diff options
author | Daniel Black <dragonheart@gentoo.org> | 2006-09-19 21:19:49 +0000 |
---|---|---|
committer | Daniel Black <dragonheart@gentoo.org> | 2006-09-19 21:19:49 +0000 |
commit | 2ad0416467ea62ee633b5974fd4172341933abf5 (patch) | |
tree | 7a4573725155dbe59309c06ba8825fb31c25a751 /sys-auth | |
parent | Version Bump. (diff) | |
download | gentoo-2-2ad0416467ea62ee633b5974fd4172341933abf5.tar.gz gentoo-2-2ad0416467ea62ee633b5974fd4172341933abf5.tar.bz2 gentoo-2-2ad0416467ea62ee633b5974fd4172341933abf5.zip |
fixes numberous PKCS#11 stand violations as per bug #122357. Thanks Alon Bar-Lev for the patches.
(Portage version: 2.1.2_pre1)
Diffstat (limited to 'sys-auth')
-rw-r--r-- | sys-auth/pam_pkcs11/ChangeLog | 9 | ||||
-rw-r--r-- | sys-auth/pam_pkcs11/files/digest-pam_pkcs11-0.5.3-r2 | 3 | ||||
-rw-r--r-- | sys-auth/pam_pkcs11/files/pam_pkcs11-0.5.3-daemon-init.patch | 83 | ||||
-rw-r--r-- | sys-auth/pam_pkcs11/pam_pkcs11-0.5.3-r2.ebuild | 50 |
4 files changed, 144 insertions, 1 deletions
diff --git a/sys-auth/pam_pkcs11/ChangeLog b/sys-auth/pam_pkcs11/ChangeLog index a34fea12bec7..63560b996659 100644 --- a/sys-auth/pam_pkcs11/ChangeLog +++ b/sys-auth/pam_pkcs11/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for sys-auth/pam_pkcs11 # Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-auth/pam_pkcs11/ChangeLog,v 1.3 2006/09/06 05:23:39 dberkholz Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-auth/pam_pkcs11/ChangeLog,v 1.4 2006/09/19 21:19:49 dragonheart Exp $ + +*pam_pkcs11-0.5.3-r2 (19 Sep 2006) + + 19 Sep 2006; Daniel Black <dragonheart@gentoo.org> + +files/pam_pkcs11-0.5.3-daemon-init.patch, +pam_pkcs11-0.5.3-r2.ebuild: + fixes numberous PKCS#11 stand violations as per bug #122357. Thanks Alon + Bar-Lev for the patches. *pam_pkcs11-0.5.3-r1 (06 Sep 2006) diff --git a/sys-auth/pam_pkcs11/files/digest-pam_pkcs11-0.5.3-r2 b/sys-auth/pam_pkcs11/files/digest-pam_pkcs11-0.5.3-r2 new file mode 100644 index 000000000000..ebb86f13b7a4 --- /dev/null +++ b/sys-auth/pam_pkcs11/files/digest-pam_pkcs11-0.5.3-r2 @@ -0,0 +1,3 @@ +MD5 607e3ba84b8938eff20c51c597e522c0 pam_pkcs11-0.5.3.tar.gz 576432 +RMD160 b755b1d5d8c666a44944119df74515a206efc1cd pam_pkcs11-0.5.3.tar.gz 576432 +SHA256 f38a92ad5822b5da1bef7c74bfbce1ab1b9a59b01c207b3c3e92402f6be985a4 pam_pkcs11-0.5.3.tar.gz 576432 diff --git a/sys-auth/pam_pkcs11/files/pam_pkcs11-0.5.3-daemon-init.patch b/sys-auth/pam_pkcs11/files/pam_pkcs11-0.5.3-daemon-init.patch new file mode 100644 index 000000000000..8f4ed0547a4c --- /dev/null +++ b/sys-auth/pam_pkcs11/files/pam_pkcs11-0.5.3-daemon-init.patch @@ -0,0 +1,83 @@ +diff -urNp pam_pkcs11-0.5.3/src/common/pkcs11.c pam_pkcs11-0.5.3.new/src/common/pkcs11.c +--- pam_pkcs11-0.5.3/src/common/pkcs11.c 2005-09-12 09:12:55.000000000 +0000 ++++ pam_pkcs11-0.5.3.new/src/common/pkcs11.c 2005-10-05 03:07:30.000000000 +0000 +@@ -82,7 +82,9 @@ int init_pkcs11_module(pkcs11_handle_t * + + /* initialise the module */ + rv = h->fl->C_Initialize(NULL); +- if (rv != CKR_OK) { ++ if (rv == CKR_OK) ++ h->should_finalize = 1; ++ else if (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED) { + set_error("C_Initialize() failed: %x", rv); + return -1; + } +@@ -170,7 +172,8 @@ void release_pkcs11_module(pkcs11_handle + { + /* finalise pkcs #11 module */ + if (h->fl != NULL) +- h->fl->C_Finalize(NULL); ++ if (h->should_finalize) ++ h->fl->C_Finalize(NULL); + /* unload the module */ + if (h->module_handle != NULL) + dlclose(h->module_handle); +diff -urNp pam_pkcs11-0.5.3/src/common/pkcs11.h pam_pkcs11-0.5.3.new/src/common/pkcs11.h +--- pam_pkcs11-0.5.3/src/common/pkcs11.h 2005-09-12 09:12:55.000000000 +0000 ++++ pam_pkcs11-0.5.3.new/src/common/pkcs11.h 2005-10-05 03:07:30.000000000 +0000 +@@ -136,6 +136,7 @@ typedef struct { + typedef struct { + void *module_handle; + CK_FUNCTION_LIST_PTR fl; ++ int should_finalize; + slot_t *slots; + CK_ULONG slot_count; + CK_SESSION_HANDLE session; +diff -urNp pam_pkcs11-0.5.3/src/tools/pkcs11_eventmgr.c pam_pkcs11-0.5.3.new/src/tools/pkcs11_eventmgr.c +--- pam_pkcs11-0.5.3/src/tools/pkcs11_eventmgr.c 2005-09-12 09:12:54.000000000 +0000 ++++ pam_pkcs11-0.5.3.new/src/tools/pkcs11_eventmgr.c 2005-10-05 03:11:24.000000000 +0000 +@@ -283,15 +283,6 @@ int main(int argc, char *argv[]) { + return 1; + } + +- /* open pkcs11 sesion */ +- DBG("initialising pkcs #11 module..."); +- rv = ph.fl->C_Initialize(NULL); +- if (rv != 0) { +- release_pkcs11_module(&ph); +- DBG1("C_Initialize() failed: %d", rv); +- return 1; +- } +- + /* put my self into background if flag is set */ + if (daemonize) { + DBG("Going to be daemon..."); +@@ -303,6 +294,17 @@ int main(int argc, char *argv[]) { + } + } + ++ /* open pkcs11 sesion */ ++ DBG("initialising pkcs #11 module..."); ++ rv = ph.fl->C_Initialize(NULL); ++ if (rv != 0) { ++ release_pkcs11_module(&ph); ++ if (ctx) scconf_free(ctx); ++ DBG1("C_Initialize() failed: %d", rv); ++ return 1; ++ } ++ ph.should_finalize = 1; ++ + /* + * Wait endlessly for all events in the list of readers + * We only stop in case of an error +@@ -324,7 +326,9 @@ int main(int argc, char *argv[]) { + new_state = get_a_token(); + if (new_state == CARD_ERROR) { + DBG("Error trying to get a token"); +- break; ++ rv = ph.fl->C_Finalize(NULL); ++ rv = ph.fl->C_Initialize(NULL); ++ continue; + } + if (old_state == new_state ) { /* state unchanged */ + /* on card not present, increase and check expire time */ diff --git a/sys-auth/pam_pkcs11/pam_pkcs11-0.5.3-r2.ebuild b/sys-auth/pam_pkcs11/pam_pkcs11-0.5.3-r2.ebuild new file mode 100644 index 000000000000..8e28889f0251 --- /dev/null +++ b/sys-auth/pam_pkcs11/pam_pkcs11-0.5.3-r2.ebuild @@ -0,0 +1,50 @@ +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-auth/pam_pkcs11/pam_pkcs11-0.5.3-r2.ebuild,v 1.1 2006/09/19 21:19:49 dragonheart Exp $ + +inherit eutils + +DESCRIPTION="PKCS11 Pam library" +HOMEPAGE="http://www.opensc-project.org/pam_pkcs11" +SRC_URI="http://www.opensc-project.org/files/pam_pkcs11/${P}.tar.gz" + +LICENSE="LGPL-2.1" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="curl ldap pcsc-lite" + +DEPEND=">=dev-libs/opensc-0.10 + sys-libs/pam + curl? ( net-misc/curl ) + ldap? ( net-nds/openldap ) + pcsc-lite? ( sys-apps/pcsc-lite ) + dev-libs/openssl" + +src_unpack() { + unpack ${A} + + # Simple setup tool, from Red Hat + # Needed for app-admin/authconfig + epatch "${FILESDIR}"/${P}-setup-tool.patch + epatch "${FILESDIR}"/${P}-daemon-init.patch +} + +src_compile() { + econf \ + $(use_with curl) \ + $(use_with pcsc-lite pcsclite) \ + $(use_with ldap) \ + || die "econf failed" + + emake || die "emake failed" +} + +src_install() { + make DESTDIR="${D}" install || die "install failed" + + dodir /lib/security + dosym ../../usr/lib/security/pam_pkcs11.so /lib/security/ + + dodoc NEWS README + dohtml docs/*.{html,css} +} |