diff options
Diffstat (limited to 'redhat/applications/smartcardauth')
3 files changed, 387 insertions, 2 deletions
diff --git a/redhat/applications/smartcardauth/smartcardauth-14.0.0.patch b/redhat/applications/smartcardauth/smartcardauth-14.0.0.patch new file mode 100644 index 000000000..f6a7a2595 --- /dev/null +++ b/redhat/applications/smartcardauth/smartcardauth-14.0.0.patch @@ -0,0 +1,380 @@ +diff --git a/src/ckpass.c b/src/ckpass.c +index 1da83c6..f3a14d0 100644 +--- a/src/ckpass.c ++++ b/src/ckpass.c +@@ -8,6 +8,8 @@ + ** or PAM. + */ + ++extern x_malloc(size_t size, const char *file, int line); ++ + /* Used for unused parameters to silence gcc warnings. */ + #define UNUSED __attribute__((__unused__)) + +@@ -46,7 +48,7 @@ + number information for debugging error messages without the user having to + pass those in every time. */ + #define xcalloc(n, size) x_calloc((n), (size), __FILE__, __LINE__) +-#define xmalloc(size) x_malloc((size), __FILE__, __LINE__) ++#define smartcardauth_xmalloc(size) x_malloc((size), __FILE__, __LINE__) + #define xrealloc(p, size) x_realloc((p), (size), __FILE__, __LINE__) + #define xstrdup(p) x_strdup((p), __FILE__, __LINE__) + #define xstrndup(p, size) x_strndup((p), (size), __FILE__, __LINE__) +@@ -71,7 +73,7 @@ struct auth_info { + ** This function allocates an array of struct pam_response to return to the + ** PAM libraries that's never freed. For this program, this isn't much of an + ** issue, since it will likely only be called once and then the program will +-** exit. This function uses malloc and strdup instead of xmalloc and xstrdup ++** exit. This function uses malloc and strdup instead of smartcardauth_xmalloc and xstrdup + ** intentionally so that the PAM conversation will be closed cleanly if we + ** run out of memory rather than simply terminated. + ** +@@ -82,8 +84,9 @@ static int pass_conv(int num_msg, const struct pam_message **msgm UNUSED, struct + int i; + + *response = malloc(num_msg * sizeof(struct pam_response)); +- if (*response == NULL) ++ if (*response == NULL) { + return PAM_CONV_ERR; ++ } + for (i = 0; i < num_msg; i++) { + (*response)[i].resp = strdup((char *)appdata_ptr); + (*response)[i].resp_retcode = 0; +@@ -115,17 +118,21 @@ static bool auth_pam(const char *username, char *password) + conv.conv = pass_conv; + conv.appdata_ptr = password; + status = pam_start("nnrpd", username, &conv, &pamh); +- if (status != PAM_SUCCESS) ++ if (status != PAM_SUCCESS) { + die("pam_start failed: %s", pam_strerror(pamh, status)); ++ } + status = pam_authenticate(pamh, PAM_SILENT); +- if (status != PAM_SUCCESS) ++ if (status != PAM_SUCCESS) { + die("pam_authenticate failed: %s", pam_strerror(pamh, status)); ++ } + status = pam_acct_mgmt(pamh, PAM_SILENT); +- if (status != PAM_SUCCESS) ++ if (status != PAM_SUCCESS) { + die("pam_acct_mgmt failed: %s", pam_strerror(pamh, status)); ++ } + status = pam_end(pamh, status); +- if (status != PAM_SUCCESS) ++ if (status != PAM_SUCCESS) { + die("pam_end failed: %s", pam_strerror(pamh, status)); ++ } + + /* If we get to here, the user successfully authenticated. */ + return true; +@@ -153,8 +160,9 @@ password_dbm(char *name, const char *file) + char *password; + + database = dbm_open(file, O_RDONLY, 0600); +- if (database == NULL) ++ if (database == NULL) { + return NULL; ++ } + key.dptr = name; + key.dsize = strlen(name); + value = dbm_fetch(database, key); +@@ -162,7 +170,7 @@ password_dbm(char *name, const char *file) + dbm_close(database); + return NULL; + } +- password = xmalloc(value.dsize + 1); ++ password = smartcardauth_xmalloc(value.dsize + 1); + strlcpy(password, value.dptr, value.dsize + 1); + dbm_close(database); + return password; +@@ -188,8 +196,10 @@ password_shadow(const char *user) + struct spwd *spwd; + + spwd = getspnam(user); +- if (spwd != NULL) +- return xstrdup(spwd->sp_pwdp); ++ if (spwd != NULL) { ++ char* ret = xstrdup(spwd->sp_pwdp); ++ return ret; ++ } + return NULL; + } + #endif /* HAVE_GETSPNAM */ +@@ -206,8 +216,10 @@ password_system(const char *username) + struct passwd *pwd; + + pwd = getpwnam(username); +- if (pwd != NULL) +- return xstrdup(pwd->pw_passwd); ++ if (pwd != NULL) { ++ char* ret = xstrdup(pwd->pw_passwd); ++ return ret; ++ } + return NULL; + } + +@@ -225,12 +237,15 @@ group_system(const char *username) + struct group *gr; + + pwd = getpwnam(username); +- if (pwd == NULL) ++ if (pwd == NULL) { + return NULL; ++ } + gr = getgrgid(pwd->pw_gid); +- if (gr == NULL) ++ if (gr == NULL) { + return NULL; +- return xstrdup(gr->gr_name); ++ } ++ char* ret = xstrdup(gr->gr_name); ++ return ret; + } + + +@@ -242,12 +257,13 @@ output_user(const char *username, bool wantgroup) + { + if (wantgroup) { + char *group = group_system(username); +- if (group == NULL) ++ if (group == NULL) { + die("group info for user %s not available", username); ++ } + printf("User:%s@%s\n", username, group); +- } +- else ++ } else { + printf("User:%s\n", username); ++ } + } + + +@@ -264,7 +280,7 @@ check_password(const char* username, const char* password) + bool wantgroup = false; + struct auth_info *authinfo = NULL; + +- authinfo = xmalloc(sizeof(struct auth_info)); ++ authinfo = smartcardauth_xmalloc(sizeof(struct auth_info)); + authinfo->username = username; + authinfo->password = password; + +@@ -273,12 +289,14 @@ check_password(const char* username, const char* password) + return 0; + } + password = password_system(authinfo->username); +- if (password == NULL) ++ if (password == NULL) { + return 1; +- if (strcmp(password, crypt(authinfo->password, password)) != 0) ++ } ++ if (strcmp(password, crypt(authinfo->password, password)) != 0) { + return 1; ++ } + + /* The password matched. */ + output_user(authinfo->username, wantgroup); + return 0; +-} +\ No newline at end of file ++} +diff --git a/src/ckpasswd.c b/src/ckpasswd.c +index 9dbdbcf..a0faa15 100644 +--- a/src/ckpasswd.c ++++ b/src/ckpasswd.c +@@ -83,8 +83,9 @@ static int pass_conv(int num_msg, const struct pam_message **msgm UNUSED, struct + int i; + + *response = malloc(num_msg * sizeof(struct pam_response)); +- if (*response == NULL) ++ if (*response == NULL) { + return PAM_CONV_ERR; ++ } + for (i = 0; i < num_msg; i++) { + (*response)[i].resp = strdup((char *)appdata_ptr); + (*response)[i].resp_retcode = 0; +@@ -116,17 +117,21 @@ static bool auth_pam(const char *username, char *password) + conv.conv = pass_conv; + conv.appdata_ptr = password; + status = pam_start("nnrpd", username, &conv, &pamh); +- if (status != PAM_SUCCESS) ++ if (status != PAM_SUCCESS) { + die("pam_start failed: %s", pam_strerror(pamh, status)); ++ } + status = pam_authenticate(pamh, PAM_SILENT); +- if (status != PAM_SUCCESS) ++ if (status != PAM_SUCCESS) { + die("pam_authenticate failed: %s", pam_strerror(pamh, status)); ++ } + status = pam_acct_mgmt(pamh, PAM_SILENT); +- if (status != PAM_SUCCESS) ++ if (status != PAM_SUCCESS) { + die("pam_acct_mgmt failed: %s", pam_strerror(pamh, status)); ++ } + status = pam_end(pamh, status); +- if (status != PAM_SUCCESS) ++ if (status != PAM_SUCCESS) { + die("pam_end failed: %s", pam_strerror(pamh, status)); ++ } + + /* If we get to here, the user successfully authenticated. */ + return true; +@@ -154,8 +159,9 @@ password_dbm(char *name, const char *file) + char *password; + + database = dbm_open(file, O_RDONLY, 0600); +- if (database == NULL) ++ if (database == NULL) { + return NULL; ++ } + key.dptr = name; + key.dsize = strlen(name); + value = dbm_fetch(database, key); +@@ -189,8 +195,10 @@ password_shadow(const char *user) + struct spwd *spwd; + + spwd = getspnam(user); +- if (spwd != NULL) +- return xstrdup(spwd->sp_pwdp); ++ if (spwd != NULL) { ++ char* ret = xstrdup(spwd->sp_pwdp); ++ return ret; ++ } + return NULL; + } + #endif /* HAVE_GETSPNAM */ +@@ -207,8 +215,10 @@ password_system(const char *username) + struct passwd *pwd; + + pwd = getpwnam(username); +- if (pwd != NULL) +- return xstrdup(pwd->pw_passwd); ++ if (pwd != NULL) { ++ char* ret = xstrdup(pwd->pw_passwd); ++ return ret; ++ } + return NULL; + } + +@@ -226,12 +236,15 @@ group_system(const char *username) + struct group *gr; + + pwd = getpwnam(username); +- if (pwd == NULL) ++ if (pwd == NULL) { + return NULL; ++ } + gr = getgrgid(pwd->pw_gid); +- if (gr == NULL) ++ if (gr == NULL) { + return NULL; +- return xstrdup(gr->gr_name); ++ } ++ char* ret = xstrdup(gr->gr_name); ++ return ret; + } + + +@@ -243,12 +256,13 @@ output_user(const char *username, bool wantgroup) + { + if (wantgroup) { + char *group = group_system(username); +- if (group == NULL) ++ if (group == NULL) { + die("group info for user %s not available", username); ++ } + printf("User:%s@%s\n", username, group); +- } +- else ++ } else { + printf("User:%s\n", username); ++ } + } + + +@@ -276,29 +290,35 @@ main(int argc, char *argv[]) + while ((opt = getopt(argc, argv, "gf:u:p:" OPT_DBM OPT_SHADOW)) != -1) { + switch (opt) { + case 'g': +- if (type == AUTH_DBM || type == AUTH_FILE) ++ if (type == AUTH_DBM || type == AUTH_FILE) { + die("-g option is incompatible with -d or -f"); ++ } + wantgroup = true; + break; + case 'd': +- if (type != AUTH_NONE) ++ if (type != AUTH_NONE) { + die("only one of -s, -f, or -d allowed"); +- if (wantgroup) ++ } ++ if (wantgroup) { + die("-g option is incompatible with -d or -f"); ++ } + type = AUTH_DBM; + filename = optarg; + break; + case 'f': +- if (type != AUTH_NONE) ++ if (type != AUTH_NONE) { + die("only one of -s, -f, or -d allowed"); +- if (wantgroup) ++ } ++ if (wantgroup) { + die("-g option is incompatible with -d or -f"); ++ } + type = AUTH_FILE; + filename = optarg; + break; + case 's': +- if (type != AUTH_NONE) ++ if (type != AUTH_NONE) { + die("only one of -s, -f, or -d allowed"); ++ } + type = AUTH_SHADOW; + break; + case 'u': +@@ -319,12 +339,15 @@ main(int argc, char *argv[]) + exit(1); + } + } +- if (argc != optind) +- die("extra arguments given"); +- if (authinfo != NULL && authinfo->username == NULL) ++ if (argc != optind) { ++ die("extra arguments given"); ++ } ++ if (authinfo != NULL && authinfo->username == NULL) { + die("-u option is required if -p option is given"); +- if (authinfo != NULL && authinfo->password == NULL) ++ } ++ if (authinfo != NULL && authinfo->password == NULL) { + die("-p option is required if -u option is given"); ++ } + + // /* Unless a username or password was given on the command line, assume + // we're being run by nnrpd. */ +@@ -339,8 +362,9 @@ main(int argc, char *argv[]) + switch (type) { + case AUTH_SHADOW: + password = password_shadow(authinfo->username); +- if (password == NULL) ++ if (password == NULL) { + password = password_system(authinfo->username); ++ } + break; + // case AUTH_FILE: + // password = password_file(authinfo->username, filename); +@@ -357,10 +381,12 @@ main(int argc, char *argv[]) + break; + } + +- if (password == NULL) ++ if (password == NULL) { + die("user %s unknown", authinfo->username); +- if (strcmp(password, crypt(authinfo->password, password)) != 0) ++ } ++ if (strcmp(password, crypt(authinfo->password, password)) != 0) { + die("invalid password for user %s", authinfo->username); ++ } + + /* The password matched. */ + output_user(authinfo->username, wantgroup); diff --git a/redhat/applications/smartcardauth/smartcardauth-14.0.0.spec b/redhat/applications/smartcardauth/smartcardauth-14.0.0.spec index 75d7e35b6..5e5f95dfa 100644 --- a/redhat/applications/smartcardauth/smartcardauth-14.0.0.spec +++ b/redhat/applications/smartcardauth/smartcardauth-14.0.0.spec @@ -1,5 +1,5 @@ # -# spec file for package smartcardauth (version R14.0.0) +# spec file for package smartcardauth (version R14) # # Copyright (c) 2014 Trinity Desktop Environment # @@ -17,7 +17,9 @@ # TDE variables %define tde_epoch 2 +%if "%{?tde_version}" == "" %define tde_version 14.0.0 +%endif %define tde_pkg smartcardauth %define tde_prefix /opt/trinity %define tde_bindir %{tde_prefix}/bin @@ -54,7 +56,7 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Source0: %{name}-%{tde_version}%{?preversion:~%{preversion}}.tar.gz Source1: trinity-%{tde_pkg}-rpmlintrc -Patch0: %{tde_pkg}-%{tde_version}.patch +Patch0: %{tde_pkg}-14.0.0.patch BuildRequires: trinity-tdelibs-devel >= %{tde_version} BuildRequires: trinity-tdebase-devel >= %{tde_version} @@ -137,7 +139,9 @@ in addition to the PKCS certificate functionality %prep %setup -q -n %{name}-%{tde_version}%{?preversion:~%{preversion}} +%if 0%{?rhel} != 6 %patch0 -p1 -b .ftbfs +%endif %__sed -i "Makefile" \ -e "s|/usr/lib/perl5/Chipcard|%{_libdir}/perl5/vendor_perl/Chipcard|g" diff --git a/redhat/applications/smartcardauth/trinity-smartcardauth-rpmlintrc b/redhat/applications/smartcardauth/trinity-smartcardauth-rpmlintrc new file mode 100644 index 000000000..7dc0bac20 --- /dev/null +++ b/redhat/applications/smartcardauth/trinity-smartcardauth-rpmlintrc @@ -0,0 +1 @@ +setBadness('64bit-portability-issue', 0) |