Add patches for sys-auth/poldi.

3 files changed, 335 insertions, 0 deletions

diff --git a/sys-auth/poldi/files/01-debian-specific-0.4.1.diff b/sys-auth/poldi/files/01-debian-specific-0.4.1.diff
new file mode 100644
index 0000000..7e5b9c7
--- /dev/null
+++ b/sys-auth/poldi/files/01-debian-specific-0.4.1.diff
@@ -0,0 +1,288 @@
+Description: Debian specific changes
+  This patch is generated from revision 0.4.1-2.1 of Debian source.
+Author: Debian poldi maintainers
+Reviewed-By: NIIBE Yutaka
+Last-Update: 2013-07-10
+
+Index: poldi-0.4.1/configure.ac
+===================================================================
+--- poldi-0.4.1.orig/configure.ac	2013-07-10 12:22:44.432409857 +0000
++++ poldi-0.4.1/configure.ac	2013-07-10 12:22:44.384409856 +0000
+@@ -215,7 +215,7 @@
+ if test "$have_ksba" = "no"; then
+    AC_MSG_NOTICE([[
+ ***
+-*** libksba not found, building with X.509 authentication support.
++*** libksba not found, building without X.509 authentication support.
+ *** libksba can be retrieved from:
+ ***   URL FIXME
+ *** (at least version $NEED_KSBA_VERSION (API $NEED_KSBA_API) is required).
+Index: poldi-0.4.1/conf/Makefile.am
+===================================================================
+--- poldi-0.4.1.orig/conf/Makefile.am	2013-07-10 12:22:44.432409857 +0000
++++ poldi-0.4.1/conf/Makefile.am	2013-07-10 12:22:44.388409858 +0000
+@@ -33,5 +33,11 @@
+ 		install -m 644 -T $(top_srcdir)/conf/poldi.conf.skel \
+                   $(DESTDIR)$(POLDI_CONF_DIRECTORY)/poldi.conf; \
+ 	fi
++	if test -e $(DESTDIR)$(POLDI_CONF_DIRECTORY)/scdaemon.conf; then \
++		echo "$(DESTDIR)$(POLDI_CONF_DIRECTORY)/scdaemon.conf exists, doing nothing here"; \
++	else \
++		install -m 644 -T $(top_srcdir)/conf/scdaemon.conf.skel \
++                  $(DESTDIR)$(POLDI_CONF_DIRECTORY)/scdaemon.conf; \
++	fi
+ 
+-EXTRA_DIST = poldi.conf.skel users.skel README.keys
++EXTRA_DIST = poldi.conf.skel users.skel scdaemon.conf.skel README.keys
+Index: poldi-0.4.1/MIGRATION
+===================================================================
+--- poldi-0.4.1.orig/MIGRATION	2013-07-10 12:22:44.432409857 +0000
++++ poldi-0.4.1/MIGRATION	2013-07-10 12:22:44.372409854 +0000
+@@ -51,3 +51,5 @@
+   - "fake-wait-for-card"
+   - "require-card-switch"
+   - "wait-timeout"
++  - "try_pin"
++  - "quiet"
+Index: poldi-0.4.1/TODO
+===================================================================
+--- poldi-0.4.1.orig/TODO	2013-07-10 12:22:44.432409857 +0000
++++ poldi-0.4.1/TODO	2013-07-10 12:22:44.372409854 +0000
+@@ -2,6 +2,9 @@
+ * allow for Dirmngr to be started on demand (in pipe mode) (NO <- Why?!)
+ 
+ Low priority:
++* allow user to skip card authentication without submitting a wrong
++   PIN to the card, e.g. by entering an empty PIN? Return
++   PAM_CRED_INSUFFICIENT in that case? PAM_AUTHINFO_UNAVAIL? PAM_AUTH_ERR?
+ * figure out what exactly the dependencies on the OpenPGP smartcard are.
+ * improve doc
+ * work on MIGRATION text
+Index: poldi-0.4.1/src/scd/scd.c
+===================================================================
+--- poldi-0.4.1.orig/src/scd/scd.c	2013-07-10 12:22:44.432409857 +0000
++++ poldi-0.4.1/src/scd/scd.c	2013-07-10 12:22:44.384409856 +0000
+@@ -326,7 +326,7 @@
+ 	 fallback: spawn a new scdaemon.  */
+ 
+       const char *pgmname;
+-      const char *argv[3];
++      const char *argv[6];
+       int no_close_list[3];
+       int i;
+ 
+@@ -352,7 +352,13 @@
+ 
+       argv[0] = pgmname;
+       argv[1] = "--server";
+-      argv[2] = NULL;
++      argv[2] = "--options";
++      argv[3] = "/etc/poldi/scdaemon.conf";
++      if (flags & SCD_FLAG_VERBOSE)
++	argv[4] = "-v";
++      else
++	argv[4] = NULL;
++      argv[5] = NULL;
+ 
+       i=0;
+ 
+@@ -362,7 +368,8 @@
+       if (log_get_fd () != -1)
+         no_close_list[i++] = log_get_fd ();
+ #endif
+-      no_close_list[i++] = fileno (stderr);
++      if (flags & SCD_FLAG_VERBOSE)
++	no_close_list[i++] = fileno (stderr);
+       no_close_list[i] = -1;
+ 
+       /* connect to the agent and perform initial handshaking */
+Index: poldi-0.4.1/src/pam/pam_poldi.c
+===================================================================
+--- poldi-0.4.1.orig/src/pam/pam_poldi.c	2013-07-10 12:22:44.432409857 +0000
++++ poldi-0.4.1/src/pam/pam_poldi.c	2013-07-10 12:22:44.384409856 +0000
+@@ -480,16 +480,16 @@
+     {
+       if (ctx->debug)
+ 	log_msg_debug (ctx->loghandle, _("Waiting for card for user `%s'..."), pam_username);
+-      conv_tell (ctx->conv, _("Waiting for card for user `%s'..."), pam_username);
++      conv_tell (ctx->conv, _("Insert authentication card for user `%s'"), pam_username);
+     }
+   else
+     {
+       if (ctx->debug)
+ 	log_msg_debug (ctx->loghandle, _("Waiting for card..."));
+-      conv_tell (ctx->conv, _("Waiting for card..."));
++      conv_tell (ctx->conv, _("Insert authentication card"));
+     }
+ 
+-  err = wait_for_card (ctx->scd, 0);
++  err = wait_for_card (ctx->scd, 3);
+   if (err)
+     {
+       log_msg_error (ctx->loghandle,
+Index: poldi-0.4.1/src/pam/auth-support/getpin-cb.c
+===================================================================
+--- poldi-0.4.1.orig/src/pam/auth-support/getpin-cb.c	2013-07-10 12:22:44.432409857 +0000
++++ poldi-0.4.1/src/pam/auth-support/getpin-cb.c	2013-07-10 12:22:44.384409856 +0000
+@@ -81,9 +81,15 @@
+ 	 Shouldn't they be done in scdaemon itself?  -mo */
+ 
+       if (strlen (buffer) < 6)	/* FIXME? is it really minimum of 6 bytes? */
+-	log_msg_error (ctx->loghandle, _("invalid PIN"));
+-      else if (!all_digitsp (buffer))
+-	log_msg_error (ctx->loghandle, _("invalid characters in PIN"));
++	{
++	  log_msg_error (ctx->loghandle, _("PIN too short"));
++	  conv_tell(ctx->conv, "%s", _("PIN too short"));
++	}
++/*       else if (!all_digitsp (buffer)) */
++/* 	{ */
++/* 	  log_msg_error (ctx->loghandle, _("invalid characters in PIN")); */
++/* 	  conv_tell(ctx->conv, "%s", _("invalid characters in PIN")); */
++/* 	} */
+       else
+ 	break;
+     }
+@@ -235,7 +241,7 @@
+ 	err = query_user (ctx, info_frobbed, buf, maxbuf);
+       else
+ 	/* Use string which is more user friendly. */
+-	err = query_user (ctx, _("||Please enter the PIN"), buf, maxbuf);
++	err = query_user (ctx, _("Please enter the PIN: "), buf, maxbuf);
+     }
+   else
+     {
+@@ -254,7 +260,7 @@
+ 	  if (info_frobbed)
+ 	    err = keypad_mode_enter (ctx, info_frobbed);
+ 	  else
+-	    err = keypad_mode_enter (ctx, _("||Please enter the PIN"));
++	    err = keypad_mode_enter (ctx, _("Please enter the PIN: "));
+ 	}
+       else
+         err = gpg_error (GPG_ERR_INV_VALUE); /* FIXME: must signal
+Index: poldi-0.4.1/src/pam/auth-method-localdb/auth-localdb.c
+===================================================================
+--- poldi-0.4.1.orig/src/pam/auth-method-localdb/auth-localdb.c	2013-07-10 12:22:44.432409857 +0000
++++ poldi-0.4.1/src/pam/auth-method-localdb/auth-localdb.c	2013-07-10 12:22:44.384409856 +0000
+@@ -117,10 +117,12 @@
+     username = username_desired;
+ 
+   if (ctx->debug)
+-    log_msg_debug (ctx->conv,
+-		   _("Trying authentication as user `%s'..."), username);
+-  conv_tell (ctx->conv,
+-	     _("Trying authentication as user `%s'..."), username);
++    {
++      log_msg_debug (ctx->conv,
++		     _("Trying authentication as user `%s'..."), username);
++      conv_tell (ctx->conv,
++		 _("Trying authentication as user `%s'..."), username);
++    }
+ 
+   /* Verify (again) that the given account is associated with the
+      serial number.  */
+@@ -128,12 +130,14 @@
+   if (err)
+     {
+       if (ctx->debug)
+-	log_msg_debug (ctx->loghandle,
+-		       _("Serial number %s is not associated with user %s"),
+-		       ctx->cardinfo.serialno, username);
+-      conv_tell (ctx->conv,
+-		 _("Serial number %s is not associated with user %s"),
+-		 ctx->cardinfo.serialno, username);
++	{
++	  log_msg_debug (ctx->loghandle,
++			 _("Serial number %s is not associated with user %s"),
++			 ctx->cardinfo.serialno, username);
++	  conv_tell (ctx->conv,
++		     _("Serial number %s is not associated with user %s"),
++		     ctx->cardinfo.serialno, username);
++	}
+       err = gcry_error (GPG_ERR_INV_NAME);
+       goto out;
+     }
+Index: poldi-0.4.1/tests/Makefile.in
+===================================================================
+--- poldi-0.4.1.orig/tests/Makefile.in	2013-07-10 12:22:44.432409857 +0000
++++ poldi-0.4.1/tests/Makefile.in	2013-07-10 12:22:44.384409856 +0000
+@@ -220,7 +220,7 @@
+ top_srcdir = @top_srcdir@
+ parse_test_SOURCES = parse-test.c
+ parse_test_CFLAGS = -Wall -I$(top_srcdir)/src/util -I$(top_srcdir)/src
+-parse_test_LDADD = $(top_builddir)/src/util/libpoldi-util.a -lgcrypt
++parse_test_LDADD = $(top_builddir)/src/util/libpoldi-util.a -lgcrypt -lgpg-error
+ pam_test_SOURCES = pam-test.c
+ pam_test_CFLAGS = -Wall
+ pam_test_LDADD = -lpam -lpam_misc
+Index: poldi-0.4.1/conf/scdaemon.conf.skel
+===================================================================
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
++++ poldi-0.4.1/conf/scdaemon.conf.skel	2013-07-10 12:22:44.388409858 +0000
+@@ -0,0 +1 @@
++#
+Index: poldi-0.4.1/conf/Makefile.in
+===================================================================
+--- poldi-0.4.1.orig/conf/Makefile.in	2013-07-10 12:22:44.432409857 +0000
++++ poldi-0.4.1/conf/Makefile.in	2013-07-10 12:22:44.388409858 +0000
+@@ -195,7 +195,7 @@
+ target_vendor = @target_vendor@
+ top_builddir = @top_builddir@
+ top_srcdir = @top_srcdir@
+-EXTRA_DIST = poldi.conf.skel users.skel README.keys
++EXTRA_DIST = poldi.conf.skel users.skel scdaemon.conf.skel README.keys
+ all: all-am
+ 
+ .SUFFIXES:
+@@ -372,6 +372,12 @@
+ 		install -m 644 -T $(top_srcdir)/conf/poldi.conf.skel \
+                   $(DESTDIR)$(POLDI_CONF_DIRECTORY)/poldi.conf; \
+ 	fi
++	if test -e $(DESTDIR)$(POLDI_CONF_DIRECTORY)/scdaemon.conf; then \
++		echo "$(DESTDIR)$(POLDI_CONF_DIRECTORY)/scdaemon.conf exists, doing nothing here"; \
++	else \
++		install -m 644 -T $(top_srcdir)/conf/scdaemon.conf.skel \
++                  $(DESTDIR)$(POLDI_CONF_DIRECTORY)/scdaemon.conf; \
++	fi
+ # Tell versions [3.59,3.63) of GNU make to not export all variables.
+ # Otherwise a system limit (for SysV at least) may be exceeded.
+ .NOEXPORT:
+Index: poldi-0.4.1/conf/poldi.conf.skel
+===================================================================
+--- poldi-0.4.1.orig/conf/poldi.conf.skel	2013-07-10 12:22:44.432409857 +0000
++++ poldi-0.4.1/conf/poldi.conf.skel	2013-07-10 12:22:44.388409858 +0000
+@@ -5,10 +5,10 @@
+ auth-method localdb
+ 
+ # Specify the log file:
+-log-file /home/moritz/logs/poldi.txt
++log-file /var/log/poldi
+ 
+ # Enable debugging messages
+-debug
++# debug
+ 
+ # Specify SCDaemon executable
+ scdaemon-program /usr/bin/scdaemon
+Index: poldi-0.4.1/configure
+===================================================================
+--- poldi-0.4.1.orig/configure	2013-07-10 12:22:44.432409857 +0000
++++ poldi-0.4.1/configure	2013-07-10 12:22:44.380409854 +0000
+@@ -9869,14 +9869,14 @@
+ if test "$have_ksba" = "no"; then
+    { echo "$as_me:$LINENO:
+ ***
+-*** libksba not found, building with X.509 authentication support.
++*** libksba not found, building without X.509 authentication support.
+ *** libksba can be retrieved from:
+ ***   URL FIXME
+ *** (at least version $NEED_KSBA_VERSION (API $NEED_KSBA_API) is required).
+ ***" >&5
+ echo "$as_me:
+ ***
+-*** libksba not found, building with X.509 authentication support.
++*** libksba not found, building without X.509 authentication support.
+ *** libksba can be retrieved from:
+ ***   URL FIXME
+ *** (at least version $NEED_KSBA_VERSION (API $NEED_KSBA_API) is required).
diff --git a/sys-auth/poldi/files/02-ldflags-0.4.1.diff b/sys-auth/poldi/files/02-ldflags-0.4.1.diff
new file mode 100644
index 0000000..e6737c6
--- /dev/null
+++ b/sys-auth/poldi/files/02-ldflags-0.4.1.diff
@@ -0,0 +1,30 @@
+Description: LDFLAGS should be handled to build PAM module
+Author: NIIBE Yutaka
+Last-Update: 2013-07-10
+
+Index: poldi-0.4.1/src/pam/Makefile.am
+===================================================================
+--- poldi-0.4.1.orig/src/pam/Makefile.am	2013-07-10 12:48:56.864526379 +0000
++++ poldi-0.4.1/src/pam/Makefile.am	2013-07-10 12:48:56.820526375 +0000
+@@ -61,7 +61,7 @@
+ 
+ pam_poldi.so: libpam_poldi.a $(AUTH_METHODS_LIBS) auth-support/libpam-poldi-auth-support.a \
+ 		../scd/libscd_shared.a ../util/libpoldi-util_shared.a
+-	gcc -shared -o pam_poldi.so -Wl,-u,pam_sm_authenticate \
++	$(CC) $(LDFLAGS) -shared -o pam_poldi.so -Wl,-u,pam_sm_authenticate \
+ 		libpam_poldi.a \
+ 		$(AUTH_METHODS_LIBS) auth-support/libpam-poldi-auth-support.a \
+ 		../scd/libscd_shared.a ../util/libpoldi-util_shared.a ../assuan/libassuan.a \
+Index: poldi-0.4.1/src/pam/Makefile.in
+===================================================================
+--- poldi-0.4.1.orig/src/pam/Makefile.in	2013-07-10 12:48:56.864526379 +0000
++++ poldi-0.4.1/src/pam/Makefile.in	2013-07-10 12:48:56.820526375 +0000
+@@ -592,7 +592,7 @@
+ 
+ pam_poldi.so: libpam_poldi.a $(AUTH_METHODS_LIBS) auth-support/libpam-poldi-auth-support.a \
+ 		../scd/libscd_shared.a ../util/libpoldi-util_shared.a
+-	gcc -shared -o pam_poldi.so -Wl,-u,pam_sm_authenticate \
++	$(CC) $(LDFLAGS) -shared -o pam_poldi.so -Wl,-u,pam_sm_authenticate \
+ 		libpam_poldi.a \
+ 		$(AUTH_METHODS_LIBS) auth-support/libpam-poldi-auth-support.a \
+ 		../scd/libscd_shared.a ../util/libpoldi-util_shared.a ../assuan/libassuan.a \
diff --git a/sys-auth/poldi/files/03-fix-auth-localdb.diff b/sys-auth/poldi/files/03-fix-auth-localdb.diff
new file mode 100644
index 0000000..96eface
--- /dev/null
+++ b/sys-auth/poldi/files/03-fix-auth-localdb.diff
@@ -0,0 +1,17 @@
+Description: Bug fix calling log_msg_debug
+Author: NIIBE Yutaka
+Last-Update: 2013-07-10
+
+Index: poldi-0.4.1/src/pam/auth-method-localdb/auth-localdb.c
+===================================================================
+--- poldi-0.4.1.orig/src/pam/auth-method-localdb/auth-localdb.c	2013-07-10 12:57:28.896538720 +0000
++++ poldi-0.4.1/src/pam/auth-method-localdb/auth-localdb.c	2013-07-10 12:57:28.844538737 +0000
+@@ -118,7 +118,7 @@
+ 
+   if (ctx->debug)
+     {
+-      log_msg_debug (ctx->conv,
++      log_msg_debug (ctx->loghandle,
+ 		     _("Trying authentication as user `%s'..."), username);
+       conv_tell (ctx->conv,
+ 		 _("Trying authentication as user `%s'..."), username);