24766235 Change to build PAM_PKCS11 with the pcsclite=yes option for 32 bit
24897765 err_display_time and quiet options are placed incorrectly in pam_pkcs11.conf
24790022 Fix spelling and grammar errors in pam_pkcs11.c messages
--- a/components/pam_pkcs11/Makefile Sat Nov 26 05:55:27 2016 -0800
+++ b/components/pam_pkcs11/Makefile Sat Nov 26 14:44:47 2016 -0800
@@ -79,10 +79,9 @@
CONFIGURE_OPTIONS += --with-confdir=/etc/security/pam_pkcs11
CONFIGURE_OPTIONS += --docdir=/etc/security/pam_pkcs11
CONFIGURE_OPTIONS += OPENSSL_LIBS="-lssl -lcrypto -lsocket"
-CONFIGURE_OPTIONS.32 += --with-pcsclite=no
-CONFIGURE_OPTIONS.64 += --with-pcsclite=yes
-CONFIGURE_OPTIONS.64 += PCSC_CFLAGS="-I/usr/include/PCSC"
-CONFIGURE_OPTIONS.64 += PCSC_LIBS="-lpcsclite"
+CONFIGURE_OPTIONS += --with-pcsclite=yes
+CONFIGURE_OPTIONS += PCSC_CFLAGS="-I/usr/include/PCSC"
+CONFIGURE_OPTIONS += PCSC_LIBS="-lpcsclite"
# We install only the MozillaLDAP variant. We will cherry-pick binaries built
# against OpenLDAP out of the build directory to avoid re-installing
@@ -92,6 +91,8 @@
INSTALL_32_and_64 = $(INSTALL_32) $(INSTALL_64)
# common targets
+configure: $(CONFIGURE_32_and_64)
+
build: $(BUILD_32_and_64)
install: $(INSTALL_32_and_64)
@@ -104,4 +105,3 @@
REQUIRED_PACKAGES += shell/bash
REQUIRED_PACKAGES += system/library
REQUIRED_PACKAGES += system/linker
-
--- a/components/pam_pkcs11/pam_pkcs11.conf Sat Nov 26 05:55:27 2016 -0800
+++ b/components/pam_pkcs11/pam_pkcs11.conf Sat Nov 26 14:44:47 2016 -0800
@@ -13,6 +13,13 @@
# Filename of the PKCS #11 module. The default value is "default"
use_pkcs11_module = default;
+ # The err_display_time option suspends execution for an interval of time
+ # in seconds after each PAM message is shown.
+ err_display_time = 0;
+
+ # The quiet option can be used to disable error messages.
+ quiet = false;
+
pkcs11_module default {
module = /usr/lib/$ISA/libpkcs11.so;
description = "Solaris PKCS#11 Cryptographic Framework library";
@@ -79,13 +86,6 @@
# The value of the token_type parameter will be used in the user prompt
# messages. The default value is "Smart card".
token_type = "Secure token";
-
- # The err_display_time option suspends execution for an interval of time
- # in seconds after each PAM message is shown.
- err_display_time = 0;
-
- # The quiet option can be used to disable error messages.
- quiet = false;
}
# Which mappers ( Cert to login ) to use?
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/pam_pkcs11/patches/04-message_error_fix.patch Sat Nov 26 14:44:47 2016 -0800
@@ -0,0 +1,59 @@
+#
+# This patch is to fix one spelling error and some message problems in PAM
+# prompt, so that they will comply to the Solaris message style.
+#
+# The authentication spelling error has been already fixed in the latest
+# upstream source, so there is no need to contribute back this spelling error
+# fix. We will remove the spelling error change from this patch, when we
+# upgrade this module to a new release that contains the spelling error fix.
+#
+# Changes from smartcard to "smart card" in pam_prompt messages are for
+# Solaris message style compliance and they are Solaris specific.
+#
+--- pam_pkcs11-0.6.8_ORIG/src/pam_pkcs11/pam_pkcs11.c Tue Oct 4 12:22:18 2016
++++ pam_pkcs11-0.6.8_NEW/src/pam_pkcs11/pam_pkcs11.c Thu Oct 27 15:56:06 2016
+@@ -199,7 +199,7 @@
+ char **issuer, **serial;
+ const char *login_token_name = NULL;
+
+- pam_prompt(pamh, PAM_TEXT_INFO , NULL, _("Smartcard authentification starts"));
++ pam_prompt(pamh, PAM_TEXT_INFO , NULL, _("Smart card authentication starts"));
+
+ /* first of all check whether debugging should be enabled */
+ for (i = 0; i < argc; i++)
+@@ -392,7 +392,7 @@
+ }
+ } else if (user) {
+ if (!configuration->quiet) {
+- pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2308: No smartcard found"));
++ pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2308: No smart card found"));
+ sleep(configuration->err_display_time);
+ }
+
+@@ -419,7 +419,7 @@
+ if (rv != 0) {
+ /* user gave us a user id and no smart card go to next module */
+ if (!configuration->quiet) {
+- pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2310: No smartcard found"));
++ pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2310: No smart card found"));
+ sleep(configuration->err_display_time);
+ }
+
+@@ -495,7 +495,7 @@
+ pam_syslog(pamh, LOG_ERR,
+ "password length is zero but the 'nullok' argument was not defined.");
+ if (!configuration->quiet) {
+- pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2318: Empty smartcard PIN not allowed."));
++ pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2318: Empty smart card PIN not allowed."));
+ sleep(configuration->err_display_time);
+ }
+ return PAM_AUTH_ERR;
+@@ -523,7 +523,7 @@
+ ERR1("open_pkcs11_login() failed: %s", get_error());
+ if (!configuration->quiet) {
+ pam_syslog(pamh, LOG_ERR, "open_pkcs11_login() failed: %s", get_error());
+- pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2320: Wrong smartcard PIN"));
++ pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2320: Wrong smart card PIN"));
+ sleep(configuration->err_display_time);
+ }
+ goto auth_failed_nopw;