Description: Debian specific changes This patch is generated from revision 0.4.1-2.1 of Debian source. Author: Debian poldi maintainers Reviewed-By: NIIBE Yutaka Last-Update: 2013-07-10 Index: poldi-0.4.1/configure.ac =================================================================== --- poldi-0.4.1.orig/configure.ac 2013-07-10 12:22:44.432409857 +0000 +++ poldi-0.4.1/configure.ac 2013-07-10 12:22:44.384409856 +0000 @@ -215,7 +215,7 @@ if test "$have_ksba" = "no"; then AC_MSG_NOTICE([[ *** -*** libksba not found, building with X.509 authentication support. +*** libksba not found, building without X.509 authentication support. *** libksba can be retrieved from: *** URL FIXME *** (at least version $NEED_KSBA_VERSION (API $NEED_KSBA_API) is required). Index: poldi-0.4.1/conf/Makefile.am =================================================================== --- poldi-0.4.1.orig/conf/Makefile.am 2013-07-10 12:22:44.432409857 +0000 +++ poldi-0.4.1/conf/Makefile.am 2013-07-10 12:22:44.388409858 +0000 @@ -33,5 +33,11 @@ install -m 644 -T $(top_srcdir)/conf/poldi.conf.skel \ $(DESTDIR)$(POLDI_CONF_DIRECTORY)/poldi.conf; \ fi + if test -e $(DESTDIR)$(POLDI_CONF_DIRECTORY)/scdaemon.conf; then \ + echo "$(DESTDIR)$(POLDI_CONF_DIRECTORY)/scdaemon.conf exists, doing nothing here"; \ + else \ + install -m 644 -T $(top_srcdir)/conf/scdaemon.conf.skel \ + $(DESTDIR)$(POLDI_CONF_DIRECTORY)/scdaemon.conf; \ + fi -EXTRA_DIST = poldi.conf.skel users.skel README.keys +EXTRA_DIST = poldi.conf.skel users.skel scdaemon.conf.skel README.keys Index: poldi-0.4.1/MIGRATION =================================================================== --- poldi-0.4.1.orig/MIGRATION 2013-07-10 12:22:44.432409857 +0000 +++ poldi-0.4.1/MIGRATION 2013-07-10 12:22:44.372409854 +0000 @@ -51,3 +51,5 @@ - "fake-wait-for-card" - "require-card-switch" - "wait-timeout" + - "try_pin" + - "quiet" Index: poldi-0.4.1/TODO =================================================================== --- poldi-0.4.1.orig/TODO 2013-07-10 12:22:44.432409857 +0000 +++ poldi-0.4.1/TODO 2013-07-10 12:22:44.372409854 +0000 @@ -2,6 +2,9 @@ * allow for Dirmngr to be started on demand (in pipe mode) (NO <- Why?!) Low priority: +* allow user to skip card authentication without submitting a wrong + PIN to the card, e.g. by entering an empty PIN? Return + PAM_CRED_INSUFFICIENT in that case? PAM_AUTHINFO_UNAVAIL? PAM_AUTH_ERR? * figure out what exactly the dependencies on the OpenPGP smartcard are. * improve doc * work on MIGRATION text Index: poldi-0.4.1/src/scd/scd.c =================================================================== --- poldi-0.4.1.orig/src/scd/scd.c 2013-07-10 12:22:44.432409857 +0000 +++ poldi-0.4.1/src/scd/scd.c 2013-07-10 12:22:44.384409856 +0000 @@ -326,7 +326,7 @@ fallback: spawn a new scdaemon. */ const char *pgmname; - const char *argv[3]; + const char *argv[6]; int no_close_list[3]; int i; @@ -352,7 +352,13 @@ argv[0] = pgmname; argv[1] = "--server"; - argv[2] = NULL; + argv[2] = "--options"; + argv[3] = "/etc/poldi/scdaemon.conf"; + if (flags & SCD_FLAG_VERBOSE) + argv[4] = "-v"; + else + argv[4] = NULL; + argv[5] = NULL; i=0; @@ -362,7 +368,8 @@ if (log_get_fd () != -1) no_close_list[i++] = log_get_fd (); #endif - no_close_list[i++] = fileno (stderr); + if (flags & SCD_FLAG_VERBOSE) + no_close_list[i++] = fileno (stderr); no_close_list[i] = -1; /* connect to the agent and perform initial handshaking */ Index: poldi-0.4.1/src/pam/pam_poldi.c =================================================================== --- poldi-0.4.1.orig/src/pam/pam_poldi.c 2013-07-10 12:22:44.432409857 +0000 +++ poldi-0.4.1/src/pam/pam_poldi.c 2013-07-10 12:22:44.384409856 +0000 @@ -480,16 +480,16 @@ { if (ctx->debug) log_msg_debug (ctx->loghandle, _("Waiting for card for user `%s'..."), pam_username); - conv_tell (ctx->conv, _("Waiting for card for user `%s'..."), pam_username); + conv_tell (ctx->conv, _("Insert authentication card for user `%s'"), pam_username); } else { if (ctx->debug) log_msg_debug (ctx->loghandle, _("Waiting for card...")); - conv_tell (ctx->conv, _("Waiting for card...")); + conv_tell (ctx->conv, _("Insert authentication card")); } - err = wait_for_card (ctx->scd, 0); + err = wait_for_card (ctx->scd, 3); if (err) { log_msg_error (ctx->loghandle, Index: poldi-0.4.1/src/pam/auth-support/getpin-cb.c =================================================================== --- poldi-0.4.1.orig/src/pam/auth-support/getpin-cb.c 2013-07-10 12:22:44.432409857 +0000 +++ poldi-0.4.1/src/pam/auth-support/getpin-cb.c 2013-07-10 12:22:44.384409856 +0000 @@ -81,9 +81,15 @@ Shouldn't they be done in scdaemon itself? -mo */ if (strlen (buffer) < 6) /* FIXME? is it really minimum of 6 bytes? */ - log_msg_error (ctx->loghandle, _("invalid PIN")); - else if (!all_digitsp (buffer)) - log_msg_error (ctx->loghandle, _("invalid characters in PIN")); + { + log_msg_error (ctx->loghandle, _("PIN too short")); + conv_tell(ctx->conv, "%s", _("PIN too short")); + } +/* else if (!all_digitsp (buffer)) */ +/* { */ +/* log_msg_error (ctx->loghandle, _("invalid characters in PIN")); */ +/* conv_tell(ctx->conv, "%s", _("invalid characters in PIN")); */ +/* } */ else break; } @@ -235,7 +241,7 @@ err = query_user (ctx, info_frobbed, buf, maxbuf); else /* Use string which is more user friendly. */ - err = query_user (ctx, _("||Please enter the PIN"), buf, maxbuf); + err = query_user (ctx, _("Please enter the PIN: "), buf, maxbuf); } else { @@ -254,7 +260,7 @@ if (info_frobbed) err = keypad_mode_enter (ctx, info_frobbed); else - err = keypad_mode_enter (ctx, _("||Please enter the PIN")); + err = keypad_mode_enter (ctx, _("Please enter the PIN: ")); } else err = gpg_error (GPG_ERR_INV_VALUE); /* FIXME: must signal Index: poldi-0.4.1/src/pam/auth-method-localdb/auth-localdb.c =================================================================== --- poldi-0.4.1.orig/src/pam/auth-method-localdb/auth-localdb.c 2013-07-10 12:22:44.432409857 +0000 +++ poldi-0.4.1/src/pam/auth-method-localdb/auth-localdb.c 2013-07-10 12:22:44.384409856 +0000 @@ -117,10 +117,12 @@ username = username_desired; if (ctx->debug) - log_msg_debug (ctx->conv, - _("Trying authentication as user `%s'..."), username); - conv_tell (ctx->conv, - _("Trying authentication as user `%s'..."), username); + { + log_msg_debug (ctx->conv, + _("Trying authentication as user `%s'..."), username); + conv_tell (ctx->conv, + _("Trying authentication as user `%s'..."), username); + } /* Verify (again) that the given account is associated with the serial number. */ @@ -128,12 +130,14 @@ if (err) { if (ctx->debug) - log_msg_debug (ctx->loghandle, - _("Serial number %s is not associated with user %s"), - ctx->cardinfo.serialno, username); - conv_tell (ctx->conv, - _("Serial number %s is not associated with user %s"), - ctx->cardinfo.serialno, username); + { + log_msg_debug (ctx->loghandle, + _("Serial number %s is not associated with user %s"), + ctx->cardinfo.serialno, username); + conv_tell (ctx->conv, + _("Serial number %s is not associated with user %s"), + ctx->cardinfo.serialno, username); + } err = gcry_error (GPG_ERR_INV_NAME); goto out; } Index: poldi-0.4.1/tests/Makefile.in =================================================================== --- poldi-0.4.1.orig/tests/Makefile.in 2013-07-10 12:22:44.432409857 +0000 +++ poldi-0.4.1/tests/Makefile.in 2013-07-10 12:22:44.384409856 +0000 @@ -220,7 +220,7 @@ top_srcdir = @top_srcdir@ parse_test_SOURCES = parse-test.c parse_test_CFLAGS = -Wall -I$(top_srcdir)/src/util -I$(top_srcdir)/src -parse_test_LDADD = $(top_builddir)/src/util/libpoldi-util.a -lgcrypt +parse_test_LDADD = $(top_builddir)/src/util/libpoldi-util.a -lgcrypt -lgpg-error pam_test_SOURCES = pam-test.c pam_test_CFLAGS = -Wall pam_test_LDADD = -lpam -lpam_misc Index: poldi-0.4.1/conf/scdaemon.conf.skel =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ poldi-0.4.1/conf/scdaemon.conf.skel 2013-07-10 12:22:44.388409858 +0000 @@ -0,0 +1 @@ +# Index: poldi-0.4.1/conf/Makefile.in =================================================================== --- poldi-0.4.1.orig/conf/Makefile.in 2013-07-10 12:22:44.432409857 +0000 +++ poldi-0.4.1/conf/Makefile.in 2013-07-10 12:22:44.388409858 +0000 @@ -195,7 +195,7 @@ target_vendor = @target_vendor@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -EXTRA_DIST = poldi.conf.skel users.skel README.keys +EXTRA_DIST = poldi.conf.skel users.skel scdaemon.conf.skel README.keys all: all-am .SUFFIXES: @@ -372,6 +372,12 @@ install -m 644 -T $(top_srcdir)/conf/poldi.conf.skel \ $(DESTDIR)$(POLDI_CONF_DIRECTORY)/poldi.conf; \ fi + if test -e $(DESTDIR)$(POLDI_CONF_DIRECTORY)/scdaemon.conf; then \ + echo "$(DESTDIR)$(POLDI_CONF_DIRECTORY)/scdaemon.conf exists, doing nothing here"; \ + else \ + install -m 644 -T $(top_srcdir)/conf/scdaemon.conf.skel \ + $(DESTDIR)$(POLDI_CONF_DIRECTORY)/scdaemon.conf; \ + fi # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: Index: poldi-0.4.1/conf/poldi.conf.skel =================================================================== --- poldi-0.4.1.orig/conf/poldi.conf.skel 2013-07-10 12:22:44.432409857 +0000 +++ poldi-0.4.1/conf/poldi.conf.skel 2013-07-10 12:22:44.388409858 +0000 @@ -5,10 +5,10 @@ auth-method localdb # Specify the log file: -log-file /home/moritz/logs/poldi.txt +log-file /var/log/poldi # Enable debugging messages -debug +# debug # Specify SCDaemon executable scdaemon-program /usr/bin/scdaemon Index: poldi-0.4.1/configure =================================================================== --- poldi-0.4.1.orig/configure 2013-07-10 12:22:44.432409857 +0000 +++ poldi-0.4.1/configure 2013-07-10 12:22:44.380409854 +0000 @@ -9869,14 +9869,14 @@ if test "$have_ksba" = "no"; then { echo "$as_me:$LINENO: *** -*** libksba not found, building with X.509 authentication support. +*** libksba not found, building without X.509 authentication support. *** libksba can be retrieved from: *** URL FIXME *** (at least version $NEED_KSBA_VERSION (API $NEED_KSBA_API) is required). ***" >&5 echo "$as_me: *** -*** libksba not found, building with X.509 authentication support. +*** libksba not found, building without X.509 authentication support. *** libksba can be retrieved from: *** URL FIXME *** (at least version $NEED_KSBA_VERSION (API $NEED_KSBA_API) is required).