summaryrefslogtreecommitdiffstats
path: root/redhat/applications/smartcardauth
diff options
context:
space:
mode:
Diffstat (limited to 'redhat/applications/smartcardauth')
-rw-r--r--redhat/applications/smartcardauth/smartcardauth-14.0.0.patch380
-rw-r--r--redhat/applications/smartcardauth/smartcardauth-14.0.0.spec8
-rw-r--r--redhat/applications/smartcardauth/trinity-smartcardauth-rpmlintrc1
3 files changed, 387 insertions, 2 deletions
diff --git a/redhat/applications/smartcardauth/smartcardauth-14.0.0.patch b/redhat/applications/smartcardauth/smartcardauth-14.0.0.patch
new file mode 100644
index 000000000..f6a7a2595
--- /dev/null
+++ b/redhat/applications/smartcardauth/smartcardauth-14.0.0.patch
@@ -0,0 +1,380 @@
+diff --git a/src/ckpass.c b/src/ckpass.c
+index 1da83c6..f3a14d0 100644
+--- a/src/ckpass.c
++++ b/src/ckpass.c
+@@ -8,6 +8,8 @@
+ ** or PAM.
+ */
+
++extern x_malloc(size_t size, const char *file, int line);
++
+ /* Used for unused parameters to silence gcc warnings. */
+ #define UNUSED __attribute__((__unused__))
+
+@@ -46,7 +48,7 @@
+ number information for debugging error messages without the user having to
+ pass those in every time. */
+ #define xcalloc(n, size) x_calloc((n), (size), __FILE__, __LINE__)
+-#define xmalloc(size) x_malloc((size), __FILE__, __LINE__)
++#define smartcardauth_xmalloc(size) x_malloc((size), __FILE__, __LINE__)
+ #define xrealloc(p, size) x_realloc((p), (size), __FILE__, __LINE__)
+ #define xstrdup(p) x_strdup((p), __FILE__, __LINE__)
+ #define xstrndup(p, size) x_strndup((p), (size), __FILE__, __LINE__)
+@@ -71,7 +73,7 @@ struct auth_info {
+ ** This function allocates an array of struct pam_response to return to the
+ ** PAM libraries that's never freed. For this program, this isn't much of an
+ ** issue, since it will likely only be called once and then the program will
+-** exit. This function uses malloc and strdup instead of xmalloc and xstrdup
++** exit. This function uses malloc and strdup instead of smartcardauth_xmalloc and xstrdup
+ ** intentionally so that the PAM conversation will be closed cleanly if we
+ ** run out of memory rather than simply terminated.
+ **
+@@ -82,8 +84,9 @@ static int pass_conv(int num_msg, const struct pam_message **msgm UNUSED, struct
+ int i;
+
+ *response = malloc(num_msg * sizeof(struct pam_response));
+- if (*response == NULL)
++ if (*response == NULL) {
+ return PAM_CONV_ERR;
++ }
+ for (i = 0; i < num_msg; i++) {
+ (*response)[i].resp = strdup((char *)appdata_ptr);
+ (*response)[i].resp_retcode = 0;
+@@ -115,17 +118,21 @@ static bool auth_pam(const char *username, char *password)
+ conv.conv = pass_conv;
+ conv.appdata_ptr = password;
+ status = pam_start("nnrpd", username, &conv, &pamh);
+- if (status != PAM_SUCCESS)
++ if (status != PAM_SUCCESS) {
+ die("pam_start failed: %s", pam_strerror(pamh, status));
++ }
+ status = pam_authenticate(pamh, PAM_SILENT);
+- if (status != PAM_SUCCESS)
++ if (status != PAM_SUCCESS) {
+ die("pam_authenticate failed: %s", pam_strerror(pamh, status));
++ }
+ status = pam_acct_mgmt(pamh, PAM_SILENT);
+- if (status != PAM_SUCCESS)
++ if (status != PAM_SUCCESS) {
+ die("pam_acct_mgmt failed: %s", pam_strerror(pamh, status));
++ }
+ status = pam_end(pamh, status);
+- if (status != PAM_SUCCESS)
++ if (status != PAM_SUCCESS) {
+ die("pam_end failed: %s", pam_strerror(pamh, status));
++ }
+
+ /* If we get to here, the user successfully authenticated. */
+ return true;
+@@ -153,8 +160,9 @@ password_dbm(char *name, const char *file)
+ char *password;
+
+ database = dbm_open(file, O_RDONLY, 0600);
+- if (database == NULL)
++ if (database == NULL) {
+ return NULL;
++ }
+ key.dptr = name;
+ key.dsize = strlen(name);
+ value = dbm_fetch(database, key);
+@@ -162,7 +170,7 @@ password_dbm(char *name, const char *file)
+ dbm_close(database);
+ return NULL;
+ }
+- password = xmalloc(value.dsize + 1);
++ password = smartcardauth_xmalloc(value.dsize + 1);
+ strlcpy(password, value.dptr, value.dsize + 1);
+ dbm_close(database);
+ return password;
+@@ -188,8 +196,10 @@ password_shadow(const char *user)
+ struct spwd *spwd;
+
+ spwd = getspnam(user);
+- if (spwd != NULL)
+- return xstrdup(spwd->sp_pwdp);
++ if (spwd != NULL) {
++ char* ret = xstrdup(spwd->sp_pwdp);
++ return ret;
++ }
+ return NULL;
+ }
+ #endif /* HAVE_GETSPNAM */
+@@ -206,8 +216,10 @@ password_system(const char *username)
+ struct passwd *pwd;
+
+ pwd = getpwnam(username);
+- if (pwd != NULL)
+- return xstrdup(pwd->pw_passwd);
++ if (pwd != NULL) {
++ char* ret = xstrdup(pwd->pw_passwd);
++ return ret;
++ }
+ return NULL;
+ }
+
+@@ -225,12 +237,15 @@ group_system(const char *username)
+ struct group *gr;
+
+ pwd = getpwnam(username);
+- if (pwd == NULL)
++ if (pwd == NULL) {
+ return NULL;
++ }
+ gr = getgrgid(pwd->pw_gid);
+- if (gr == NULL)
++ if (gr == NULL) {
+ return NULL;
+- return xstrdup(gr->gr_name);
++ }
++ char* ret = xstrdup(gr->gr_name);
++ return ret;
+ }
+
+
+@@ -242,12 +257,13 @@ output_user(const char *username, bool wantgroup)
+ {
+ if (wantgroup) {
+ char *group = group_system(username);
+- if (group == NULL)
++ if (group == NULL) {
+ die("group info for user %s not available", username);
++ }
+ printf("User:%s@%s\n", username, group);
+- }
+- else
++ } else {
+ printf("User:%s\n", username);
++ }
+ }
+
+
+@@ -264,7 +280,7 @@ check_password(const char* username, const char* password)
+ bool wantgroup = false;
+ struct auth_info *authinfo = NULL;
+
+- authinfo = xmalloc(sizeof(struct auth_info));
++ authinfo = smartcardauth_xmalloc(sizeof(struct auth_info));
+ authinfo->username = username;
+ authinfo->password = password;
+
+@@ -273,12 +289,14 @@ check_password(const char* username, const char* password)
+ return 0;
+ }
+ password = password_system(authinfo->username);
+- if (password == NULL)
++ if (password == NULL) {
+ return 1;
+- if (strcmp(password, crypt(authinfo->password, password)) != 0)
++ }
++ if (strcmp(password, crypt(authinfo->password, password)) != 0) {
+ return 1;
++ }
+
+ /* The password matched. */
+ output_user(authinfo->username, wantgroup);
+ return 0;
+-}
+\ No newline at end of file
++}
+diff --git a/src/ckpasswd.c b/src/ckpasswd.c
+index 9dbdbcf..a0faa15 100644
+--- a/src/ckpasswd.c
++++ b/src/ckpasswd.c
+@@ -83,8 +83,9 @@ static int pass_conv(int num_msg, const struct pam_message **msgm UNUSED, struct
+ int i;
+
+ *response = malloc(num_msg * sizeof(struct pam_response));
+- if (*response == NULL)
++ if (*response == NULL) {
+ return PAM_CONV_ERR;
++ }
+ for (i = 0; i < num_msg; i++) {
+ (*response)[i].resp = strdup((char *)appdata_ptr);
+ (*response)[i].resp_retcode = 0;
+@@ -116,17 +117,21 @@ static bool auth_pam(const char *username, char *password)
+ conv.conv = pass_conv;
+ conv.appdata_ptr = password;
+ status = pam_start("nnrpd", username, &conv, &pamh);
+- if (status != PAM_SUCCESS)
++ if (status != PAM_SUCCESS) {
+ die("pam_start failed: %s", pam_strerror(pamh, status));
++ }
+ status = pam_authenticate(pamh, PAM_SILENT);
+- if (status != PAM_SUCCESS)
++ if (status != PAM_SUCCESS) {
+ die("pam_authenticate failed: %s", pam_strerror(pamh, status));
++ }
+ status = pam_acct_mgmt(pamh, PAM_SILENT);
+- if (status != PAM_SUCCESS)
++ if (status != PAM_SUCCESS) {
+ die("pam_acct_mgmt failed: %s", pam_strerror(pamh, status));
++ }
+ status = pam_end(pamh, status);
+- if (status != PAM_SUCCESS)
++ if (status != PAM_SUCCESS) {
+ die("pam_end failed: %s", pam_strerror(pamh, status));
++ }
+
+ /* If we get to here, the user successfully authenticated. */
+ return true;
+@@ -154,8 +159,9 @@ password_dbm(char *name, const char *file)
+ char *password;
+
+ database = dbm_open(file, O_RDONLY, 0600);
+- if (database == NULL)
++ if (database == NULL) {
+ return NULL;
++ }
+ key.dptr = name;
+ key.dsize = strlen(name);
+ value = dbm_fetch(database, key);
+@@ -189,8 +195,10 @@ password_shadow(const char *user)
+ struct spwd *spwd;
+
+ spwd = getspnam(user);
+- if (spwd != NULL)
+- return xstrdup(spwd->sp_pwdp);
++ if (spwd != NULL) {
++ char* ret = xstrdup(spwd->sp_pwdp);
++ return ret;
++ }
+ return NULL;
+ }
+ #endif /* HAVE_GETSPNAM */
+@@ -207,8 +215,10 @@ password_system(const char *username)
+ struct passwd *pwd;
+
+ pwd = getpwnam(username);
+- if (pwd != NULL)
+- return xstrdup(pwd->pw_passwd);
++ if (pwd != NULL) {
++ char* ret = xstrdup(pwd->pw_passwd);
++ return ret;
++ }
+ return NULL;
+ }
+
+@@ -226,12 +236,15 @@ group_system(const char *username)
+ struct group *gr;
+
+ pwd = getpwnam(username);
+- if (pwd == NULL)
++ if (pwd == NULL) {
+ return NULL;
++ }
+ gr = getgrgid(pwd->pw_gid);
+- if (gr == NULL)
++ if (gr == NULL) {
+ return NULL;
+- return xstrdup(gr->gr_name);
++ }
++ char* ret = xstrdup(gr->gr_name);
++ return ret;
+ }
+
+
+@@ -243,12 +256,13 @@ output_user(const char *username, bool wantgroup)
+ {
+ if (wantgroup) {
+ char *group = group_system(username);
+- if (group == NULL)
++ if (group == NULL) {
+ die("group info for user %s not available", username);
++ }
+ printf("User:%s@%s\n", username, group);
+- }
+- else
++ } else {
+ printf("User:%s\n", username);
++ }
+ }
+
+
+@@ -276,29 +290,35 @@ main(int argc, char *argv[])
+ while ((opt = getopt(argc, argv, "gf:u:p:" OPT_DBM OPT_SHADOW)) != -1) {
+ switch (opt) {
+ case 'g':
+- if (type == AUTH_DBM || type == AUTH_FILE)
++ if (type == AUTH_DBM || type == AUTH_FILE) {
+ die("-g option is incompatible with -d or -f");
++ }
+ wantgroup = true;
+ break;
+ case 'd':
+- if (type != AUTH_NONE)
++ if (type != AUTH_NONE) {
+ die("only one of -s, -f, or -d allowed");
+- if (wantgroup)
++ }
++ if (wantgroup) {
+ die("-g option is incompatible with -d or -f");
++ }
+ type = AUTH_DBM;
+ filename = optarg;
+ break;
+ case 'f':
+- if (type != AUTH_NONE)
++ if (type != AUTH_NONE) {
+ die("only one of -s, -f, or -d allowed");
+- if (wantgroup)
++ }
++ if (wantgroup) {
+ die("-g option is incompatible with -d or -f");
++ }
+ type = AUTH_FILE;
+ filename = optarg;
+ break;
+ case 's':
+- if (type != AUTH_NONE)
++ if (type != AUTH_NONE) {
+ die("only one of -s, -f, or -d allowed");
++ }
+ type = AUTH_SHADOW;
+ break;
+ case 'u':
+@@ -319,12 +339,15 @@ main(int argc, char *argv[])
+ exit(1);
+ }
+ }
+- if (argc != optind)
+- die("extra arguments given");
+- if (authinfo != NULL && authinfo->username == NULL)
++ if (argc != optind) {
++ die("extra arguments given");
++ }
++ if (authinfo != NULL && authinfo->username == NULL) {
+ die("-u option is required if -p option is given");
+- if (authinfo != NULL && authinfo->password == NULL)
++ }
++ if (authinfo != NULL && authinfo->password == NULL) {
+ die("-p option is required if -u option is given");
++ }
+
+ // /* Unless a username or password was given on the command line, assume
+ // we're being run by nnrpd. */
+@@ -339,8 +362,9 @@ main(int argc, char *argv[])
+ switch (type) {
+ case AUTH_SHADOW:
+ password = password_shadow(authinfo->username);
+- if (password == NULL)
++ if (password == NULL) {
+ password = password_system(authinfo->username);
++ }
+ break;
+ // case AUTH_FILE:
+ // password = password_file(authinfo->username, filename);
+@@ -357,10 +381,12 @@ main(int argc, char *argv[])
+ break;
+ }
+
+- if (password == NULL)
++ if (password == NULL) {
+ die("user %s unknown", authinfo->username);
+- if (strcmp(password, crypt(authinfo->password, password)) != 0)
++ }
++ if (strcmp(password, crypt(authinfo->password, password)) != 0) {
+ die("invalid password for user %s", authinfo->username);
++ }
+
+ /* The password matched. */
+ output_user(authinfo->username, wantgroup);
diff --git a/redhat/applications/smartcardauth/smartcardauth-14.0.0.spec b/redhat/applications/smartcardauth/smartcardauth-14.0.0.spec
index 75d7e35b6..5e5f95dfa 100644
--- a/redhat/applications/smartcardauth/smartcardauth-14.0.0.spec
+++ b/redhat/applications/smartcardauth/smartcardauth-14.0.0.spec
@@ -1,5 +1,5 @@
#
-# spec file for package smartcardauth (version R14.0.0)
+# spec file for package smartcardauth (version R14)
#
# Copyright (c) 2014 Trinity Desktop Environment
#
@@ -17,7 +17,9 @@
# TDE variables
%define tde_epoch 2
+%if "%{?tde_version}" == ""
%define tde_version 14.0.0
+%endif
%define tde_pkg smartcardauth
%define tde_prefix /opt/trinity
%define tde_bindir %{tde_prefix}/bin
@@ -54,7 +56,7 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Source0: %{name}-%{tde_version}%{?preversion:~%{preversion}}.tar.gz
Source1: trinity-%{tde_pkg}-rpmlintrc
-Patch0: %{tde_pkg}-%{tde_version}.patch
+Patch0: %{tde_pkg}-14.0.0.patch
BuildRequires: trinity-tdelibs-devel >= %{tde_version}
BuildRequires: trinity-tdebase-devel >= %{tde_version}
@@ -137,7 +139,9 @@ in addition to the PKCS certificate functionality
%prep
%setup -q -n %{name}-%{tde_version}%{?preversion:~%{preversion}}
+%if 0%{?rhel} != 6
%patch0 -p1 -b .ftbfs
+%endif
%__sed -i "Makefile" \
-e "s|/usr/lib/perl5/Chipcard|%{_libdir}/perl5/vendor_perl/Chipcard|g"
diff --git a/redhat/applications/smartcardauth/trinity-smartcardauth-rpmlintrc b/redhat/applications/smartcardauth/trinity-smartcardauth-rpmlintrc
new file mode 100644
index 000000000..7dc0bac20
--- /dev/null
+++ b/redhat/applications/smartcardauth/trinity-smartcardauth-rpmlintrc
@@ -0,0 +1 @@
+setBadness('64bit-portability-issue', 0)