# HG changeset patch # User Ivo Raisr # Date 1480200287 28800 # Node ID cefc5b17cc4b0492e82127b4cd1958db77da1988 # Parent 66df0d7fd2ad10b9ee7f777978ede77b6b692118 24766235 Change to build PAM_PKCS11 with the pcsclite=yes option for 32 bit 24897765 err_display_time and quiet options are placed incorrectly in pam_pkcs11.conf 24790022 Fix spelling and grammar errors in pam_pkcs11.c messages diff -r 66df0d7fd2ad -r cefc5b17cc4b components/pam_pkcs11/Makefile --- a/components/pam_pkcs11/Makefile Sat Nov 26 05:55:27 2016 -0800 +++ b/components/pam_pkcs11/Makefile Sat Nov 26 14:44:47 2016 -0800 @@ -79,10 +79,9 @@ CONFIGURE_OPTIONS += --with-confdir=/etc/security/pam_pkcs11 CONFIGURE_OPTIONS += --docdir=/etc/security/pam_pkcs11 CONFIGURE_OPTIONS += OPENSSL_LIBS="-lssl -lcrypto -lsocket" -CONFIGURE_OPTIONS.32 += --with-pcsclite=no -CONFIGURE_OPTIONS.64 += --with-pcsclite=yes -CONFIGURE_OPTIONS.64 += PCSC_CFLAGS="-I/usr/include/PCSC" -CONFIGURE_OPTIONS.64 += PCSC_LIBS="-lpcsclite" +CONFIGURE_OPTIONS += --with-pcsclite=yes +CONFIGURE_OPTIONS += PCSC_CFLAGS="-I/usr/include/PCSC" +CONFIGURE_OPTIONS += PCSC_LIBS="-lpcsclite" # We install only the MozillaLDAP variant. We will cherry-pick binaries built # against OpenLDAP out of the build directory to avoid re-installing @@ -92,6 +91,8 @@ INSTALL_32_and_64 = $(INSTALL_32) $(INSTALL_64) # common targets +configure: $(CONFIGURE_32_and_64) + build: $(BUILD_32_and_64) install: $(INSTALL_32_and_64) @@ -104,4 +105,3 @@ REQUIRED_PACKAGES += shell/bash REQUIRED_PACKAGES += system/library REQUIRED_PACKAGES += system/linker - diff -r 66df0d7fd2ad -r cefc5b17cc4b components/pam_pkcs11/pam_pkcs11.conf --- a/components/pam_pkcs11/pam_pkcs11.conf Sat Nov 26 05:55:27 2016 -0800 +++ b/components/pam_pkcs11/pam_pkcs11.conf Sat Nov 26 14:44:47 2016 -0800 @@ -13,6 +13,13 @@ # Filename of the PKCS #11 module. The default value is "default" use_pkcs11_module = default; + # The err_display_time option suspends execution for an interval of time + # in seconds after each PAM message is shown. + err_display_time = 0; + + # The quiet option can be used to disable error messages. + quiet = false; + pkcs11_module default { module = /usr/lib/$ISA/libpkcs11.so; description = "Solaris PKCS#11 Cryptographic Framework library"; @@ -79,13 +86,6 @@ # The value of the token_type parameter will be used in the user prompt # messages. The default value is "Smart card". token_type = "Secure token"; - - # The err_display_time option suspends execution for an interval of time - # in seconds after each PAM message is shown. - err_display_time = 0; - - # The quiet option can be used to disable error messages. - quiet = false; } # Which mappers ( Cert to login ) to use? diff -r 66df0d7fd2ad -r cefc5b17cc4b components/pam_pkcs11/patches/04-message_error_fix.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/pam_pkcs11/patches/04-message_error_fix.patch Sat Nov 26 14:44:47 2016 -0800 @@ -0,0 +1,59 @@ +# +# This patch is to fix one spelling error and some message problems in PAM +# prompt, so that they will comply to the Solaris message style. +# +# The authentication spelling error has been already fixed in the latest +# upstream source, so there is no need to contribute back this spelling error +# fix. We will remove the spelling error change from this patch, when we +# upgrade this module to a new release that contains the spelling error fix. +# +# Changes from smartcard to "smart card" in pam_prompt messages are for +# Solaris message style compliance and they are Solaris specific. +# +--- pam_pkcs11-0.6.8_ORIG/src/pam_pkcs11/pam_pkcs11.c Tue Oct 4 12:22:18 2016 ++++ pam_pkcs11-0.6.8_NEW/src/pam_pkcs11/pam_pkcs11.c Thu Oct 27 15:56:06 2016 +@@ -199,7 +199,7 @@ + char **issuer, **serial; + const char *login_token_name = NULL; + +- pam_prompt(pamh, PAM_TEXT_INFO , NULL, _("Smartcard authentification starts")); ++ pam_prompt(pamh, PAM_TEXT_INFO , NULL, _("Smart card authentication starts")); + + /* first of all check whether debugging should be enabled */ + for (i = 0; i < argc; i++) +@@ -392,7 +392,7 @@ + } + } else if (user) { + if (!configuration->quiet) { +- pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2308: No smartcard found")); ++ pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2308: No smart card found")); + sleep(configuration->err_display_time); + } + +@@ -419,7 +419,7 @@ + if (rv != 0) { + /* user gave us a user id and no smart card go to next module */ + if (!configuration->quiet) { +- pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2310: No smartcard found")); ++ pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2310: No smart card found")); + sleep(configuration->err_display_time); + } + +@@ -495,7 +495,7 @@ + pam_syslog(pamh, LOG_ERR, + "password length is zero but the 'nullok' argument was not defined."); + if (!configuration->quiet) { +- pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2318: Empty smartcard PIN not allowed.")); ++ pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2318: Empty smart card PIN not allowed.")); + sleep(configuration->err_display_time); + } + return PAM_AUTH_ERR; +@@ -523,7 +523,7 @@ + ERR1("open_pkcs11_login() failed: %s", get_error()); + if (!configuration->quiet) { + pam_syslog(pamh, LOG_ERR, "open_pkcs11_login() failed: %s", get_error()); +- pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2320: Wrong smartcard PIN")); ++ pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2320: Wrong smart card PIN")); + sleep(configuration->err_display_time); + } + goto auth_failed_nopw;