From 0e42b677b03646976cb89753f42674e42f2783a9115b1f1b92ce21c7642aec0d Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Sun, 25 Jan 2009 00:20:58 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openCryptoki?expand=0&rev=8 --- ocki-2.2.6-PIN-backspace.patch | 228 +++++++++++++++++++++++++++++++++ openCryptoki.changes | 5 + openCryptoki.spec | 6 +- 3 files changed, 238 insertions(+), 1 deletion(-) create mode 100644 ocki-2.2.6-PIN-backspace.patch diff --git a/ocki-2.2.6-PIN-backspace.patch b/ocki-2.2.6-PIN-backspace.patch new file mode 100644 index 0000000..90d3424 --- /dev/null +++ b/ocki-2.2.6-PIN-backspace.patch @@ -0,0 +1,228 @@ +--- usr/sbin/pkcsconf/pkcsconf.c ++++ usr/sbin/pkcsconf/pkcsconf.c +@@ -333,7 +333,7 @@ + CK_RV init(void); + void usage(char *); + int echo(int); +-void get_pin(CK_CHAR **); ++int get_pin(CK_CHAR **); + CK_RV cleanup(void); + CK_RV display_pkcs11_info(void); + CK_RV get_slot_list(int, CK_CHAR_PTR); +@@ -499,9 +499,13 @@ + * the SO pin, if not ask for the PIN */ + if (flags & CFG_INITIALIZE){ + if (~flags & CFG_SO_PIN){ +- printf(PKCSINIT_MSG(SOPIN, "Enter the SO PIN: ")); +- fflush(stdout); +- get_pin(&(sopin)); ++ int rc; ++ ++ do { ++ printf(PKCSINIT_MSG(SOPIN, "Enter the SO PIN: ")); ++ fflush(stdout); ++ rc = get_pin(&(sopin)); ++ } while (rc == -EINVAL); + } + rc = init_token(sopin); + } +@@ -511,18 +515,29 @@ + * the New User PIN on the command line if not ask for the PIN and verify it */ + if (flags & CFG_INIT_USER){ + if (~flags & CFG_SO_PIN) { +- printf(PKCSINIT_MSG(SOPIN, "Enter the SO PIN: ")); +- fflush(stdout); +- get_pin(&sopin); ++ int rc; ++ ++ do { ++ printf(PKCSINIT_MSG(SOPIN, "Enter the SO PIN: ")); ++ fflush(stdout); ++ rc = get_pin(&sopin); ++ } while (rc == -EINVAL); + } + if (~flags & CFG_NEW_PIN) { +- printf(PKCSINIT_MSG(NEWUSER, "Enter the new user PIN: ")); +- fflush(stdout); +- get_pin(&newpin); +- newpinlen = strlen(newpin); +- printf(PKCSINIT_MSG(VNEWUSER, "Re-enter the new user PIN: ")); +- fflush(stdout); +- get_pin(&newpin2); ++ int rc; ++ ++ do { ++ printf(PKCSINIT_MSG(NEWUSER, "Enter the new user PIN: ")); ++ fflush(stdout); ++ rc = get_pin(&newpin); ++ } while (rc == -EINVAL); ++ newpinlen = strlen(newpin); ++ do { ++ printf(PKCSINIT_MSG(VNEWUSER, ++ "Re-enter the new user PIN: ")); ++ fflush(stdout); ++ rc = get_pin(&newpin2); ++ } while (rc == -EINVAL); + newpin2len = strlen(newpin2); + if (newpinlen != newpin2len || memcmp(newpin, newpin2, strlen((char *)newpin)) != 0) { + printf(PKCSINIT_MSG(PINMISMATCH, "New PINs do not match.\n")); +@@ -537,18 +552,28 @@ + * current SO PIN and the New PIN in. If not prompt and validate them. */ + if (flags & CFG_SET_SO){ + if (~flags & CFG_SO_PIN) { +- printf(PKCSINIT_MSG(SOPIN, "Enter the SO PIN: ")); +- fflush(stdout); +- get_pin(&sopin); ++ int rc; ++ ++ do { ++ printf(PKCSINIT_MSG(SOPIN, "Enter the SO PIN: ")); ++ fflush(stdout); ++ rc = get_pin(&sopin); ++ } while (rc == -EINVAL); + } + if (~flags & CFG_NEW_PIN) { +- printf(PKCSINIT_MSG(NEWSO, "Enter the new SO PIN: ")); +- fflush(stdout); +- get_pin(&newpin); ++ int rc; ++ ++ do { ++ printf(PKCSINIT_MSG(NEWSO, "Enter the new SO PIN: ")); ++ fflush(stdout); ++ rc = get_pin(&newpin); ++ } while (rc == -EINVAL); + newpinlen = strlen(newpin); +- printf(PKCSINIT_MSG(VNEWSO, "Re-enter the new SO PIN: ")); +- fflush(stdout); +- get_pin(&newpin2); ++ do { ++ printf(PKCSINIT_MSG(VNEWSO, "Re-enter the new SO PIN: ")); ++ fflush(stdout); ++ rc = get_pin(&newpin2); ++ } while (rc == -EINVAL); + newpin2len = strlen(newpin2); + if (newpinlen != newpin2len || memcmp(newpin, newpin2, strlen((char *)newpin)) != 0) { + printf(PKCSINIT_MSG(PINMISMATCH, "New PINs do not match.\n")); +@@ -563,18 +588,26 @@ + * current User PIN and the New PIN in. If not prompt and validate them. */ + if (flags & CFG_SET_USER){ + if (~flags & CFG_USER_PIN) { +- printf(PKCSINIT_MSG(USERPIN, "Enter user PIN: ")); +- fflush(stdout); +- get_pin(&pin); ++ int rc; ++ ++ do { ++ printf(PKCSINIT_MSG(USERPIN, "Enter user PIN: ")); ++ fflush(stdout); ++ rc = get_pin(&pin); ++ } while (rc == -EINVAL); + } + if (~flags & CFG_NEW_PIN) { +- printf(PKCSINIT_MSG(NEWUSER, "Enter the new user PIN: ")); +- fflush(stdout); +- get_pin(&newpin); +- newpinlen = strlen(newpin); +- printf(PKCSINIT_MSG(VNEWUSER, "Re-enter the new user PIN: ")); +- fflush(stdout); +- get_pin(&newpin2); ++ do { ++ printf(PKCSINIT_MSG(NEWUSER, "Enter the new user PIN: ")); ++ fflush(stdout); ++ rc = get_pin(&newpin); ++ } while (rc == -EINVAL); ++ newpinlen = strlen(newpin); ++ do { ++ printf(PKCSINIT_MSG(VNEWUSER, "Re-enter the new user PIN: ")); ++ fflush(stdout); ++ rc = get_pin(&newpin2); ++ } while (rc == -EINVAL); + newpin2len = strlen(newpin2); + if (newpinlen != newpin2len || memcmp(newpin, newpin2, strlen((char *)newpin)) != 0) { + printf(PKCSINIT_MSG(PINMISMATCH, "New PINs do not match.\n")); +@@ -619,41 +652,49 @@ + + } + +-void +-get_pin(CK_CHAR ** pin){ +- int count = 0; +- char buff[PIN_SIZE] = { 0 }, c = 0; +- +- /* Turn off echoing to the terminal when getting the password */ +- echo(FALSE); +- +- /* Get each character and print out a '*' for each input */ +- for (count = 0; (c != LINE_FEED) && (count < PIN_SIZE); count++){ +- buff[count] = getc(stdin); +- c = buff[count]; +- if ((c != LINE_FEED) && (c != BACK_SPACE)) +- printf("*"); +- if (c == BACK_SPACE) { +- printf("%c%c%c", BACK_SPACE, ' ', BACK_SPACE); +- count-=2; +- } +- fflush(stdout); +- } +- +- echo(TRUE); +- +- /* After we get the password go to the next line */ +- printf("\n"); +- fflush(stdout); +- +- /* Allocate 80 bytes for the user PIN. This is large enough for the tokens +- * supported in AIX 5.0 and 5.1 */ +- *pin = (unsigned char *)malloc(PIN_SIZE); +- +- /* Strip the carage return from the user input (it is not part of the PIN) +- * and put the PIN in the return buffer */ +- buff[count-1] = '\0'; //NULL; +- strncpy((char *)*pin, buff, strlen((char *)buff)+1); // keep the trailing null for the strlen ++int get_pin(CK_CHAR **pin) ++{ ++ int count; ++ char buff[PIN_SIZE] = { 0 }, c = 0; ++ int rc = 0; ++ ++ *pin = NULL; ++ /* Turn off echoing to the terminal when getting the password */ ++ echo(FALSE); ++ /* Get each character and print out a '*' for each input */ ++ for (count = 0; (c != LINE_FEED) && (count < PIN_SIZE); count++) { ++ buff[count] = getc(stdin); ++ c = buff[count]; ++ if (c == BACK_SPACE || c == DELETE) { ++ printf("\nBackspace and delete character not allowed. " ++ "Please retry entering your PIN.\n"); ++ rc = -EINVAL; ++ echo(TRUE); ++ fflush(stdout); ++ goto out; ++ } ++ if ((c != LINE_FEED)) ++ printf("*"); ++ fflush(stdout); ++ } ++ echo(TRUE); ++ /* After we get the password go to the next line */ ++ printf("\n"); ++ fflush(stdout); ++ /* Allocate 80 bytes for the user PIN. This is large enough ++ * for the tokens supported in AIX 5.0 and 5.1 */ ++ *pin = (unsigned char *)malloc(PIN_SIZE); ++ if (!(*pin)) { ++ rc = -ENOMEM; ++ goto out; ++ } ++ /* Strip the carage return from the user input (it is not part ++ * of the PIN) and put the PIN in the return buffer */ ++ buff[count - 1] = '\0'; ++ /* keep the trailing null for the strlen */ ++ strncpy((char *)*pin, buff, (strlen((char *)buff) + 1)); ++out: ++ return rc; + } + + int diff --git a/openCryptoki.changes b/openCryptoki.changes index 91eefc8..119856b 100644 --- a/openCryptoki.changes +++ b/openCryptoki.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Jan 23 23:02:19 CET 2009 - jjolly@suse.de + +- Added fix to allow backspacing during PIN entry (bnc#448089) + ------------------------------------------------------------------- Fri Jan 23 07:42:59 CET 2009 - olh@suse.de diff --git a/openCryptoki.spec b/openCryptoki.spec index 3165b73..088ed8f 100644 --- a/openCryptoki.spec +++ b/openCryptoki.spec @@ -30,7 +30,7 @@ Name: openCryptoki BuildRequires: gcc-c++ libica openssl-devel pwdutils Summary: An Implementation of PKCS#11 (Cryptoki) v2.11 for IBM Cryptographic Hardware Version: 2.2.6 -Release: 4 +Release: 6 License: IBM Public License Group: Productivity/Security # :pserver:anonymous@cvs.sourceforge.net:/cvsroot/opencryptoki @@ -38,6 +38,7 @@ Group: Productivity/Security Source: %{oc_cvs_tag}.tar.bz2 Source1: openCryptoki.pkcsslotd Source2: openCryptoki-TFAQ.html +Patch1: ocki-2.2.6-PIN-backspace.patch Url: http://oss.software.ibm.com/developerworks/opensource/opencryptoki BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: /usr/sbin/groupadd /usr/bin/id /usr/sbin/usermod /bin/sed @@ -117,6 +118,7 @@ Accelerator (FC 4960 on pSeries) %prep %setup -q -n %{oc_cvs_tag} cp %{SOURCE2} . +%patch1 %build autoreconf --force --install @@ -259,6 +261,8 @@ ln -sf %{_libdir}/opencryptoki/libopencryptoki.so /usr/lib/pkcs11/PKCS11_API.so6 %endif %changelog +* Fri Jan 23 2009 jjolly@suse.de +- Added fix to allow backspacing during PIN entry (bnc#448089) * Fri Jan 23 2009 olh@suse.de - run ldconfig in postinstall [bnc#417925] * Tue Dec 09 2008 kukuk@suse.de