This commit is contained in:
OBS User unknown
Git OBS Bridge
parent
84ae498888
commit
0e42b677b0
228
ocki-2.2.6-PIN-backspace.patch
Normal file
228
ocki-2.2.6-PIN-backspace.patch
Normal file
@ -0,0 +1,228 @@
|
||||
--- usr/sbin/pkcsconf/pkcsconf.c
|
||||
+++ usr/sbin/pkcsconf/pkcsconf.c
|
||||
@@ -333,7 +333,7 @@
|
||||
CK_RV init(void);
|
||||
void usage(char *);
|
||||
int echo(int);
|
||||
-void get_pin(CK_CHAR **);
|
||||
+int get_pin(CK_CHAR **);
|
||||
CK_RV cleanup(void);
|
||||
CK_RV display_pkcs11_info(void);
|
||||
CK_RV get_slot_list(int, CK_CHAR_PTR);
|
||||
@@ -499,9 +499,13 @@
|
||||
* the SO pin, if not ask for the PIN */
|
||||
if (flags & CFG_INITIALIZE){
|
||||
if (~flags & CFG_SO_PIN){
|
||||
- printf(PKCSINIT_MSG(SOPIN, "Enter the SO PIN: "));
|
||||
- fflush(stdout);
|
||||
- get_pin(&(sopin));
|
||||
+ int rc;
|
||||
+
|
||||
+ do {
|
||||
+ printf(PKCSINIT_MSG(SOPIN, "Enter the SO PIN: "));
|
||||
+ fflush(stdout);
|
||||
+ rc = get_pin(&(sopin));
|
||||
+ } while (rc == -EINVAL);
|
||||
}
|
||||
rc = init_token(sopin);
|
||||
}
|
||||
@@ -511,18 +515,29 @@
|
||||
* the New User PIN on the command line if not ask for the PIN and verify it */
|
||||
if (flags & CFG_INIT_USER){
|
||||
if (~flags & CFG_SO_PIN) {
|
||||
- printf(PKCSINIT_MSG(SOPIN, "Enter the SO PIN: "));
|
||||
- fflush(stdout);
|
||||
- get_pin(&sopin);
|
||||
+ int rc;
|
||||
+
|
||||
+ do {
|
||||
+ printf(PKCSINIT_MSG(SOPIN, "Enter the SO PIN: "));
|
||||
+ fflush(stdout);
|
||||
+ rc = get_pin(&sopin);
|
||||
+ } while (rc == -EINVAL);
|
||||
}
|
||||
if (~flags & CFG_NEW_PIN) {
|
||||
- printf(PKCSINIT_MSG(NEWUSER, "Enter the new user PIN: "));
|
||||
- fflush(stdout);
|
||||
- get_pin(&newpin);
|
||||
- newpinlen = strlen(newpin);
|
||||
- printf(PKCSINIT_MSG(VNEWUSER, "Re-enter the new user PIN: "));
|
||||
- fflush(stdout);
|
||||
- get_pin(&newpin2);
|
||||
+ int rc;
|
||||
+
|
||||
+ do {
|
||||
+ printf(PKCSINIT_MSG(NEWUSER, "Enter the new user PIN: "));
|
||||
+ fflush(stdout);
|
||||
+ rc = get_pin(&newpin);
|
||||
+ } while (rc == -EINVAL);
|
||||
+ newpinlen = strlen(newpin);
|
||||
+ do {
|
||||
+ printf(PKCSINIT_MSG(VNEWUSER,
|
||||
+ "Re-enter the new user PIN: "));
|
||||
+ fflush(stdout);
|
||||
+ rc = get_pin(&newpin2);
|
||||
+ } while (rc == -EINVAL);
|
||||
newpin2len = strlen(newpin2);
|
||||
if (newpinlen != newpin2len || memcmp(newpin, newpin2, strlen((char *)newpin)) != 0) {
|
||||
printf(PKCSINIT_MSG(PINMISMATCH, "New PINs do not match.\n"));
|
||||
@@ -537,18 +552,28 @@
|
||||
* current SO PIN and the New PIN in. If not prompt and validate them. */
|
||||
if (flags & CFG_SET_SO){
|
||||
if (~flags & CFG_SO_PIN) {
|
||||
- printf(PKCSINIT_MSG(SOPIN, "Enter the SO PIN: "));
|
||||
- fflush(stdout);
|
||||
- get_pin(&sopin);
|
||||
+ int rc;
|
||||
+
|
||||
+ do {
|
||||
+ printf(PKCSINIT_MSG(SOPIN, "Enter the SO PIN: "));
|
||||
+ fflush(stdout);
|
||||
+ rc = get_pin(&sopin);
|
||||
+ } while (rc == -EINVAL);
|
||||
}
|
||||
if (~flags & CFG_NEW_PIN) {
|
||||
- printf(PKCSINIT_MSG(NEWSO, "Enter the new SO PIN: "));
|
||||
- fflush(stdout);
|
||||
- get_pin(&newpin);
|
||||
+ int rc;
|
||||
+
|
||||
+ do {
|
||||
+ printf(PKCSINIT_MSG(NEWSO, "Enter the new SO PIN: "));
|
||||
+ fflush(stdout);
|
||||
+ rc = get_pin(&newpin);
|
||||
+ } while (rc == -EINVAL);
|
||||
newpinlen = strlen(newpin);
|
||||
- printf(PKCSINIT_MSG(VNEWSO, "Re-enter the new SO PIN: "));
|
||||
- fflush(stdout);
|
||||
- get_pin(&newpin2);
|
||||
+ do {
|
||||
+ printf(PKCSINIT_MSG(VNEWSO, "Re-enter the new SO PIN: "));
|
||||
+ fflush(stdout);
|
||||
+ rc = get_pin(&newpin2);
|
||||
+ } while (rc == -EINVAL);
|
||||
newpin2len = strlen(newpin2);
|
||||
if (newpinlen != newpin2len || memcmp(newpin, newpin2, strlen((char *)newpin)) != 0) {
|
||||
printf(PKCSINIT_MSG(PINMISMATCH, "New PINs do not match.\n"));
|
||||
@@ -563,18 +588,26 @@
|
||||
* current User PIN and the New PIN in. If not prompt and validate them. */
|
||||
if (flags & CFG_SET_USER){
|
||||
if (~flags & CFG_USER_PIN) {
|
||||
- printf(PKCSINIT_MSG(USERPIN, "Enter user PIN: "));
|
||||
- fflush(stdout);
|
||||
- get_pin(&pin);
|
||||
+ int rc;
|
||||
+
|
||||
+ do {
|
||||
+ printf(PKCSINIT_MSG(USERPIN, "Enter user PIN: "));
|
||||
+ fflush(stdout);
|
||||
+ rc = get_pin(&pin);
|
||||
+ } while (rc == -EINVAL);
|
||||
}
|
||||
if (~flags & CFG_NEW_PIN) {
|
||||
- printf(PKCSINIT_MSG(NEWUSER, "Enter the new user PIN: "));
|
||||
- fflush(stdout);
|
||||
- get_pin(&newpin);
|
||||
- newpinlen = strlen(newpin);
|
||||
- printf(PKCSINIT_MSG(VNEWUSER, "Re-enter the new user PIN: "));
|
||||
- fflush(stdout);
|
||||
- get_pin(&newpin2);
|
||||
+ do {
|
||||
+ printf(PKCSINIT_MSG(NEWUSER, "Enter the new user PIN: "));
|
||||
+ fflush(stdout);
|
||||
+ rc = get_pin(&newpin);
|
||||
+ } while (rc == -EINVAL);
|
||||
+ newpinlen = strlen(newpin);
|
||||
+ do {
|
||||
+ printf(PKCSINIT_MSG(VNEWUSER, "Re-enter the new user PIN: "));
|
||||
+ fflush(stdout);
|
||||
+ rc = get_pin(&newpin2);
|
||||
+ } while (rc == -EINVAL);
|
||||
newpin2len = strlen(newpin2);
|
||||
if (newpinlen != newpin2len || memcmp(newpin, newpin2, strlen((char *)newpin)) != 0) {
|
||||
printf(PKCSINIT_MSG(PINMISMATCH, "New PINs do not match.\n"));
|
||||
@@ -619,41 +652,49 @@
|
||||
|
||||
}
|
||||
|
||||
-void
|
||||
-get_pin(CK_CHAR ** pin){
|
||||
- int count = 0;
|
||||
- char buff[PIN_SIZE] = { 0 }, c = 0;
|
||||
-
|
||||
- /* Turn off echoing to the terminal when getting the password */
|
||||
- echo(FALSE);
|
||||
-
|
||||
- /* Get each character and print out a '*' for each input */
|
||||
- for (count = 0; (c != LINE_FEED) && (count < PIN_SIZE); count++){
|
||||
- buff[count] = getc(stdin);
|
||||
- c = buff[count];
|
||||
- if ((c != LINE_FEED) && (c != BACK_SPACE))
|
||||
- printf("*");
|
||||
- if (c == BACK_SPACE) {
|
||||
- printf("%c%c%c", BACK_SPACE, ' ', BACK_SPACE);
|
||||
- count-=2;
|
||||
- }
|
||||
- fflush(stdout);
|
||||
- }
|
||||
-
|
||||
- echo(TRUE);
|
||||
-
|
||||
- /* After we get the password go to the next line */
|
||||
- printf("\n");
|
||||
- fflush(stdout);
|
||||
-
|
||||
- /* Allocate 80 bytes for the user PIN. This is large enough for the tokens
|
||||
- * supported in AIX 5.0 and 5.1 */
|
||||
- *pin = (unsigned char *)malloc(PIN_SIZE);
|
||||
-
|
||||
- /* Strip the carage return from the user input (it is not part of the PIN)
|
||||
- * and put the PIN in the return buffer */
|
||||
- buff[count-1] = '\0'; //NULL;
|
||||
- strncpy((char *)*pin, buff, strlen((char *)buff)+1); // keep the trailing null for the strlen
|
||||
+int get_pin(CK_CHAR **pin)
|
||||
+{
|
||||
+ int count;
|
||||
+ char buff[PIN_SIZE] = { 0 }, c = 0;
|
||||
+ int rc = 0;
|
||||
+
|
||||
+ *pin = NULL;
|
||||
+ /* Turn off echoing to the terminal when getting the password */
|
||||
+ echo(FALSE);
|
||||
+ /* Get each character and print out a '*' for each input */
|
||||
+ for (count = 0; (c != LINE_FEED) && (count < PIN_SIZE); count++) {
|
||||
+ buff[count] = getc(stdin);
|
||||
+ c = buff[count];
|
||||
+ if (c == BACK_SPACE || c == DELETE) {
|
||||
+ printf("\nBackspace and delete character not allowed. "
|
||||
+ "Please retry entering your PIN.\n");
|
||||
+ rc = -EINVAL;
|
||||
+ echo(TRUE);
|
||||
+ fflush(stdout);
|
||||
+ goto out;
|
||||
+ }
|
||||
+ if ((c != LINE_FEED))
|
||||
+ printf("*");
|
||||
+ fflush(stdout);
|
||||
+ }
|
||||
+ echo(TRUE);
|
||||
+ /* After we get the password go to the next line */
|
||||
+ printf("\n");
|
||||
+ fflush(stdout);
|
||||
+ /* Allocate 80 bytes for the user PIN. This is large enough
|
||||
+ * for the tokens supported in AIX 5.0 and 5.1 */
|
||||
+ *pin = (unsigned char *)malloc(PIN_SIZE);
|
||||
+ if (!(*pin)) {
|
||||
+ rc = -ENOMEM;
|
||||
+ goto out;
|
||||
+ }
|
||||
+ /* Strip the carage return from the user input (it is not part
|
||||
+ * of the PIN) and put the PIN in the return buffer */
|
||||
+ buff[count - 1] = '\0';
|
||||
+ /* keep the trailing null for the strlen */
|
||||
+ strncpy((char *)*pin, buff, (strlen((char *)buff) + 1));
|
||||
+out:
|
||||
+ return rc;
|
||||
}
|
||||
|
||||
int
|
||||
@ -1,3 +1,8 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Jan 23 23:02:19 CET 2009 - jjolly@suse.de
|
||||
|
||||
- Added fix to allow backspacing during PIN entry (bnc#448089)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jan 23 07:42:59 CET 2009 - olh@suse.de
|
||||
|
||||
|
||||
@ -30,7 +30,7 @@ Name: openCryptoki
|
||||
BuildRequires: gcc-c++ libica openssl-devel pwdutils
|
||||
Summary: An Implementation of PKCS#11 (Cryptoki) v2.11 for IBM Cryptographic Hardware
|
||||
Version: 2.2.6
|
||||
Release: 4
|
||||
Release: 6
|
||||
License: IBM Public License
|
||||
Group: Productivity/Security
|
||||
# :pserver:anonymous@cvs.sourceforge.net:/cvsroot/opencryptoki
|
||||
@ -38,6 +38,7 @@ Group: Productivity/Security
|
||||
Source: %{oc_cvs_tag}.tar.bz2
|
||||
Source1: openCryptoki.pkcsslotd
|
||||
Source2: openCryptoki-TFAQ.html
|
||||
Patch1: ocki-2.2.6-PIN-backspace.patch
|
||||
Url: http://oss.software.ibm.com/developerworks/opensource/opencryptoki
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
PreReq: /usr/sbin/groupadd /usr/bin/id /usr/sbin/usermod /bin/sed
|
||||
@ -117,6 +118,7 @@ Accelerator (FC 4960 on pSeries)
|
||||
%prep
|
||||
%setup -q -n %{oc_cvs_tag}
|
||||
cp %{SOURCE2} .
|
||||
%patch1
|
||||
|
||||
%build
|
||||
autoreconf --force --install
|
||||
@ -259,6 +261,8 @@ ln -sf %{_libdir}/opencryptoki/libopencryptoki.so /usr/lib/pkcs11/PKCS11_API.so6
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Fri Jan 23 2009 jjolly@suse.de
|
||||
- Added fix to allow backspacing during PIN entry (bnc#448089)
|
||||
* Fri Jan 23 2009 olh@suse.de
|
||||
- run ldconfig in postinstall [bnc#417925]
|
||||
* Tue Dec 09 2008 kukuk@suse.de
|
||||
|
||||
Loading…
Reference in New Issue
Block a user