[pkg-opensc-commit] [pam-p11] 01/01: Read certs again on token login
Eric Dorland
eric at moszumanska.debian.org
Wed Jan 25 06:14:25 UTC 2017
This is an automated email from the git hooks/post-receive script.
eric pushed a commit to branch master
in repository pam-p11.
commit 31bdea0cc7087a961eb6f9076f078895c06da8c6
Author: Eric Dorland <eric at debian.org>
Date: Wed Jan 25 01:09:20 2017 -0500
Read certs again on token login
Thanks Sam Hartman.
Closes: 852039
---
debian/changelog | 7 +++
.../0002-Read-certs-again-on-token-login.patch | 51 ++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 59 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index bbaed78..f8d4a36 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+pam-p11 (0.1.5-7) unstable; urgency=medium
+
+ * debian/patches/0002-Read-certs-again-on-token-login.patch: Read certs
+ again on token login. Thanks Sam Hartman. (Closes: #852039)
+
+ -- Eric Dorland <eric at debian.org> Wed, 25 Jan 2017 01:08:12 -0500
+
pam-p11 (0.1.5-6) unstable; urgency=medium
* debian/control: Explicit build-deps on libssl1.0-dev.
diff --git a/debian/patches/0002-Read-certs-again-on-token-login.patch b/debian/patches/0002-Read-certs-again-on-token-login.patch
new file mode 100644
index 0000000..946291a
--- /dev/null
+++ b/debian/patches/0002-Read-certs-again-on-token-login.patch
@@ -0,0 +1,51 @@
+From: Sam Hartman <hartmans at debian.org>
+Date: Fri, 20 Jan 2017 17:24:05 -0500
+Subject: Read certs again on token login
+
+PKCS11_login destroys all certs and keys retrieved from the token. So
+after logging in it is necessary to enumerate the certificates again.
+Without this, the library is very likely to crash.
+---
+ src/pam_p11.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/pam_p11.c b/src/pam_p11.c
+index a43aa58..8e68553 100644
+--- a/src/pam_p11.c
++++ b/src/pam_p11.c
+@@ -56,6 +56,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc,
+ const char *user;
+ char *password;
+ char password_prompt[64];
++ int loggedin = 0;
+
+ struct pam_conv *conv;
+ struct pam_message msg;
+@@ -119,7 +120,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc,
+ }
+
+ /* get all certs */
+- rv = PKCS11_enumerate_certs(slot->token, &certs, &ncerts);
++ cert_scan: rv = PKCS11_enumerate_certs(slot->token, &certs, &ncerts);
+ if (rv) {
+ pam_syslog(pamh, LOG_ERR, "PKCS11_enumerate_certs failed");
+ rv = PAM_AUTHINFO_UNAVAIL;
+@@ -156,7 +157,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc,
+ goto out;
+ }
+
+- if (!slot->token->loginRequired)
++ if (!slot->token->loginRequired ||loggedin)
+ goto loggedin;
+
+ /* get password */
+@@ -209,6 +210,9 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc,
+ goto out;
+ }
+
++ loggedin = 1;
++ goto cert_scan;
++
+ loggedin:
+ /* get random bytes */
+ fd = open(RANDOM_SOURCE, O_RDONLY);
diff --git a/debian/patches/series b/debian/patches/series
index 2d7f923..771209a 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
0001-Use-INSTALL-instead-of-libLTLIBRARIES_INSTALL.patch
+0002-Read-certs-again-on-token-login.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/pam-p11.git
More information about the pkg-opensc-commit
mailing list