|
1 # |
|
2 # This patch is to add the ISA (Instruction Set Architecture) support to |
|
3 # module paths in the pam_pkcs11.conf configuration file of the PAM_PKCS11 |
|
4 # component, so that the PAM_PKCS11 module can be used for both 32 and |
|
5 # 64 bit applications at the same time. This patch is for Solaris only. |
|
6 # |
|
7 --- pam_pkcs11-0.6.8_ORIG/src/common/strings.h Sat Oct 23 11:36:36 2010 |
|
8 +++ pam_pkcs11-0.6.8_NEW/src/common/strings.h Thu Sep 1 13:47:52 2016 |
|
9 @@ -125,6 +125,16 @@ |
|
10 */ |
|
11 M_EXTERN char *trim(const char *str); |
|
12 |
|
13 +#ifdef MODULE_ISA_FIX |
|
14 +/** |
|
15 + * Expand PAM_ISA ("/$ISA/") in a path. |
|
16 + * For example, /usr/lib/$ISA/libpkcs11.so will be expanded to |
|
17 + * /usr/lib/64/libpkcs11.so for 64 bit applications and to |
|
18 + * /usr/lib/32/libpkcs11.so for 32 bit applications. |
|
19 + */ |
|
20 +M_EXTERN int expand_isa_path(const char *in, char *out, size_t out_len); |
|
21 +#endif |
|
22 + |
|
23 #undef M_EXTERN |
|
24 |
|
25 #endif |
|
26 --- pam_pkcs11-0.6.8_ORIG/src/common/strings.c Sat Oct 23 11:36:36 2010 |
|
27 +++ pam_pkcs11-0.6.8_NEW/src/common/strings.c Fri Sep 2 10:08:11 2016 |
|
28 @@ -34,6 +34,17 @@ |
|
29 #include <unistd.h> |
|
30 #include "strings.h" |
|
31 |
|
32 +#ifdef MODULE_ISA_FIX |
|
33 +#include <sys/param.h> |
|
34 + |
|
35 +#define PAM_ISA "/$ISA/" |
|
36 +#ifdef _LP64 |
|
37 +#define PAM_ISA_DIR "/64/" |
|
38 +#else /* !_LP64 */ |
|
39 +#define PAM_ISA_DIR "/32/" |
|
40 +#endif /* _LP64 */ |
|
41 +#endif |
|
42 + |
|
43 /* |
|
44 check for null or blank string |
|
45 */ |
|
46 @@ -182,4 +193,33 @@ |
|
47 return res; |
|
48 } |
|
49 |
|
50 + |
|
51 +#ifdef MODULE_ISA_FIX |
|
52 +/* |
|
53 + * Expand PAM_ISA ("/$ISA/") in a module path. |
|
54 + */ |
|
55 +int expand_isa_path(const char *in, char *out, size_t out_len) { |
|
56 + char *isa; |
|
57 + char buf[MAXPATHLEN]; |
|
58 + |
|
59 + if (strlcpy(buf, in, sizeof (buf)) >= sizeof (buf)) { /* too long */ |
|
60 + return 1; |
|
61 + } |
|
62 + |
|
63 + /* Check for Instruction Set Architecture indicator */ |
|
64 + if ((isa = strstr(buf, PAM_ISA)) != NULL) { |
|
65 + *isa = '\000'; |
|
66 + isa += strlen(PAM_ISA); |
|
67 + if (snprintf(out, out_len, "%s%s%s", buf, PAM_ISA_DIR, |
|
68 + isa) >= out_len) { |
|
69 + return 1; |
|
70 + } |
|
71 + } else if (strlcpy(out, in, out_len) >= out_len) { |
|
72 + return 1; |
|
73 + } |
|
74 + |
|
75 + return 0; |
|
76 +} |
|
77 +#endif |
|
78 + |
|
79 #endif /* __STRINGS_C_ */ |
|
80 --- pam_pkcs11-0.6.8_ORIG/src/pam_pkcs11/pam_pkcs11.c Sat Apr 7 09:55:19 2012 |
|
81 +++ pam_pkcs11-0.6.8_NEW/src/pam_pkcs11/pam_pkcs11.c Thu Sep 1 13:54:27 2016 |
|
82 @@ -57,6 +57,10 @@ |
|
83 #endif |
|
84 #define LOGNAME "PAM-PKCS11" /* name for log-file entries */ |
|
85 |
|
86 +#ifdef MODULE_ISA_FIX |
|
87 +#include <sys/param.h> |
|
88 +#endif |
|
89 + |
|
90 /* |
|
91 * comodity function that returns 1 on null, empty o spaced string |
|
92 */ |
|
93 @@ -198,6 +202,9 @@ |
|
94 char env_temp[256] = ""; |
|
95 char **issuer, **serial; |
|
96 const char *login_token_name = NULL; |
|
97 +#ifdef MODULE_ISA_FIX |
|
98 + char real_pkcs11_modulepath[MAXPATHLEN]; |
|
99 +#endif |
|
100 |
|
101 pam_prompt(pamh, PAM_TEXT_INFO , NULL, _("Smartcard authentification starts")); |
|
102 |
|
103 @@ -315,9 +322,28 @@ |
|
104 return PAM_IGNORE; |
|
105 } |
|
106 |
|
107 +#ifdef MODULE_ISA_FIX |
|
108 + /* get the real pkcs11 module path */ |
|
109 + rv = expand_isa_path(configuration->pkcs11_modulepath, |
|
110 + real_pkcs11_modulepath, sizeof (real_pkcs11_modulepath)); |
|
111 + if (rv) { |
|
112 + pam_syslog(pamh, LOG_ERR, |
|
113 + "load_pkcs11_module(): problem with pkcs11 module path"); |
|
114 + return PAM_AUTHINFO_UNAVAIL; |
|
115 + } else { |
|
116 + DBG1("The real PKCS11 module path is %s", real_pkcs11_modulepath); |
|
117 + } |
|
118 +#endif |
|
119 + |
|
120 /* load pkcs #11 module */ |
|
121 DBG("loading pkcs #11 module..."); |
|
122 + |
|
123 +#ifdef MODULE_ISA_FIX |
|
124 + rv = load_pkcs11_module(real_pkcs11_modulepath, &ph); |
|
125 +#else |
|
126 rv = load_pkcs11_module(configuration->pkcs11_modulepath, &ph); |
|
127 +#endif |
|
128 + |
|
129 if (rv != 0) { |
|
130 ERR2("load_pkcs11_module() failed loading %s: %s", |
|
131 configuration->pkcs11_modulepath, get_error()); |
|
132 --- pam_pkcs11-0.6.8_ORIG/src/pam_pkcs11/mapper_mgr.c Sat Jul 9 05:20:48 2011 |
|
133 +++ pam_pkcs11-0.6.8_NEW/src/pam_pkcs11/mapper_mgr.c Thu Sep 1 13:57:17 2016 |
|
134 @@ -38,6 +38,10 @@ |
|
135 #include "../mappers/mapperlist.h" |
|
136 #include "mapper_mgr.h" |
|
137 |
|
138 +#ifdef MODULE_ISA_FIX |
|
139 +#include <sys/param.h> |
|
140 +#endif |
|
141 + |
|
142 struct mapper_listitem *root_mapper_list; |
|
143 |
|
144 /* |
|
145 @@ -54,6 +58,9 @@ |
|
146 int old_level=get_debug_level(); |
|
147 const char *libname = NULL; |
|
148 mapper_module * res = NULL; |
|
149 +#ifdef MODULE_ISA_FIX |
|
150 + char real_libname[MAXPATHLEN]; |
|
151 +#endif |
|
152 |
|
153 /* get module info */ |
|
154 root = scconf_find_block(ctx,NULL,"pam_pkcs11"); |
|
155 @@ -93,7 +100,17 @@ |
|
156 } |
|
157 } else if (blk) { /* assume dynamic module */ |
|
158 DBG1("Loading dynamic module for mapper '%s'",name); |
|
159 +#ifdef MODULE_ISA_FIX |
|
160 + if (expand_isa_path(libname, real_libname, sizeof (real_libname))) { |
|
161 + DBG1("Problem in module path %s", libname); |
|
162 + return NULL; |
|
163 + } else { |
|
164 + DBG1("Module path is %s", real_libname); |
|
165 + } |
|
166 + handler= dlopen(real_libname, RTLD_NOW); |
|
167 +#else |
|
168 handler= dlopen(libname,RTLD_NOW); |
|
169 +#endif |
|
170 if (!handler) { |
|
171 DBG3("dlopen failed for module: %s path: %s Error: %s",name,libname,dlerror()); |
|
172 return NULL; |
|
173 --- pam_pkcs11-0.6.8_ORIG/src/tools/pkcs11_inspect.c Fri Apr 6 13:08:25 2012 |
|
174 +++ pam_pkcs11-0.6.8_NEW/src/tools/pkcs11_inspect.c Thu Sep 1 13:58:46 2016 |
|
175 @@ -32,6 +32,10 @@ |
|
176 #include "../pam_pkcs11/pam_config.h" |
|
177 #include "../pam_pkcs11/mapper_mgr.h" |
|
178 |
|
179 +#ifdef MODULE_ISA_FIX |
|
180 +#include <sys/param.h> |
|
181 +#endif |
|
182 + |
|
183 int main(int argc, const char **argv) { |
|
184 int i, rv; |
|
185 pkcs11_handle_t *ph; |
|
186 @@ -39,6 +43,9 @@ |
|
187 unsigned int slot_num = 0; |
|
188 cert_object_t **certs; |
|
189 int cert_count; |
|
190 +#ifdef MODULE_ISA_FIX |
|
191 + char real_pkcs11_modulepath[MAXPATHLEN]; |
|
192 +#endif |
|
193 |
|
194 /* first of all check whether debugging should be enabled */ |
|
195 for (i = 0; i < argc; i++) |
|
196 @@ -67,7 +74,19 @@ |
|
197 |
|
198 /* load pkcs #11 module */ |
|
199 DBG("loading pkcs #11 module..."); |
|
200 + |
|
201 +#ifdef MODULE_ISA_FIX |
|
202 + rv = expand_isa_path(configuration->pkcs11_modulepath, |
|
203 + real_pkcs11_modulepath, sizeof (real_pkcs11_modulepath)); |
|
204 + if (rv) { |
|
205 + ERR("Error in the PKCS11 module path"); |
|
206 + return 1; |
|
207 + } |
|
208 + rv = load_pkcs11_module(real_pkcs11_modulepath, &ph); |
|
209 +#else |
|
210 rv = load_pkcs11_module(configuration->pkcs11_modulepath, &ph); |
|
211 +#endif |
|
212 + |
|
213 if (rv != 0) { |
|
214 ERR2("load_pkcs11_module(%s) failed: %s", configuration->pkcs11_modulepath, |
|
215 get_error()); |
|
216 --- pam_pkcs11-0.6.8_ORIG/src/tools/pklogin_finder.c Fri Apr 6 13:08:25 2012 |
|
217 +++ pam_pkcs11-0.6.8_NEW/src/tools/pklogin_finder.c Thu Sep 1 13:59:18 2016 |
|
218 @@ -32,6 +32,10 @@ |
|
219 #include "../pam_pkcs11/pam_config.h" |
|
220 #include "../pam_pkcs11/mapper_mgr.h" |
|
221 |
|
222 +#ifdef MODULE_ISA_FIX |
|
223 +#include <sys/param.h> |
|
224 +#endif |
|
225 + |
|
226 int main(int argc, const char **argv) { |
|
227 int i, rv; |
|
228 char *user = NULL; |
|
229 @@ -40,6 +44,9 @@ |
|
230 cert_object_t **certs; |
|
231 int cert_count; |
|
232 unsigned int slot_num = 0; |
|
233 +#ifdef MODULE_ISA_FIX |
|
234 + char real_pkcs11_modulepath[MAXPATHLEN]; |
|
235 +#endif |
|
236 |
|
237 |
|
238 /* first of all check whether debugging should be enabled */ |
|
239 @@ -69,7 +76,19 @@ |
|
240 |
|
241 /* load pkcs #11 module */ |
|
242 DBG("loading pkcs #11 module..."); |
|
243 + |
|
244 +#ifdef MODULE_ISA_FIX |
|
245 + rv = expand_isa_path(configuration->pkcs11_modulepath, |
|
246 + real_pkcs11_modulepath, sizeof (real_pkcs11_modulepath)); |
|
247 + if (rv) { |
|
248 + ERR("Error in the PKCS11 module path"); |
|
249 + return 1; |
|
250 + } |
|
251 + rv = load_pkcs11_module(real_pkcs11_modulepath, &ph); |
|
252 +#else |
|
253 rv = load_pkcs11_module(configuration->pkcs11_modulepath, &ph); |
|
254 +#endif |
|
255 + |
|
256 if (rv != 0) { |
|
257 DBG1("load_pkcs11_module() failed: %s", get_error()); |
|
258 return 1; |