--- a/components/pam_pkcs11/patches/pam_pkcs11.patch Tue Jul 19 14:15:23 2016 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,1607 +0,0 @@
-*** pam_pkcs11-0.6.0_ORIG/configure.in Mon Jun 11 05:17:38 2007
---- pam_pkcs11-0.6.0_NEW/configure.in Tue May 31 17:47:21 2016
-***************
-*** 76,82 ****
- AC_CHECK_LIB( ldap, ldap_init,
- [
- with_ldap=yes
-! LIBS="$LIBS -lldap"
- ],[
- AC_MSG_WARN([Cannot find LDAP libraries. LDAP support disabled])
- with_ldap=no
---- 76,82 ----
- AC_CHECK_LIB( ldap, ldap_init,
- [
- with_ldap=yes
-! LIBS="$LIBS -lldap_r"
- ],[
- AC_MSG_WARN([Cannot find LDAP libraries. LDAP support disabled])
- with_ldap=no
-***************
-*** 237,243 ****
- AC_FUNC_REALLOC
- AC_FUNC_STAT
- AC_FUNC_VPRINTF
-! AC_CHECK_FUNCS([memset strdup strerror])
-
-
- AC_CONFIG_FILES([
---- 237,243 ----
- AC_FUNC_REALLOC
- AC_FUNC_STAT
- AC_FUNC_VPRINTF
-! AC_CHECK_FUNCS([memset strdup strerror daemon])
-
-
- AC_CONFIG_FILES([
-*** pam_pkcs11-0.6.0-ORIG/po/Makefile.in.in Tue May 22 00:54:56 2007
---- pam_pkcs11-WS/po/Makefile.in.in Mon Sep 28 16:06:48 2009
-***************
-*** 46,61 ****
- GMSGFMT_ = @GMSGFMT@
- GMSGFMT_no = @GMSGFMT@
- GMSGFMT_yes = @GMSGFMT_015@
-! GMSGFMT = $(GMSGFMT_$(USE_MSGCTXT))
- MSGFMT_ = @MSGFMT@
- MSGFMT_no = @MSGFMT@
- MSGFMT_yes = @MSGFMT_015@
- MSGFMT = $(MSGFMT_$(USE_MSGCTXT))
-! XGETTEXT_ = @XGETTEXT@
- XGETTEXT_no = @XGETTEXT@
- XGETTEXT_yes = @XGETTEXT_015@
- XGETTEXT = $(XGETTEXT_$(USE_MSGCTXT))
-! MSGMERGE = msgmerge
- MSGMERGE_UPDATE = @MSGMERGE@ --update
- MSGINIT = msginit
- MSGCONV = msgconv
---- 46,61 ----
- GMSGFMT_ = @GMSGFMT@
- GMSGFMT_no = @GMSGFMT@
- GMSGFMT_yes = @GMSGFMT_015@
-! GMSGFMT = msgfmt
- MSGFMT_ = @MSGFMT@
- MSGFMT_no = @MSGFMT@
- MSGFMT_yes = @MSGFMT_015@
- MSGFMT = $(MSGFMT_$(USE_MSGCTXT))
-! XGETTEXT_ = /bin/xgettext
- XGETTEXT_no = @XGETTEXT@
- XGETTEXT_yes = @XGETTEXT_015@
- XGETTEXT = $(XGETTEXT_$(USE_MSGCTXT))
-! MSGMERGE = /usr/lib/intltool/gettext-tools/msgmerge
- MSGMERGE_UPDATE = @MSGMERGE@ --update
- MSGINIT = msginit
- MSGCONV = msgconv
-***************
-*** 87,94 ****
- .po.gmo:
- @lang=`echo $* | sed -e 's,.*/,,'`; \
- test "$(srcdir)" = . && cdcmd="" || cdcmd="cd $(srcdir) && "; \
-! echo "$${cdcmd}rm -f $${lang}.gmo && $(GMSGFMT) -c --statistics -o $${lang}.gmo $${lang}.po"; \
-! cd $(srcdir) && rm -f $${lang}.gmo && $(GMSGFMT) -c --statistics -o t-$${lang}.gmo $${lang}.po && mv t-$${lang}.gmo $${lang}.gmo
-
- .sin.sed:
- sed -e '/^#/d' $< > t-$@
---- 87,94 ----
- .po.gmo:
- @lang=`echo $* | sed -e 's,.*/,,'`; \
- test "$(srcdir)" = . && cdcmd="" || cdcmd="cd $(srcdir) && "; \
-! echo "$${cdcmd}rm -f $${lang}.gmo && $(GMSGFMT) -o $${lang}.gmo $${lang}.po"; \
-! cd $(srcdir) && rm -f $${lang}.gmo && $(GMSGFMT) -o t-$${lang}.gmo $${lang}.po && mv t-$${lang}.gmo $${lang}.gmo
-
- .sin.sed:
- sed -e '/^#/d' $< > t-$@
-***************
-*** 135,145 ****
- else \
- msgid_bugs_address='$(PACKAGE_BUGREPORT)'; \
- fi; \
-! $(XGETTEXT) --default-domain=$(DOMAIN) --directory=$(top_srcdir) \
-! --add-comments=TRANSLATORS: $(XGETTEXT_OPTIONS) \
-! --files-from=$(srcdir)/POTFILES.in \
-! --copyright-holder='$(COPYRIGHT_HOLDER)' \
-! --msgid-bugs-address="$$msgid_bugs_address"
- test ! -f $(DOMAIN).po || { \
- if test -f $(srcdir)/$(DOMAIN).pot; then \
- sed -f remove-potcdate.sed < $(srcdir)/$(DOMAIN).pot > $(DOMAIN).1po && \
---- 135,142 ----
- else \
- msgid_bugs_address='$(PACKAGE_BUGREPORT)'; \
- fi; \
-! $(XGETTEXT) -ns -c TRANSLATORS: -m "" -d $(DOMAIN) \
-! ../src/pam_pkcs11/pam_pkcs11.c
- test ! -f $(DOMAIN).po || { \
- if test -f $(srcdir)/$(DOMAIN).pot; then \
- sed -f remove-potcdate.sed < $(srcdir)/$(DOMAIN).pot > $(DOMAIN).1po && \
-*** pam_pkcs11-0.6.0-ORIG/src/common/pkcs11_lib.h Mon May 21 02:46:19 2007
---- pam_pkcs11-WS/src/common/pkcs11_lib.h Mon Sep 28 16:06:48 2009
-***************
-*** 36,46 ****
- PKCS11_EXTERN int find_slot_by_number_and_label(pkcs11_handle_t *h,
- int slot_num, const char *slot_label,
- unsigned int *slot);
-! PKCS11_EXTERN const char *get_slot_label(pkcs11_handle_t *h);
- PKCS11_EXTERN int wait_for_token(pkcs11_handle_t *h,
- int wanted_slot_num,
- const char *wanted_slot_label,
- unsigned int *slot);
- PKCS11_EXTERN const X509 *get_X509_certificate(cert_object_t *cert);
- PKCS11_EXTERN void release_pkcs11_module(pkcs11_handle_t *h);
- PKCS11_EXTERN int open_pkcs11_session(pkcs11_handle_t *h, unsigned int slot);
---- 36,57 ----
- PKCS11_EXTERN int find_slot_by_number_and_label(pkcs11_handle_t *h,
- int slot_num, const char *slot_label,
- unsigned int *slot);
-! PKCS11_EXTERN const char *get_slot_tokenlabel(pkcs11_handle_t *h);
- PKCS11_EXTERN int wait_for_token(pkcs11_handle_t *h,
- int wanted_slot_num,
-+ const char *wanted_token_label,
-+ unsigned int *slot);
-+ PKCS11_EXTERN int find_slot_by_slotlabel(pkcs11_handle_t *h,
- const char *wanted_slot_label,
- unsigned int *slot);
-+ PKCS11_EXTERN int find_slot_by_slotlabel_and_tokenlabel(pkcs11_handle_t *h,
-+ const char *wanted_slot_label,
-+ const char *wanted_token_label,
-+ unsigned int *slot);
-+ PKCS11_EXTERN int wait_for_token_by_slotlabel(pkcs11_handle_t *h,
-+ const char *wanted_slot_label,
-+ const char *wanted_token_label,
-+ unsigned int *slot);
- PKCS11_EXTERN const X509 *get_X509_certificate(cert_object_t *cert);
- PKCS11_EXTERN void release_pkcs11_module(pkcs11_handle_t *h);
- PKCS11_EXTERN int open_pkcs11_session(pkcs11_handle_t *h, unsigned int slot);
-*** pam_pkcs11-0.6.0-ORIG/src/common/pkcs11_lib.c Wed Jun 6 02:33:10 2007
---- pam_pkcs11-WS/src/common/pkcs11_lib.c Mon Sep 28 16:06:48 2009
-***************
-*** 67,77 ****
---- 67,138 ----
- return 0;
- }
-
-+ /*
-+ * memcmp_pad_max() is a specialized version of memcmp() which compares two
-+ * pieces of data up to a maximum length. If the two data match up the
-+ * maximum length, they are considered matching. Trailing blanks do not cause
-+ * the match to fail if one of the data is shorted.
-+ *
-+ * Examples of matches:
-+ * "one" |
-+ * "one " |
-+ * ^maximum length
-+ *
-+ * "Number One | X" (X is beyond maximum length)
-+ * "Number One " |
-+ * ^maximum length
-+ *
-+ * Examples of mismatches:
-+ * " one"
-+ * "one"
-+ *
-+ * "Number One X|"
-+ * "Number One |"
-+ * ^maximum length
-+ */
-+ static int
-+ memcmp_pad_max(void *d1, size_t d1_len, void *d2, size_t d2_len,
-+ size_t max_sz)
-+ {
-+ size_t len, extra_len;
-+ char *marker;
-+
-+ /* No point in comparing anything beyond max_sz */
-+ if (d1_len > max_sz)
-+ d1_len = max_sz;
-+ if (d2_len > max_sz)
-+ d2_len = max_sz;
-+
-+ /* Find shorter of the two data. */
-+ if (d1_len <= d2_len) {
-+ len = d1_len;
-+ extra_len = d2_len;
-+ marker = d2;
-+ } else { /* d1_len > d2_len */
-+ len = d2_len;
-+ extra_len = d1_len;
-+ marker = d1;
-+ }
-+
-+ /* Have a match in the shortest length of data? */
-+ if (memcmp(d1, d2, len) != 0)
-+ /* CONSTCOND */
-+ return (1);
-+
-+ /* If the rest of longer data is nulls or blanks, call it a match. */
-+ while (len < extra_len && marker[len])
-+ if (!isspace(marker[len++]))
-+ /* CONSTCOND */
-+ return (1);
-+ return (0);
-+ }
-+
- #ifdef HAVE_NSS
- /*
- * Using NSS to find the manage the PKCS #11 modules
- */
- #include "nss.h"
-+ #include "nspr.h"
- #include "cert.h"
- #include "secmod.h"
- #include "pk11pub.h"
-***************
-*** 287,294 ****
- /* we're configured for a specific module and token, see if it's present */
- slot_num--;
- if (slot_num >= 0 && slot_num < module->slotCount && module->slots &&
-! module->slots[i] && PK11_IsPresent(module->slots[i])) {
-! h->slot = PK11_ReferenceSlot(module->slots[i]);
- *slotID = PK11_GetSlotID(h->slot);
- return 0;
- }
---- 348,355 ----
- /* we're configured for a specific module and token, see if it's present */
- slot_num--;
- if (slot_num >= 0 && slot_num < module->slotCount && module->slots &&
-! module->slots[slot_num] && PK11_IsPresent(module->slots[slot_num])) {
-! h->slot = PK11_ReferenceSlot(module->slots[slot_num]);
- *slotID = PK11_GetSlotID(h->slot);
- return 0;
- }
-***************
-*** 301,327 ****
- */
- int find_slot_by_number_and_label(pkcs11_handle_t *h,
- int wanted_slot_id,
-! const char *wanted_slot_label,
- unsigned int *slot_num)
- {
- int rv;
-! const char *slot_label = NULL;
- PK11SlotInfo *slot = NULL;
-
- /* we want a specific slot id, or we don't kare about the label */
-! if ((wanted_slot_label == NULL) || (wanted_slot_id != 0)) {
- rv = find_slot_by_number(h, wanted_slot_id, slot_num);
-
- /* if we don't care about the label, or we failed, we're done */
-! if ((wanted_slot_label == NULL) || (rv != 0)) {
- return rv;
- }
-
- /* verify it's the label we want */
-! slot_label = PK11_GetTokenName(h->slot);
-
-! if ((slot_label != NULL) &&
-! (strcmp (wanted_slot_label, slot_label) == 0)) {
- return 0;
- }
- return -1;
---- 362,388 ----
- */
- int find_slot_by_number_and_label(pkcs11_handle_t *h,
- int wanted_slot_id,
-! const char *wanted_token_label,
- unsigned int *slot_num)
- {
- int rv;
-! const char *token_label = NULL;
- PK11SlotInfo *slot = NULL;
-
- /* we want a specific slot id, or we don't kare about the label */
-! if ((wanted_token_label == NULL) || (wanted_slot_id != 0)) {
- rv = find_slot_by_number(h, wanted_slot_id, slot_num);
-
- /* if we don't care about the label, or we failed, we're done */
-! if ((wanted_token_label == NULL) || (rv != 0)) {
- return rv;
- }
-
- /* verify it's the label we want */
-! token_label = PK11_GetTokenName(h->slot);
-
-! if ((token_label != NULL) &&
-! (strcmp (wanted_token_label, token_label) == 0)) {
- return 0;
- }
- return -1;
-***************
-*** 328,334 ****
- }
-
- /* we want a specific slot by label only */
-! slot = PK11_FindSlotByName(wanted_slot_label);
- if (!slot) {
- return -1;
- }
---- 389,395 ----
- }
-
- /* we want a specific slot by label only */
-! slot = PK11_FindSlotByName(wanted_token_label);
- if (!slot) {
- return -1;
- }
-***************
-*** 350,356 ****
-
- int wait_for_token(pkcs11_handle_t *h,
- int wanted_slot_id,
-! const char *wanted_slot_label,
- unsigned int *slot_num)
- {
- int rv;
---- 411,417 ----
-
- int wait_for_token(pkcs11_handle_t *h,
- int wanted_slot_id,
-! const char *wanted_token_label,
- unsigned int *slot_num)
- {
- int rv;
-***************
-*** 358,364 ****
- rv = -1;
- do {
- /* see if the card we're looking for is inserted */
-! rv = find_slot_by_number_and_label (h, wanted_slot_id, wanted_slot_label,
- slot_num);
- if (rv != 0) {
- PK11SlotInfo *slot;
---- 419,425 ----
- rv = -1;
- do {
- /* see if the card we're looking for is inserted */
-! rv = find_slot_by_number_and_label (h, wanted_slot_id, wanted_token_label,
- slot_num);
- if (rv != 0) {
- PK11SlotInfo *slot;
-***************
-*** 385,390 ****
---- 446,592 ----
- return rv;
- }
-
-+ /*
-+ * This function will search the slot list to find a slot based on the slot
-+ * label. If the wanted_slot_label is "none", then we will return the first
-+ * slot with the token presented.
-+ *
-+ * This function return 0 if it found a matching slot; otherwise, it returns
-+ * -1.
-+ */
-+ int
-+ find_slot_by_slotlabel(pkcs11_handle_t *h, const char *wanted_slot_label,
-+ unsigned int *slotID)
-+ {
-+ SECMODModule *module = h->module;
-+ PK11SlotInfo *slot;
-+ int rv;
-+ int i;
-+
-+ if (slotID == NULL || wanted_slot_label == NULL ||
-+ strlen(wanted_slot_label) == 0 || module == NULL)
-+ return (-1);
-+
-+ if (strcmp(wanted_slot_label, "none") == 0) {
-+ rv = find_slot_by_number(h, 0, slotID);
-+ return (rv);
-+ } else {
-+ /* wanted_slot_label is not "none" */
-+ for (i = 0; i < module->slotCount; i++) {
-+ if (module->slots[i] && PK11_IsPresent(module->slots[i])) {
-+ const char *slot_label;
-+
-+ slot = PK11_ReferenceSlot(module->slots[i]);
-+ slot_label = PK11_GetSlotName(slot);
-+ if (memcmp_pad_max((void *)slot_label, strlen(slot_label),
-+ (void *)wanted_slot_label, strlen(wanted_slot_label), 64) == 0) {
-+ h->slot = slot;
-+ *slotID = PK11_GetSlotID(slot);
-+ return 0;
-+ }
-+ }
-+ }
-+ }
-+
-+ return (-1);
-+ }
-+
-+ int
-+ find_slot_by_slotlabel_and_tokenlabel(pkcs11_handle_t *h,
-+ const char *wanted_slot_label, const char *wanted_token_label,
-+ unsigned int *slot_num)
-+ {
-+ SECMODModule *module = h->module;
-+ PK11SlotInfo *slot;
-+ unsigned long i;
-+ int rv;
-+
-+ if (slot_num == NULL || module == NULL)
-+ return (-1);
-+
-+ if (wanted_token_label == NULL){
-+ rv = find_slot_by_slotlabel(h, wanted_slot_label, slot_num);
-+ return (rv);
-+ }
-+
-+ /* wanted_token_label != NULL */
-+ if (strcmp(wanted_slot_label, "none") == 0) {
-+ for (i = 0; i < module->slotCount; i++) {
-+ if (module->slots[i] && PK11_IsPresent(module->slots[i])) {
-+ const char *token_label;
-+ slot = PK11_ReferenceSlot(module->slots[i]);
-+ token_label = PK11_GetTokenName(slot);
-+ if (memcmp_pad_max((void *) token_label, strlen(token_label),
-+ (void *)wanted_token_label, strlen(wanted_token_label), 33) == 0) {
-+ h->slot = slot;
-+ *slot_num = PK11_GetSlotID(slot);
-+ return (0);
-+ }
-+ }
-+ }
-+ return (-1);
-+ } else {
-+ for (i = 0; i < module->slotCount; i++) {
-+ if (module->slots[i] && PK11_IsPresent(module->slots[i])) {
-+ const char *slot_label;
-+ const char *token_label;
-+
-+ slot = PK11_ReferenceSlot(module->slots[i]);
-+ slot_label = PK11_GetSlotName(slot);
-+ token_label = PK11_GetTokenName(slot);
-+ if ((memcmp_pad_max((void *)slot_label, strlen(slot_label),
-+ (void *)wanted_slot_label, strlen(wanted_slot_label), 64) == 0) &&
-+ (memcmp_pad_max((void *)token_label, strlen(token_label),
-+ (void *)wanted_token_label, strlen(wanted_token_label), 33) == 0))
-+ {
-+ h->slot = slot;
-+ *slot_num = PK11_GetSlotID(slot);
-+ return (0);
-+ }
-+ }
-+ }
-+ return (-1);
-+ }
-+ }
-+
-+ int wait_for_token_by_slotlabel(pkcs11_handle_t *h,
-+ const char *wanted_slot_label,
-+ const char *wanted_token_label,
-+ unsigned int *slot_num)
-+ {
-+ int rv;
-+
-+ rv = -1;
-+ do {
-+ /* see if the card we're looking for is inserted */
-+ rv = find_slot_by_slotlabel_and_tokenlabel (h, wanted_slot_label,
-+ wanted_token_label, slot_num);
-+
-+ if (rv != 0) {
-+ PK11SlotInfo *slot;
-+ PRIntervalTime slot_poll_interval; /* only for legacy hardware */
-+
-+ /* if the card is not inserted, then block until something happens */
-+ slot_poll_interval = PR_MillisecondsToInterval(PAM_PKCS11_POLL_TIME);
-+ slot = SECMOD_WaitForAnyTokenEvent(h->module, 0 /* flags */,
-+ slot_poll_interval);
-+
-+ /* unexpected error */
-+ if (slot == NULL) {
-+ break;
-+ }
-+
-+ /* something happened, continue loop and check if the card
-+ * we're looking for is inserted
-+ */
-+ PK11_FreeSlot(slot);
-+ continue;
-+ }
-+ } while (rv != 0);
-+
-+ return rv;
-+ }
-+
- void release_pkcs11_module(pkcs11_handle_t *h)
- {
- SECStatus rv;
-***************
-*** 470,476 ****
- return 0;
- }
-
-! const char *get_slot_label(pkcs11_handle_t *h)
- {
- if (!h->slot) {
- return NULL;
---- 672,678 ----
- return 0;
- }
-
-! const char *get_slot_tokenlabel(pkcs11_handle_t *h)
- {
- if (!h->slot) {
- return NULL;
-***************
-*** 613,619 ****
- return (rv == SECSuccess) ? 0 : -1;
- }
-
-- #include "nspr.h"
-
- struct tuple_str {
- PRErrorCode errNum;
---- 815,820 ----
-***************
-*** 708,714 ****
- typedef struct {
- CK_SLOT_ID id;
- CK_BBOOL token_present;
-! CK_UTF8CHAR label[33];
- } slot_t;
-
- struct pkcs11_handle_str {
---- 909,916 ----
- typedef struct {
- CK_SLOT_ID id;
- CK_BBOOL token_present;
-! CK_UTF8CHAR label[33]; /* token label */
-! CK_UTF8CHAR slotDescription[64];
- } slot_t;
-
- struct pkcs11_handle_str {
-***************
-*** 758,764 ****
- DBG3("module permissions: uid = %d, gid = %d, mode = %o",
- module_stat.st_uid, module_stat.st_gid, module_stat.st_mode & 0777);
- if (module_stat.st_mode & S_IWGRP || module_stat.st_mode & S_IWOTH
-! || module_stat.st_uid != 0 || module_stat.st_gid != 0) {
- set_error("the pkcs #11 module MUST be owned by root and MUST NOT "
- "be writeable by the group or others");
- free(h);
---- 960,966 ----
- DBG3("module permissions: uid = %d, gid = %d, mode = %o",
- module_stat.st_uid, module_stat.st_gid, module_stat.st_mode & 0777);
- if (module_stat.st_mode & S_IWGRP || module_stat.st_mode & S_IWOTH
-! || module_stat.st_uid != 0) {
- set_error("the pkcs #11 module MUST be owned by root and MUST NOT "
- "be writeable by the group or others");
- free(h);
-***************
-*** 807,812 ****
---- 1009,1018 ----
- set_error("C_GetSlotInfo() failed: %x", rv);
- return -1;
- }
-+
-+ (void) memcpy(h->slots[i].slotDescription, sinfo.slotDescription,
-+ sizeof(h->slots[i].slotDescription));
-+
- DBG1("- description: %.64s", sinfo.slotDescription);
- DBG1("- manufacturer: %.32s", sinfo.manufacturerID);
- DBG1("- flags: %04lx", sinfo.flags);
-***************
-*** 945,971 ****
-
- int find_slot_by_number_and_label(pkcs11_handle_t *h,
- int wanted_slot_id,
-! const char *wanted_slot_label,
- unsigned int *slot_num)
- {
- unsigned int slot_index;
- int rv;
-! const char *slot_label = NULL;
-
- /* we want a specific slot id, or we don't care about the label */
-! if ((wanted_slot_label == NULL) || (wanted_slot_id != 0)) {
- rv = find_slot_by_number(h, wanted_slot_id, slot_num);
-
- /* if we don't care about the label, or we failed, we're done */
-! if ((wanted_slot_label == NULL) || (rv != 0)) {
- return rv;
- }
-
- /* verify it's the label we want */
-! slot_label = h->slots[*slot_num].label;
-
-! if ((slot_label != NULL) &&
-! (strcmp (wanted_slot_label, slot_label) == 0)) {
- return 0;
- }
- return -1;
---- 1151,1177 ----
-
- int find_slot_by_number_and_label(pkcs11_handle_t *h,
- int wanted_slot_id,
-! const char *wanted_token_label,
- unsigned int *slot_num)
- {
- unsigned int slot_index;
- int rv;
-! const char *token_label = NULL;
-
- /* we want a specific slot id, or we don't care about the label */
-! if ((wanted_token_label == NULL) || (wanted_slot_id != 0)) {
- rv = find_slot_by_number(h, wanted_slot_id, slot_num);
-
- /* if we don't care about the label, or we failed, we're done */
-! if ((wanted_token_label == NULL) || (rv != 0)) {
- return rv;
- }
-
- /* verify it's the label we want */
-! token_label = h->slots[*slot_num].label;
-
-! if ((token_label != NULL) &&
-! (strcmp (wanted_token_label, token_label) == 0)) {
- return 0;
- }
- return -1;
-***************
-*** 974,982 ****
- /* look up the slot by it's label from the list */
- for (slot_index = 0; slot_index < h->slot_count; slot_index++) {
- if (h->slots[slot_index].token_present) {
-! slot_label = h->slots[slot_index].label;
-! if ((slot_label != NULL) &&
-! (strcmp (wanted_slot_label, slot_label) == 0)) {
- *slot_num = slot_index;
- return 0;
- }
---- 1180,1188 ----
- /* look up the slot by it's label from the list */
- for (slot_index = 0; slot_index < h->slot_count; slot_index++) {
- if (h->slots[slot_index].token_present) {
-! token_label = h->slots[slot_index].label;
-! if ((token_label != NULL) &&
-! (strcmp (wanted_token_label, token_label) == 0)) {
- *slot_num = slot_index;
- return 0;
- }
-***************
-*** 985,993 ****
- return -1;
- }
-
- int wait_for_token(pkcs11_handle_t *h,
- int wanted_slot_id,
-! const char *wanted_slot_label,
- unsigned int *slot_num)
- {
- int rv;
---- 1191,1310 ----
- return -1;
- }
-
-+ /*
-+ * This function will search the slot list to find a slot based on the slot
-+ * label. If the wanted_slot_label is "none", then we will return the first
-+ * slot with the token presented.
-+ *
-+ * This function return 0 if it found a matching slot; otherwise, it returns
-+ * -1.
-+ */
-+ int
-+ find_slot_by_slotlabel(pkcs11_handle_t *h, const char *wanted_slot_label,
-+ unsigned int *slot_num)
-+ {
-+ unsigned long index;
-+ size_t len;
-+
-+ if (slot_num == NULL || wanted_slot_label == NULL ||
-+ strlen(wanted_slot_label) == 0)
-+ return (-1);
-+
-+ if (strcmp(wanted_slot_label, "none") == 0) {
-+ for (index = 0; index < h->slot_count; index++) {
-+ if (h->slots[index].token_present) {
-+ *slot_num = index;
-+ return (0);
-+ }
-+ }
-+ } else {
-+ /* Look up the slot by it's slotDescription */
-+ len = strlen(wanted_slot_label);
-+ for (index = 0; index < h->slot_count; index++) {
-+ if (memcmp_pad_max(h->slots[index].slotDescription, 64,
-+ (void *)wanted_slot_label, len, 64) == 0) {
-+ *slot_num = index;
-+ return (0);
-+ }
-+ }
-+ }
-+
-+ return (-1);
-+ }
-+
-+
-+ int
-+ find_slot_by_slotlabel_and_tokenlabel(pkcs11_handle_t *h,
-+ const char *wanted_slot_label, const char *wanted_token_label,
-+ unsigned int *slot_num)
-+ {
-+ unsigned long i;
-+ int rv;
-+
-+ if (slot_num == NULL)
-+ return (-1);
-+
-+ if (wanted_token_label == NULL) {
-+ rv = find_slot_by_slotlabel(h, wanted_slot_label, slot_num);
-+ return (rv);
-+ }
-+
-+ /* wanted_token_label != NULL */
-+ if (strcmp(wanted_slot_label, "none") == 0) {
-+ for (i= 0; i < h->slot_count; i++) {
-+ if (h->slots[i].token_present &&
-+ strcmp(wanted_token_label, h->slots[i].label) == 0) {
-+ *slot_num = i;
-+ return (0);
-+ }
-+ }
-+ return (-1);
-+ } else {
-+ for (i = 0; i < h->slot_count; i++) {
-+ if (h->slots[i].token_present) {
-+ const char *slot_label = h->slots[i].slotDescription;
-+ const char *token_label = h->slots[i].label;
-+
-+ if ((memcmp_pad_max((void *)slot_label, strlen(slot_label),
-+ (void *)wanted_slot_label, strlen(wanted_slot_label), 64) == 0) &&
-+ (memcmp_pad_max((void *)token_label, strlen(token_label),
-+ (void *)wanted_token_label, strlen(wanted_token_label), 33) == 0))
-+ {
-+ *slot_num = i;
-+ return (0);
-+ }
-+ }
-+ }
-+ return (-1);
-+ }
-+ }
-+
-+ int wait_for_token_by_slotlabel(pkcs11_handle_t *h,
-+ const char *wanted_slot_label,
-+ const char *wanted_token_label,
-+ unsigned int *slot_num)
-+ {
-+ int rv;
-+
-+ rv = -1;
-+ do {
-+ /* see if the card we're looking for is inserted */
-+ rv = find_slot_by_slotlabel_and_tokenlabel (h, wanted_slot_label,
-+ wanted_token_label, slot_num);
-+ if (rv != 0) {
-+ /* could call C_WaitForSlotEvent, for now just poll */
-+ sleep(10);
-+ refresh_slots(h);
-+ continue;
-+ }
-+ } while (rv != 0);
-+
-+ return rv;
-+ }
-+
- int wait_for_token(pkcs11_handle_t *h,
- int wanted_slot_id,
-! const char *wanted_token_label,
- unsigned int *slot_num)
- {
- int rv;
-***************
-*** 995,1001 ****
- rv = -1;
- do {
- /* see if the card we're looking for is inserted */
-! rv = find_slot_by_number_and_label (h, wanted_slot_id, wanted_slot_label,
- slot_num);
- if (rv != 0) {
- /* could call C_WaitForSlotEvent, for now just poll */
---- 1312,1318 ----
- rv = -1;
- do {
- /* see if the card we're looking for is inserted */
-! rv = find_slot_by_number_and_label (h, wanted_slot_id, wanted_token_label,
- slot_num);
- if (rv != 0) {
- /* could call C_WaitForSlotEvent, for now just poll */
-***************
-*** 1306,1312 ****
- return -1;
- }
-
-! const char *get_slot_label(pkcs11_handle_t *h)
- {
- return h->slots[h->current_slot].label;
- }
---- 1623,1629 ----
- return -1;
- }
-
-! const char *get_slot_tokenlabel(pkcs11_handle_t *h)
- {
- return h->slots[h->current_slot].label;
- }
-*** pam_pkcs11-0.6.0-ORIG/src/pam_pkcs11/Makefile.am Mon May 21 02:46:19 2007
---- pam_pkcs11-WS/src/pam_pkcs11/Makefile.am Wed Dec 9 13:47:15 2015
-***************
-*** 2,9 ****
-
- MAINTAINERCLEANFILES = Makefile.in
-
-! AM_CFLAGS = -Wall -fno-strict-aliasing $(CRYPTO_CFLAGS)
-! AM_CPPFLAGS = -Wall -fno-strict-aliasing $(CRYPTO_CFLAGS)
-
- lib_LTLIBRARIES = pam_pkcs11.la
-
---- 2,9 ----
-
- MAINTAINERCLEANFILES = Makefile.in
-
-! AM_CFLAGS = $(CRYPTO_CFLAGS)
-! AM_CPPFLAGS = $(CRYPTO_CFLAGS)
-
- lib_LTLIBRARIES = pam_pkcs11.la
-
-***************
-*** 15,21 ****
-
- install:
- $(mkinstalldirs) $(DESTDIR)/$(libdir)/security
-! $(libLTLIBRARIES_INSTALL) $(top_builddir)/src/pam_pkcs11/.libs/pam_pkcs11.so $(DESTDIR)/$(libdir)/security
-
- format:
- indent *.c *.h
---- 15,21 ----
-
- install:
- $(mkinstalldirs) $(DESTDIR)/$(libdir)/security
-! $(INSTALL) $(top_builddir)/src/pam_pkcs11/.libs/pam_pkcs11.so $(DESTDIR)/$(libdir)/security
-
- format:
- indent *.c *.h*** pam_pkcs11-0.6.0-ORIG/src/pam_pkcs11/pam_config.h Wed Jun 6 02:55:02 2007
---- pam_pkcs11-WS/src/pam_pkcs11/pam_config.h Mon Sep 28 16:06:48 2009
-***************
-*** 13,19 ****
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
-! * $Id: pam_config.h 270 2007-05-21 08:13:00Z ludovic.rousseau $
- */
-
- /*
---- 13,19 ----
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
-! * $Id: pam_config.h 341 2008-10-14 07:36:46Z ludovic.rousseau $
- */
-
- /*
-***************
-*** 38,46 ****
---- 38,48 ----
- char *pkcs11_module;
- char *pkcs11_modulepath;
- char **screen_savers;
-+ char *slot_description;
- int slot_num;
- int support_threads;
- cert_policy policy;
-+ char *token_type;
- char *username; /* provided user name */
- };
-
-*** pam_pkcs11-0.6.0-ORIG/src/pam_pkcs11/pam_pkcs11.c Tue May 22 01:28:33 2007
---- pam_pkcs11-WS/src/pam_pkcs11/pam_pkcs11.c Mon Nov 2 15:39:57 2009
-***************
-*** 12,18 ****
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
-! * $Id: pam_pkcs11.c 281 2007-05-22 08:28:40Z ludovic.rousseau $
- */
-
- /* We have to make this definitions before we include the pam header files! */
---- 12,18 ----
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
-! * $Id: pam_pkcs11.c 341 2008-10-14 07:36:46Z ludovic.rousseau $
- */
-
- /* We have to make this definitions before we include the pam header files! */
-***************
-*** 59,65 ****
- /*
- * comodity function that returns 1 on null, empty o spaced string
- */
-! int is_spaced_str(const char *str) {
- char *pt=(char *)str;
- if(!str) return 1;
- if (!strcmp(str,"")) return 1;
---- 59,65 ----
- /*
- * comodity function that returns 1 on null, empty o spaced string
- */
-! static int is_spaced_str(const char *str) {
- char *pt=(char *)str;
- if(!str) return 1;
- if (!strcmp(str,"")) return 1;
-***************
-*** 91,103 ****
- rv = conv->conv(1, (const struct pam_message **)msgp, &resp, conv->appdata_ptr);
- if (rv != PAM_SUCCESS)
- return rv;
-! if ((resp == NULL) || (resp[0].resp == NULL))
- return !response ? PAM_SUCCESS : PAM_CRED_INSUFFICIENT;
- if (response) {
- *response = strdup(resp[0].resp);
- }
- /* overwrite memory and release it */
- memset(resp[0].resp, 0, strlen(resp[0].resp));
- free(&resp[0]);
- return PAM_SUCCESS;
- }
---- 91,106 ----
- rv = conv->conv(1, (const struct pam_message **)msgp, &resp, conv->appdata_ptr);
- if (rv != PAM_SUCCESS)
- return rv;
-! if ((resp == NULL) || (resp[0].resp == NULL)) {
-! free(&resp[0]);
- return !response ? PAM_SUCCESS : PAM_CRED_INSUFFICIENT;
-+ }
- if (response) {
- *response = strdup(resp[0].resp);
- }
- /* overwrite memory and release it */
- memset(resp[0].resp, 0, strlen(resp[0].resp));
-+ free(resp[0].resp);
- free(&resp[0]);
- return PAM_SUCCESS;
- }
-***************
-*** 206,211 ****
---- 209,220 ----
- return PAM_AUTHINFO_UNAVAIL;
- }
-
-+ /* Either slot_description or slot_num, but not both, needs to be used */
-+ if ((configuration->slot_description != NULL && configuration->slot_num != -1) || (configuration->slot_description == NULL && configuration->slot_num == -1)) {
-+ ERR("Error setting configuration parameters");
-+ return PAM_AUTHINFO_UNAVAIL;
-+ }
-+
- /* fail if we are using a remote server
- * local login: DISPLAY=:0
- * XDMCP login: DISPLAY=host:0 */
-***************
-*** 274,281 ****
- DBG1("explicit username = [%s]", user);
- }
- } else {
-! pam_prompt(pamh, PAM_TEXT_INFO, NULL,
-! _("Please insert your smart card or enter your username."));
- /* get user name */
- rv = pam_get_user(pamh, &user, NULL);
-
---- 283,292 ----
- DBG1("explicit username = [%s]", user);
- }
- } else {
-! sprintf(password_prompt,
-! _("Please insert your %s or enter your username."),
-! _(configuration->token_type));
-! pam_prompt(pamh, PAM_TEXT_INFO, NULL, password_prompt);
- /* get user name */
- rv = pam_get_user(pamh, &user, NULL);
-
-***************
-*** 314,321 ****
- }
-
- /* open pkcs #11 session */
-! rv = find_slot_by_number_and_label(ph, configuration->slot_num,
- login_token_name, &slot_num);
- if (rv != 0) {
- ERR("no suitable token available");
- pam_syslog(pamh, LOG_ERR, "no suitable token available");
---- 325,338 ----
- }
-
- /* open pkcs #11 session */
-! if (configuration->slot_description != NULL) {
-! rv = find_slot_by_slotlabel_and_tokenlabel(ph,
-! configuration->slot_description, login_token_name, &slot_num);
-! } else if (configuration->slot_num != -1) {
-! rv = find_slot_by_number_and_label(ph, configuration->slot_num,
- login_token_name, &slot_num);
-+ }
-+
- if (rv != 0) {
- ERR("no suitable token available");
- pam_syslog(pamh, LOG_ERR, "no suitable token available");
-***************
-*** 337,344 ****
- pam_prompt(pamh, PAM_TEXT_INFO, NULL,
- _("Please insert your smart card."));
- }
-! rv = wait_for_token(ph, configuration->slot_num,
- login_token_name, &slot_num);
- if (rv != 0) {
- release_pkcs11_module(ph);
- return pkcs11_pam_fail;
---- 354,368 ----
- pam_prompt(pamh, PAM_TEXT_INFO, NULL,
- _("Please insert your smart card."));
- }
-!
-! if (configuration->slot_description != NULL) {
-! rv = wait_for_token_by_slotlabel(ph, configuration->slot_description,
-! login_token_name, &slot_num);
-! } else if (configuration->slot_num != -1) {
-! rv = wait_for_token(ph, configuration->slot_num,
- login_token_name, &slot_num);
-+ }
-+
- if (rv != 0) {
- release_pkcs11_module(ph);
- return pkcs11_pam_fail;
-***************
-*** 350,362 ****
- } else {
- /* we haven't prompted for the user yet, get the user and see if
- * the smart card has been inserted in the mean time */
-! pam_prompt(pamh, PAM_TEXT_INFO, NULL,
-! _("Please insert your smart card or enter your username."));
- rv = pam_get_user(pamh, &user, NULL);
-
- /* check one last time for the smart card before bouncing to the next
- * module */
-! rv = find_slot_by_number(ph, configuration->slot_num, &slot_num);
- if (rv != 0) {
- /* user gave us a user id and no smart card go to next module */
- release_pkcs11_module(ph);
---- 374,394 ----
- } else {
- /* we haven't prompted for the user yet, get the user and see if
- * the smart card has been inserted in the mean time */
-! sprintf(password_prompt,
-! _("Please insert your %s or enter your username."),
-! _(configuration->token_type));
-! pam_prompt(pamh, PAM_TEXT_INFO, NULL, password_prompt);
- rv = pam_get_user(pamh, &user, NULL);
-
- /* check one last time for the smart card before bouncing to the next
- * module */
-! if (configuration->slot_description != NULL) {
-! rv = find_slot_by_slotlabel(ph, configuration->slot_description,
-! &slot_num);
-! } else if (configuration->slot_num != -1) {
-! rv = find_slot_by_number(ph, configuration->slot_num, &slot_num);
-! }
-!
- if (rv != 0) {
- /* user gave us a user id and no smart card go to next module */
- release_pkcs11_module(ph);
-***************
-*** 364,370 ****
- }
- }
- } else {
-! pam_prompt(pamh, PAM_TEXT_INFO, NULL, _("Smart card inserted. "));
- }
- rv = open_pkcs11_session(ph, slot_num);
- if (rv != 0) {
---- 396,404 ----
- }
- }
- } else {
-! sprintf(password_prompt, _("Found the %s."),
-! _(configuration->token_type));
-! pam_prompt(pamh, PAM_TEXT_INFO, NULL, password_prompt);
- }
- rv = open_pkcs11_session(ph, slot_num);
- if (rv != 0) {
-***************
-*** 375,390 ****
- }
-
- /* get password */
-! sprintf(password_prompt, _("Welcome %.32s!"), get_slot_label(ph));
- pam_prompt(pamh, PAM_TEXT_INFO, NULL, password_prompt);
- if (configuration->use_first_pass) {
- rv = pam_get_pwd(pamh, &password, NULL, PAM_AUTHTOK, 0);
- } else if (configuration->try_first_pass) {
-! rv = pam_get_pwd(pamh, &password, _("Smart card password: "), PAM_AUTHTOK,
- PAM_AUTHTOK);
- } else {
-! rv = pam_get_pwd(pamh, &password, _("Smart card password: "), 0,
-! PAM_AUTHTOK);
- }
- if (rv != PAM_SUCCESS) {
- release_pkcs11_module(ph);
---- 409,424 ----
- }
-
- /* get password */
-! sprintf(password_prompt, _("Welcome %.32s!"), get_slot_tokenlabel(ph));
- pam_prompt(pamh, PAM_TEXT_INFO, NULL, password_prompt);
-+ sprintf(password_prompt, _("%s PIN: "), _(configuration->token_type));
- if (configuration->use_first_pass) {
- rv = pam_get_pwd(pamh, &password, NULL, PAM_AUTHTOK, 0);
- } else if (configuration->try_first_pass) {
-! rv = pam_get_pwd(pamh, &password, password_prompt, PAM_AUTHTOK,
- PAM_AUTHTOK);
- } else {
-! rv = pam_get_pwd(pamh, &password, password_prompt, 0, PAM_AUTHTOK);
- }
- if (rv != PAM_SUCCESS) {
- release_pkcs11_module(ph);
-***************
-*** 558,564 ****
- snprintf(env_temp, sizeof(env_temp) - 1,
- "PKCS11_LOGIN_TOKEN_NAME=%.*s",
- (sizeof(env_temp) - 1) - strlen("PKCS11_LOGIN_TOKEN_NAME="),
-! get_slot_label(ph));
- rv = pam_putenv(pamh, env_temp);
-
- if (rv != PAM_SUCCESS) {
---- 592,598 ----
- snprintf(env_temp, sizeof(env_temp) - 1,
- "PKCS11_LOGIN_TOKEN_NAME=%.*s",
- (sizeof(env_temp) - 1) - strlen("PKCS11_LOGIN_TOKEN_NAME="),
-! get_slot_tokenlabel(ph));
- rv = pam_putenv(pamh, env_temp);
-
- if (rv != PAM_SUCCESS) {
-*** pam_pkcs11-0.6.0-ORIG/src/pam_pkcs11/pam_config.c Mon May 21 02:46:19 2007
---- pam_pkcs11-WS/src/pam_pkcs11/pam_config.c Mon Sep 28 16:06:48 2009
-***************
-*** 20,25 ****
---- 20,26 ----
-
- #include <syslog.h>
- #include <string.h>
-+ #include "config.h"
- #include "../scconf/scconf.h"
- #include "../common/debug.h"
- #include "../common/error.h"
-***************
-*** 27,38 ****
---- 28,45 ----
- #include "pam_config.h"
- #include "mapper_mgr.h"
-
-+ #define N_(string) (string)
-+
- /*
- * configuration related functions
- */
-
- struct configuration_st configuration = {
-+ #ifndef ORIGINAL /* SUN_SOLARIS */
-+ "/etc/security/pam_pkcs11/pam_pkcs11.conf",
-+ #else
- "/etc/pam_pkcs11/pam_pkcs11.conf", /* char * config_file; */
-+ #endif
- NULL, /* scconf_context *ctx; */
- 0, /* int debug; */
- 0, /* int nullok; */
-***************
-*** 44,57 ****
- "default", /* const char *pkcs11_module; */
- "/etc/pam_pkcs11/pkcs11_module.so",/* const char *pkcs11_module_path; */
- NULL, /* screen savers */
-! 0, /* int slot_num; */
- 0, /* support threads */
- /* cert policy; */
- { 0,CRLP_NONE,0,"/etc/pam_pkcs11/cacerts","/etc/pam_pkcs11/crls","/etc/pam_pkcs11/nssdb",OCSP_NONE },
- NULL /* char *username */
- };
-
-- #if 0
- static void display_config (void) {
- DBG1("debug %d",configuration.debug);
- DBG1("nullok %d",configuration.nullok);
---- 51,65 ----
- "default", /* const char *pkcs11_module; */
- "/etc/pam_pkcs11/pkcs11_module.so",/* const char *pkcs11_module_path; */
- NULL, /* screen savers */
-! NULL, /* slot_description */
-! -1, /* int slot_num; */
- 0, /* support threads */
- /* cert policy; */
- { 0,CRLP_NONE,0,"/etc/pam_pkcs11/cacerts","/etc/pam_pkcs11/crls","/etc/pam_pkcs11/nssdb",OCSP_NONE },
-+ N_("Smart card"), /* token_type */
- NULL /* char *username */
- };
-
- static void display_config (void) {
- DBG1("debug %d",configuration.debug);
- DBG1("nullok %d",configuration.nullok);
-***************
-*** 71,77 ****
- DBG1("signature_policy %d",configuration.policy.signature_policy);
- DBG1("ocsp_policy %d",configuration.policy.ocsp_policy);
- }
-- #endif
-
- /*
- parse configuration file
---- 79,84 ----
-***************
-*** 136,143 ****
---- 143,164 ----
- scconf_get_str(pkcs11_mblk,"crl_dir",configuration.policy.crl_dir);
- configuration.policy.nss_dir = (char *)
- scconf_get_str(pkcs11_mblk,"nss_dir",configuration.policy.nss_dir);
-+ configuration.slot_description = (char *)
-+ scconf_get_str(pkcs11_mblk,"slot_description",configuration.slot_description);
-+
- configuration.slot_num =
- scconf_get_int(pkcs11_mblk,"slot_num",configuration.slot_num);
-+
-+ if (configuration.slot_description != NULL && configuration.slot_num != -1) {
-+ DBG1("Can not specify both slot_description and slot_num in file %s",configuration.config_file);
-+ return;
-+ }
-+
-+ if (configuration.slot_description == NULL && configuration.slot_num == -1) {
-+ DBG1("Neither slot_description nor slot_num found in file %s",configuration.config_file);
-+ return;
-+ }
-+
- configuration.support_threads =
- scconf_get_bool(pkcs11_mblk,"support_threads",configuration.support_threads);
- policy_list= scconf_find_list(pkcs11_mblk,"cert_policy");
-***************
-*** 165,170 ****
---- 186,194 ----
- }
- policy_list= policy_list->next;
- }
-+
-+ configuration.token_type = (char *)
-+ scconf_get_str(pkcs11_mblk,"token_type",configuration.token_type);
- }
- screen_saver_list = scconf_find_list(root,"screen_savers");
- if (screen_saver_list) {
-***************
-*** 199,205 ****
- int i;
- int res;
- /* try to find a configuration file entry */
-! for (i = 0; i < argc; i++) {
- if (strstr(argv[i],"config_file=") ) {
- configuration.config_file=1+strchr(argv[i],'=');
- break;
---- 223,229 ----
- int i;
- int res;
- /* try to find a configuration file entry */
-! for (i = 1; i < argc; i++) {
- if (strstr(argv[i],"config_file=") ) {
- configuration.config_file=1+strchr(argv[i],'=');
- break;
-***************
-*** 211,217 ****
- /* display_config(); */
- /* finally parse provided arguments */
- /* dont skip argv[0] */
-! for (i = 0; i < argc; i++) {
- if (strcmp("nullok", argv[i]) == 0) {
- configuration.nullok = 1;
- continue;
---- 235,241 ----
- /* display_config(); */
- /* finally parse provided arguments */
- /* dont skip argv[0] */
-! for (i = 1; i < argc; i++) {
- if (strcmp("nullok", argv[i]) == 0) {
- configuration.nullok = 1;
- continue;
-***************
-*** 246,255 ****
- res=sscanf(argv[i],"pkcs11_module=%255s",configuration.pkcs11_module);
- continue;
- }
- if (strstr(argv[i],"slot_num=") ) {
-! res=sscanf(argv[i],"slot_nume=%d",&configuration.slot_num);
- continue;
- }
- if (strstr(argv[i],"ca_dir=") ) {
- res=sscanf(argv[i],"ca_dir=%255s",configuration.policy.ca_dir);
- continue;
---- 270,285 ----
- res=sscanf(argv[i],"pkcs11_module=%255s",configuration.pkcs11_module);
- continue;
- }
-+ if (strstr(argv[i],"slot_description=") ) {
-+ res=sscanf(argv[i],"slot_description=%255s",configuration.slot_description);
-+ continue;
-+ }
-+
- if (strstr(argv[i],"slot_num=") ) {
-! res=sscanf(argv[i],"slot_num=%d",&configuration.slot_num);
- continue;
- }
-+
- if (strstr(argv[i],"ca_dir=") ) {
- res=sscanf(argv[i],"ca_dir=%255s",configuration.policy.ca_dir);
- continue;
-***************
-*** 289,294 ****
---- 319,330 ----
- }
- continue;
- }
-+
-+ if (strstr(argv[i],"token_type=") ) {
-+ res=sscanf(argv[i],"token_type=%255s",configuration.token_type);
-+ continue;
-+ }
-+
- if (strstr(argv[i],"config_file=") ) {
- /* already parsed, skip */
- continue;
-***************
-*** 299,302 ****
- }
- return &configuration;
- }
--
---- 335,337 ----
-*** pam_pkcs11-0.6.0-ORIG/src/mappers/ldap_mapper.c Wed Jun 6 02:48:24 2007
---- pam_pkcs11-WS/src/mappers/ldap_mapper.c Mon Sep 28 16:06:48 2009
-***************
-*** 184,192 ****
- }
-
- # ifdef HAVE_LDAP_INIT
-! *ld = ldap_init (uri, defport);
- # else
-! *ld = ldap_open (uri, defport);
- # endif
- rc = (*ld == NULL) ? LDAP_SERVER_DOWN : LDAP_SUCCESS;
-
---- 184,192 ----
- }
-
- # ifdef HAVE_LDAP_INIT
-! *ld = ldap_init (uri, ldapdefport);
- # else
-! *ld = ldap_open (uri, ldapdefport);
- # endif
- rc = (*ld == NULL) ? LDAP_SERVER_DOWN : LDAP_SUCCESS;
-
-*** pam_pkcs11-0.6.0-ORIG/src/tools/pkcs11_inspect.c Mon May 21 02:46:19 2007
---- pam_pkcs11-WS/src/tools/pkcs11_inspect.c Mon Sep 28 16:06:48 2009
-***************
-*** 53,58 ****
---- 53,63 ----
- return 1;
- }
-
-+ if ((configuration->slot_description != NULL && configuration->slot_num != -1) || (configuration->slot_description == NULL && configuration->slot_num == -1)) {
-+ ERR("Error setting configuration parameters");
-+ return 1;
-+ }
-+
- /* init openssl */
- rv = crypto_init(&configuration->policy);
- if (rv != 0) {
-***************
-*** 79,85 ****
- }
-
- /* open pkcs #11 session */
-! rv = find_slot_by_number(ph, configuration->slot_num, &slot_num);
- if (rv != 0) {
- release_pkcs11_module(ph);
- DBG("no token available");
---- 84,95 ----
- }
-
- /* open pkcs #11 session */
-! if (configuration->slot_description != NULL) {
-! rv = find_slot_by_slotlabel(ph, configuration->slot_description, &slot_num);
-! } else {
-! rv = find_slot_by_number(ph, configuration->slot_num, &slot_num);
-! }
-!
- if (rv != 0) {
- release_pkcs11_module(ph);
- DBG("no token available");
-*** pam_pkcs11-0.6.0-ORIG/src/tools/pklogin_finder.c Wed Jun 6 03:00:36 2007
---- pam_pkcs11-WS/src/tools/pklogin_finder.c Mon Sep 28 16:06:48 2009
-***************
-*** 55,60 ****
---- 55,65 ----
- return 1;
- }
-
-+ if ((configuration->slot_description != NULL && configuration->slot_num != -1) || (configuration->slot_description == NULL && configuration->slot_num == -1)) {
-+ ERR("Error setting configuration parameters");
-+ return 1;
-+ }
-+
- /* init openssl */
- rv = crypto_init(&configuration->policy);
- if (rv != 0) {
-***************
-*** 80,86 ****
- }
-
- /* open pkcs #11 session */
-! rv = find_slot_by_number(ph,configuration->slot_num, &slot_num);
- if (rv != 0) {
- release_pkcs11_module(ph);
- DBG("no token available");
---- 85,95 ----
- }
-
- /* open pkcs #11 session */
-! if (configuration->slot_description != NULL) {
-! rv = find_slot_by_slotlabel(ph,configuration->slot_description, &slot_num);
-! } else {
-! rv = find_slot_by_number(ph,configuration->slot_num, &slot_num);
-! }
- if (rv != 0) {
- release_pkcs11_module(ph);
- DBG("no token available");
-*** pam_pkcs11-0.6.0-ORIG/src/tools/pkcs11_eventmgr.c Wed Jun 6 04:14:27 2007
---- pam_pkcs11-WS/src/tools/pkcs11_eventmgr.c Mon Sep 28 16:06:48 2009
-***************
-*** 430,435 ****
---- 430,436 ----
- }
- }
-
-+ #ifdef HAVE_DAEMON
- if (daemonize) {
- DBG("Going to be daemon...");
- if ( daemon(0,debug)<0 ) {
-***************
-*** 440,445 ****
---- 441,447 ----
- return 1;
- }
- }
-+ #endif
-
- /*
- * Wait endlessly for all events in the list of readers
-***************
-*** 512,517 ****
---- 514,520 ----
- }
-
- /* put my self into background if flag is set */
-+ #ifdef HAVE_DAEMON
- if (daemonize) {
- DBG("Going to be daemon...");
- if ( daemon(0,debug)<0 ) {
-***************
-*** 521,526 ****
---- 524,530 ----
- return 1;
- }
- }
-+ #endif
-
- /* open pkcs11 sesion */
- DBG("initialising pkcs #11 module...");
-*** pam_pkcs11-0.6.0-ORIG/src/tools/pkcs11_listcerts.c Mon May 21 02:46:19 2007
---- pam_pkcs11-WS/src/tools/pkcs11_listcerts.c Mon Sep 28 16:06:48 2009
-***************
-*** 53,58 ****
---- 53,63 ----
- return 1;
- }
-
-+ if ((configuration->slot_description != NULL && configuration->slot_num != -1) || (configuration->slot_description == NULL && configuration->slot_num == -1)) {
-+ ERR("Error setting configuration parameters");
-+ return 1;
-+ }
-+
- /* init openssl */
- rv = crypto_init(&configuration->policy);
- if (rv != 0) {
-***************
-*** 78,84 ****
- }
-
- /* open pkcs #11 session */
-! rv = find_slot_by_number(ph, configuration->slot_num, &slot_num);
- if (rv != 0) {
- release_pkcs11_module(ph);
- DBG("no token available");
---- 83,94 ----
- }
-
- /* open pkcs #11 session */
-! if (configuration->slot_description != NULL) {
-! rv = find_slot_by_slotlabel(ph,configuration->slot_description, &slot_num);
-! } else {
-! rv = find_slot_by_number(ph,configuration->slot_num, &slot_num);
-! }
-!
- if (rv != 0) {
- release_pkcs11_module(ph);
- DBG("no token available");
-*** pam_pkcs11-0.6.0-ORIG/src/tools/pkcs11_setup.c Wed Jun 6 04:20:09 2007
---- pam_pkcs11-WS/src/tools/pkcs11_setup.c Mon Sep 28 16:06:48 2009
-***************
-*** 60,65 ****
---- 60,92 ----
- return value;
- }
-
-+ #ifndef ORIGINAL /* SUN_SOLARIS */
-+ /* Written by Niels M\ufffd\ufffdller <[email protected]>
-+ * modified by Ludovic Rousseau <[email protected]>
-+ *
-+ * This file is hereby placed in the public domain.
-+ */
-+ static char * strndup (const char *s, size_t size)
-+ {
-+ char *r;
-+ char *end = memchr(s, 0, size);
-+
-+ if (NULL == end)
-+ return NULL;
-+
-+ /* Length */
-+ size = end - s;
-+
-+ r = malloc(size+1);
-+ if (r)
-+ {
-+ memcpy(r, s, size);
-+ r[size] = '\0';
-+ }
-+ return r;
-+ }
-+ #endif
-+
- static int scconf_replace_str_list(scconf_block * block, const char *option, const char *value)
- {
- scconf_list *list = NULL;
-*** pam_pkcs11-0.6.0-ORIG/tools/make_hash_link.sh Mon May 21 02:46:19 2007
---- pam_pkcs11-WS/tools/make_hash_link.sh Mon Sep 28 16:06:48 2009
-***************
-*** 54,60 ****
- hash=`$OPENSSL x509 -inform pem -in $file -noout -hash 2> /dev/null`
- if [ ! -z $hash ]; then
- is_ca=`$OPENSSL x509 -inform pem -in $file -noout -text | grep 'CA:TRUE'`
-! if [ ! -z $is_ca ]; then
- hash=$hash.
- mk_link
- fi
---- 54,60 ----
- hash=`$OPENSSL x509 -inform pem -in $file -noout -hash 2> /dev/null`
- if [ ! -z $hash ]; then
- is_ca=`$OPENSSL x509 -inform pem -in $file -noout -text | grep 'CA:TRUE'`
-! if [ ! -z "$is_ca" ]; then
- hash=$hash.
- mk_link
- fi
-***************
-*** 63,69 ****
- hash=`$OPENSSL x509 -inform der -in $file -noout -hash 2> /dev/null`
- if [ ! -z $hash ]; then
- is_ca=`$OPENSSL x509 -inform der -in $file -noout -text | grep 'CA:TRUE'`
-! if [ ! -z $is_ca ]; then
- hash=$hash.
- mk_link
- fi
---- 63,69 ----
- hash=`$OPENSSL x509 -inform der -in $file -noout -hash 2> /dev/null`
- if [ ! -z $hash ]; then
- is_ca=`$OPENSSL x509 -inform der -in $file -noout -text | grep 'CA:TRUE'`
-! if [ ! -z "$is_ca" ]; then
- hash=$hash.
- mk_link
- fi