10 files changed, 105 insertions, 0 deletions

diff --git a/GIDs b/GIDs
index 026778f552cc..8d5b13e16dda 100644
--- a/GIDs
+++ b/GIDs
@@ -105,6 +105,7 @@ polipo:*:173:
 flowtools:*:174:
 twms:*:175:
 mlvpn:*:176:
+otpw:*:178:
 gdnsd:*:179:
 rt:*:180:
 nagios:*:181:
diff --git a/UIDs b/UIDs
index c278f1eb1f44..f5233b579703 100644
--- a/UIDs
+++ b/UIDs
@@ -111,6 +111,7 @@ polipo:*:173:173::0:0:polipo web cache:/nonexistent:/usr/sbin/nologin
 flowtools:*:174:174::0:0:Flow-tools collector pseudo-user:/nonexistent:/usr/sbin/nologin
 twms:*:175:175::0:0:tWMS pseudo-user:/nonexistent:/usr/sbin/nologin
 mlvpn:*:176:176::0:0:mlVPN pseudo-user:/var/run/mlvpn:/usr/sbin/nologin
+otpw:*:178:178::0:0:OTPW pseudouser:/var/lib/otpw:/usr/sbin/nologin
 gdnsd:*:179:179::0:0:gDNSd pseudo-user:/nonexistent:/usr/sbin/nologin
 nagios:*:181:181::0:0:Nagios pseudo-user:/var/spool/nagios:/usr/sbin/nologin
 noc:*:182:182::0:0:NOC pseudo-user:/usr/local/noc:/bin/sh
diff --git a/security/Makefile b/security/Makefile
index 7a845d092d88..bc8bf519bf5f 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -430,6 +430,7 @@
     SUBDIR += ossec-hids-local
     SUBDIR += ossec-hids-server
     SUBDIR += osslsigncode
+    SUBDIR += otpw
     SUBDIR += outguess
     SUBDIR += p11-kit
     SUBDIR += p5-Apache-Htpasswd
diff --git a/security/otpw/Makefile b/security/otpw/Makefile
new file mode 100644
index 000000000000..d4110bcf3191
--- /dev/null
+++ b/security/otpw/Makefile
@@ -0,0 +1,28 @@
+# $FreeBSD$
+
+PORTNAME=	otpw
+PORTVERSION=	1.5
+CATEGORIES=	security
+MASTER_SITES=	https://www.cl.cam.ac.uk/~mgk25/download/ \
+		LOCAL/jkim
+
+MAINTAINER=	jkim@FreeBSD.org
+COMMENT=	One-time password login package by Markus Kuhn
+
+LICENSE=	GPLv2+
+
+GROUPS=		${PORTNAME}
+USERS=		${PORTNAME}
+
+MAKE_ARGS=	CC="${CC}"
+USES=		gmake
+
+do-install:
+	${INSTALL_PROGRAM} ${WRKSRC}/otpw-gen ${STAGEDIR}${PREFIX}/bin
+	${INSTALL_LIB} ${WRKSRC}/pam_otpw.so ${STAGEDIR}${PREFIX}/lib
+	${INSTALL_MAN} ${WRKSRC}/otpw-gen.1.gz \
+	    ${STAGEDIR}${MANPREFIX}/man/man1
+	${INSTALL_MAN} ${WRKSRC}/pam_otpw.8.gz \
+	    ${STAGEDIR}${MANPREFIX}/man/man8
+
+.include <bsd.port.mk>
diff --git a/security/otpw/distinfo b/security/otpw/distinfo
new file mode 100644
index 000000000000..108b5666fdf2
--- /dev/null
+++ b/security/otpw/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1467921387
+SHA256 (otpw-1.5.tar.gz) = 98aca38a61c7713677b96f24426ca7053480c0fd077d91b1e99bc9f92ccb832a
+SIZE (otpw-1.5.tar.gz) = 45725
diff --git a/security/otpw/files/patch-Makefile b/security/otpw/files/patch-Makefile
new file mode 100644
index 000000000000..597c1f7161e2
--- /dev/null
+++ b/security/otpw/files/patch-Makefile
@@ -0,0 +1,26 @@
+--- Makefile.orig	2014-08-07 19:21:15 UTC
++++ Makefile
+@@ -7,12 +7,12 @@
+ VERSION=1.5
+ 
+ CC=gcc
+-CFLAGS=-O -ggdb -W -Wall -Wno-unused-result -fPIC
++CFLAGS+=-fPIC
+ 
+ %.gz: %
+ 	gzip -9c $< >$@
+ 
+-TARGETS=otpw-gen demologin pam_otpw.so pam_otpw.8.gz otpw-gen.1.gz
++TARGETS=otpw-gen pam_otpw.so pam_otpw.8.gz otpw-gen.1.gz
+ 
+ all: $(TARGETS)
+ 
+@@ -28,7 +28,7 @@ rmd160.o: rmd160.c rmd160.h
+ otpw-l.o: otpw-l.c otpw.c otpw.h md.h
+ pam_otpw.o: pam_otpw.c otpw.h md.h
+ pam_otpw.so: pam_otpw.o otpw-l.o rmd160.o md.o
+-	ld --shared -o $@ $+ -lcrypt -lpam -lpam_misc
++	${LD} --shared -o $@ $+ -lcrypt -lpam
+ 
+ distribution:
+ 	git archive --prefix otpw-$(VERSION)/ -o otpw-$(VERSION).tar.gz v$(VERSION)
diff --git a/security/otpw/files/patch-otpw.c b/security/otpw/files/patch-otpw.c
new file mode 100644
index 000000000000..85e6e77dc402
--- /dev/null
+++ b/security/otpw/files/patch-otpw.c
@@ -0,0 +1,11 @@
+--- otpw.c.orig	2014-08-07 19:21:15 UTC
++++ otpw.c
+@@ -68,7 +68,7 @@ static struct otpw_pwdbuf *otpw_malloc_p
+   
+   buflen = sysconf(_SC_GETPW_R_SIZE_MAX); /* typical value: 1024 */
+   /* fprintf(stderr, "_SC_GETPW_R_SIZE_MAX = %ld\n", buflen); */
+-  if (buflen < 0) return NULL;
++  if (buflen < 0) buflen = 1024;
+   p = (struct otpw_pwdbuf *) malloc(sizeof(struct otpw_pwdbuf) + buflen);
+   if (p) p->buflen = buflen;
+   return p;
diff --git a/security/otpw/files/patch-pam__otpw.c b/security/otpw/files/patch-pam__otpw.c
new file mode 100644
index 000000000000..407a4741b312
--- /dev/null
+++ b/security/otpw/files/patch-pam__otpw.c
@@ -0,0 +1,26 @@
+--- pam_otpw.c.orig	2014-08-07 19:21:15 UTC
++++ pam_otpw.c
+@@ -25,6 +25,9 @@
+ #define PAM_SM_AUTH
+ #define PAM_SM_SESSION
+ #include <security/pam_modules.h>
++#ifdef OPENPAM
++#include <security/pam_appl.h>
++#endif
+ 
+ #include "otpw.h"
+ 
+@@ -226,8 +229,13 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
+   
+   /* get user name */
+   retval = pam_get_user(pamh, &username, "login: ");
++#ifdef OPENPAM
++  if (retval == PAM_CONV_ERR)
++    return PAM_CONV_ERR;
++#else
+   if (retval == PAM_CONV_AGAIN)
+     return PAM_INCOMPLETE;
++#endif
+   else if (retval != PAM_SUCCESS) {
+     log_message(LOG_NOTICE, pamh, "no username provided");
+     return PAM_USER_UNKNOWN;
diff --git a/security/otpw/pkg-descr b/security/otpw/pkg-descr
new file mode 100644
index 000000000000..f9405ea00f20
--- /dev/null
+++ b/security/otpw/pkg-descr
@@ -0,0 +1,4 @@
+OTPW is a one-time password system which is robust against the password
+list being stolen and race for the last digit attacks.
+
+WWW: https://www.cl.cam.ac.uk/~mgk25/otpw.html
diff --git a/security/otpw/pkg-plist b/security/otpw/pkg-plist
new file mode 100644
index 000000000000..a6ede774525b
--- /dev/null
+++ b/security/otpw/pkg-plist
@@ -0,0 +1,4 @@
+@(otpw,otpw,4555) bin/otpw-gen
+lib/pam_otpw.so
+man/man1/otpw-gen.1.gz
+man/man8/pam_otpw.8.gz