fixes numberous PKCS#11 stand violations as per bug #122357. Thanks Alon Bar-Lev for the patches.

Package-Manager: portage-2.1.2_pre1
author: Daniel Black <dragonheart@gentoo.org> 2006-09-19 21:19:49 +0000
committer: Daniel Black <dragonheart@gentoo.org> 2006-09-19 21:19:49 +0000
commit: 30aa9915d6fc38ba2abc35773735779d65f85bc1 (patch)
tree: 189a308d5b23b7c727bae4e592f7654bde301a91 /sys-auth
parent: Version Bump. (diff)
download: historical-30aa9915d6fc38ba2abc35773735779d65f85bc1.tar.gz
historical-30aa9915d6fc38ba2abc35773735779d65f85bc1.tar.bz2
historical-30aa9915d6fc38ba2abc35773735779d65f85bc1.zip
5 files changed, 169 insertions, 5 deletions
diff --git a/sys-auth/pam_pkcs11/ChangeLog b/sys-auth/pam_pkcs11/ChangeLog
index a34fea12bec7..63560b996659 100644
--- a/sys-auth/pam_pkcs11/ChangeLog
+++ b/sys-auth/pam_pkcs11/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for sys-auth/pam_pkcs11
 # Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-auth/pam_pkcs11/ChangeLog,v 1.3 2006/09/06 05:23:39 dberkholz Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/pam_pkcs11/ChangeLog,v 1.4 2006/09/19 21:19:49 dragonheart Exp $
+
+*pam_pkcs11-0.5.3-r2 (19 Sep 2006)
+
+  19 Sep 2006; Daniel Black <dragonheart@gentoo.org>
+  +files/pam_pkcs11-0.5.3-daemon-init.patch, +pam_pkcs11-0.5.3-r2.ebuild:
+  fixes numberous PKCS#11 stand violations as per bug #122357. Thanks Alon
+  Bar-Lev for the patches.
 
 *pam_pkcs11-0.5.3-r1 (06 Sep 2006)
 
diff --git a/sys-auth/pam_pkcs11/Manifest b/sys-auth/pam_pkcs11/Manifest
index 7b01ef3616d7..ce12b41a6dc0 100644
--- a/sys-auth/pam_pkcs11/Manifest
+++ b/sys-auth/pam_pkcs11/Manifest
@@ -1,3 +1,10 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+AUX pam_pkcs11-0.5.3-daemon-init.patch 2918 RMD160 c62c072edf2fad9c4a8a1e8349e1d4072606bb29 SHA1 b4997d37373142f4a8ad761e2f2a81ad2dcd4af2 SHA256 4b219a7d2d9ccf00f1e57d2ff25aaec6212193169c82275696634e4115b72cce
+MD5 506030a8c683b8ff49e0bb12cc139810 files/pam_pkcs11-0.5.3-daemon-init.patch 2918
+RMD160 c62c072edf2fad9c4a8a1e8349e1d4072606bb29 files/pam_pkcs11-0.5.3-daemon-init.patch 2918
+SHA256 4b219a7d2d9ccf00f1e57d2ff25aaec6212193169c82275696634e4115b72cce files/pam_pkcs11-0.5.3-daemon-init.patch 2918
 AUX pam_pkcs11-0.5.3-setup-tool.patch 18150 RMD160 8336813c77b8cfd2356ad06ce85679e4faf2d426 SHA1 abc4a1980580c9f651768c3458613efe9e0d5d4c SHA256 6727222ec09124506923f0fe1ae8dfd4797bd86d3a1d1634cf0d3cb9305e5fcb
 MD5 c55104d841aea80d9fd2b6993da3e8fd files/pam_pkcs11-0.5.3-setup-tool.patch 18150
 RMD160 8336813c77b8cfd2356ad06ce85679e4faf2d426 files/pam_pkcs11-0.5.3-setup-tool.patch 18150
@@ -7,14 +14,18 @@ EBUILD pam_pkcs11-0.5.3-r1.ebuild 1196 RMD160 4ab23a0bb736551b68771c8f09bac14e02
 MD5 a8933947bcb8dbff4d665f55f8b97712 pam_pkcs11-0.5.3-r1.ebuild 1196
 RMD160 4ab23a0bb736551b68771c8f09bac14e02ec6c5e pam_pkcs11-0.5.3-r1.ebuild 1196
 SHA256 18a58ff36b043dfd77190b7b220c9e996a3fe8228a6bcca847880415357dd8d6 pam_pkcs11-0.5.3-r1.ebuild 1196
+EBUILD pam_pkcs11-0.5.3-r2.ebuild 1243 RMD160 8bdada24286563e82c8e894ef29c84e5fc9c5815 SHA1 39f36abdf55b7ecb4748678ab66867678433ed8d SHA256 53f6c3273fbffe5e86faa3f67771a302dc2b6f6db36c0c46c1ca889518835ee8
+MD5 24c6eae3c2af3ef69095cd07520a758a pam_pkcs11-0.5.3-r2.ebuild 1243
+RMD160 8bdada24286563e82c8e894ef29c84e5fc9c5815 pam_pkcs11-0.5.3-r2.ebuild 1243
+SHA256 53f6c3273fbffe5e86faa3f67771a302dc2b6f6db36c0c46c1ca889518835ee8 pam_pkcs11-0.5.3-r2.ebuild 1243
 EBUILD pam_pkcs11-0.5.3.ebuild 1028 RMD160 1c0b1bfb5468caf5d8365725bf0dfe37ea7d1e95 SHA1 a99275d97efda7ea03c6a0609c422682b0a7d7bf SHA256 00e8c00a741ca087e90057e3364ffacf757fd568cdc45e4f3cf6dd41058e4be0
 MD5 b42369c47f5787ed2e035859e20a919e pam_pkcs11-0.5.3.ebuild 1028
 RMD160 1c0b1bfb5468caf5d8365725bf0dfe37ea7d1e95 pam_pkcs11-0.5.3.ebuild 1028
 SHA256 00e8c00a741ca087e90057e3364ffacf757fd568cdc45e4f3cf6dd41058e4be0 pam_pkcs11-0.5.3.ebuild 1028
-MISC ChangeLog 1452 RMD160 b1f72fa8c7b7a6ccf742477b6c4b3937f1605a54 SHA1 47e87a2140a6d6cb56a56bf8bb09cdff908ac4c9 SHA256 481cbf5ed5e22aae7b7d11c22d1aeea3c0e2809ccae132b4b4ed1d70598c80e5
-MD5 93b0bac29360d1cb739675b2bd8bef8f ChangeLog 1452
-RMD160 b1f72fa8c7b7a6ccf742477b6c4b3937f1605a54 ChangeLog 1452
-SHA256 481cbf5ed5e22aae7b7d11c22d1aeea3c0e2809ccae132b4b4ed1d70598c80e5 ChangeLog 1452
+MISC ChangeLog 1720 RMD160 65cb2d630e667dc935f64caf2fbd0d198d4503d4 SHA1 95f4a871d9bb081a2a5e23d7ce9caef91d981474 SHA256 1beb3f01bbd688d509336439a5c4ea341b3df0ceef5f4faa20934b690c6868e6
+MD5 1cb3c83272bc6f9aad1076bb6c27678f ChangeLog 1720
+RMD160 65cb2d630e667dc935f64caf2fbd0d198d4503d4 ChangeLog 1720
+SHA256 1beb3f01bbd688d509336439a5c4ea341b3df0ceef5f4faa20934b690c6868e6 ChangeLog 1720
 MISC metadata.xml 248 RMD160 d300a6a39cab5cfc836dd8154166ea93795e7682 SHA1 651e99b4c63f219da583fdc286e904f57bfa7741 SHA256 cab631a70b543455c36e9f6125586ae2421fb453f6b20a158fcdd7317b57f2aa
 MD5 59af1ba132e999b7d1c7b6d42ed4b1e7 metadata.xml 248
 RMD160 d300a6a39cab5cfc836dd8154166ea93795e7682 metadata.xml 248
@@ -25,3 +36,13 @@ SHA256 4639d6c891b6a1f55fc9f4d5a769f1624594a68c0d85062e782eacbf2fb98e05 files/di
 MD5 a1d272550e9712942c24bb1134c1ec6e files/digest-pam_pkcs11-0.5.3-r1 250
 RMD160 208f742203b5d2bb4cc5f9ead22f061e71d0cfb0 files/digest-pam_pkcs11-0.5.3-r1 250
 SHA256 4639d6c891b6a1f55fc9f4d5a769f1624594a68c0d85062e782eacbf2fb98e05 files/digest-pam_pkcs11-0.5.3-r1 250
+MD5 a1d272550e9712942c24bb1134c1ec6e files/digest-pam_pkcs11-0.5.3-r2 250
+RMD160 208f742203b5d2bb4cc5f9ead22f061e71d0cfb0 files/digest-pam_pkcs11-0.5.3-r2 250
+SHA256 4639d6c891b6a1f55fc9f4d5a769f1624594a68c0d85062e782eacbf2fb98e05 files/digest-pam_pkcs11-0.5.3-r2 250
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.5-ecc0.1.6 (GNU/Linux)
+
+iD8DBQFFEF+VmdTrptrqvGERArNeAJ0WZyBqp9jlvEo7DvVbOX8dPp9Z4wCeJiDc
+VsNBwpaxVpPyGkLnerjurPY=
+=AvoH
+-----END PGP SIGNATURE-----
diff --git a/sys-auth/pam_pkcs11/files/digest-pam_pkcs11-0.5.3-r2 b/sys-auth/pam_pkcs11/files/digest-pam_pkcs11-0.5.3-r2
new file mode 100644
index 000000000000..ebb86f13b7a4
--- /dev/null
+++ b/sys-auth/pam_pkcs11/files/digest-pam_pkcs11-0.5.3-r2
@@ -0,0 +1,3 @@
+MD5 607e3ba84b8938eff20c51c597e522c0 pam_pkcs11-0.5.3.tar.gz 576432
+RMD160 b755b1d5d8c666a44944119df74515a206efc1cd pam_pkcs11-0.5.3.tar.gz 576432
+SHA256 f38a92ad5822b5da1bef7c74bfbce1ab1b9a59b01c207b3c3e92402f6be985a4 pam_pkcs11-0.5.3.tar.gz 576432
diff --git a/sys-auth/pam_pkcs11/files/pam_pkcs11-0.5.3-daemon-init.patch b/sys-auth/pam_pkcs11/files/pam_pkcs11-0.5.3-daemon-init.patch
new file mode 100644
index 000000000000..8f4ed0547a4c
--- /dev/null
+++ b/sys-auth/pam_pkcs11/files/pam_pkcs11-0.5.3-daemon-init.patch
@@ -0,0 +1,83 @@
+diff -urNp pam_pkcs11-0.5.3/src/common/pkcs11.c pam_pkcs11-0.5.3.new/src/common/pkcs11.c
+--- pam_pkcs11-0.5.3/src/common/pkcs11.c	2005-09-12 09:12:55.000000000 +0000
++++ pam_pkcs11-0.5.3.new/src/common/pkcs11.c	2005-10-05 03:07:30.000000000 +0000
+@@ -82,7 +82,9 @@ int init_pkcs11_module(pkcs11_handle_t *
+ 
+   /* initialise the module */
+   rv = h->fl->C_Initialize(NULL);
+-  if (rv != CKR_OK) {
++  if (rv == CKR_OK)
++    h->should_finalize = 1;
++  else if (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED) {
+     set_error("C_Initialize() failed: %x", rv);
+     return -1;
+   }
+@@ -170,7 +172,8 @@ void release_pkcs11_module(pkcs11_handle
+ {
+   /* finalise pkcs #11 module */
+   if (h->fl != NULL)
+-    h->fl->C_Finalize(NULL);
++    if (h->should_finalize)
++	    h->fl->C_Finalize(NULL);
+   /* unload the module */
+   if (h->module_handle != NULL)
+     dlclose(h->module_handle);
+diff -urNp pam_pkcs11-0.5.3/src/common/pkcs11.h pam_pkcs11-0.5.3.new/src/common/pkcs11.h
+--- pam_pkcs11-0.5.3/src/common/pkcs11.h	2005-09-12 09:12:55.000000000 +0000
++++ pam_pkcs11-0.5.3.new/src/common/pkcs11.h	2005-10-05 03:07:30.000000000 +0000
+@@ -136,6 +136,7 @@ typedef struct {
+ typedef struct {
+   void *module_handle;
+   CK_FUNCTION_LIST_PTR fl;
++  int should_finalize;
+   slot_t *slots; 
+   CK_ULONG slot_count;
+   CK_SESSION_HANDLE session;
+diff -urNp pam_pkcs11-0.5.3/src/tools/pkcs11_eventmgr.c pam_pkcs11-0.5.3.new/src/tools/pkcs11_eventmgr.c
+--- pam_pkcs11-0.5.3/src/tools/pkcs11_eventmgr.c	2005-09-12 09:12:54.000000000 +0000
++++ pam_pkcs11-0.5.3.new/src/tools/pkcs11_eventmgr.c	2005-10-05 03:11:24.000000000 +0000
+@@ -283,15 +283,6 @@ int main(int argc, char *argv[]) {
+         return 1;
+     }
+ 
+-    /* open pkcs11 sesion */
+-    DBG("initialising pkcs #11 module...");
+-    rv = ph.fl->C_Initialize(NULL);
+-    if (rv != 0) {
+-        release_pkcs11_module(&ph);
+-        DBG1("C_Initialize() failed: %d", rv);
+-        return 1;
+-    }
+-
+     /* put my self into background if flag is set */
+     if (daemonize) {
+ 	DBG("Going to be daemon...");
+@@ -303,6 +294,17 @@ int main(int argc, char *argv[]) {
+ 	}
+     }
+ 
++    /* open pkcs11 sesion */
++    DBG("initialising pkcs #11 module...");
++    rv = ph.fl->C_Initialize(NULL);
++    if (rv != 0) {
++        release_pkcs11_module(&ph);
++	if (ctx) scconf_free(ctx);
++        DBG1("C_Initialize() failed: %d", rv);
++        return 1;
++    }
++    ph.should_finalize = 1;
++
+     /* 
+      * Wait endlessly for all events in the list of readers
+      * We only stop in case of an error
+@@ -324,7 +326,9 @@ int main(int argc, char *argv[]) {
+ 	   new_state = get_a_token();
+ 	   if (new_state == CARD_ERROR) {
+     		DBG("Error trying to get a token");
+-    		break;
++    		rv = ph.fl->C_Finalize(NULL);
++    		rv = ph.fl->C_Initialize(NULL);
++		continue;
+ 	   }
+ 	   if (old_state == new_state ) { /* state unchanged */
+ 		/* on card not present, increase and check expire time */
diff --git a/sys-auth/pam_pkcs11/pam_pkcs11-0.5.3-r2.ebuild b/sys-auth/pam_pkcs11/pam_pkcs11-0.5.3-r2.ebuild
new file mode 100644
index 000000000000..8e28889f0251
--- /dev/null
+++ b/sys-auth/pam_pkcs11/pam_pkcs11-0.5.3-r2.ebuild
@@ -0,0 +1,50 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/pam_pkcs11/pam_pkcs11-0.5.3-r2.ebuild,v 1.1 2006/09/19 21:19:49 dragonheart Exp $
+
+inherit eutils
+
+DESCRIPTION="PKCS11 Pam library"
+HOMEPAGE="http://www.opensc-project.org/pam_pkcs11"
+SRC_URI="http://www.opensc-project.org/files/pam_pkcs11/${P}.tar.gz"
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="curl ldap pcsc-lite"
+
+DEPEND=">=dev-libs/opensc-0.10
+	sys-libs/pam
+	curl? ( net-misc/curl )
+	ldap? ( net-nds/openldap )
+	pcsc-lite? ( sys-apps/pcsc-lite )
+	dev-libs/openssl"
+
+src_unpack() {
+	unpack ${A}
+
+	# Simple setup tool, from Red Hat
+	# Needed for app-admin/authconfig
+	epatch "${FILESDIR}"/${P}-setup-tool.patch
+	epatch "${FILESDIR}"/${P}-daemon-init.patch
+}
+
+src_compile() {
+		econf \
+			$(use_with curl) \
+			$(use_with pcsc-lite pcsclite) \
+			$(use_with ldap) \
+			|| die "econf failed"
+
+		emake || die "emake failed"
+}
+
+src_install() {
+		make DESTDIR="${D}" install || die "install failed"
+
+		dodir /lib/security
+		dosym ../../usr/lib/security/pam_pkcs11.so /lib/security/
+
+		dodoc NEWS README
+		dohtml docs/*.{html,css}
+}
author	Daniel Black <dragonheart@gentoo.org>	2006-09-19 21:19:49 +0000
committer	Daniel Black <dragonheart@gentoo.org>	2006-09-19 21:19:49 +0000
commit	30aa9915d6fc38ba2abc35773735779d65f85bc1 (patch)
tree	189a308d5b23b7c727bae4e592f7654bde301a91 /sys-auth
parent	Version Bump. (diff)
download	historical-30aa9915d6fc38ba2abc35773735779d65f85bc1.tar.gz historical-30aa9915d6fc38ba2abc35773735779d65f85bc1.tar.bz2 historical-30aa9915d6fc38ba2abc35773735779d65f85bc1.zip