pool/openCryptoki
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openCryptoki?expand=0&rev=8

Browse Source
This commit is contained in:
OBS User unknown 2009-01-25 00:20:58 +00:00 committed by Git OBS Bridge
parent 84ae498888
commit 0e42b677b0
3 changed files with 238 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

228
ocki-2.2.6-PIN-backspace.patch Normal file
View File

@ -0,0 +1,228 @@
--- usr/sbin/pkcsconf/pkcsconf.c
+++ usr/sbin/pkcsconf/pkcsconf.c
@@ -333,7 +333,7 @@
CK_RV init(void);
void usage(char *);
int echo(int);
-void get_pin(CK_CHAR **);
+int get_pin(CK_CHAR **);
CK_RV cleanup(void);
CK_RV display_pkcs11_info(void);
CK_RV get_slot_list(int, CK_CHAR_PTR);
@@ -499,9 +499,13 @@
* the SO pin, if not ask for the PIN */
if (flags & CFG_INITIALIZE){
if (~flags & CFG_SO_PIN){
- printf(PKCSINIT_MSG(SOPIN, "Enter the SO PIN: "));
- fflush(stdout);
- get_pin(&(sopin));
+ int rc;
+
+ do {
+ printf(PKCSINIT_MSG(SOPIN, "Enter the SO PIN: "));
+ fflush(stdout);
+ rc = get_pin(&(sopin));
+ } while (rc == -EINVAL);
}
rc = init_token(sopin);
}
@@ -511,18 +515,29 @@
* the New User PIN on the command line if not ask for the PIN and verify it */
if (flags & CFG_INIT_USER){
if (~flags & CFG_SO_PIN) {
- printf(PKCSINIT_MSG(SOPIN, "Enter the SO PIN: "));
- fflush(stdout);
- get_pin(&sopin);
+ int rc;
+
+ do {
+ printf(PKCSINIT_MSG(SOPIN, "Enter the SO PIN: "));
+ fflush(stdout);
+ rc = get_pin(&sopin);
+ } while (rc == -EINVAL);
}
if (~flags & CFG_NEW_PIN) {
- printf(PKCSINIT_MSG(NEWUSER, "Enter the new user PIN: "));
- fflush(stdout);
- get_pin(&newpin);
- newpinlen = strlen(newpin);
- printf(PKCSINIT_MSG(VNEWUSER, "Re-enter the new user PIN: "));
- fflush(stdout);
- get_pin(&newpin2);
+ int rc;
+
+ do {
+ printf(PKCSINIT_MSG(NEWUSER, "Enter the new user PIN: "));
+ fflush(stdout);
+ rc = get_pin(&newpin);
+ } while (rc == -EINVAL);
+ newpinlen = strlen(newpin);
+ do {
+ printf(PKCSINIT_MSG(VNEWUSER,
+ "Re-enter the new user PIN: "));
+ fflush(stdout);
+ rc = get_pin(&newpin2);
+ } while (rc == -EINVAL);
newpin2len = strlen(newpin2);
if (newpinlen != newpin2len || memcmp(newpin, newpin2, strlen((char *)newpin)) != 0) {
printf(PKCSINIT_MSG(PINMISMATCH, "New PINs do not match.\n"));
@@ -537,18 +552,28 @@
* current SO PIN and the New PIN in. If not prompt and validate them. */
if (flags & CFG_SET_SO){
if (~flags & CFG_SO_PIN) {
- printf(PKCSINIT_MSG(SOPIN, "Enter the SO PIN: "));
- fflush(stdout);
- get_pin(&sopin);
+ int rc;
+
+ do {
+ printf(PKCSINIT_MSG(SOPIN, "Enter the SO PIN: "));
+ fflush(stdout);
+ rc = get_pin(&sopin);
+ } while (rc == -EINVAL);
}
if (~flags & CFG_NEW_PIN) {
- printf(PKCSINIT_MSG(NEWSO, "Enter the new SO PIN: "));
- fflush(stdout);
- get_pin(&newpin);
+ int rc;
+
+ do {
+ printf(PKCSINIT_MSG(NEWSO, "Enter the new SO PIN: "));
+ fflush(stdout);
+ rc = get_pin(&newpin);
+ } while (rc == -EINVAL);
newpinlen = strlen(newpin);
- printf(PKCSINIT_MSG(VNEWSO, "Re-enter the new SO PIN: "));
- fflush(stdout);
- get_pin(&newpin2);
+ do {
+ printf(PKCSINIT_MSG(VNEWSO, "Re-enter the new SO PIN: "));
+ fflush(stdout);
+ rc = get_pin(&newpin2);
+ } while (rc == -EINVAL);
newpin2len = strlen(newpin2);
if (newpinlen != newpin2len || memcmp(newpin, newpin2, strlen((char *)newpin)) != 0) {
printf(PKCSINIT_MSG(PINMISMATCH, "New PINs do not match.\n"));
@@ -563,18 +588,26 @@
* current User PIN and the New PIN in. If not prompt and validate them. */
if (flags & CFG_SET_USER){
if (~flags & CFG_USER_PIN) {
- printf(PKCSINIT_MSG(USERPIN, "Enter user PIN: "));
- fflush(stdout);
- get_pin(&pin);
+ int rc;
+
+ do {
+ printf(PKCSINIT_MSG(USERPIN, "Enter user PIN: "));
+ fflush(stdout);
+ rc = get_pin(&pin);
+ } while (rc == -EINVAL);
}
if (~flags & CFG_NEW_PIN) {
- printf(PKCSINIT_MSG(NEWUSER, "Enter the new user PIN: "));
- fflush(stdout);
- get_pin(&newpin);
- newpinlen = strlen(newpin);
- printf(PKCSINIT_MSG(VNEWUSER, "Re-enter the new user PIN: "));
- fflush(stdout);
- get_pin(&newpin2);
+ do {
+ printf(PKCSINIT_MSG(NEWUSER, "Enter the new user PIN: "));
+ fflush(stdout);
+ rc = get_pin(&newpin);
+ } while (rc == -EINVAL);
+ newpinlen = strlen(newpin);
+ do {
+ printf(PKCSINIT_MSG(VNEWUSER, "Re-enter the new user PIN: "));
+ fflush(stdout);
+ rc = get_pin(&newpin2);
+ } while (rc == -EINVAL);
newpin2len = strlen(newpin2);
if (newpinlen != newpin2len || memcmp(newpin, newpin2, strlen((char *)newpin)) != 0) {
printf(PKCSINIT_MSG(PINMISMATCH, "New PINs do not match.\n"));
@@ -619,41 +652,49 @@
}
-void
-get_pin(CK_CHAR ** pin){
- int count = 0;
- char buff[PIN_SIZE] = { 0 }, c = 0;
-
- /* Turn off echoing to the terminal when getting the password */
- echo(FALSE);
-
- /* Get each character and print out a '*' for each input */
- for (count = 0; (c != LINE_FEED) && (count < PIN_SIZE); count++){
- buff[count] = getc(stdin);
- c = buff[count];
- if ((c != LINE_FEED) && (c != BACK_SPACE))
- printf("*");
- if (c == BACK_SPACE) {
- printf("%c%c%c", BACK_SPACE, ' ', BACK_SPACE);
- count-=2;
- }
- fflush(stdout);
- }
-
- echo(TRUE);
-
- /* After we get the password go to the next line */
- printf("\n");
- fflush(stdout);
-
- /* Allocate 80 bytes for the user PIN. This is large enough for the tokens
- * supported in AIX 5.0 and 5.1 */
- *pin = (unsigned char *)malloc(PIN_SIZE);
-
- /* Strip the carage return from the user input (it is not part of the PIN)
- * and put the PIN in the return buffer */
- buff[count-1] = '\0'; //NULL;
- strncpy((char *)*pin, buff, strlen((char *)buff)+1); // keep the trailing null for the strlen
+int get_pin(CK_CHAR **pin)
+{
+ int count;
+ char buff[PIN_SIZE] = { 0 }, c = 0;
+ int rc = 0;
+
+ *pin = NULL;
+ /* Turn off echoing to the terminal when getting the password */
+ echo(FALSE);
+ /* Get each character and print out a '*' for each input */
+ for (count = 0; (c != LINE_FEED) && (count < PIN_SIZE); count++) {
+ buff[count] = getc(stdin);
+ c = buff[count];
+ if (c == BACK_SPACE || c == DELETE) {
+ printf("\nBackspace and delete character not allowed. "
+ "Please retry entering your PIN.\n");
+ rc = -EINVAL;
+ echo(TRUE);
+ fflush(stdout);
+ goto out;
+ }
+ if ((c != LINE_FEED))
+ printf("*");
+ fflush(stdout);
+ }
+ echo(TRUE);
+ /* After we get the password go to the next line */
+ printf("\n");
+ fflush(stdout);
+ /* Allocate 80 bytes for the user PIN. This is large enough
+ * for the tokens supported in AIX 5.0 and 5.1 */
+ *pin = (unsigned char *)malloc(PIN_SIZE);
+ if (!(*pin)) {
+ rc = -ENOMEM;
+ goto out;
+ }
+ /* Strip the carage return from the user input (it is not part
+ * of the PIN) and put the PIN in the return buffer */
+ buff[count - 1] = '\0';
+ /* keep the trailing null for the strlen */
+ strncpy((char *)*pin, buff, (strlen((char *)buff) + 1));
+out:
+ return rc;
}
int

5
openCryptoki.changes
View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Fri Jan 23 23:02:19 CET 2009 - jjolly@suse.de
- Added fix to allow backspacing during PIN entry (bnc#448089)
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Jan 23 07:42:59 CET 2009 - olh@suse.de Fri Jan 23 07:42:59 CET 2009 - olh@suse.de

6
openCryptoki.spec
View File

@ -30,7 +30,7 @@ Name: openCryptoki
BuildRequires: gcc-c++ libica openssl-devel pwdutils BuildRequires: gcc-c++ libica openssl-devel pwdutils
Summary: An Implementation of PKCS#11 (Cryptoki) v2.11 for IBM Cryptographic Hardware Summary: An Implementation of PKCS#11 (Cryptoki) v2.11 for IBM Cryptographic Hardware
Version: 2.2.6 Version: 2.2.6
Release: 4 Release: 6
License: IBM Public License License: IBM Public License
Group: Productivity/Security Group: Productivity/Security
# :pserver:anonymous@cvs.sourceforge.net:/cvsroot/opencryptoki # :pserver:anonymous@cvs.sourceforge.net:/cvsroot/opencryptoki
@ -38,6 +38,7 @@ Group: Productivity/Security
Source: %{oc_cvs_tag}.tar.bz2 Source: %{oc_cvs_tag}.tar.bz2
Source1: openCryptoki.pkcsslotd Source1: openCryptoki.pkcsslotd
Source2: openCryptoki-TFAQ.html Source2: openCryptoki-TFAQ.html
Patch1: ocki-2.2.6-PIN-backspace.patch
Url: http://oss.software.ibm.com/developerworks/opensource/opencryptoki Url: http://oss.software.ibm.com/developerworks/opensource/opencryptoki
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: /usr/sbin/groupadd /usr/bin/id /usr/sbin/usermod /bin/sed PreReq: /usr/sbin/groupadd /usr/bin/id /usr/sbin/usermod /bin/sed
@ -117,6 +118,7 @@ Accelerator (FC 4960 on pSeries)
%prep %prep
%setup -q -n %{oc_cvs_tag} %setup -q -n %{oc_cvs_tag}
cp %{SOURCE2} . cp %{SOURCE2} .
%patch1
%build %build
autoreconf --force --install autoreconf --force --install
@ -259,6 +261,8 @@ ln -sf %{_libdir}/opencryptoki/libopencryptoki.so /usr/lib/pkcs11/PKCS11_API.so6
%endif %endif
%changelog %changelog
* Fri Jan 23 2009 jjolly@suse.de
- Added fix to allow backspacing during PIN entry (bnc#448089)
* Fri Jan 23 2009 olh@suse.de * Fri Jan 23 2009 olh@suse.de
- run ldconfig in postinstall [bnc#417925] - run ldconfig in postinstall [bnc#417925]
* Tue Dec 09 2008 kukuk@suse.de * Tue Dec 09 2008 kukuk@suse.de