summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Black <dragonheart@gentoo.org>2006-09-19 21:19:49 +0000
committerDaniel Black <dragonheart@gentoo.org>2006-09-19 21:19:49 +0000
commit2ad0416467ea62ee633b5974fd4172341933abf5 (patch)
tree7a4573725155dbe59309c06ba8825fb31c25a751 /sys-auth
parentVersion Bump. (diff)
downloadgentoo-2-2ad0416467ea62ee633b5974fd4172341933abf5.tar.gz
gentoo-2-2ad0416467ea62ee633b5974fd4172341933abf5.tar.bz2
gentoo-2-2ad0416467ea62ee633b5974fd4172341933abf5.zip
fixes numberous PKCS#11 stand violations as per bug #122357. Thanks Alon Bar-Lev for the patches.
(Portage version: 2.1.2_pre1)
Diffstat (limited to 'sys-auth')
-rw-r--r--sys-auth/pam_pkcs11/ChangeLog9
-rw-r--r--sys-auth/pam_pkcs11/files/digest-pam_pkcs11-0.5.3-r23
-rw-r--r--sys-auth/pam_pkcs11/files/pam_pkcs11-0.5.3-daemon-init.patch83
-rw-r--r--sys-auth/pam_pkcs11/pam_pkcs11-0.5.3-r2.ebuild50
4 files changed, 144 insertions, 1 deletions
diff --git a/sys-auth/pam_pkcs11/ChangeLog b/sys-auth/pam_pkcs11/ChangeLog
index a34fea12bec7..63560b996659 100644
--- a/sys-auth/pam_pkcs11/ChangeLog
+++ b/sys-auth/pam_pkcs11/ChangeLog
@@ -1,6 +1,13 @@
# ChangeLog for sys-auth/pam_pkcs11
# Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-auth/pam_pkcs11/ChangeLog,v 1.3 2006/09/06 05:23:39 dberkholz Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/pam_pkcs11/ChangeLog,v 1.4 2006/09/19 21:19:49 dragonheart Exp $
+
+*pam_pkcs11-0.5.3-r2 (19 Sep 2006)
+
+ 19 Sep 2006; Daniel Black <dragonheart@gentoo.org>
+ +files/pam_pkcs11-0.5.3-daemon-init.patch, +pam_pkcs11-0.5.3-r2.ebuild:
+ fixes numberous PKCS#11 stand violations as per bug #122357. Thanks Alon
+ Bar-Lev for the patches.
*pam_pkcs11-0.5.3-r1 (06 Sep 2006)
diff --git a/sys-auth/pam_pkcs11/files/digest-pam_pkcs11-0.5.3-r2 b/sys-auth/pam_pkcs11/files/digest-pam_pkcs11-0.5.3-r2
new file mode 100644
index 000000000000..ebb86f13b7a4
--- /dev/null
+++ b/sys-auth/pam_pkcs11/files/digest-pam_pkcs11-0.5.3-r2
@@ -0,0 +1,3 @@
+MD5 607e3ba84b8938eff20c51c597e522c0 pam_pkcs11-0.5.3.tar.gz 576432
+RMD160 b755b1d5d8c666a44944119df74515a206efc1cd pam_pkcs11-0.5.3.tar.gz 576432
+SHA256 f38a92ad5822b5da1bef7c74bfbce1ab1b9a59b01c207b3c3e92402f6be985a4 pam_pkcs11-0.5.3.tar.gz 576432
diff --git a/sys-auth/pam_pkcs11/files/pam_pkcs11-0.5.3-daemon-init.patch b/sys-auth/pam_pkcs11/files/pam_pkcs11-0.5.3-daemon-init.patch
new file mode 100644
index 000000000000..8f4ed0547a4c
--- /dev/null
+++ b/sys-auth/pam_pkcs11/files/pam_pkcs11-0.5.3-daemon-init.patch
@@ -0,0 +1,83 @@
+diff -urNp pam_pkcs11-0.5.3/src/common/pkcs11.c pam_pkcs11-0.5.3.new/src/common/pkcs11.c
+--- pam_pkcs11-0.5.3/src/common/pkcs11.c 2005-09-12 09:12:55.000000000 +0000
++++ pam_pkcs11-0.5.3.new/src/common/pkcs11.c 2005-10-05 03:07:30.000000000 +0000
+@@ -82,7 +82,9 @@ int init_pkcs11_module(pkcs11_handle_t *
+
+ /* initialise the module */
+ rv = h->fl->C_Initialize(NULL);
+- if (rv != CKR_OK) {
++ if (rv == CKR_OK)
++ h->should_finalize = 1;
++ else if (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED) {
+ set_error("C_Initialize() failed: %x", rv);
+ return -1;
+ }
+@@ -170,7 +172,8 @@ void release_pkcs11_module(pkcs11_handle
+ {
+ /* finalise pkcs #11 module */
+ if (h->fl != NULL)
+- h->fl->C_Finalize(NULL);
++ if (h->should_finalize)
++ h->fl->C_Finalize(NULL);
+ /* unload the module */
+ if (h->module_handle != NULL)
+ dlclose(h->module_handle);
+diff -urNp pam_pkcs11-0.5.3/src/common/pkcs11.h pam_pkcs11-0.5.3.new/src/common/pkcs11.h
+--- pam_pkcs11-0.5.3/src/common/pkcs11.h 2005-09-12 09:12:55.000000000 +0000
++++ pam_pkcs11-0.5.3.new/src/common/pkcs11.h 2005-10-05 03:07:30.000000000 +0000
+@@ -136,6 +136,7 @@ typedef struct {
+ typedef struct {
+ void *module_handle;
+ CK_FUNCTION_LIST_PTR fl;
++ int should_finalize;
+ slot_t *slots;
+ CK_ULONG slot_count;
+ CK_SESSION_HANDLE session;
+diff -urNp pam_pkcs11-0.5.3/src/tools/pkcs11_eventmgr.c pam_pkcs11-0.5.3.new/src/tools/pkcs11_eventmgr.c
+--- pam_pkcs11-0.5.3/src/tools/pkcs11_eventmgr.c 2005-09-12 09:12:54.000000000 +0000
++++ pam_pkcs11-0.5.3.new/src/tools/pkcs11_eventmgr.c 2005-10-05 03:11:24.000000000 +0000
+@@ -283,15 +283,6 @@ int main(int argc, char *argv[]) {
+ return 1;
+ }
+
+- /* open pkcs11 sesion */
+- DBG("initialising pkcs #11 module...");
+- rv = ph.fl->C_Initialize(NULL);
+- if (rv != 0) {
+- release_pkcs11_module(&ph);
+- DBG1("C_Initialize() failed: %d", rv);
+- return 1;
+- }
+-
+ /* put my self into background if flag is set */
+ if (daemonize) {
+ DBG("Going to be daemon...");
+@@ -303,6 +294,17 @@ int main(int argc, char *argv[]) {
+ }
+ }
+
++ /* open pkcs11 sesion */
++ DBG("initialising pkcs #11 module...");
++ rv = ph.fl->C_Initialize(NULL);
++ if (rv != 0) {
++ release_pkcs11_module(&ph);
++ if (ctx) scconf_free(ctx);
++ DBG1("C_Initialize() failed: %d", rv);
++ return 1;
++ }
++ ph.should_finalize = 1;
++
+ /*
+ * Wait endlessly for all events in the list of readers
+ * We only stop in case of an error
+@@ -324,7 +326,9 @@ int main(int argc, char *argv[]) {
+ new_state = get_a_token();
+ if (new_state == CARD_ERROR) {
+ DBG("Error trying to get a token");
+- break;
++ rv = ph.fl->C_Finalize(NULL);
++ rv = ph.fl->C_Initialize(NULL);
++ continue;
+ }
+ if (old_state == new_state ) { /* state unchanged */
+ /* on card not present, increase and check expire time */
diff --git a/sys-auth/pam_pkcs11/pam_pkcs11-0.5.3-r2.ebuild b/sys-auth/pam_pkcs11/pam_pkcs11-0.5.3-r2.ebuild
new file mode 100644
index 000000000000..8e28889f0251
--- /dev/null
+++ b/sys-auth/pam_pkcs11/pam_pkcs11-0.5.3-r2.ebuild
@@ -0,0 +1,50 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/pam_pkcs11/pam_pkcs11-0.5.3-r2.ebuild,v 1.1 2006/09/19 21:19:49 dragonheart Exp $
+
+inherit eutils
+
+DESCRIPTION="PKCS11 Pam library"
+HOMEPAGE="http://www.opensc-project.org/pam_pkcs11"
+SRC_URI="http://www.opensc-project.org/files/pam_pkcs11/${P}.tar.gz"
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="curl ldap pcsc-lite"
+
+DEPEND=">=dev-libs/opensc-0.10
+ sys-libs/pam
+ curl? ( net-misc/curl )
+ ldap? ( net-nds/openldap )
+ pcsc-lite? ( sys-apps/pcsc-lite )
+ dev-libs/openssl"
+
+src_unpack() {
+ unpack ${A}
+
+ # Simple setup tool, from Red Hat
+ # Needed for app-admin/authconfig
+ epatch "${FILESDIR}"/${P}-setup-tool.patch
+ epatch "${FILESDIR}"/${P}-daemon-init.patch
+}
+
+src_compile() {
+ econf \
+ $(use_with curl) \
+ $(use_with pcsc-lite pcsclite) \
+ $(use_with ldap) \
+ || die "econf failed"
+
+ emake || die "emake failed"
+}
+
+src_install() {
+ make DESTDIR="${D}" install || die "install failed"
+
+ dodir /lib/security
+ dosym ../../usr/lib/security/pam_pkcs11.so /lib/security/
+
+ dodoc NEWS README
+ dohtml docs/*.{html,css}
+}