rpms/pam_pkcs11/devel pam_pkcs11-0.5.3-ocsp.patch, NONE, 1.1 pam_pkcs11-0.5.3-putenv-login-token.patch, NONE, 1.1 pam_pkcs11.spec, 1.5, 1.6
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Sat Jul 22 02:41:42 UTC 2006
- Previous message (by thread): rpms/perl/devel perl-5.8.8-bz199736.patch, NONE, 1.1 perl.spec, 1.97, 1.98
- Next message (by thread): rpms/setroubleshoot/devel .cvsignore, 1.7, 1.8 setroubleshoot.spec, 1.10, 1.11 sources, 1.9, 1.10
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: rrelyea
Update of /cvs/dist/rpms/pam_pkcs11/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv16582/devel
Modified Files:
pam_pkcs11.spec
Added Files:
pam_pkcs11-0.5.3-ocsp.patch
pam_pkcs11-0.5.3-putenv-login-token.patch
Log Message:
auto-import pam_pkcs11-0.5.3-6 on branch devel from pam_pkcs11-0.5.3-6.src.rpm
pam_pkcs11-0.5.3-ocsp.patch:
pkcs11.c | 23 ++++++++++++++++++++---
1 files changed, 20 insertions(+), 3 deletions(-)
--- NEW FILE pam_pkcs11-0.5.3-ocsp.patch ---
--- ./src/common/pkcs11.c.ocsp 2006-07-20 15:22:43.623000000 -0700
+++ ./src/common/pkcs11.c 2006-07-20 17:24:39.570716000 -0700
@@ -20,7 +20,7 @@
#ifdef HAVE_NSS
-#define NSS_3_9 1
+/*#define NSS_3_9 1 */
#include "nss.h"
#include "cert.h"
@@ -80,6 +80,7 @@
}
/* register a callback */
PK11_SetPasswordFunc(password_passthrough);
+ CERT_EnableOCSPChecking(CERT_GetDefaultCertDB());
DBG("... NSS Complete");
return 0;
}
@@ -178,6 +179,20 @@
return 0; /* NSS initialized the module on load */
}
+int isInitialized(SECMODModule *mod, PK11SlotInfo *slot)
+{
+ CK_TOKEN_INFO tokenInfo;
+
+ /* don't fail old tokens, let them be.. */
+ if ((mod->cryptokiVersion.major == 2) && (mod->cryptokiVersion.minor < 10)) {
+ return 1;
+ }
+
+ PK11_GetTokenInfo(slot, &tokenInfo);
+
+ return (tokenInfo.flags & CKF_TOKEN_INITIALIZED);
+}
+
int find_slot_by_number(pkcs11_handle_t *h, int slot_num)
{
SECMODModule *module = h->module;
@@ -187,14 +202,16 @@
/* threaded applications should also acquire the
* DefaultModuleListLock */
for (i=0; i < module->slotCount; i++) {
- if (module->slots[i] && PK11_IsPresent(module->slots[i])) {
+ if (module->slots[i] && PK11_IsPresent(module->slots[i])
+ && isInitialized(module, module->slots[i])) {
return i;
}
}
}
slot_num--;
if (slot_num >= 0 && slot_num < module->slotCount && module->slots &&
- module->slots[i] && PK11_IsPresent(module->slots[i])) {
+ module->slots[i] && PK11_IsPresent(module->slots[i])
+ && isInitialized(module, module->slots[i])) {
return slot_num;
}
return -1;
pam_pkcs11-0.5.3-putenv-login-token.patch:
pam_pkcs11.c | 14 ++++++++++++++
1 files changed, 14 insertions(+)
--- NEW FILE pam_pkcs11-0.5.3-putenv-login-token.patch ---
--- src/pam_pkcs11/pam_pkcs11.c.putenv-login-token 2006-07-17 00:05:27.000000000 +0200
+++ src/pam_pkcs11/pam_pkcs11.c 2006-07-17 00:15:40.000000000 +0200
@@ -126,6 +126,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
unsigned char random_value[128];
unsigned char *signature;
unsigned long signature_length;
+ char token_name_env[64] = "";
/* first of all check whether debugging should be enabled */
for (i = 0; i < argc; i++)
@@ -379,6 +382,19 @@ PAM_EXTERN int pam_sm_authenticate(pam_h
return PAM_AUTH_ERR;
}
+ snprintf(token_name_env, sizeof(token_name_env) - 1,
+ "PKCS11_LOGIN_TOKEN_NAME=%.*s",
+ (sizeof(token_name_env) - 1) - strlen("PKCS11_LOGIN_TOKEN_NAME="),
+ get_slot_label(ph));
+ rv = pam_putenv(pamh, token_name_env);
+
+ if (rv != PAM_SUCCESS) {
+ DBG1("could not put token name in environment: %s",
+ pam_strerror(pamh, rv));
+ syslog(LOG_ERR, "could not put token name in environment: %s",
+ pam_strerror(pamh, rv));
+ }
+
/* close pkcs #11 session */
rv = close_pkcs11_session(ph);
if (rv != 0) {
Index: pam_pkcs11.spec
===================================================================
RCS file: /cvs/dist/rpms/pam_pkcs11/devel/pam_pkcs11.spec,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- pam_pkcs11.spec 18 Jul 2006 20:45:11 -0000 1.5
+++ pam_pkcs11.spec 22 Jul 2006 02:41:39 -0000 1.6
@@ -6,7 +6,7 @@
Name: pam_pkcs11
Version: 0.5.3
-Release: 5
+Release: 6
Summary: PKCS #11/NSS PAM login module
Group: System Environment/Base
@@ -19,6 +19,8 @@
Patch1: pam_pkcs11-0.5.3-nss.patch
Patch2: pam_pkcs11-0.5.3-cardonly.patch
Patch3: pam_pkcs11-0.5.3-setup-tool.patch
+Patch4: pam_pkcs11-0.5.3-putenv-login-token.patch
+Patch5: pam_pkcs11-0.5.3-ocsp.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: pam-devel
@@ -51,6 +53,8 @@
%patch1 -p0 -b .nss
%patch2 -p0 -b .card-only
%patch3 -p1 -b .setup
+%patch4 -p0 -b .putenv
+%patch5 -p0 -b .ocsp
%build
@@ -149,6 +153,12 @@
%doc %{_datadir}/%{name}/pkcs11_eventmgr.conf.example
%changelog
+* Thu Jul 20 2006 Robert Relyea <rrelyea at redhat.com> 0.5.3-6
+- Include the login token in the environment
+- Conditionally turn on OCSP
+- Treat uninitialized tokens as not present.
+
+- Use the TEXT_INFO field for smart card prompting
* Tue Jul 18 2006 Tomas Mraz <tmraz at redhat.com> 0.5.3-5
- added a simple pkcs11_setup tool
- Previous message (by thread): rpms/perl/devel perl-5.8.8-bz199736.patch, NONE, 1.1 perl.spec, 1.97, 1.98
- Next message (by thread): rpms/setroubleshoot/devel .cvsignore, 1.7, 1.8 setroubleshoot.spec, 1.10, 1.11 sources, 1.9, 1.10
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list