examples/pam_url.conf
++++ b/examples/pam_url.conf
+@@ -10,6 +10,10 @@ pam_url:
+         passwdfield = "token";                     # passwdfield name to send
+         extradata   = "&do=login";                 # extra data to send
+         prompt      = "Token: ";                   # password prompt
++        connect_timeout_ms = 2000;                 # Connect timeout of 2000ms
++        timeout_ms  = 10000;                       # Overall timeout of 10000ms
++                                                   # Take into consideration that the remote end might delay a response on
++                                                   # purpose when the password is incorrect, to limit brute force attempts
+     };
+ 
+     ssl:
+diff --git a/pam_url.c b/pam_url.c
+index c1da689..2a0918d 100644
+--- a/pam_url.c
++++ b/pam_url.c
+@@ -120,6 +120,11 @@ int parse_opts(pam_url_opts *opts, int argc, const char *argv[], int mode)
+ 	if(config_lookup_string(&config, "pam_url.settings.extradata", (const char **)&opts->extra_field) == CONFIG_FALSE)
+ 		opts->extra_field = DEF_EXTRA;
+ 	
++	if(config_lookup_int(&config, "pam_url.settings.connect_timeout_ms", &opts->connect_timeout_ms) == CONFIG_FALSE)
++		opts->connect_timeout_ms = 0; // Select cURL lib default
++
++	if(config_lookup_int(&config, "pam_url.settings.timeout_ms", &opts->timeout_ms) == CONFIG_FALSE)
++		opts->connect_timeout_ms = 0; // Select cURL lib default
+ 	
+ 	// SSL Options
+ 	if(config_lookup_string(&config, "pam_url.ssl.client_cert", &opts->ssl_cert) == CONFIG_FALSE)
+@@ -286,6 +291,12 @@ int fetch_url(pam_handle_t *pamh, pam_url_opts opts)
+ 	if( CURLE_OK != curl_easy_setopt(eh, CURLOPT_CAINFO, opts.ca_cert) )
+ 		goto curl_error;
+ 
++	if( CURLE_OK != curl_easy_setopt(eh, CURLOPT_CONNECTTIMEOUT_MS, opts.connect_timeout_ms) )
++		goto curl_error;
++
++	if( CURLE_OK != curl_easy_setopt(eh, CURLOPT_TIMEOUT_MS, opts.timeout_ms) )
++		goto curl_error;
++
+ 	if( opts.ssl_verify_host == true )
+ 	{
+ 		if( CURLE_OK != curl_easy_setopt(eh, CURLOPT_SSL_VERIFYHOST, 2) )
+diff --git a/pam_url.h b/pam_url.h
+index 39bc286..8cb32d6 100644
+--- a/pam_url.h
++++ b/pam_url.h
+@@ -99,6 +99,8 @@ typedef struct pam_url_opts_ {
+ 	int use_first_pass;
+ 	int prepend_first_pass;
+ 	char *first_pass;
++	int connect_timeout_ms;
++	int timeout_ms;
+ 
+ 	int ssl_verify_peer;
+ 	int ssl_verify_host;

diff --git a/pam_url-0.3.3-nolibcheck.patch b/pam_url-0.3.3-nolibcheck.patch
new file mode 100644
index 0000000..395ee62
--- /dev/null
+++ b/pam_url-0.3.3-nolibcheck.patch
@@ -0,0 +1,18 @@
+diff -uNr a/pam_url.h b/pam_url.h
+--- a/pam_url.h	2023-10-04 21:39:59.468015142 +0200
++++ b/pam_url.h	2023-10-04 21:40:31.172698499 +0200
+@@ -29,14 +29,7 @@
+ #endif
+ 
+ #include <curl/curl.h>
+-#ifndef __CURL_CURL_H
+-	#error libcurl headers not found on this system. Giving up.
+-#endif
+-
+ #include <libconfig.h>
+-#ifndef __libconfig_h
+-	#error libconfig headers not found on this system. Giving up.
+-#endif
+ 
+ #ifndef __USE_XOPEN_EXTENDED
+ # define __USE_XOPEN_EXTENDED

diff --git a/pam_url.spec b/pam_url.spec
index e1d4e79..07c8b0e 100644
--- a/pam_url.spec
+++ b/pam_url.spec
@@ -7,12 +7,15 @@
 Summary:        PAM module to authenticate with HTTP servers
 Name:           pam_url
 Version:        0.3.3
-Release:        19%{?dist}
+Release:        20%{?dist}
 Epoch:          1
 License:        GPLv2
 URL:            %{forgeurl}
 Source:         %{forgesource}
 
+Patch0:         pam_url-0.3.3-curl-timeout.patch
+Patch1:         pam_url-0.3.3-nolibcheck.patch
+
 Requires:       pam
 
 BuildRequires: make
@@ -27,8 +30,8 @@ such as totpcgi.
 
 %prep
 %forgesetup
-
-sed -i 's/#ifndef __CURL_CURL_H/#ifndef CURLINC_CURL_H/g' pam_url.h
+%patch -P 0 -p 1
+%patch -P 1 -p 1
 
 %build
 CFLAGS="%{optflags} -std=c99" make %{?_smp_mflags} pamlib=%{_lib}/security all
@@ -43,6 +46,9 @@ make DESTDIR=%{buildroot} pamlib=%{_lib}/security install
 
 
 %changelog
+* Thu Oct 12 2023 Ralf Ertzinger <ralf@skytale.net> - 1:0.3.3-20
+- Add patches to support connect and request timeouts
+
 * Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.3.3-19
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
 

^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2026-06-13 18:43 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-13 18:43 [rpms/pam_url] epel10.2: Add patches to support connect and request timeouts Ralf Ertzinger

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox