diff options
| author |   Daniel Black <dragonheart@gentoo.org> | 2006-09-19 21:19:49 +0000 |
|---|---|---|
| committer | Daniel Black <dragonheart@gentoo.org> | 2006-09-19 21:19:49 +0000 |
| commit | 2ad0416467ea62ee633b5974fd4172341933abf5 (patch) | |
| tree | 7a4573725155dbe59309c06ba8825fb31c25a751 /sys-auth/pam_pkcs11/files | |
| parent | Version Bump. (diff) | |
| download | gentoo-2-2ad0416467ea62ee633b5974fd4172341933abf5.tar.gz gentoo-2-2ad0416467ea62ee633b5974fd4172341933abf5.tar.bz2 gentoo-2-2ad0416467ea62ee633b5974fd4172341933abf5.zip | |
fixes numberous PKCS#11 stand violations as per bug #122357. Thanks Alon Bar-Lev for the patches.
(Portage version: 2.1.2_pre1)
Diffstat (limited to 'sys-auth/pam_pkcs11/files')
| -rw-r--r-- | sys-auth/pam_pkcs11/files/digest-pam_pkcs11-0.5.3-r2 | 3 | ||||
| -rw-r--r-- | sys-auth/pam_pkcs11/files/pam_pkcs11-0.5.3-daemon-init.patch | 83 |
2 files changed, 86 insertions, 0 deletions
diff --git a/sys-auth/pam_pkcs11/files/digest-pam_pkcs11-0.5.3-r2 b/sys-auth/pam_pkcs11/files/digest-pam_pkcs11-0.5.3-r2 new file mode 100644 index 000000000000..ebb86f13b7a4 --- /dev/null +++ b/sys-auth/pam_pkcs11/files/digest-pam_pkcs11-0.5.3-r2 @@ -0,0 +1,3 @@ +MD5 607e3ba84b8938eff20c51c597e522c0 pam_pkcs11-0.5.3.tar.gz 576432 +RMD160 b755b1d5d8c666a44944119df74515a206efc1cd pam_pkcs11-0.5.3.tar.gz 576432 +SHA256 f38a92ad5822b5da1bef7c74bfbce1ab1b9a59b01c207b3c3e92402f6be985a4 pam_pkcs11-0.5.3.tar.gz 576432 diff --git a/sys-auth/pam_pkcs11/files/pam_pkcs11-0.5.3-daemon-init.patch b/sys-auth/pam_pkcs11/files/pam_pkcs11-0.5.3-daemon-init.patch new file mode 100644 index 000000000000..8f4ed0547a4c --- /dev/null +++ b/sys-auth/pam_pkcs11/files/pam_pkcs11-0.5.3-daemon-init.patch @@ -0,0 +1,83 @@ +diff -urNp pam_pkcs11-0.5.3/src/common/pkcs11.c pam_pkcs11-0.5.3.new/src/common/pkcs11.c +--- pam_pkcs11-0.5.3/src/common/pkcs11.c 2005-09-12 09:12:55.000000000 +0000 ++++ pam_pkcs11-0.5.3.new/src/common/pkcs11.c 2005-10-05 03:07:30.000000000 +0000 +@@ -82,7 +82,9 @@ int init_pkcs11_module(pkcs11_handle_t * + + /* initialise the module */ + rv = h->fl->C_Initialize(NULL); +- if (rv != CKR_OK) { ++ if (rv == CKR_OK) ++ h->should_finalize = 1; ++ else if (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED) { + set_error("C_Initialize() failed: %x", rv); + return -1; + } +@@ -170,7 +172,8 @@ void release_pkcs11_module(pkcs11_handle + { + /* finalise pkcs #11 module */ + if (h->fl != NULL) +- h->fl->C_Finalize(NULL); ++ if (h->should_finalize) ++ h->fl->C_Finalize(NULL); + /* unload the module */ + if (h->module_handle != NULL) + dlclose(h->module_handle); +diff -urNp pam_pkcs11-0.5.3/src/common/pkcs11.h pam_pkcs11-0.5.3.new/src/common/pkcs11.h +--- pam_pkcs11-0.5.3/src/common/pkcs11.h 2005-09-12 09:12:55.000000000 +0000 ++++ pam_pkcs11-0.5.3.new/src/common/pkcs11.h 2005-10-05 03:07:30.000000000 +0000 +@@ -136,6 +136,7 @@ typedef struct { + typedef struct { + void *module_handle; + CK_FUNCTION_LIST_PTR fl; ++ int should_finalize; + slot_t *slots; + CK_ULONG slot_count; + CK_SESSION_HANDLE session; +diff -urNp pam_pkcs11-0.5.3/src/tools/pkcs11_eventmgr.c pam_pkcs11-0.5.3.new/src/tools/pkcs11_eventmgr.c +--- pam_pkcs11-0.5.3/src/tools/pkcs11_eventmgr.c 2005-09-12 09:12:54.000000000 +0000 ++++ pam_pkcs11-0.5.3.new/src/tools/pkcs11_eventmgr.c 2005-10-05 03:11:24.000000000 +0000 +@@ -283,15 +283,6 @@ int main(int argc, char *argv[]) { + return 1; + } + +- /* open pkcs11 sesion */ +- DBG("initialising pkcs #11 module..."); +- rv = ph.fl->C_Initialize(NULL); +- if (rv != 0) { +- release_pkcs11_module(&ph); +- DBG1("C_Initialize() failed: %d", rv); +- return 1; +- } +- + /* put my self into background if flag is set */ + if (daemonize) { + DBG("Going to be daemon..."); +@@ -303,6 +294,17 @@ int main(int argc, char *argv[]) { + } + } + ++ /* open pkcs11 sesion */ ++ DBG("initialising pkcs #11 module..."); ++ rv = ph.fl->C_Initialize(NULL); ++ if (rv != 0) { ++ release_pkcs11_module(&ph); ++ if (ctx) scconf_free(ctx); ++ DBG1("C_Initialize() failed: %d", rv); ++ return 1; ++ } ++ ph.should_finalize = 1; ++ + /* + * Wait endlessly for all events in the list of readers + * We only stop in case of an error +@@ -324,7 +326,9 @@ int main(int argc, char *argv[]) { + new_state = get_a_token(); + if (new_state == CARD_ERROR) { + DBG("Error trying to get a token"); +- break; ++ rv = ph.fl->C_Finalize(NULL); ++ rv = ph.fl->C_Initialize(NULL); ++ continue; + } + if (old_state == new_state ) { /* state unchanged */ + /* on card not present, increase and check expire time */ |