[jackhill/guix/guix.git] / gnu / packages / authentication.scm

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2018, 2020, 2021 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2019, 2020 Ricardo Wurmus <rekado@elephly.net>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu packages authentication)
  #:use-module (gnu packages)
  #:use-module (gnu packages autotools)
  #:use-module (gnu packages documentation)
  #:use-module (gnu packages linux)
  #:use-module (gnu packages pkg-config)
  #:use-module (gnu packages security-token)
  #:use-module (gnu packages tls)
  #:use-module (gnu packages xml)
  #:use-module (guix build-system gnu)
  #:use-module (guix download)
  #:use-module (guix git-download)
  #:use-module ((guix licenses) #:prefix license:)
  #:use-module (guix packages))

(define-public oath-toolkit
  (package
    (name "oath-toolkit")
    (version "2.6.7")
    (source
     (origin
       (method url-fetch)
       (uri (string-append "https://download.savannah.nongnu.org/releases/"
                           name "/" name "-" version ".tar.gz"))
       (sha256
        (base32 "1aa620k05lsw3l3slkp2mzma40q3p9wginspn9zk8digiz7dzv9n"))))
    (build-system gnu-build-system)
    (arguments
     ;; TODO ‘--enable-pskc’ causes xmlsec-related test suite failures.
     `(#:configure-flags
       (list "--enable-pam"
             "--enable-pskc"
             "--with-xmlsec-crypto-engine=openssl")
       #:phases
       (modify-phases %standard-phases
         (add-after 'install 'delete-static-libraries
           (lambda* (#:key outputs #:allow-other-keys)
             (let* ((out (assoc-ref outputs "out"))
                    (lib (string-append out "/lib")))
               (for-each delete-file (find-files lib "\\.a$"))
               #t))))))
    (native-inputs
     `(("pkg-config" ,pkg-config)

       ;; XXX: Perhaps this should be propagated from xmlsec.
       ("libltdl" ,libltdl)))
    (inputs
     `(("linux-pam" ,linux-pam)
       ("openssl" ,openssl)
       ("xmlsec-openssl" ,xmlsec-openssl)))
    (home-page "https://www.nongnu.org/oath-toolkit/")
    (synopsis "One-time password (OTP) components")
    (description
     "The @dfn{OATH} (Open AuTHentication) Toolkit provides various components
for building one-time password (@dfn{OTP}) authentication systems:

@itemize
@item @command{oathtool}, a command-line tool for generating & validating OTPs.
@item @code{liboath}, a C library for OATH handling.
@item @command{pskctool}, a command-line tool for manipulating secret key
files in the Portable Symmetric Key Container (@dfn{PSKC}) format
described in RFC6030.
@item @code{libpskc}, a shared and static C library for PSKC handling.
@item @code{pam_oath}, a PAM module for pluggable login authentication.
@end itemize

Supported technologies include the event-based @acronym{HOTP, Hash-based Message
Authentication Code One-Time Password} algorithm (RFC4226), the time-based
@acronym{TOTP, Time-based One-Time Password} algorithm (RFC6238), and
@acronym{PSKC, Portable Symmetric Key Container} (RFC6030) to manage secret key
data.")
    (license (list license:lgpl2.1+     ; the libraries (liboath/ & libpskc/)
                   license:gpl3+))))    ; the tools (everything else)

(define-public yubico-pam
  (let ((commit "b5bd00db81e0e0e0ecced65c684080bb56ddc35b")
        (revision "0"))
    (package
      (name "yubico-pam")
      (version (git-version "2.26" revision commit))
      (source (origin
                (method git-fetch)
                (uri (git-reference
                      (url "https://github.com/Yubico/yubico-pam")
                      (commit commit)))
                (file-name (git-file-name name version))
                (sha256
                 (base32
                  "10dq8dqi3jldllj6p8r9hldx9sank9n82c44w8akxrs1vli6nj3m"))))
      (build-system gnu-build-system)
      (arguments
       ;; The pam_test fails because ykclient fails to build a Curl handle.
       '(#:make-flags '("TESTS=util_test")))
      (inputs
       `(("linux-pam" ,linux-pam)
         ("libyubikey" ,libyubikey)
         ("ykclient" ,ykclient)
         ("yubikey-personalization" ,yubikey-personalization)))
      (native-inputs
       `(("autoconf" ,autoconf)
         ("automake" ,automake)
         ("libtool" ,libtool)
         ("asciidoc" ,asciidoc)
         ("pkg-config" ,pkg-config)))
      (home-page "https://developers.yubico.com/yubico-pam")
      (synopsis "Yubico pluggable authentication module")
      (description "The Yubico PAM module provides an easy way to integrate the
YubiKey into your existing user authentication infrastructure.")
      (license license:bsd-2))))

(define-public pamtester
  (package
    (name "pamtester")
    (version "0.1.2")
    (source
     (origin
       (method url-fetch)
       (uri (string-append
             "mirror://sourceforge/pamtester/pamtester/"
             version "/pamtester-" version ".tar.gz"))
       (sha256
        (base32 "1mdj1wj0adcnx354fs17928yn2xfr1hj5mfraq282dagi873sqw3"))))
    (build-system gnu-build-system)
    (native-inputs
     `(("pkg-config" ,pkg-config)))
    (inputs
     `(("linux-pam" ,linux-pam)))
    (home-page "http://pamtester.sourceforge.net/")
    (synopsis "Utility for testing pluggable authentication modules (PAM) facility")
    (description
     "Pamtester is a tiny utility program to test the pluggable authentication
modules (PAM) facility, specifically designed to help PAM module authors to
intensively test their own modules.")
    (license license:bsd-3)))
Commit	Line	Data
b3543e6c	1	;;; GNU Guix --- Functional package management for GNU
ab3fbb27	2	;;; Copyright © 2018, 2020, 2021 Tobias Geerinckx-Rice <me@tobias.gr>
9e36859c	3	;;; Copyright © 2019, 2020 Ricardo Wurmus <rekado@elephly.net>
b3543e6c TGR	4	;;;
	5	;;; This file is part of GNU Guix.
	6	;;;
	7	;;; GNU Guix is free software; you can redistribute it and/or modify it
	8	;;; under the terms of the GNU General Public License as published by
	9	;;; the Free Software Foundation; either version 3 of the License, or (at
	10	;;; your option) any later version.
	11	;;;
	12	;;; GNU Guix is distributed in the hope that it will be useful, but
	13	;;; WITHOUT ANY WARRANTY; without even the implied warranty of
	14	;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	15	;;; GNU General Public License for more details.
	16	;;;
	17	;;; You should have received a copy of the GNU General Public License
	18	;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
	19
	20	(define-module (gnu packages authentication)
6bbbdb1a	21	#:use-module (gnu packages)
991c4410 RW	22	#:use-module (gnu packages autotools)
991c4410 RW	23	#:use-module (gnu packages documentation)
b3543e6c TGR	24	#:use-module (gnu packages linux)
b3543e6c TGR	25	#:use-module (gnu packages pkg-config)
991c4410	26	#:use-module (gnu packages security-token)
37fd8217 SJG	27	#:use-module (gnu packages tls)
37fd8217 SJG	28	#:use-module (gnu packages xml)
b3543e6c TGR	29	#:use-module (guix build-system gnu)
b3543e6c TGR	30	#:use-module (guix download)
991c4410	31	#:use-module (guix git-download)
b3543e6c TGR	32	#:use-module ((guix licenses) #:prefix license:)
	33	#:use-module (guix packages))
	34
	35	(define-public oath-toolkit
b3543e6c TGR	36	(package
b3543e6c TGR	37	(name "oath-toolkit")
6e43922f	38	(version "2.6.7")
b3543e6c TGR	39	(source
	40	(origin
	41	(method url-fetch)
	42	(uri (string-append "https://download.savannah.nongnu.org/releases/"
	43	name "/" name "-" version ".tar.gz"))
	44	(sha256
6e43922f	45	(base32 "1aa620k05lsw3l3slkp2mzma40q3p9wginspn9zk8digiz7dzv9n"))))
b3543e6c TGR	46	(build-system gnu-build-system)
	47	(arguments
	48	;; TODO ‘--enable-pskc’ causes xmlsec-related test suite failures.
	49	`(#:configure-flags
37fd8217 SJG	50	(list "--enable-pam"
	51	"--enable-pskc"
	52	"--with-xmlsec-crypto-engine=openssl")
b3543e6c TGR	53	#:phases
	54	(modify-phases %standard-phases
	55	(add-after 'install 'delete-static-libraries
	56	(lambda* (#:key outputs #:allow-other-keys)
	57	(let* ((out (assoc-ref outputs "out"))
	58	(lib (string-append out "/lib")))
	59	(for-each delete-file (find-files lib "\\.a$"))
	60	#t))))))
	61	(native-inputs
37fd8217 SJG	62	`(("pkg-config" ,pkg-config)
	63
	64	;; XXX: Perhaps this should be propagated from xmlsec.
	65	("libltdl" ,libltdl)))
b3543e6c	66	(inputs
37fd8217 SJG	67	`(("linux-pam" ,linux-pam)
	68	("openssl" ,openssl)
	69	("xmlsec-openssl" ,xmlsec-openssl)))
b3543e6c TGR	70	(home-page "https://www.nongnu.org/oath-toolkit/")
b3543e6c TGR	71	(synopsis "One-time password (OTP) components")
b3543e6c TGR	72	(description
	73	"The @dfn{OATH} (Open AuTHentication) Toolkit provides various components
	74	for building one-time password (@dfn{OTP}) authentication systems:
	75
	76	@itemize
	77	@item @command{oathtool}, a command-line tool for generating & validating OTPs.
	78	@item @code{liboath}, a C library for OATH handling.
37fd8217 SJG	79	@item @command{pskctool}, a command-line tool for manipulating secret key
	80	files in the Portable Symmetric Key Container (@dfn{PSKC}) format
	81	described in RFC6030.
	82	@item @code{libpskc}, a shared and static C library for PSKC handling.
b3543e6c TGR	83	@item @code{pam_oath}, a PAM module for pluggable login authentication.
	84	@end itemize
	85
37fd8217 SJG	86	Supported technologies include the event-based @acronym{HOTP, Hash-based Message
	87	Authentication Code One-Time Password} algorithm (RFC4226), the time-based
	88	@acronym{TOTP, Time-based One-Time Password} algorithm (RFC6238), and
	89	@acronym{PSKC, Portable Symmetric Key Container} (RFC6030) to manage secret key
	90	data.")
b3543e6c TGR	91	(license (list license:lgpl2.1+ ; the libraries (liboath/ & libpskc/)
b3543e6c TGR	92	license:gpl3+)))) ; the tools (everything else)
991c4410 RW	93
	94	(define-public yubico-pam
	95	(let ((commit "b5bd00db81e0e0e0ecced65c684080bb56ddc35b")
	96	(revision "0"))
	97	(package
	98	(name "yubico-pam")
	99	(version (git-version "2.26" revision commit))
	100	(source (origin
	101	(method git-fetch)
	102	(uri (git-reference
b0e7b699	103	(url "https://github.com/Yubico/yubico-pam")
991c4410 RW	104	(commit commit)))
	105	(file-name (git-file-name name version))
	106	(sha256
	107	(base32
	108	"10dq8dqi3jldllj6p8r9hldx9sank9n82c44w8akxrs1vli6nj3m"))))
	109	(build-system gnu-build-system)
	110	(arguments
	111	;; The pam_test fails because ykclient fails to build a Curl handle.
	112	'(#:make-flags '("TESTS=util_test")))
	113	(inputs
	114	`(("linux-pam" ,linux-pam)
	115	("libyubikey" ,libyubikey)
	116	("ykclient" ,ykclient)
	117	("yubikey-personalization" ,yubikey-personalization)))
	118	(native-inputs
	119	`(("autoconf" ,autoconf)
	120	("automake" ,automake)
	121	("libtool" ,libtool)
	122	("asciidoc" ,asciidoc)
	123	("pkg-config" ,pkg-config)))
	124	(home-page "https://developers.yubico.com/yubico-pam")
	125	(synopsis "Yubico pluggable authentication module")
	126	(description "The Yubico PAM module provides an easy way to integrate the
	127	YubiKey into your existing user authentication infrastructure.")
	128	(license license:bsd-2))))
9e36859c RW	129
	130	(define-public pamtester
	131	(package
	132	(name "pamtester")
	133	(version "0.1.2")
	134	(source
	135	(origin
	136	(method url-fetch)
	137	(uri (string-append
	138	"mirror://sourceforge/pamtester/pamtester/"
	139	version "/pamtester-" version ".tar.gz"))
	140	(sha256
	141	(base32 "1mdj1wj0adcnx354fs17928yn2xfr1hj5mfraq282dagi873sqw3"))))
	142	(build-system gnu-build-system)
	143	(native-inputs
	144	`(("pkg-config" ,pkg-config)))
	145	(inputs
	146	`(("linux-pam" ,linux-pam)))
	147	(home-page "http://pamtester.sourceforge.net/")
	148	(synopsis "Utility for testing pluggable authentication modules (PAM) facility")
	149	(description
	150	"Pamtester is a tiny utility program to test the pluggable authentication
	151	modules (PAM) facility, specifically designed to help PAM module authors to
	152	intensively test their own modules.")
	153	(license license:bsd-3)))