summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--sys-auth/poldi/Manifest1
-rw-r--r--sys-auth/poldi/files/01-debian-specific-0.4.1.diff288
-rw-r--r--sys-auth/poldi/files/02-ldflags-0.4.1.diff30
-rw-r--r--sys-auth/poldi/files/03-fix-auth-localdb.diff17
-rw-r--r--sys-auth/poldi/files/poldi.conf.example10
-rw-r--r--sys-auth/poldi/poldi-0.4.1.ebuild34
6 files changed, 380 insertions, 0 deletions
diff --git a/sys-auth/poldi/Manifest b/sys-auth/poldi/Manifest
new file mode 100644
index 0000000..3882027
--- /dev/null
+++ b/sys-auth/poldi/Manifest
@@ -0,0 +1 @@
+DIST poldi-0.4.1.tar.bz2 351972 SHA256 fe692857c33c5f443eb3bce663fecf553a5600f0c6c0ffacecea02c351c2f749 SHA512 0ef276ee1d480416ebab33d590acecf958e707523afd3cee67c019620515a47c825ed42d8ec6427468aa9218f6db9c670f67ea521a8c3fb32d100593814bf51c WHIRLPOOL a3e5639366a1a8b2cc1514d23d64bce3ceabbb9fa13718d37d92842825a0c44a5f1dcafc20939f0c2281d87c66516265cdfeef5691ce3983729ff83508737967
diff --git a/sys-auth/poldi/files/01-debian-specific-0.4.1.diff b/sys-auth/poldi/files/01-debian-specific-0.4.1.diff
new file mode 100644
index 0000000..7e5b9c7
--- /dev/null
+++ b/sys-auth/poldi/files/01-debian-specific-0.4.1.diff
@@ -0,0 +1,288 @@
+Description: Debian specific changes
+ This patch is generated from revision 0.4.1-2.1 of Debian source.
+Author: Debian poldi maintainers
+Reviewed-By: NIIBE Yutaka
+Last-Update: 2013-07-10
+
+Index: poldi-0.4.1/configure.ac
+===================================================================
+--- poldi-0.4.1.orig/configure.ac 2013-07-10 12:22:44.432409857 +0000
++++ poldi-0.4.1/configure.ac 2013-07-10 12:22:44.384409856 +0000
+@@ -215,7 +215,7 @@
+ if test "$have_ksba" = "no"; then
+ AC_MSG_NOTICE([[
+ ***
+-*** libksba not found, building with X.509 authentication support.
++*** libksba not found, building without X.509 authentication support.
+ *** libksba can be retrieved from:
+ *** URL FIXME
+ *** (at least version $NEED_KSBA_VERSION (API $NEED_KSBA_API) is required).
+Index: poldi-0.4.1/conf/Makefile.am
+===================================================================
+--- poldi-0.4.1.orig/conf/Makefile.am 2013-07-10 12:22:44.432409857 +0000
++++ poldi-0.4.1/conf/Makefile.am 2013-07-10 12:22:44.388409858 +0000
+@@ -33,5 +33,11 @@
+ install -m 644 -T $(top_srcdir)/conf/poldi.conf.skel \
+ $(DESTDIR)$(POLDI_CONF_DIRECTORY)/poldi.conf; \
+ fi
++ if test -e $(DESTDIR)$(POLDI_CONF_DIRECTORY)/scdaemon.conf; then \
++ echo "$(DESTDIR)$(POLDI_CONF_DIRECTORY)/scdaemon.conf exists, doing nothing here"; \
++ else \
++ install -m 644 -T $(top_srcdir)/conf/scdaemon.conf.skel \
++ $(DESTDIR)$(POLDI_CONF_DIRECTORY)/scdaemon.conf; \
++ fi
+
+-EXTRA_DIST = poldi.conf.skel users.skel README.keys
++EXTRA_DIST = poldi.conf.skel users.skel scdaemon.conf.skel README.keys
+Index: poldi-0.4.1/MIGRATION
+===================================================================
+--- poldi-0.4.1.orig/MIGRATION 2013-07-10 12:22:44.432409857 +0000
++++ poldi-0.4.1/MIGRATION 2013-07-10 12:22:44.372409854 +0000
+@@ -51,3 +51,5 @@
+ - "fake-wait-for-card"
+ - "require-card-switch"
+ - "wait-timeout"
++ - "try_pin"
++ - "quiet"
+Index: poldi-0.4.1/TODO
+===================================================================
+--- poldi-0.4.1.orig/TODO 2013-07-10 12:22:44.432409857 +0000
++++ poldi-0.4.1/TODO 2013-07-10 12:22:44.372409854 +0000
+@@ -2,6 +2,9 @@
+ * allow for Dirmngr to be started on demand (in pipe mode) (NO <- Why?!)
+
+ Low priority:
++* allow user to skip card authentication without submitting a wrong
++ PIN to the card, e.g. by entering an empty PIN? Return
++ PAM_CRED_INSUFFICIENT in that case? PAM_AUTHINFO_UNAVAIL? PAM_AUTH_ERR?
+ * figure out what exactly the dependencies on the OpenPGP smartcard are.
+ * improve doc
+ * work on MIGRATION text
+Index: poldi-0.4.1/src/scd/scd.c
+===================================================================
+--- poldi-0.4.1.orig/src/scd/scd.c 2013-07-10 12:22:44.432409857 +0000
++++ poldi-0.4.1/src/scd/scd.c 2013-07-10 12:22:44.384409856 +0000
+@@ -326,7 +326,7 @@
+ fallback: spawn a new scdaemon. */
+
+ const char *pgmname;
+- const char *argv[3];
++ const char *argv[6];
+ int no_close_list[3];
+ int i;
+
+@@ -352,7 +352,13 @@
+
+ argv[0] = pgmname;
+ argv[1] = "--server";
+- argv[2] = NULL;
++ argv[2] = "--options";
++ argv[3] = "/etc/poldi/scdaemon.conf";
++ if (flags & SCD_FLAG_VERBOSE)
++ argv[4] = "-v";
++ else
++ argv[4] = NULL;
++ argv[5] = NULL;
+
+ i=0;
+
+@@ -362,7 +368,8 @@
+ if (log_get_fd () != -1)
+ no_close_list[i++] = log_get_fd ();
+ #endif
+- no_close_list[i++] = fileno (stderr);
++ if (flags & SCD_FLAG_VERBOSE)
++ no_close_list[i++] = fileno (stderr);
+ no_close_list[i] = -1;
+
+ /* connect to the agent and perform initial handshaking */
+Index: poldi-0.4.1/src/pam/pam_poldi.c
+===================================================================
+--- poldi-0.4.1.orig/src/pam/pam_poldi.c 2013-07-10 12:22:44.432409857 +0000
++++ poldi-0.4.1/src/pam/pam_poldi.c 2013-07-10 12:22:44.384409856 +0000
+@@ -480,16 +480,16 @@
+ {
+ if (ctx->debug)
+ log_msg_debug (ctx->loghandle, _("Waiting for card for user `%s'..."), pam_username);
+- conv_tell (ctx->conv, _("Waiting for card for user `%s'..."), pam_username);
++ conv_tell (ctx->conv, _("Insert authentication card for user `%s'"), pam_username);
+ }
+ else
+ {
+ if (ctx->debug)
+ log_msg_debug (ctx->loghandle, _("Waiting for card..."));
+- conv_tell (ctx->conv, _("Waiting for card..."));
++ conv_tell (ctx->conv, _("Insert authentication card"));
+ }
+
+- err = wait_for_card (ctx->scd, 0);
++ err = wait_for_card (ctx->scd, 3);
+ if (err)
+ {
+ log_msg_error (ctx->loghandle,
+Index: poldi-0.4.1/src/pam/auth-support/getpin-cb.c
+===================================================================
+--- poldi-0.4.1.orig/src/pam/auth-support/getpin-cb.c 2013-07-10 12:22:44.432409857 +0000
++++ poldi-0.4.1/src/pam/auth-support/getpin-cb.c 2013-07-10 12:22:44.384409856 +0000
+@@ -81,9 +81,15 @@
+ Shouldn't they be done in scdaemon itself? -mo */
+
+ if (strlen (buffer) < 6) /* FIXME? is it really minimum of 6 bytes? */
+- log_msg_error (ctx->loghandle, _("invalid PIN"));
+- else if (!all_digitsp (buffer))
+- log_msg_error (ctx->loghandle, _("invalid characters in PIN"));
++ {
++ log_msg_error (ctx->loghandle, _("PIN too short"));
++ conv_tell(ctx->conv, "%s", _("PIN too short"));
++ }
++/* else if (!all_digitsp (buffer)) */
++/* { */
++/* log_msg_error (ctx->loghandle, _("invalid characters in PIN")); */
++/* conv_tell(ctx->conv, "%s", _("invalid characters in PIN")); */
++/* } */
+ else
+ break;
+ }
+@@ -235,7 +241,7 @@
+ err = query_user (ctx, info_frobbed, buf, maxbuf);
+ else
+ /* Use string which is more user friendly. */
+- err = query_user (ctx, _("||Please enter the PIN"), buf, maxbuf);
++ err = query_user (ctx, _("Please enter the PIN: "), buf, maxbuf);
+ }
+ else
+ {
+@@ -254,7 +260,7 @@
+ if (info_frobbed)
+ err = keypad_mode_enter (ctx, info_frobbed);
+ else
+- err = keypad_mode_enter (ctx, _("||Please enter the PIN"));
++ err = keypad_mode_enter (ctx, _("Please enter the PIN: "));
+ }
+ else
+ err = gpg_error (GPG_ERR_INV_VALUE); /* FIXME: must signal
+Index: poldi-0.4.1/src/pam/auth-method-localdb/auth-localdb.c
+===================================================================
+--- poldi-0.4.1.orig/src/pam/auth-method-localdb/auth-localdb.c 2013-07-10 12:22:44.432409857 +0000
++++ poldi-0.4.1/src/pam/auth-method-localdb/auth-localdb.c 2013-07-10 12:22:44.384409856 +0000
+@@ -117,10 +117,12 @@
+ username = username_desired;
+
+ if (ctx->debug)
+- log_msg_debug (ctx->conv,
+- _("Trying authentication as user `%s'..."), username);
+- conv_tell (ctx->conv,
+- _("Trying authentication as user `%s'..."), username);
++ {
++ log_msg_debug (ctx->conv,
++ _("Trying authentication as user `%s'..."), username);
++ conv_tell (ctx->conv,
++ _("Trying authentication as user `%s'..."), username);
++ }
+
+ /* Verify (again) that the given account is associated with the
+ serial number. */
+@@ -128,12 +130,14 @@
+ if (err)
+ {
+ if (ctx->debug)
+- log_msg_debug (ctx->loghandle,
+- _("Serial number %s is not associated with user %s"),
+- ctx->cardinfo.serialno, username);
+- conv_tell (ctx->conv,
+- _("Serial number %s is not associated with user %s"),
+- ctx->cardinfo.serialno, username);
++ {
++ log_msg_debug (ctx->loghandle,
++ _("Serial number %s is not associated with user %s"),
++ ctx->cardinfo.serialno, username);
++ conv_tell (ctx->conv,
++ _("Serial number %s is not associated with user %s"),
++ ctx->cardinfo.serialno, username);
++ }
+ err = gcry_error (GPG_ERR_INV_NAME);
+ goto out;
+ }
+Index: poldi-0.4.1/tests/Makefile.in
+===================================================================
+--- poldi-0.4.1.orig/tests/Makefile.in 2013-07-10 12:22:44.432409857 +0000
++++ poldi-0.4.1/tests/Makefile.in 2013-07-10 12:22:44.384409856 +0000
+@@ -220,7 +220,7 @@
+ top_srcdir = @top_srcdir@
+ parse_test_SOURCES = parse-test.c
+ parse_test_CFLAGS = -Wall -I$(top_srcdir)/src/util -I$(top_srcdir)/src
+-parse_test_LDADD = $(top_builddir)/src/util/libpoldi-util.a -lgcrypt
++parse_test_LDADD = $(top_builddir)/src/util/libpoldi-util.a -lgcrypt -lgpg-error
+ pam_test_SOURCES = pam-test.c
+ pam_test_CFLAGS = -Wall
+ pam_test_LDADD = -lpam -lpam_misc
+Index: poldi-0.4.1/conf/scdaemon.conf.skel
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ poldi-0.4.1/conf/scdaemon.conf.skel 2013-07-10 12:22:44.388409858 +0000
+@@ -0,0 +1 @@
++#
+Index: poldi-0.4.1/conf/Makefile.in
+===================================================================
+--- poldi-0.4.1.orig/conf/Makefile.in 2013-07-10 12:22:44.432409857 +0000
++++ poldi-0.4.1/conf/Makefile.in 2013-07-10 12:22:44.388409858 +0000
+@@ -195,7 +195,7 @@
+ target_vendor = @target_vendor@
+ top_builddir = @top_builddir@
+ top_srcdir = @top_srcdir@
+-EXTRA_DIST = poldi.conf.skel users.skel README.keys
++EXTRA_DIST = poldi.conf.skel users.skel scdaemon.conf.skel README.keys
+ all: all-am
+
+ .SUFFIXES:
+@@ -372,6 +372,12 @@
+ install -m 644 -T $(top_srcdir)/conf/poldi.conf.skel \
+ $(DESTDIR)$(POLDI_CONF_DIRECTORY)/poldi.conf; \
+ fi
++ if test -e $(DESTDIR)$(POLDI_CONF_DIRECTORY)/scdaemon.conf; then \
++ echo "$(DESTDIR)$(POLDI_CONF_DIRECTORY)/scdaemon.conf exists, doing nothing here"; \
++ else \
++ install -m 644 -T $(top_srcdir)/conf/scdaemon.conf.skel \
++ $(DESTDIR)$(POLDI_CONF_DIRECTORY)/scdaemon.conf; \
++ fi
+ # Tell versions [3.59,3.63) of GNU make to not export all variables.
+ # Otherwise a system limit (for SysV at least) may be exceeded.
+ .NOEXPORT:
+Index: poldi-0.4.1/conf/poldi.conf.skel
+===================================================================
+--- poldi-0.4.1.orig/conf/poldi.conf.skel 2013-07-10 12:22:44.432409857 +0000
++++ poldi-0.4.1/conf/poldi.conf.skel 2013-07-10 12:22:44.388409858 +0000
+@@ -5,10 +5,10 @@
+ auth-method localdb
+
+ # Specify the log file:
+-log-file /home/moritz/logs/poldi.txt
++log-file /var/log/poldi
+
+ # Enable debugging messages
+-debug
++# debug
+
+ # Specify SCDaemon executable
+ scdaemon-program /usr/bin/scdaemon
+Index: poldi-0.4.1/configure
+===================================================================
+--- poldi-0.4.1.orig/configure 2013-07-10 12:22:44.432409857 +0000
++++ poldi-0.4.1/configure 2013-07-10 12:22:44.380409854 +0000
+@@ -9869,14 +9869,14 @@
+ if test "$have_ksba" = "no"; then
+ { echo "$as_me:$LINENO:
+ ***
+-*** libksba not found, building with X.509 authentication support.
++*** libksba not found, building without X.509 authentication support.
+ *** libksba can be retrieved from:
+ *** URL FIXME
+ *** (at least version $NEED_KSBA_VERSION (API $NEED_KSBA_API) is required).
+ ***" >&5
+ echo "$as_me:
+ ***
+-*** libksba not found, building with X.509 authentication support.
++*** libksba not found, building without X.509 authentication support.
+ *** libksba can be retrieved from:
+ *** URL FIXME
+ *** (at least version $NEED_KSBA_VERSION (API $NEED_KSBA_API) is required).
diff --git a/sys-auth/poldi/files/02-ldflags-0.4.1.diff b/sys-auth/poldi/files/02-ldflags-0.4.1.diff
new file mode 100644
index 0000000..e6737c6
--- /dev/null
+++ b/sys-auth/poldi/files/02-ldflags-0.4.1.diff
@@ -0,0 +1,30 @@
+Description: LDFLAGS should be handled to build PAM module
+Author: NIIBE Yutaka
+Last-Update: 2013-07-10
+
+Index: poldi-0.4.1/src/pam/Makefile.am
+===================================================================
+--- poldi-0.4.1.orig/src/pam/Makefile.am 2013-07-10 12:48:56.864526379 +0000
++++ poldi-0.4.1/src/pam/Makefile.am 2013-07-10 12:48:56.820526375 +0000
+@@ -61,7 +61,7 @@
+
+ pam_poldi.so: libpam_poldi.a $(AUTH_METHODS_LIBS) auth-support/libpam-poldi-auth-support.a \
+ ../scd/libscd_shared.a ../util/libpoldi-util_shared.a
+- gcc -shared -o pam_poldi.so -Wl,-u,pam_sm_authenticate \
++ $(CC) $(LDFLAGS) -shared -o pam_poldi.so -Wl,-u,pam_sm_authenticate \
+ libpam_poldi.a \
+ $(AUTH_METHODS_LIBS) auth-support/libpam-poldi-auth-support.a \
+ ../scd/libscd_shared.a ../util/libpoldi-util_shared.a ../assuan/libassuan.a \
+Index: poldi-0.4.1/src/pam/Makefile.in
+===================================================================
+--- poldi-0.4.1.orig/src/pam/Makefile.in 2013-07-10 12:48:56.864526379 +0000
++++ poldi-0.4.1/src/pam/Makefile.in 2013-07-10 12:48:56.820526375 +0000
+@@ -592,7 +592,7 @@
+
+ pam_poldi.so: libpam_poldi.a $(AUTH_METHODS_LIBS) auth-support/libpam-poldi-auth-support.a \
+ ../scd/libscd_shared.a ../util/libpoldi-util_shared.a
+- gcc -shared -o pam_poldi.so -Wl,-u,pam_sm_authenticate \
++ $(CC) $(LDFLAGS) -shared -o pam_poldi.so -Wl,-u,pam_sm_authenticate \
+ libpam_poldi.a \
+ $(AUTH_METHODS_LIBS) auth-support/libpam-poldi-auth-support.a \
+ ../scd/libscd_shared.a ../util/libpoldi-util_shared.a ../assuan/libassuan.a \
diff --git a/sys-auth/poldi/files/03-fix-auth-localdb.diff b/sys-auth/poldi/files/03-fix-auth-localdb.diff
new file mode 100644
index 0000000..96eface
--- /dev/null
+++ b/sys-auth/poldi/files/03-fix-auth-localdb.diff
@@ -0,0 +1,17 @@
+Description: Bug fix calling log_msg_debug
+Author: NIIBE Yutaka
+Last-Update: 2013-07-10
+
+Index: poldi-0.4.1/src/pam/auth-method-localdb/auth-localdb.c
+===================================================================
+--- poldi-0.4.1.orig/src/pam/auth-method-localdb/auth-localdb.c 2013-07-10 12:57:28.896538720 +0000
++++ poldi-0.4.1/src/pam/auth-method-localdb/auth-localdb.c 2013-07-10 12:57:28.844538737 +0000
+@@ -118,7 +118,7 @@
+
+ if (ctx->debug)
+ {
+- log_msg_debug (ctx->conv,
++ log_msg_debug (ctx->loghandle,
+ _("Trying authentication as user `%s'..."), username);
+ conv_tell (ctx->conv,
+ _("Trying authentication as user `%s'..."), username);
diff --git a/sys-auth/poldi/files/poldi.conf.example b/sys-auth/poldi/files/poldi.conf.example
new file mode 100644
index 0000000..ca8ec5c
--- /dev/null
+++ b/sys-auth/poldi/files/poldi.conf.example
@@ -0,0 +1,10 @@
+#See `info poldi`
+
+#ctapi-driver <driver name>
+#pcsc-driver <driver name>
+#reader-port <reader port>
+#disable-ccid
+#disable-opensc
+#debug-ccid-driver
+#fake-wait-for-card
+#logfile
diff --git a/sys-auth/poldi/poldi-0.4.1.ebuild b/sys-auth/poldi/poldi-0.4.1.ebuild
new file mode 100644
index 0000000..3a37255
--- /dev/null
+++ b/sys-auth/poldi/poldi-0.4.1.ebuild
@@ -0,0 +1,34 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: $
+
+EAPI=5
+inherit pam
+
+DESCRIPTION="PAM module implementing authentication via OpenPGP smartcards"
+HOMEPAGE="http://www.gnupg.org/"
+SRC_URI="ftp://ftp.gnupg.org/gcrypt/alpha/poldi/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="usb"
+
+DEPEND="dev-libs/libgcrypt
+ virtual/pam
+ >=dev-libs/libgpg-error-0.7
+ usb? ( >=dev-libs/libusb-0.1.10a )"
+RDEPEND="${DEPEND}"
+
+src_prepare() {
+ epatch "${FILESDIR}"/*.diff
+}
+
+src_install() {
+ default
+ dopammod "${S}"/src/pam/pam_poldi.so
+ #ChangeLog and INSTALL are not usefull
+ dodoc AUTHORS NEWS README THANKS
+ dodir /etc/poldi
+ cp "${FILESDIR}"/poldi.conf.example "${D}"/etc/poldi
+}