usersfile : rewrite

I rewrite liboath/usersfile.c to lock and modify usersfile in-place instead of creating lock and temporary file. I first did those patches because I want to use pam_oath with postgres (which doesn't run as root). So I need the usersfile to have 660 permission, owner "root" and group "oath" (postgres is a member of oath).

I take advantage of the code hacking to make some other changes and comment it.

different usersfile field 5 if HOTP / TOTP & fields 5 present → 6 and 7 mandatory

Non-retrocompatible patchs. They change a bit the format of the userfile.

Now it's like the following before the first login:

HOTP/E/8        login     password    AES-key

After the first login:

HOTP/E/8        login     password    AES-key  OATH-counter  last-otp  last-otp-timestamp

pam_oath: use helper binary to access/modify the usersfile

Create the (suid root) oath_usersfile helper binary to access and modify the usersfile (like pam_unix does for /etc/shadow). That way even service without access to the usersfile can authenticate user with pam_oath.

pam_oath suid helper binary

usersfile : rewrite

different usersfile field 5 if HOTP / TOTP & fields 5 present → 6 and 7 mandatory

pam_oath: use helper binary to access/modify the usersfile

Merge request reports