diff options
-rw-r--r-- | sys-auth/poldi/Manifest | 1 | ||||
-rw-r--r-- | sys-auth/poldi/files/01-debian-specific-0.4.1.diff | 288 | ||||
-rw-r--r-- | sys-auth/poldi/files/02-ldflags-0.4.1.diff | 30 | ||||
-rw-r--r-- | sys-auth/poldi/files/03-fix-auth-localdb.diff | 17 | ||||
-rw-r--r-- | sys-auth/poldi/files/poldi.conf.example | 10 | ||||
-rw-r--r-- | sys-auth/poldi/poldi-0.4.1.ebuild | 34 |
6 files changed, 380 insertions, 0 deletions
diff --git a/sys-auth/poldi/Manifest b/sys-auth/poldi/Manifest new file mode 100644 index 0000000..3882027 --- /dev/null +++ b/sys-auth/poldi/Manifest @@ -0,0 +1 @@ +DIST poldi-0.4.1.tar.bz2 351972 SHA256 fe692857c33c5f443eb3bce663fecf553a5600f0c6c0ffacecea02c351c2f749 SHA512 0ef276ee1d480416ebab33d590acecf958e707523afd3cee67c019620515a47c825ed42d8ec6427468aa9218f6db9c670f67ea521a8c3fb32d100593814bf51c WHIRLPOOL a3e5639366a1a8b2cc1514d23d64bce3ceabbb9fa13718d37d92842825a0c44a5f1dcafc20939f0c2281d87c66516265cdfeef5691ce3983729ff83508737967 diff --git a/sys-auth/poldi/files/01-debian-specific-0.4.1.diff b/sys-auth/poldi/files/01-debian-specific-0.4.1.diff new file mode 100644 index 0000000..7e5b9c7 --- /dev/null +++ b/sys-auth/poldi/files/01-debian-specific-0.4.1.diff @@ -0,0 +1,288 @@ +Description: Debian specific changes + This patch is generated from revision 0.4.1-2.1 of Debian source. +Author: Debian poldi maintainers +Reviewed-By: NIIBE Yutaka +Last-Update: 2013-07-10 + +Index: poldi-0.4.1/configure.ac +=================================================================== +--- poldi-0.4.1.orig/configure.ac 2013-07-10 12:22:44.432409857 +0000 ++++ poldi-0.4.1/configure.ac 2013-07-10 12:22:44.384409856 +0000 +@@ -215,7 +215,7 @@ + if test "$have_ksba" = "no"; then + AC_MSG_NOTICE([[ + *** +-*** libksba not found, building with X.509 authentication support. ++*** libksba not found, building without X.509 authentication support. + *** libksba can be retrieved from: + *** URL FIXME + *** (at least version $NEED_KSBA_VERSION (API $NEED_KSBA_API) is required). +Index: poldi-0.4.1/conf/Makefile.am +=================================================================== +--- poldi-0.4.1.orig/conf/Makefile.am 2013-07-10 12:22:44.432409857 +0000 ++++ poldi-0.4.1/conf/Makefile.am 2013-07-10 12:22:44.388409858 +0000 +@@ -33,5 +33,11 @@ + install -m 644 -T $(top_srcdir)/conf/poldi.conf.skel \ + $(DESTDIR)$(POLDI_CONF_DIRECTORY)/poldi.conf; \ + fi ++ if test -e $(DESTDIR)$(POLDI_CONF_DIRECTORY)/scdaemon.conf; then \ ++ echo "$(DESTDIR)$(POLDI_CONF_DIRECTORY)/scdaemon.conf exists, doing nothing here"; \ ++ else \ ++ install -m 644 -T $(top_srcdir)/conf/scdaemon.conf.skel \ ++ $(DESTDIR)$(POLDI_CONF_DIRECTORY)/scdaemon.conf; \ ++ fi + +-EXTRA_DIST = poldi.conf.skel users.skel README.keys ++EXTRA_DIST = poldi.conf.skel users.skel scdaemon.conf.skel README.keys +Index: poldi-0.4.1/MIGRATION +=================================================================== +--- poldi-0.4.1.orig/MIGRATION 2013-07-10 12:22:44.432409857 +0000 ++++ poldi-0.4.1/MIGRATION 2013-07-10 12:22:44.372409854 +0000 +@@ -51,3 +51,5 @@ + - "fake-wait-for-card" + - "require-card-switch" + - "wait-timeout" ++ - "try_pin" ++ - "quiet" +Index: poldi-0.4.1/TODO +=================================================================== +--- poldi-0.4.1.orig/TODO 2013-07-10 12:22:44.432409857 +0000 ++++ poldi-0.4.1/TODO 2013-07-10 12:22:44.372409854 +0000 +@@ -2,6 +2,9 @@ + * allow for Dirmngr to be started on demand (in pipe mode) (NO <- Why?!) + + Low priority: ++* allow user to skip card authentication without submitting a wrong ++ PIN to the card, e.g. by entering an empty PIN? Return ++ PAM_CRED_INSUFFICIENT in that case? PAM_AUTHINFO_UNAVAIL? PAM_AUTH_ERR? + * figure out what exactly the dependencies on the OpenPGP smartcard are. + * improve doc + * work on MIGRATION text +Index: poldi-0.4.1/src/scd/scd.c +=================================================================== +--- poldi-0.4.1.orig/src/scd/scd.c 2013-07-10 12:22:44.432409857 +0000 ++++ poldi-0.4.1/src/scd/scd.c 2013-07-10 12:22:44.384409856 +0000 +@@ -326,7 +326,7 @@ + fallback: spawn a new scdaemon. */ + + const char *pgmname; +- const char *argv[3]; ++ const char *argv[6]; + int no_close_list[3]; + int i; + +@@ -352,7 +352,13 @@ + + argv[0] = pgmname; + argv[1] = "--server"; +- argv[2] = NULL; ++ argv[2] = "--options"; ++ argv[3] = "/etc/poldi/scdaemon.conf"; ++ if (flags & SCD_FLAG_VERBOSE) ++ argv[4] = "-v"; ++ else ++ argv[4] = NULL; ++ argv[5] = NULL; + + i=0; + +@@ -362,7 +368,8 @@ + if (log_get_fd () != -1) + no_close_list[i++] = log_get_fd (); + #endif +- no_close_list[i++] = fileno (stderr); ++ if (flags & SCD_FLAG_VERBOSE) ++ no_close_list[i++] = fileno (stderr); + no_close_list[i] = -1; + + /* connect to the agent and perform initial handshaking */ +Index: poldi-0.4.1/src/pam/pam_poldi.c +=================================================================== +--- poldi-0.4.1.orig/src/pam/pam_poldi.c 2013-07-10 12:22:44.432409857 +0000 ++++ poldi-0.4.1/src/pam/pam_poldi.c 2013-07-10 12:22:44.384409856 +0000 +@@ -480,16 +480,16 @@ + { + if (ctx->debug) + log_msg_debug (ctx->loghandle, _("Waiting for card for user `%s'..."), pam_username); +- conv_tell (ctx->conv, _("Waiting for card for user `%s'..."), pam_username); ++ conv_tell (ctx->conv, _("Insert authentication card for user `%s'"), pam_username); + } + else + { + if (ctx->debug) + log_msg_debug (ctx->loghandle, _("Waiting for card...")); +- conv_tell (ctx->conv, _("Waiting for card...")); ++ conv_tell (ctx->conv, _("Insert authentication card")); + } + +- err = wait_for_card (ctx->scd, 0); ++ err = wait_for_card (ctx->scd, 3); + if (err) + { + log_msg_error (ctx->loghandle, +Index: poldi-0.4.1/src/pam/auth-support/getpin-cb.c +=================================================================== +--- poldi-0.4.1.orig/src/pam/auth-support/getpin-cb.c 2013-07-10 12:22:44.432409857 +0000 ++++ poldi-0.4.1/src/pam/auth-support/getpin-cb.c 2013-07-10 12:22:44.384409856 +0000 +@@ -81,9 +81,15 @@ + Shouldn't they be done in scdaemon itself? -mo */ + + if (strlen (buffer) < 6) /* FIXME? is it really minimum of 6 bytes? */ +- log_msg_error (ctx->loghandle, _("invalid PIN")); +- else if (!all_digitsp (buffer)) +- log_msg_error (ctx->loghandle, _("invalid characters in PIN")); ++ { ++ log_msg_error (ctx->loghandle, _("PIN too short")); ++ conv_tell(ctx->conv, "%s", _("PIN too short")); ++ } ++/* else if (!all_digitsp (buffer)) */ ++/* { */ ++/* log_msg_error (ctx->loghandle, _("invalid characters in PIN")); */ ++/* conv_tell(ctx->conv, "%s", _("invalid characters in PIN")); */ ++/* } */ + else + break; + } +@@ -235,7 +241,7 @@ + err = query_user (ctx, info_frobbed, buf, maxbuf); + else + /* Use string which is more user friendly. */ +- err = query_user (ctx, _("||Please enter the PIN"), buf, maxbuf); ++ err = query_user (ctx, _("Please enter the PIN: "), buf, maxbuf); + } + else + { +@@ -254,7 +260,7 @@ + if (info_frobbed) + err = keypad_mode_enter (ctx, info_frobbed); + else +- err = keypad_mode_enter (ctx, _("||Please enter the PIN")); ++ err = keypad_mode_enter (ctx, _("Please enter the PIN: ")); + } + else + err = gpg_error (GPG_ERR_INV_VALUE); /* FIXME: must signal +Index: poldi-0.4.1/src/pam/auth-method-localdb/auth-localdb.c +=================================================================== +--- poldi-0.4.1.orig/src/pam/auth-method-localdb/auth-localdb.c 2013-07-10 12:22:44.432409857 +0000 ++++ poldi-0.4.1/src/pam/auth-method-localdb/auth-localdb.c 2013-07-10 12:22:44.384409856 +0000 +@@ -117,10 +117,12 @@ + username = username_desired; + + if (ctx->debug) +- log_msg_debug (ctx->conv, +- _("Trying authentication as user `%s'..."), username); +- conv_tell (ctx->conv, +- _("Trying authentication as user `%s'..."), username); ++ { ++ log_msg_debug (ctx->conv, ++ _("Trying authentication as user `%s'..."), username); ++ conv_tell (ctx->conv, ++ _("Trying authentication as user `%s'..."), username); ++ } + + /* Verify (again) that the given account is associated with the + serial number. */ +@@ -128,12 +130,14 @@ + if (err) + { + if (ctx->debug) +- log_msg_debug (ctx->loghandle, +- _("Serial number %s is not associated with user %s"), +- ctx->cardinfo.serialno, username); +- conv_tell (ctx->conv, +- _("Serial number %s is not associated with user %s"), +- ctx->cardinfo.serialno, username); ++ { ++ log_msg_debug (ctx->loghandle, ++ _("Serial number %s is not associated with user %s"), ++ ctx->cardinfo.serialno, username); ++ conv_tell (ctx->conv, ++ _("Serial number %s is not associated with user %s"), ++ ctx->cardinfo.serialno, username); ++ } + err = gcry_error (GPG_ERR_INV_NAME); + goto out; + } +Index: poldi-0.4.1/tests/Makefile.in +=================================================================== +--- poldi-0.4.1.orig/tests/Makefile.in 2013-07-10 12:22:44.432409857 +0000 ++++ poldi-0.4.1/tests/Makefile.in 2013-07-10 12:22:44.384409856 +0000 +@@ -220,7 +220,7 @@ + top_srcdir = @top_srcdir@ + parse_test_SOURCES = parse-test.c + parse_test_CFLAGS = -Wall -I$(top_srcdir)/src/util -I$(top_srcdir)/src +-parse_test_LDADD = $(top_builddir)/src/util/libpoldi-util.a -lgcrypt ++parse_test_LDADD = $(top_builddir)/src/util/libpoldi-util.a -lgcrypt -lgpg-error + pam_test_SOURCES = pam-test.c + pam_test_CFLAGS = -Wall + pam_test_LDADD = -lpam -lpam_misc +Index: poldi-0.4.1/conf/scdaemon.conf.skel +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ poldi-0.4.1/conf/scdaemon.conf.skel 2013-07-10 12:22:44.388409858 +0000 +@@ -0,0 +1 @@ ++# +Index: poldi-0.4.1/conf/Makefile.in +=================================================================== +--- poldi-0.4.1.orig/conf/Makefile.in 2013-07-10 12:22:44.432409857 +0000 ++++ poldi-0.4.1/conf/Makefile.in 2013-07-10 12:22:44.388409858 +0000 +@@ -195,7 +195,7 @@ + target_vendor = @target_vendor@ + top_builddir = @top_builddir@ + top_srcdir = @top_srcdir@ +-EXTRA_DIST = poldi.conf.skel users.skel README.keys ++EXTRA_DIST = poldi.conf.skel users.skel scdaemon.conf.skel README.keys + all: all-am + + .SUFFIXES: +@@ -372,6 +372,12 @@ + install -m 644 -T $(top_srcdir)/conf/poldi.conf.skel \ + $(DESTDIR)$(POLDI_CONF_DIRECTORY)/poldi.conf; \ + fi ++ if test -e $(DESTDIR)$(POLDI_CONF_DIRECTORY)/scdaemon.conf; then \ ++ echo "$(DESTDIR)$(POLDI_CONF_DIRECTORY)/scdaemon.conf exists, doing nothing here"; \ ++ else \ ++ install -m 644 -T $(top_srcdir)/conf/scdaemon.conf.skel \ ++ $(DESTDIR)$(POLDI_CONF_DIRECTORY)/scdaemon.conf; \ ++ fi + # Tell versions [3.59,3.63) of GNU make to not export all variables. + # Otherwise a system limit (for SysV at least) may be exceeded. + .NOEXPORT: +Index: poldi-0.4.1/conf/poldi.conf.skel +=================================================================== +--- poldi-0.4.1.orig/conf/poldi.conf.skel 2013-07-10 12:22:44.432409857 +0000 ++++ poldi-0.4.1/conf/poldi.conf.skel 2013-07-10 12:22:44.388409858 +0000 +@@ -5,10 +5,10 @@ + auth-method localdb + + # Specify the log file: +-log-file /home/moritz/logs/poldi.txt ++log-file /var/log/poldi + + # Enable debugging messages +-debug ++# debug + + # Specify SCDaemon executable + scdaemon-program /usr/bin/scdaemon +Index: poldi-0.4.1/configure +=================================================================== +--- poldi-0.4.1.orig/configure 2013-07-10 12:22:44.432409857 +0000 ++++ poldi-0.4.1/configure 2013-07-10 12:22:44.380409854 +0000 +@@ -9869,14 +9869,14 @@ + if test "$have_ksba" = "no"; then + { echo "$as_me:$LINENO: + *** +-*** libksba not found, building with X.509 authentication support. ++*** libksba not found, building without X.509 authentication support. + *** libksba can be retrieved from: + *** URL FIXME + *** (at least version $NEED_KSBA_VERSION (API $NEED_KSBA_API) is required). + ***" >&5 + echo "$as_me: + *** +-*** libksba not found, building with X.509 authentication support. ++*** libksba not found, building without X.509 authentication support. + *** libksba can be retrieved from: + *** URL FIXME + *** (at least version $NEED_KSBA_VERSION (API $NEED_KSBA_API) is required). diff --git a/sys-auth/poldi/files/02-ldflags-0.4.1.diff b/sys-auth/poldi/files/02-ldflags-0.4.1.diff new file mode 100644 index 0000000..e6737c6 --- /dev/null +++ b/sys-auth/poldi/files/02-ldflags-0.4.1.diff @@ -0,0 +1,30 @@ +Description: LDFLAGS should be handled to build PAM module +Author: NIIBE Yutaka +Last-Update: 2013-07-10 + +Index: poldi-0.4.1/src/pam/Makefile.am +=================================================================== +--- poldi-0.4.1.orig/src/pam/Makefile.am 2013-07-10 12:48:56.864526379 +0000 ++++ poldi-0.4.1/src/pam/Makefile.am 2013-07-10 12:48:56.820526375 +0000 +@@ -61,7 +61,7 @@ + + pam_poldi.so: libpam_poldi.a $(AUTH_METHODS_LIBS) auth-support/libpam-poldi-auth-support.a \ + ../scd/libscd_shared.a ../util/libpoldi-util_shared.a +- gcc -shared -o pam_poldi.so -Wl,-u,pam_sm_authenticate \ ++ $(CC) $(LDFLAGS) -shared -o pam_poldi.so -Wl,-u,pam_sm_authenticate \ + libpam_poldi.a \ + $(AUTH_METHODS_LIBS) auth-support/libpam-poldi-auth-support.a \ + ../scd/libscd_shared.a ../util/libpoldi-util_shared.a ../assuan/libassuan.a \ +Index: poldi-0.4.1/src/pam/Makefile.in +=================================================================== +--- poldi-0.4.1.orig/src/pam/Makefile.in 2013-07-10 12:48:56.864526379 +0000 ++++ poldi-0.4.1/src/pam/Makefile.in 2013-07-10 12:48:56.820526375 +0000 +@@ -592,7 +592,7 @@ + + pam_poldi.so: libpam_poldi.a $(AUTH_METHODS_LIBS) auth-support/libpam-poldi-auth-support.a \ + ../scd/libscd_shared.a ../util/libpoldi-util_shared.a +- gcc -shared -o pam_poldi.so -Wl,-u,pam_sm_authenticate \ ++ $(CC) $(LDFLAGS) -shared -o pam_poldi.so -Wl,-u,pam_sm_authenticate \ + libpam_poldi.a \ + $(AUTH_METHODS_LIBS) auth-support/libpam-poldi-auth-support.a \ + ../scd/libscd_shared.a ../util/libpoldi-util_shared.a ../assuan/libassuan.a \ diff --git a/sys-auth/poldi/files/03-fix-auth-localdb.diff b/sys-auth/poldi/files/03-fix-auth-localdb.diff new file mode 100644 index 0000000..96eface --- /dev/null +++ b/sys-auth/poldi/files/03-fix-auth-localdb.diff @@ -0,0 +1,17 @@ +Description: Bug fix calling log_msg_debug +Author: NIIBE Yutaka +Last-Update: 2013-07-10 + +Index: poldi-0.4.1/src/pam/auth-method-localdb/auth-localdb.c +=================================================================== +--- poldi-0.4.1.orig/src/pam/auth-method-localdb/auth-localdb.c 2013-07-10 12:57:28.896538720 +0000 ++++ poldi-0.4.1/src/pam/auth-method-localdb/auth-localdb.c 2013-07-10 12:57:28.844538737 +0000 +@@ -118,7 +118,7 @@ + + if (ctx->debug) + { +- log_msg_debug (ctx->conv, ++ log_msg_debug (ctx->loghandle, + _("Trying authentication as user `%s'..."), username); + conv_tell (ctx->conv, + _("Trying authentication as user `%s'..."), username); diff --git a/sys-auth/poldi/files/poldi.conf.example b/sys-auth/poldi/files/poldi.conf.example new file mode 100644 index 0000000..ca8ec5c --- /dev/null +++ b/sys-auth/poldi/files/poldi.conf.example @@ -0,0 +1,10 @@ +#See `info poldi` + +#ctapi-driver <driver name> +#pcsc-driver <driver name> +#reader-port <reader port> +#disable-ccid +#disable-opensc +#debug-ccid-driver +#fake-wait-for-card +#logfile diff --git a/sys-auth/poldi/poldi-0.4.1.ebuild b/sys-auth/poldi/poldi-0.4.1.ebuild new file mode 100644 index 0000000..3a37255 --- /dev/null +++ b/sys-auth/poldi/poldi-0.4.1.ebuild @@ -0,0 +1,34 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: $ + +EAPI=5 +inherit pam + +DESCRIPTION="PAM module implementing authentication via OpenPGP smartcards" +HOMEPAGE="http://www.gnupg.org/" +SRC_URI="ftp://ftp.gnupg.org/gcrypt/alpha/poldi/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="usb" + +DEPEND="dev-libs/libgcrypt + virtual/pam + >=dev-libs/libgpg-error-0.7 + usb? ( >=dev-libs/libusb-0.1.10a )" +RDEPEND="${DEPEND}" + +src_prepare() { + epatch "${FILESDIR}"/*.diff +} + +src_install() { + default + dopammod "${S}"/src/pam/pam_poldi.so + #ChangeLog and INSTALL are not usefull + dodoc AUTHORS NEWS README THANKS + dodir /etc/poldi + cp "${FILESDIR}"/poldi.conf.example "${D}"/etc/poldi +} |