commit 8a3e8c667ed615ca2608c04414de69fdae5b6787 (HEAD, tag: pam_pkcs11-0.6.9, origin/master, origin/HEAD, master) Author: Ludovic Rousseau Date: Wed Sep 28 13:44:52 2016 +0200 Fix typo Thanks to Debian lintian I: libpam-pkcs11: spelling-error-in-binary lib/pam_pkcs11/ldap_mapper.so enought enough doc/README.autologin | 2 +- doc/mappers_api.xml | 2 +- src/common/base64.c | 2 +- src/common/cert_info.c | 2 +- src/common/pkcs11_lib.c | 4 ++-- 5 files changed, 6 insertions(+), 6 deletions(-) commit 1ce1f92b0a5fa56e46b240e1eeff9081915266dd Author: Ludovic Rousseau Date: Wed Sep 28 13:42:09 2016 +0200 Fix typo Thanks to Debian lintian: I: libpam-pkcs11: spelling-error-in-binary lib/pam_pkcs11/opensc_mapper.so allways always I: libpam-pkcs11: spelling-error-in-binary lib/pam_pkcs11/ldap_mapper.so allways always doc/README.mappers | 12 ++++++------ doc/mappers_api.xml | 2 +- src/mappers/mapper.h | 2 +- src/mappers/null_mapper.c | 2 +- 4 files changed, 9 insertions(+), 9 deletions(-) commit 8b2d4f3f5c74426578c6d971829e441bcfcb3d55 Author: Ludovic Rousseau Date: Wed Sep 28 13:39:30 2016 +0200 manpage: fix typo Thanks to Debian lintian: I: libpam-pkcs11: spelling-error-in-manpage usr/share/man/man1/pkcs11_eventmgr.1.gz Alternativly Alternatively doc/pkcs11_eventmgr.1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 79f351c3a84743b8b691050725db84ddb95bdc63 Author: Ludovic Rousseau Date: Wed Sep 28 10:56:06 2016 +0200 Release 0.6.9 configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit fad145e2169877ef50667dadaa9b5a93b4c22c69 Author: Ludovic Rousseau Date: Wed Sep 28 10:36:54 2016 +0200 Distribute pam-pkcs11-ossl-compat.h The file pam-pkcs11-ossl-compat.h was introduced in df45f3e9cd6b2d990a9fbcd862e32a096644325 but was not present in any Makefile.am src/common/Makefile.am | 1 + 1 file changed, 1 insertion(+) commit e3ffb2f8f6a7e66ee31b771f6d15871b5bcea160 Author: Ludovic Rousseau Date: Tue Sep 27 15:55:06 2016 +0200 pkcs11_listcerts: do not fail on certificate error If the verification of a certificates fails then display an error and continue with the next certificate instead of exiting. A certificate verification failure may be expected (certificate expired or not able to find the CA root certificate). And the valid certificate that we want to use may be the next in the list. src/tools/pkcs11_listcerts.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) commit 78a2eb372829ffb9fc8fb35c10b0bf9c5c59d5fa Author: Doug Engert Date: Sun Sep 25 14:54:39 2016 -0500 Use i2d_ASN1_INTEGER to get serial number OpenSSL-1.1 does not support i2c_ASN1_INTEGER. Changes to be committed: modified: cert_info.c src/common/cert_info.c | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) commit 367e78710b6e8a14a62d27b8c069e8a09d117533 Author: Ludovic Rousseau Date: Fri Sep 23 16:58:20 2016 +0200 Upgrade gettext from 0.17 to 0.19 aclocal/gettext.m4 | 96 +++++++++++++++++------------ aclocal/iconv.m4 | 164 ++++++++++++++++++++++++++++++++++++++------------ aclocal/lib-ld.m4 | 87 ++++++++++++++------------ aclocal/lib-link.m4 | 138 +++++++++++++++++++++++++++++++----------- aclocal/lib-prefix.m4 | 91 ++++++++++++++++++++-------- aclocal/nls.m4 | 13 ++-- aclocal/po.m4 | 40 ++++++------ aclocal/progtest.m4 | 31 +++++----- config.rpath | 152 +++++++++++++++++++++++++--------------------- configure.ac | 1 - po/Makefile.in.in | 88 ++++++++++++++++++++------- po/de.po | 68 ++++++++++----------- po/fr.po | 66 ++++++++++---------- po/it.po | 68 ++++++++++----------- po/nl.po | 66 ++++++++++---------- po/pam_pkcs11.pot | 66 ++++++++++---------- po/pl.po | 66 ++++++++++---------- po/pt_BR.po | 66 ++++++++++---------- po/ru.po | 66 ++++++++++---------- po/tr.po | 68 ++++++++++----------- 20 files changed, 896 insertions(+), 605 deletions(-) commit 0907bc9894a1302a6fc34ff67b24335cf7c04e07 Author: Ludovic Rousseau Date: Fri Sep 23 16:31:22 2016 +0200 Fix compilation using NSS configure.ac was bogus and the argument -DHAVE_NSS was not correctly used. So the compilation was using OpenSSL library instead of NSS library. configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit df45f3e9cd6b2d990a9fbcd862e332a096644325 Author: Doug Engert Date: Wed Aug 24 18:49:33 2016 -0500 Build with OpenSSL-1.1.0 Add support to build with OpenSSL-1.1.0-pre6 Many of the OpenSSL routines have changed, and many structures are now hidden. The OpenSSL-1.1 API is now being used. The common/pam-pkcs11-ossl-compat.h header implements an OpenSSL-API interface to older versions using #defines and inline code. The code has bee compiled using OpenSSL-1.1.0-pre6, OpenSSL-1.0.1 and OpenSSL-1.0.2 IT HAS NOT BEEN TESTED, I expect anyone interested in using this code can do the testing. Changes to be committed: modified: common/cert_info.c modified: common/cert_st.h modified: common/cert_vfy.c new file: common/pam-pkcs11-ossl-compat.h modified: mappers/openssh_mapper.c src/common/cert_info.c | 44 +++-- src/common/cert_st.h | 1 + src/common/cert_vfy.c | 53 +++--- src/common/pam-pkcs11-ossl-compat.h | 346 ++++++++++++++++++++++++++++++++++++ src/mappers/openssh_mapper.c | 20 ++- 5 files changed, 425 insertions(+), 39 deletions(-) commit b236a776e741082703893e2b2bb909cbc87878e2 Author: Ludovic Rousseau Date: Fri Sep 23 16:05:14 2016 +0200 TODO: Debian packaging is available Remove this task from the TODO list. The Debian package exists since 2008. Thanks to Daniel Baumann. TODO | 3 --- 1 file changed, 3 deletions(-) commit adaef9133dd6da33a6cd4a2d2ca214a6f94d0bb8 Author: Ludovic Rousseau Date: Mon Aug 22 11:06:38 2016 +0200 Create README.md The project is no more maintained README.md | 7 +++++++ 1 file changed, 7 insertions(+) commit 8bdd8195de6318ad575a73d8ce0f9f787d461c0c Author: Steve Vickruck Date: Sun Nov 15 14:58:38 2015 +0000 Fixed src/pam_pkcs11/Makefile.am: libintl not linked properly src/pam_pkcs11/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 57578eb3d96522f008163abfd46aa875487a986b Author: Steve Vickruck Date: Fri Nov 13 13:37:58 2015 +0000 Typo fix: debuging -> debugging configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ae68bd5de36a83e62e47430ac134411d5fc42872 Author: Steve Vickruck Date: Wed Nov 11 13:43:06 2015 +0000 modified src/pam_pkcs11/pam_pkcs11.c: OpenPAM support for *BSD/OS X; provide wrapper for pam_prompt to fix SIGSEGV due to OpenPAM pam_prompt not accepting NULL resp arg src/pam_pkcs11/pam_pkcs11.c | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) commit 0a8d61cf4040787e07bdff963049ae51a07f23a4 Author: Ludovic Rousseau Date: Wed Nov 18 10:24:58 2015 +0100 src/common/pkcs11_lib.c: code reformat reindent Steve Vickruck code src/common/pkcs11_lib.c | 68 ++++++++++++++++++++++++------------------------- 1 file changed, 34 insertions(+), 34 deletions(-) commit 75e01766827a8ef14b9f15ec10ca16e4ed120dfa Author: Steve Vickruck Date: Wed Nov 11 13:40:38 2015 +0000 modified src/common/pkcs11_lib.c: check for changed slot count and update slot list src/common/pkcs11_lib.c | 98 ++++++++++++++++++++++++++++++------------------- 1 file changed, 61 insertions(+), 37 deletions(-) commit 90c6062871b01491c6dc900cafe196f39db19f1b Merge: afea9be 425ecee Author: Ludovic Rousseau Date: Tue Nov 10 17:34:19 2015 +0100 Merge pull request #16 from stevev1/master improper use of free() commit 425eceed822a40d182cb4a63541159cc7fb3076b Author: Steve Vickruck Date: Tue Nov 10 11:29:05 2015 +0000 modified src/common/pkcs11_lib.c: don't free() static buffer from getpass() src/common/pkcs11_lib.c | 2 -- 1 file changed, 2 deletions(-) commit afea9be620d675b1afc1b2eef119e9f6afb42872 Merge: a64a4e6 1094af0 Author: Ludovic Rousseau Date: Fri Oct 23 22:34:59 2015 +0200 Merge pull request #15 from r3pek/master Update documentation referring generic mapper Add documentation for "serial" match commit 1094af09e070a1fdf1a86f3a5b4bd451fe432e80 Author: Carlos Silva Date: Fri Oct 23 21:19:09 2015 +0100 Update documentation refering generic mapper Add the "serial" match doc/pam_pkcs11.xml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit a64a4e65440ac8ce63c10a9115ed15ff5bd7297a Merge: b24848e 386f38f Author: Ludovic Rousseau Date: Fri Oct 23 20:28:32 2015 +0200 Merge pull request #14 from r3pek/master Add serialNumber as a valid search option for generic_mapper commit 386f38f1ae69b495a82fc3ad42457f9a46398265 Author: Carlos Silva Date: Fri Oct 23 16:38:12 2015 +0100 Add "serial" as a valid option etc/pam_pkcs11.conf.example.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 98712f4f02b999791ce2f36b3f3acdf63b814646 Author: Carlos Silva Date: Fri Oct 23 16:36:40 2015 +0100 Add CERT_SERIAL as a valid option src/mappers/generic_mapper.c | 1 + 1 file changed, 1 insertion(+) commit b24848eb42bafee3d61101794a27a9bdaf3eb2a2 Merge: cad9413 39701be Author: Ludovic Rousseau Date: Fri Oct 2 09:42:23 2015 +0200 Merge pull request #13 from madscientist159/master Do not fail if card was already unlocked, e.g. by a previous PAM module commit 39701be2812d30c8e323046b18c4067207d1a035 Author: Timothy Pearson Date: Thu Oct 1 15:16:01 2015 -0500 Do not fail if card was already unlocked, e.g. by a previous PAM module src/common/pkcs11_lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit cad9413a3585cfa13eb4cc590e98c3d044b20bc3 Author: Ludovic Rousseau Date: Sun Sep 27 16:24:40 2015 +0200 .gitignore: ignore some other files .gitignore | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) commit 054f7fc7b0d6ff2ddd1c805def22bbda65a8bb0c Author: Ludovic Rousseau Date: Sun Sep 27 16:19:34 2015 +0200 Doxygen: update .conf from 1.7.1 to 1.8.9.1 Some tags were obsolete. Upgrade using "doxygen -u doxygen.conf.in" doc/doxygen.conf.in | 2430 +++++++++++++++++++++++++++++++++------------------ 1 file changed, 1592 insertions(+), 838 deletions(-) commit 81ec0726eaacc89fbc316f8eb646860f0136b86a Author: Ludovic Rousseau Date: Sun Sep 27 16:07:21 2015 +0200 Makefile.am: generate ChangeLog.git The code repository moved from subversion to git. We now generate ChangeLog.git instead of ChangeLog.svn. Makefile.am | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 2a1b4dda9d50c67641c8c43a22a2469aeac9b356 Author: Ludovic Rousseau Date: Sun Sep 27 15:54:18 2015 +0200 configure: document --disable-debug The debugging code is used by default. The provided ./configure option is to _disable_ debugging so the possible option is --disable-debug not --enable-debug. configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 06bc42a848617402c8df8b5b3b84f0f1039531bc Author: Ludovic Rousseau Date: Sat Sep 26 21:24:20 2015 +0200 Make --disable-debug work again Thanks to Marcus Ilgner fro the patch. src/common/debug.h | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) commit d4352d32c08764fe5be787b3fdb0a7cb011ab8ac Author: Marcus Ilgner Date: Sat Sep 26 00:56:58 2015 +0200 Add .gitignore for generated files .gitignore | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) commit e401dd7959f338914ed7d7cae98de9eff7b7c0a0 Merge: 324cb8a 0586364 Author: Ludovic Rousseau Date: Fri Aug 28 20:50:53 2015 +0200 Merge pull request #11 from alexandreaguiar/master Update portuguese translation commit 0586364ca7933664e6113101b11ae2c1f53753f9 Author: Alexandre Souza Aguiar Date: Fri Aug 28 15:38:53 2015 -0300 Update portuguese translation po/pt_BR.po | 71 +++++++++++++++++++++++++++++++------------------------------ 1 file changed, 36 insertions(+), 35 deletions(-) commit 324cb8aa6b694d7347bfaaf3576d9fdffc55ac76 Merge: 800de01 32ff511 Author: Ludovic Rousseau Date: Thu Aug 27 16:28:26 2015 +0200 Merge pull request #10 from alexandreaguiar/master Fix translation of line 208 "Smartcard authentication starts" commit 32ff511504dc88fc28e5968ae54d7422b7712232 Author: Alexandre Souza Aguiar Date: Wed Aug 26 14:07:11 2015 -0300 Fix translation of line 208 "Smartcard authentication starts" src/pam_pkcs11/pam_pkcs11.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit 800de010b19587c3b83168005e2a666baf445018 Merge: 40e1c99 afec6ff Author: Ludovic Rousseau Date: Wed Aug 26 17:25:18 2015 +0200 Merge pull request #9 from alexandreaguiar/master Fix language pt_br to pt_BR commit afec6ff345bcd080d3f94a7bd413dadee66b3601 Author: Alexandre Souza Aguiar Date: Wed Aug 26 11:48:26 2015 -0300 Change configure.ac to fix language from pt_br to pt_BR configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 06f1d135eed976197dd85449e310b8129886b818 Author: Alexandre Souza Aguiar Date: Wed Aug 26 11:43:38 2015 -0300 Rename pt_br.po to enable translation po/{pt_br.po => pt_BR.po} | 0 1 file changed, 0 insertions(+), 0 deletions(-) commit 40e1c99041455e5aff6484b06b6bf5bd49526689 Author: Ludovic Rousseau Date: Fri Apr 3 16:09:01 2015 +0200 Revert the previous patch. The code was correct and should continue to check the next certificate. src/pam_pkcs11/pam_pkcs11.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 4ef003ac43405f6391bf965a043f9fe4c4704f1d Author: Ludovic Rousseau Date: Fri Apr 3 15:00:16 2015 +0200 pam_sm_authenticate(): ignore invalid certificates The code stopped on the first invalid certificate. This is problematic if the card contains certificates that have expired or are not yet valid. Thanks to 建明 for the bug report https://sourceforge.net/p/opensc/mailman/message/33698763/ src/pam_pkcs11/pam_pkcs11.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 1cbb55e3d4154715de191a44df76ae92810c8598 Author: Ludovic Rousseau Date: Thu Aug 28 10:43:11 2014 +0200 Update po/it.po po/it.po | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 422727e0c0402dea46f0dde31a97bd3172cb44e0 Author: Ludovic Rousseau Date: Thu Aug 28 10:31:28 2014 +0200 Update ax_pthread.m4 The macro has a new name aclocal/acx_pthread.m4 | 190 ---------------------------- aclocal/ax_pthread.m4 | 332 +++++++++++++++++++++++++++++++++++++++++++++++++ configure.ac | 2 +- 3 files changed, 333 insertions(+), 191 deletions(-) commit c370dbf40499d83c33c4c35777c62d89b91a6bcf Author: Ludovic Rousseau Date: Thu Aug 28 10:26:08 2014 +0200 Add AM_PROG_AR /usr/share/automake-1.14/am/ltlibrary.am: warning: 'libcommon.la': linking libtool libraries using a non-POSIX /usr/share/automake-1.14/am/ltlibrary.am: archiver requires 'AM_PROG_AR' in 'configure.ac' src/common/Makefile.am:16: while processing Libtool library 'libcommon.la' configure.ac | 1 + 1 file changed, 1 insertion(+) commit bf2a2232019e8f342335e58a3490d6b4dd18e02e Author: Ludovic Rousseau Date: Thu Aug 28 10:23:24 2014 +0200 Update configure.ac Run autoupdate configure.ac | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) commit d73e0070d683309f7719ef3cf9f764fd86a84048 Author: Ludovic Rousseau Date: Thu Aug 28 10:10:20 2014 +0200 Fix field precision specifier ldap_mapper.c: In function `ldap_build_partial_cert_filter': ldap_mapper.c:731:3: warning: field precision specifier `.*' expects argument of type `int', but argument 5 has type `long int' [-Wformat=] DBG2("ldap_build_cert_filter(): unrecognized certificate " ^ ldap_mapper.c:736:3: warning: field precision specifier `.*' expects argument of type `int', but argument 5 has type `long int' [-Wformat=] DBG2("ldap_build_cert_filter(): no values for certificate " ^ ldap_mapper.c:740:2: warning: field precision specifier `.*' expects argument of type `int', but argument 5 has type `long int' [-Wformat=] DBG4("ldap_build_cert_filter(): building subfilter '%.*s'='%.*s'", ^ ldap_mapper.c:740:2: warning: field precision specifier `.*' expects argument of type `int', but argument 7 has type `long int' [-Wformat=] src/mappers/ldap_mapper.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit bcba14aafc53f4850386101b0124a91f36881ff0 Author: Ludovic Rousseau Date: Thu Aug 28 10:06:59 2014 +0200 Fix format error ldap_mapper.c: In function `ldap_get_certificate': ldap_mapper.c:1079:4: warning: format `%s' expects a matching `char *' argument [-Wformat=] DBG("ldap_first_entry() failed: %s"); ^ src/mappers/ldap_mapper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ce0cd5a186ce57278f2fbc2af2176d8ddd59cf39 Author: Ludovic Rousseau Date: Thu Aug 28 10:03:59 2014 +0200 Remove unused variables ldap_mapper.c: In function `ldap_mapper_match_user': ldap_mapper.c:1210:6: warning: unused variable `i' [-Wunused-variable] int i=0; ^ src/mappers/ldap_mapper.c | 1 - 1 file changed, 1 deletion(-) commit dd11d505a3425c2272285b942588d601b3aacade Author: Ludovic Rousseau Date: Thu Aug 28 10:02:31 2014 +0200 Remove unused variables ldap_mapper.c:906:8: warning: unused variable `bv_val' [-Wunused-variable] void *bv_val; ^ ldap_mapper.c:902:14: warning: unused variable `ber' [-Wunused-variable] BerElement *ber = NULL; ^ src/mappers/ldap_mapper.c | 2 -- 1 file changed, 2 deletions(-) commit b4229fa07c253c0f74cf3fff1868b89b4207b586 Author: Ludovic Rousseau Date: Thu Aug 28 10:01:01 2014 +0200 Remove unused variables ldap_mapper.c:842:15: warning: unused variable `i' [-Wunused-variable] unsigned int i; ^ ldap_mapper.c:841:35: warning: unused variable `der_len' [-Wunused-variable] size_t buf_len, user_filter_len, der_len; ^ ldap_mapper.c:840:17: warning: unused variable `der' [-Wunused-variable] unsigned char *der; ^ src/mappers/ldap_mapper.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit c7f4a9a6dda7dc10287f489d9cba1b39e852cbeb Merge: 97855e8 c42da2a Author: Ludovic Rousseau Date: Thu Aug 28 09:58:38 2014 +0200 Merge pull request #6 from nalind/master Changes (most of them optional) to how the LDAP mapper does matching commit 97855e85a8b5766063667e858671472169048887 Author: Ludovic Rousseau Date: Thu Aug 28 09:55:06 2014 +0200 Update po/remove-potcdate.sin po/remove-potcdate.sin | 8 ++++++++ 1 file changed, 8 insertions(+) commit bde79c585c1e64a59a6e9817e79b6f47bb1ff631 Author: Ludovic Rousseau Date: Thu Aug 28 09:53:01 2014 +0200 Rename po/remove-potcdate.sin po/remove-potcdate.sed | 11 ----------- po/remove-potcdate.sin | 8 -------- 2 files changed, 19 deletions(-) commit c42da2ab7832e7e935fdc0493effd420a00b299d Author: Nalin Dahyabhai Date: Tue Aug 26 18:07:51 2014 -0400 Treat "attribute_map" as a list of ANDed clauses As before, an "attribute_map" entry can specify a single LDAP attribute and type of certificate data to compare it with. Modify this so that a list entry can include multiple clauses joined by an '&' character. doc/README.ldap_mapper | 2 +- doc/pam_pkcs11.xml | 25 +++++++++++++ src/mappers/ldap_mapper.c | 94 ++++++++++++++++++++++++++++++++++++++--------- 3 files changed, 102 insertions(+), 19 deletions(-) commit 75f819358dd7ffed0cc5e5738d64cdf8c8619c50 Author: Nalin Dahyabhai Date: Tue Aug 26 17:36:01 2014 -0400 Add "attribute_map" to LDAP mapping Add an "attribute_map" list setting. Items in the list take the form "ldap_attribute_name=cert_attribute", where "ldap_attribute_name" is an attribute that we'll name in a search filter, and cert_attribute is one of "cn", "subject", "kpn", "email", "upn", "uid", or "cert". When searching the directory, we'll try the configured map attribute pairs before falling back to the traditional map: the attribute named by the "attribute" configuration setting should contain the certificate. doc/README.ldap_mapper | 2 + src/mappers/ldap_mapper.c | 180 +++++++++++++++++++++++++++++++++++++++------- 2 files changed, 158 insertions(+), 24 deletions(-) commit 3f1f9adb32475cc1bfc9016d5c8f723cef8d8d3d Author: Nalin Dahyabhai Date: Tue Aug 26 15:24:51 2014 -0400 Add an LDAP "uid_attribute", use it to speed up Add an option to name an attribute of a user entry in the directory server which contains the user name. If it's specified, search for entries that just match the certificate, and read the user name from a matching entry. If not, fall back to the old method of iterating through all user names to find an entry that matches both the user name and the certificate. The first method should be faster. doc/README.ldap_mapper | 2 ++ doc/pam_pkcs11.xml | 14 +++++++++++ src/mappers/ldap_mapper.c | 62 ++++++++++++++++++++++++++++++++++++++++++----- 3 files changed, 72 insertions(+), 6 deletions(-) commit 95fdf12d66cee3af0cdcc8ff9704f220b7317c08 Author: Nalin Dahyabhai Date: Tue Aug 26 14:37:08 2014 -0400 Skip reading user certificates from LDAP Since we're letting the server handle matching the user's certificate, we don't need to bother with caching certificates that we've read from the directory server. src/mappers/ldap_mapper.c | 70 +++-------------------------------------------- 1 file changed, 4 insertions(+), 66 deletions(-) commit e4e023e6710c7e1ed4a7390aa0e66dc12df6422a Author: Nalin Dahyabhai Date: Tue Aug 26 14:13:05 2014 -0400 When searching LDAP, filter on the certificate When searching LDAP for an entry for a user, incorporate the contents of the certificate in the filter that we send to the directory server. Now that we let the directory server look for entries with the certificate in them, we don't need to walk the list of certificates in the retrieved entry to check for matches, because the server says they're there. src/mappers/ldap_mapper.c | 164 ++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 144 insertions(+), 20 deletions(-) commit f7e4ef273f22c514591d8fb35b2adfb72fdf8c48 Author: Nalin Dahyabhai Date: Tue Aug 26 13:23:12 2014 -0400 Move building the LDAP filter into a subfunction Move building the filter that we use to find the user's entry into a subfunction, in preparation for giving it more capabilities. src/mappers/ldap_mapper.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) commit 4c4eaede5b71441ccab7918ecd21e38ee5e6a632 Merge: 809b788 80a2c6d Author: Ludovic Rousseau Date: Sat Mar 8 11:05:59 2014 +0100 Merge pull request #5 from maxxer/master libpam-pkcs11 Italian translation commit 809b7889c58434abd0d00bb9d229ffb24d1440aa Merge: a1689f8 7354b2b Author: Ludovic Rousseau Date: Sat Mar 8 11:05:00 2014 +0100 Merge pull request #4 from logich/patch-1 pam_pkcs11.conf options doc update commit 80a2c6d6e60480abd84f2745dc3e79b4112f7703 Author: Lorenzo Milesi Date: Wed Mar 5 17:31:52 2014 +0100 Italian translation configure.ac | 2 +- po/it.po | 155 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 156 insertions(+), 1 deletion(-) commit 7354b2bba6acc766d8ea08b8258af114616e8979 Author: logich Date: Wed Mar 5 08:10:13 2014 -0800 pam_pkcs11.conf options doc update I’d like to suggest adding the two options card_only and wait_for_card to the README file just after line 102: card_only Always try to get the userid from the certificate, don't prompt for the user name if the card is present, and if the token is present, then we must use it to authenticate. wait_for_card This option needs card_only to be set. This will make the system wait for the token to be inserted on login, or after login it will require the same token be inserted to unlock the system. README | 10 ++++++++++ 1 file changed, 10 insertions(+) commit a1689f8cc26254766c01d5b34ce257bc257c3039 Author: Ludovic Rousseau Date: Mon Feb 24 11:52:37 2014 +0100 Fix compiler warnings pkcs11_lib.c: In function `refresh_slots': pkcs11_lib.c:1037:5: warning: format `%d' expects argument of type `int', but argument 5 has type `CK_ULONG' [-Wformat] pkcs11_lib.c: In function `init_pkcs11_module': pkcs11_lib.c:1118:3: warning: format `%d' expects argument of type `int', but argument 5 has type `CK_ULONG' [-Wformat] pkcs11_lib.c:1141:3: warning: format `%d' expects argument of type `int', but argument 5 has type `CK_ULONG' [-Wformat] pkcs11_lib.c: In function `get_certificate_list': pkcs11_lib.c:1579:5: warning: format `%x' expects argument of type `unsigned int', but argument 5 has type `CK_CERTIFICATE_TYPE' [-Wformat] pkcs11_lib.c: In function `sign_value': pkcs11_lib.c:1725:3: warning: format `%d' expects argument of type `int', but argument 5 has type `long unsigned int' [-Wformat] pkcs11_lib.c:1747:7: warning: format `%d' expects argument of type `int', but argument 5 has type `CK_ULONG' [-Wformat] pkcs11_lib.c:1755:3: warning: format `%d' expects argument of type `int', but argument 5 has type `CK_ULONG' [-Wformat] src/common/pkcs11_lib.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) commit 1f8eab1fc0fcac720d8fce05f9290f0bfc6f298b Author: Ludovic Rousseau Date: Mon Feb 24 11:49:50 2014 +0100 Fix compiler warnings base64.c: In function `base64_encode': base64.c:92:2: warning: format `%d' expects argument of type `int', but argument 5 has type `size_t' [-Wformat] base64.c:92:2: warning: format `%d' expects argument of type `int', but argument 6 has type `size_t' [-Wformat] base64.c:92:2: warning: format `%d' expects argument of type `int', but argument 7 has type `size_t' [-Wformat] src/common/base64.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 476b49da51de1754c01c6f00c85ee7b1635234a3 Author: Ludovic Rousseau Date: Mon Feb 24 11:38:33 2014 +0100 Fix bug and compiler warning subject_mapper.c: In function `subject_mapper_module_init': subject_mapper.c:112:3: warning: conversion lacks type at end of format [-Wformat] subject_mapper.c:112:3: warning: too many arguments for format [-Wformat-extra-args] src/mappers/subject_mapper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6fe97a457df9d4d719e0922053ea74e1c5c09ce9 Author: Ludovic Rousseau Date: Mon Feb 24 11:37:54 2014 +0100 Fix bug and compiler warning uid_mapper.c: In function `uid_mapper_module_init': uid_mapper.c:134:3: warning: conversion lacks type at end of format [-Wformat] uid_mapper.c:134:3: warning: too many arguments for format [-Wformat-extra-args] src/mappers/uid_mapper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3fd81878a506d2e27189f1b3ea1090fdfdf9b462 Author: Ludovic Rousseau Date: Mon Feb 24 11:37:12 2014 +0100 Fix bug and compiler warning openssh_mapper.c: In function `mapper_module_init': openssh_mapper.c:384:3: warning: conversion lacks type at end of format [-Wformat] openssh_mapper.c:384:3: warning: too many arguments for format [-Wformat-extra-args] src/mappers/openssh_mapper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 73e4fabd398fbb6be82dd6ce9a2f82300d93f714 Author: Ludovic Rousseau Date: Mon Feb 24 11:36:10 2014 +0100 Fix bug and compiler warning null_mapper.c: In function `null_mapper_module_init': null_mapper.c:93:3: warning: conversion lacks type at end of format [-Wformat] null_mapper.c:93:3: warning: too many arguments for format [-Wformat-extra-args] src/mappers/null_mapper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a7bc9e59ef568818a23c35314580d14a49699c95 Author: Ludovic Rousseau Date: Mon Feb 24 11:35:00 2014 +0100 Fix bug and compiler warning pwent_mapper.c: In function `pwent_mapper_module_init': pwent_mapper.c:170:3: warning: conversion lacks type at end of format [-Wformat] pwent_mapper.c:170:3: warning: too many arguments for format [-Wformat-extra-args] src/mappers/pwent_mapper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 00dbebf4452072050fcb1b8365cafc438baf10a3 Author: Ludovic Rousseau Date: Mon Feb 24 11:33:05 2014 +0100 Fix compiler warning card_eventmgr.c:77:9: warning: format ‘%lX’ expects argument of type ‘long unsigned int’, but argument 5 has type ‘int’ [-Wformat] src/tools/card_eventmgr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2ea408a0c4d210979290ea510711fa36521e52b0 Author: Ludovic Rousseau Date: Mon Feb 24 11:26:43 2014 +0100 Fix compiler warning pkcs11_eventmgr.c:439:2: warning: format ‘%d’ expects argument of type ‘int’, but argument 5 has type ‘long unsigned int’ [-Wformat] src/tools/pkcs11_eventmgr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f619569be0869507325b55e0d518d67505134d3a Author: Ludovic Rousseau Date: Mon Feb 24 11:18:26 2014 +0100 Check debug_print() format and arguments Use GCC format (archetype, string-index, first-to-check) to check the arguments correspond to the format string http://gcc.gnu.org/onlinedocs/gcc-3.1/gcc/Function-Attributes.html src/common/debug.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit 616d7ad9160123f021c7da414d83e7c075b89848 Merge: dd7fa2f 8aa5cf8 Author: Ludovic Rousseau Date: Mon Feb 24 11:13:24 2014 +0100 Merge pull request #3 from tuxmania87/master unlogical string comparison resolved, wrong debug pointer cast resolved commit 8aa5cf87846ed716ed9a127a8ad583f8dbcbdce0 Author: Robert Hartmann Date: Mon Feb 24 09:40:20 2014 +0100 Fixed mapping error in find_user() for generic_mapper src/mappers/generic_mapper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ac2de77ba1a612958074664dcd64ad1a051da508 Author: Robert Hartmann Date: Tue Feb 18 11:30:37 2014 +0100 unlogical string comparison resolved, wrong debug pointer cast resolved src/mappers/generic_mapper.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit dd7fa2fe691cb66d7779951b5c5763be130730a9 Merge: ed5daac caecdc7 Author: Ludovic Rousseau Date: Wed Jun 12 05:40:17 2013 -0700 Merge pull request #2 from tcatm/master Fix pam_pkcs11.xsl commit caecdc74faea8ab4b7fc315c69bbe5b8bb4c6904 Author: Nils Schneider Date: Wed Jun 12 14:24:41 2013 +0200 Fix pam_pkcs11.xsl Let /etc/xml/catalog resolve docbook.xsl instead of using a hardcoded path. doc/Makefile.am | 2 +- doc/pam_pkcs11.xsl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit ed5daacfd5a51c57b79d8cfa8f4784e28c521095 Merge: 75613e3 2b16129 Author: Martin Paljak Date: Sun Feb 24 06:46:18 2013 -0800 Merge pull request #1 from Flameeyes/master A few build system fixes Tested as working on Debian wheezy. commit 2b16129e9c9e685b6aaaa80d740096353d95ab7a Author: Diego Elio Pettenò Date: Sat Feb 23 16:10:56 2013 -0800 build: remove an outdated reference to INCLUDE in favour of AM_CFLAGS. src/tools/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9c0b922227897d889d939871f64a1a0bd9427e56 Author: Diego Elio Pettenò Date: Sat Feb 23 16:06:55 2013 -0800 build: do not search for a target. This is not a compiler, so it should not have a target. configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 353fecb2ba508a3b8696ea83afcf120ab7e8e117 Author: Diego Elio Pettenò Date: Sat Feb 23 16:05:10 2013 -0800 build: rename configure.in for compatibility with new autoconf/automake. configure.in => configure.ac | 0 1 file changed, 0 insertions(+), 0 deletions(-) commit 11de1146685e7933795d5083c9c51595d60d2200 Author: Diego Elio Pettenò Date: Sat Feb 23 16:03:17 2013 -0800 build: only export PAM interface symbols. src/pam_pkcs11/Makefile.am | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 75613e32dfc49e1174d55ed37c18ce84cabadb47 Author: Frédéric Combeau Date: Wed Dec 12 11:26:18 2012 +0100 pam_sm_authenticate: support many certificates " I use pam_pkcs11 0.6.8 with libcurl but without nss. My tokens works fine but they can contain 4 or 5 certificates (with corresponding rsa keys). My certificates are not all from the same PKI, so they are not certified by the same ACs. The problem I encounter with pam_pkcs11 is that if the first certificate it tries to verify is not certified by ACs I installed on my workstation, I got an error 2328 because verify_certificate() return -4 and pam_pkcs11 stops (line 584 of src/pam_pkcs11/pam_pkcs11.c : goto auth_failed_nopw;), not trying to verify others certificates in my token. I do not really want to install all ACs (including CRLs, ...) of my certificates of my token on every workstations. I tried to add a "continue;" in pam_pkcs11.c in the switch test for the error 2328 : if verify_certificate() returns -4, pam_pkcs11 prints the error message "error 2328: ..." and with the continue command, pam_pkcs11 continues to process the next certificates and everything works great. Maybe I missed something that explains why pam_pkcs11 stops processing certificates if the verification of a certificate returns -4. " Thanks to Frédéric Combeau for the bug report and patch http://www.opensc-project.org/pipermail/opensc-devel/2012-December/018723.html src/pam_pkcs11/pam_pkcs11.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5ebe9d09fe35165c61ca08267be6d6f0594a686a Author: Ludovic Rousseau Date: Sun Jul 1 15:48:51 2012 +0000 - Licence is GPL v2+ (a line was missing) - update FSF address src/tools/card_eventmgr.c | 4 +++- src/tools/pkcs11_eventmgr.c | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) commit e3c5693883c56a12ee53b1f05665a6f0378d05cc Author: Ludovic Rousseau Date: Tue Apr 24 13:44:19 2012 +0000 Fix log message Use "%d token(s)" instead of "%d tokens" since we may have less than 2 tokens src/tools/pkcs11_eventmgr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit bbd60c82ce51921f728e8d378fdf8c3b23d368b2 Author: Ludovic Rousseau Date: Tue Apr 24 13:37:45 2012 +0000 Major reformat using indent(1) --blank-lines-after-declarations --blank-lines-after-procedures --brace-indent0 --continuation-indentation4 --dont-break-procedure-type --dont-line-up-parentheses --indent-level4 --tab-size4 --no-blank-lines-after-declarations --no-space-after-function-call-names src/tools/pkcs11_eventmgr.c | 1001 ++++++++++++++++++++++++------------------- 1 file changed, 557 insertions(+), 444 deletions(-) commit 5dfaaefb75e1889bbd86e56d977542e4ef6d82c1 Author: Ludovic Rousseau Date: Tue Apr 24 13:33:17 2012 +0000 Log error of C_Initialize/C_Initialize if any src/tools/pkcs11_eventmgr.c | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) commit 54c5db08f433aa9d213f9d1fed17a05139af10d8 Author: Ludovic Rousseau Date: Tue Apr 24 13:26:02 2012 +0000 Reformat and remove extra white spaces src/tools/pkcs11_eventmgr.c | 66 ++++++++++++++++++++++++--------------------- 1 file changed, 35 insertions(+), 31 deletions(-) commit ea9db83baab55fd88b5c57f203e961affea47c95 (tag: pam_pkcs11-0.6.8) Author: Ludovic Rousseau Date: Sat Apr 7 18:32:48 2012 +0000 regenerate po/de.po | 5 +++-- po/fr.po | 4 ++-- po/nl.po | 4 ++-- po/pam_pkcs11.pot | 6 +++--- po/pl.po | 5 +++-- po/pt_br.po | 4 ++-- po/ru.po | 4 ++-- po/tr.po | 4 ++-- 8 files changed, 19 insertions(+), 17 deletions(-) commit d1f5862d6cfcc6f7390ee8552910fc795b9058b3 Author: Ludovic Rousseau Date: Sat Apr 7 18:31:50 2012 +0000 Fix typo: authentification -> authentication src/pam_pkcs11/pam_pkcs11.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 63451e9499aa32163337d4f6982ff6924cccd36e Author: Ludovic Rousseau Date: Sat Apr 7 17:09:21 2012 +0000 Release 0.6.8 configure.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b19910b563605411ef00bf3bd246933db74285d2 Author: Ludovic Rousseau Date: Sat Apr 7 17:08:42 2012 +0000 Fix typo: writeable -> writable Reported by Debian lintian tool src/common/pkcs11_lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2f4779a88f1d3ff018aba5dd9891cf5d977214a9 Author: Ludovic Rousseau Date: Sat Apr 7 17:04:42 2012 +0000 Update po/de.po | 96 ++++++++++++++++++++----------------------------------- po/fr.po | 93 +++++++++++++++++++---------------------------------- po/nl.po | 93 +++++++++++++++++++---------------------------------- po/pam_pkcs11.pot | 93 +++++++++++++++++++---------------------------------- po/pl.po | 96 ++++++++++++++++++++----------------------------------- po/pt_br.po | 93 +++++++++++++++++++---------------------------------- po/ru.po | 93 +++++++++++++++++++---------------------------------- po/tr.po | 93 +++++++++++++++++++---------------------------------- 8 files changed, 262 insertions(+), 488 deletions(-) commit b481aefbd553dbd3be2c4a311f017c81557ed766 Author: Ludovic Rousseau Date: Sat Apr 7 16:55:20 2012 +0000 Use a direct string instead of a variable Fix compiler error when Debian hardening is used: pam_pkcs11.c:810:4: error: format not a string literal and no format arguments [-Werror=format-security] src/pam_pkcs11/pam_pkcs11.c | 34 ++++++++++++++++------------------ 1 file changed, 16 insertions(+), 18 deletions(-) commit 7e033f1c19937d768242ccd35a5e4f9fe1a6eae6 Author: Ludovic Rousseau Date: Sat Apr 7 16:48:37 2012 +0000 Add support of variadic parameters for pam_prompt() Systems without pam_prompt() and using our own version of pam_prompt() can now use a variable number of parameters as on GNU/Linux. src/pam_pkcs11/pam_pkcs11.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit 68ab0f27696cfc7f71e567f59595ad1c7c9eb3fb Author: Ludovic Rousseau Date: Sat Apr 7 16:29:34 2012 +0000 Use a direct string instead of variable Fix compiler errors when Debian hardening is used: pam_pkcs11.c:198:3: error: format not a string literal and no format arguments [-Werror=format-security] src/pam_pkcs11/pam_pkcs11.c | 63 +++++++++++++++------------------------------ 1 file changed, 21 insertions(+), 42 deletions(-) commit 2415e80f023ff69746d756a272af73853cd46664 Author: Ludovic Rousseau Date: Sat Apr 7 16:06:52 2012 +0000 Fix compiler warning pam_pkcs11.c:154:5: warning: passing argument 2 of `conv->conv' from incompatible pointer type [enabled by default] pam_pkcs11.c:154:5: note: expected `const struct pam_message **' but argument is of type `struct pam_message **' src/pam_pkcs11/pam_pkcs11.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 77a3a814e8745ac45075d763058577e795f6e09a Author: Ludovic Rousseau Date: Sat Apr 7 16:01:36 2012 +0000 Remove extra spaces src/pam_pkcs11/pam_pkcs11.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) commit 0329729aa28a97ab045df536cee0e0932ad75793 Author: Ludovic Rousseau Date: Tue Nov 8 21:35:33 2011 +0000 Check for HAVE_CURL_CURL_H instead of HAVE_CURL This define is set by configure.in test AC_CHECK_HEADERS([curl/curl.h]) Thanks to Hannu Kotipalo for the bug report src/common/uri.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 733135f420684136df05902d698944ed7bcd71b0 Author: Ludovic Rousseau Date: Tue Oct 18 12:51:47 2011 +0000 get_private_key(): search for a specific ID if any Fixes bug #392 "pam_pkcs11 uses first found private key for signing, not one matching certificate" http://www.opensc-project.org/opensc/ticket/392 src/common/pkcs11_lib.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) commit dc5401da54e27718d61a30b78b68a9407359181a Author: Ludovic Rousseau Date: Tue Oct 18 12:46:57 2011 +0000 get_private_key(): remove unused CKA_KEY_TYPE template attribute. See bug #392 "pam_pkcs11 uses first found private key for signing, not one matching certificate" http://www.opensc-project.org/opensc/ticket/392 src/common/pkcs11_lib.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) commit 76609d1163620c3717261f5a38f49e1d3b408662 Author: Ludovic Rousseau Date: Tue Oct 18 11:50:56 2011 +0000 Fix spelling error src/common/pkcs11_lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3d86830e6efa463f8fddb555ee6b477e2c07efea Author: Ludovic Rousseau Date: Tue Oct 18 11:50:10 2011 +0000 Fix spelling error src/pam_pkcs11/pam_pkcs11.c | 2 +- src/tools/pkcs11_inspect.c | 2 +- src/tools/pklogin_finder.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) commit baaa1862c80e03f32d94f3c6a5fc8fa279963c08 Author: Ludovic Rousseau Date: Tue Oct 18 11:42:47 2011 +0000 Login in all cases, not just for NSS Fixes Ticket #393 "pkcs11_inspect does not ask for card PIN" http://www.opensc-project.org/opensc/ticket/393 src/tools/pkcs11_inspect.c | 2 -- 1 file changed, 2 deletions(-) commit 82c4cee45a1122982e615f0cfe6ea1089467809f Author: Ludovic Rousseau Date: Thu Aug 18 19:39:44 2011 +0000 Update from Jakub Bogusz po/pl.po | 80 ++++++++++++++++++++++++++++++---------------------------------- 1 file changed, 38 insertions(+), 42 deletions(-) commit e4878715bbef0dd2e62e0599d96256c851bef025 (tag: pam_pkcs11-0.6.7) Author: Ludovic Rousseau Date: Sat Aug 6 13:31:09 2011 +0000 Release 0.6.7 configure.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit fae6e86a186c8b2c36910d8c3c1a750c5c1f4a76 Author: Ludovic Rousseau Date: Sat Aug 6 13:30:37 2011 +0000 Update po/de.po | 2 +- po/fr.po | 2 +- po/nl.po | 2 +- po/pam_pkcs11.pot | 4 +- po/pl.po | 2 +- po/pt_br.po | 2 +- po/ru.po | 2 +- po/tr.po | 143 ++++++++++++++++++++++++++++++++++++++++++++++++++---- 8 files changed, 142 insertions(+), 17 deletions(-) commit 30a5b2909c3b1d3f2582d342b23f1d922378bc5d Author: Ludovic Rousseau Date: Sun Jul 17 15:48:28 2011 +0000 Add Turkish l18n file Thanks to Ozan Çağlayan http://www.opensc-project.org/pipermail/opensc-devel/2011-July/016952.html configure.in | 2 +- po/tr.po | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 58 insertions(+), 1 deletion(-) commit 056207700a709c95fd7eef83997e0fe308d20406 Author: Ludovic Rousseau Date: Thu Jun 30 09:07:55 2011 +0000 silent build by default configure.in | 3 +++ 1 file changed, 3 insertions(+) commit a34c48c9b15a4b437a562326e23af3d8b9ad37b1 Author: Ludovic Rousseau Date: Fri Jun 10 11:52:48 2011 +0000 Remove useless cast src/mappers/pwent_mapper.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 72e4fe5732a3b2c7349d71d63f3171d2b006ad1e Author: Ludovic Rousseau Date: Fri Jun 10 11:50:10 2011 +0000 Fix compiler warning pwent_mapper.c: In function 'pwent_mapper_find_user': pwent_mapper.c:75: warning: 'str' is used uninitialized in this function src/mappers/pwent_mapper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit cb5e1d2442c4652a589513d07a9b78cf3b5cd922 Author: Ludovic Rousseau Date: Fri May 27 07:16:53 2011 +0000 Use "domainname" instead of "domain" Fix Ticket #363 "fix ms mapper example" etc/pam_pkcs11.conf.example.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9213284e96229e9b6985a55926ebbcf81285a6ce Author: Ludovic Rousseau Date: Thu Apr 7 09:08:03 2011 +0000 Clarify between CA and CA root certificate doc/pam_pkcs11.xml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 1c6b88ca0955f5848cdf6f339f4e74a8a6f98d8d Author: Ludovic Rousseau Date: Thu Apr 7 08:00:40 2011 +0000 Rename make_hash_link into pkcs11_make_hash_link doc/pam_pkcs11.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1b6cca93df1a39c29599dd20cf95edfecfb9dae6 Author: Ludovic Rousseau Date: Tue Mar 22 08:30:44 2011 +0000 Improved error messages Thanks to Dominik Fischer for the patch " It adds displaying error messages to the user via pam_prompt. Because in GDM the messages disappear so quick, I've added a new option "err_display_time". After a message is shown with pam_prompt, a "sleep(err_display_time)" is called. This gives the user a chance to read the message. Also I prepend every message with an error number, because this number is easier to remember, if a user reports a problem. The messages can be disabled via the "quiet" option. " http://www.opensc-project.org/pipermail/opensc-devel/2011-March/016184.html AUTHORS | 1 + doc/pam_pkcs11.xml | 5 ++ po/de.po | 167 ++++++++++++++++++++++++++++++++++++------ po/fr.po | 143 +++++++++++++++++++++++++++++++++--- po/nl.po | 143 +++++++++++++++++++++++++++++++++--- po/pam_pkcs11.pot | 145 +++++++++++++++++++++++++++++++++--- po/pl.po | 143 +++++++++++++++++++++++++++++++++--- po/pt_br.po | 143 +++++++++++++++++++++++++++++++++--- po/ru.po | 143 +++++++++++++++++++++++++++++++++--- src/common/cert_vfy.c | 16 +++- src/pam_pkcs11/pam_config.c | 6 +- src/pam_pkcs11/pam_config.h | 1 + src/pam_pkcs11/pam_pkcs11.c | 175 +++++++++++++++++++++++++++++++++++--------- 13 files changed, 1118 insertions(+), 113 deletions(-) commit 2c2fcce568a73a6d9358925619b16725d3d40876 Author: Ludovic Rousseau Date: Sun Mar 20 14:57:08 2011 +0000 pwent_mapper_find_user(): add a missing line for the previous patch Thanks to Dominik Fischer http://www.opensc-project.org/pipermail/opensc-devel/2011-March/016173.html src/mappers/pwent_mapper.c | 1 + 1 file changed, 1 insertion(+) commit 286610a6933c7b3797691a8d9a7e580771729d9e Author: Ludovic Rousseau Date: Sun Mar 20 11:04:57 2011 +0000 pwent_mapper_find_user() searches through all available passwd db entries to find an user. This takes a very long time, if you have many users (10000). Additionally, if you have nss-ldap configured, it transfers a large amount of data (which is expensive on mobile connections...). Included you find a patch to speed up user finding for the pwent_mapper. It first tries to find a user directly by calling getpwnam() with the found CN. If this fails, the old mechanism is used. (I think the second step could probably even be removed: I can't find a situation where the getpwnam() does not work.) Please have a look at the patch. If it's OK please include it in further pam_pkcs11 releases (so I don't have to patch every new pam_pkcs11 release on my own ;-) ). Kind regards Dominik Fischer http://www.opensc-project.org/pipermail/opensc-devel/2011-March/016167.html src/mappers/pwent_mapper.c | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) commit 36e757ffa2976ca7f9cd71d33fd66509abacc249 Author: Ludovic Rousseau Date: Sat Jan 22 18:00:46 2011 +0000 Remove useless code pam_pkcs11.c:281:6: warning: Value stored to 'rv' is never read rv = pam_get_item(pamh, PAM_USER, &user); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ pam_pkcs11.c:269:10: warning: Value stored to 'rv' is never read rv = pam_get_item(pamh, PAM_SERVICE, &service); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ src/pam_pkcs11/pam_pkcs11.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 85a31346945f2906fbf5ddcc9dd1699d82507a85 Author: Ludovic Rousseau Date: Sat Jan 22 17:59:32 2011 +0000 Remove useless code pam_config.c:302:3: warning: Value stored to 'res' is never read res=sscanf(argv[i],"slot_num=%d",&configuration.slot_num); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ src/pam_pkcs11/pam_config.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 4c4af5bd747a6ad42f168298073634e37803d0b6 Author: Ludovic Rousseau Date: Sat Jan 22 17:58:16 2011 +0000 Fix a clang warning without changing the code semantic mapper_mgr.c:201:10: warning: Field access results in a dereference of a null pointer (loaded from variable 'last') last->next= item; ~~~~ ^ src/pam_pkcs11/mapper_mgr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5227d1a36b66b90b290bcce56512ebb3e613e101 Author: Ludovic Rousseau Date: Sat Jan 22 17:50:48 2011 +0000 Remove usless code pkcs11_eventmgr.c:268:17: warning: Value stored to 'res' is never read res=sscanf(argv[i],"expire_time=%d",&expire_time); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ pkcs11_eventmgr.c:264:17: warning: Value stored to 'res' is never read res=sscanf(argv[i],"polling_time=%d",&polling_time); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ pkcs11_eventmgr.c:595:7: warning: Value stored to 'rv' is never read rv = ph->fl->C_Initialize(NULL); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~ pkcs11_eventmgr.c:594:7: warning: Value stored to 'rv' is never read rv = ph->fl->C_Finalize(NULL); ^ ~~~~~~~~~~~~~~~~~~~~~~~~ pkcs11_eventmgr.c:569:3: warning: Value stored to 'rv' is never read rv = ph->fl->C_Initialize(NULL); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~ pkcs11_eventmgr.c:568:3: warning: Value stored to 'rv' is never read rv = ph->fl->C_Finalize(NULL); ^ ~~~~~~~~~~~~~~~~~~~~~~~~ src/tools/pkcs11_eventmgr.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) commit 59bbd4728d3451105ce932af8191cdf3e83ef7d7 Author: Ludovic Rousseau Date: Sat Jan 22 17:48:57 2011 +0000 Remove useless code card_eventmgr.c:231:17: warning: Value stored to 'res' is never read res=sscanf(argv[i],"timeout_limit=%d",&timeout_limit); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ card_eventmgr.c:227:17: warning: Value stored to 'res' is never read res=sscanf(argv[i],"timeout=%d",&timeout); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ card_eventmgr.c:271:5: warning: Value stored to 'res' is never read res=fscanf(fd, "%ld", &temp); ^ ~~~~~~~~~~~~~~~~~~~~~~~~ card_eventmgr.c:301:5: warning: Value stored to 'res' is never read res=write(fd, tmp, strlen(tmp)); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~ src/tools/card_eventmgr.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) commit dd163e205e51855760239f3a2467b1e62ea685d6 Author: Ludovic Rousseau Date: Sat Jan 22 17:46:10 2011 +0000 Remove useless code scconf.c:195:2: warning: Value stored to 'ret' is never read ret = scconf_put_str(block, option, !value ? "false" : "true"); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ scconf.c:585:3: warning: Value stored to 'r' is never read r = 0; ^ ~ scconf.c:711:3: warning: Value stored to 'r' is never read r = 0; ^ ~ src/scconf/scconf.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) commit 97b1715855f10c3685916fe0cd7e6c7cde5da00d Author: Ludovic Rousseau Date: Sat Jan 22 17:43:27 2011 +0000 Remove useless code ldap_mapper.c:800:13: warning: Although the value stored to 'ret' is used in the enclosing expression, the value is never actually read from 'ret' if ( 0 != (ret = ldap_unbind_s(ldap_connection))) { ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ldap_mapper.c:668:3: warning: Value stored to 'rv' is never read rv = ldap_add_uri (uris, uri, &buffer, &buflen); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ src/mappers/ldap_mapper.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 5a738a654d8e868e4cd94d14b13b3fe88ca4e569 Author: Ludovic Rousseau Date: Sat Jan 22 17:40:34 2011 +0000 BN_append(): remove useless code cert_info.c:654:2: warning: Value stored to 'res' is never read res=BN_bn2bin(bn,buff+1); ^ ~~~~~~~~~~~~~~~~~~~~ cert_info.c:649:25: warning: Value stored to 'pt' is never read res= int_append(pt,0);pt+=res; ^ ~~~ src/common/cert_info.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 43603c125e618c20a57ac21c2db187bd64721eb7 Author: Ludovic Rousseau Date: Sat Jan 22 17:39:25 2011 +0000 int_append(): remove useless code cert_info.c:631:3: warning: Value stored to 'pt' is never read *pt++= (n&0x000000ff) >>0; ^~~~ src/common/cert_info.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a45744d262f6d25964644577af49b776e4421059 Author: Ludovic Rousseau Date: Sat Jan 22 17:37:43 2011 +0000 free_uri(): fix a memory leak uri.c:175:14: warning: Field access results in a dereference of a null pointer (loaded from variable 'uri') if(!uri->file) free(uri->file->data); ~~~ ^ src/common/uri.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) commit 317d0b53e12e6c811079a80166c2511a1396f4f9 Author: Ludovic Rousseau Date: Sat Jan 22 17:33:07 2011 +0000 Fix to clang warnings pkcs11_lib.c:1323:3: warning: Value stored to 'rv' is never read rv = -1; ^ ~~ pkcs11_lib.c:1346:3: warning: Value stored to 'rv' is never read rv = -1; ^ ~~ src/common/pkcs11_lib.c | 2 -- 1 file changed, 2 deletions(-) commit 7e381ee5ace3af210568818b30e03fd168368f3d Author: Ludovic Rousseau Date: Sat Jan 22 14:37:58 2011 +0000 close_pkcs11_session(): CKR_FUNCTION_NOT_SUPPORTED is a valid error code and not an error. Closes ticket #30 "pam_pkcs11 cert_vfy failed with Feitian card" src/common/pkcs11_lib.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 63c40e048b10eb041b31261273ef8f61728aeb1a Author: Ludovic Rousseau Date: Sat Nov 20 19:46:50 2010 +0000 release 0.6.6 configure.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 74732dfa6309a359cd39820d31b992438d26c826 Author: Ludovic Rousseau Date: Thu Nov 18 09:17:38 2010 +0000 Use daemon implementation from daemon.c when needed (for example on Solaris 10) See http://www.opensc-project.org/pipermail/opensc-user/2010-November/004331.html src/tools/Makefile.am | 4 ++-- src/tools/card_eventmgr.c | 4 ++++ src/tools/pkcs11_eventmgr.c | 4 ++++ 3 files changed, 10 insertions(+), 2 deletions(-) commit 389dc9a7d113b0547b9d430dce8ef562d1cb76b9 Author: Ludovic Rousseau Date: Thu Nov 18 09:13:11 2010 +0000 Use config.h instead of includes.h Define _PATH_DEVNULL if needed. It was defined in includes.h in OpenSSH src/tools/daemon.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit 6638e73774109c3644f1aafe316348f366704677 Author: Ludovic Rousseau Date: Thu Nov 18 09:10:49 2010 +0000 new file from OpenSSH version 5.6p1 openssh-5.6p1/openbsd-compat/daemon.c The licence is BSD 3-clause so compatible with the LGPL v2+ used by pam_pkcs11 src/tools/daemon.c | 82 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 82 insertions(+) commit f13b0ece6747475525cf1b93d666ced52792d1fe Author: Ludovic Rousseau Date: Mon Oct 25 12:44:17 2010 +0000 Fix the change in revision 470 Thanks (again) to Arfrever Frehtes Taifersar Arahesis http://www.opensc-project.org/pipermail/opensc-devel/2010-October/015175.html configure.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ca9d081270954ee50c00a048f3c5313c9426cead Author: Ludovic Rousseau Date: Mon Oct 25 08:47:31 2010 +0000 Default is to use pcsc-lite. The argument is --without-pcsclite to disable pcsc-lite use/support Thanks to Arfrever Frehtes Taifersar Arahesis for the bug report http://www.opensc-project.org/pipermail/opensc-devel/2010-October/015172.html configure.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 018023c450500c4fc5221778337c0ad4ddb9cf62 Author: Ludovic Rousseau Date: Sat Oct 23 20:52:39 2010 +0000 rename make_hash_link.sh in pkcs11_make_hash_link doc/pam_pkcs11.xml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 3428e53e6bfc59d0889d8ffb362e239bf76e515c Author: Ludovic Rousseau Date: Sat Oct 23 20:27:59 2010 +0000 Display ${libdir} value configure.in | 2 ++ 1 file changed, 2 insertions(+) commit 8cc4d7512aa6b2df56b00712698c77624c3b219b Author: Ludovic Rousseau Date: Sat Oct 23 20:18:47 2010 +0000 rename make_hash_link.sh to pkcs11_make_hash_link to match the manpage name tools/Makefile.am | 2 +- tools/{make_hash_link.sh => pkcs11_make_hash_link} | 0 2 files changed, 1 insertion(+), 1 deletion(-) commit a6d2e47642a2eacbadd34fe509bad7d21906818b Author: Ludovic Rousseau Date: Tue Oct 19 14:50:26 2010 +0000 Unload the mapper also on success Thanks to Andre Zepezauer for the patch http://www.opensc-project.org/pipermail/opensc-devel/2010-October/015150.html src/pam_pkcs11/pam_pkcs11.c | 3 +++ 1 file changed, 3 insertions(+) commit 21762db1366ae159553d208a6a090097a103b78f Author: Ludovic Rousseau Date: Tue Oct 19 08:05:03 2010 +0000 Update from doxygen version 1.5.6 to 1.7.1 doc/doxygen.conf.in | 1437 +++++++++++++++++++++++++++++---------------------- 1 file changed, 825 insertions(+), 612 deletions(-) commit e4c0d6b0c8d8db44338bfe801ee762de929a95ed Author: Ludovic Rousseau Date: Tue Oct 19 07:58:23 2010 +0000 release 0.6.5 configure.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 11f6fd558cd81bcafa6180bbb3b952108b4afe8b Author: Ludovic Rousseau Date: Tue Oct 19 07:51:02 2010 +0000 regenerate po/de.po | 3 ++- po/fr.po | 3 ++- po/nl.po | 3 ++- po/pam_pkcs11.pot | 3 ++- po/pl.po | 3 ++- po/pt_br.po | 3 ++- po/ru.po | 3 ++- 7 files changed, 14 insertions(+), 7 deletions(-) commit 46a85a6fccddf029f5128daf62e2c436a87f46c1 Author: Ludovic Rousseau Date: Tue Oct 19 07:46:14 2010 +0000 Add the missing strndup.h file src/common/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d9e71851ad14476821a2327684ed82b552b1408d Author: Ludovic Rousseau Date: Tue Oct 19 07:40:03 2010 +0000 get_http(): check if complete message was transmitted Thanks to Andre Zepezauer for the patch http://www.opensc-project.org/pipermail/opensc-devel/2010-October/015137.html src/common/uri.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 220cc82188efda14cbdde741281a7baeb0dcad49 Author: Ludovic Rousseau Date: Tue Oct 19 07:36:49 2010 +0000 get_http(): allocate enough memory to fit http-request Thanks to Andre Zepezauer for the patch http://www.opensc-project.org/pipermail/opensc-devel/2010-October/015137.html src/common/uri.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 97680d3fcb8f7102bb3a6e1663e9d9ba6efae446 Author: Ludovic Rousseau Date: Tue Oct 19 07:35:54 2010 +0000 get_http(): add missing return statement Thanks to Andre Zepezauer for the patch http://www.opensc-project.org/pipermail/opensc-devel/2010-October/015137.html src/common/uri.c | 1 + 1 file changed, 1 insertion(+) commit 70b9b47f48492d88f51073152271fd6a7bd11ec8 Author: Ludovic Rousseau Date: Tue Oct 19 07:31:02 2010 +0000 If dlopen() is not found in libdl we try to find it without specifying a library before exiting in error. I don't remember why I used this code. Maybe dlopen() is not in libdl on some systems. configure.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit debd195986f83154ac08acd43bcb71436c652bce Author: Ludovic Rousseau Date: Sat Oct 16 13:21:36 2010 +0000 Translate a string po/fr.po | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 8d824399788f376113dcd027591df011c42e657b Author: Ludovic Rousseau Date: Sat Oct 16 13:20:54 2010 +0000 Regenerate po/de.po | 6 +++--- po/fr.po | 11 +++++++---- po/nl.po | 11 +++++++---- po/pam_pkcs11.pot | 6 +++--- po/pl.po | 6 +++--- po/pt_br.po | 11 +++++++---- po/ru.po | 6 +++--- 7 files changed, 33 insertions(+), 24 deletions(-) commit 77a4423ff6f4f4c8fbda8c00109eefa2d96a80ee Author: Ludovic Rousseau Date: Sat Oct 16 13:19:42 2010 +0000 Replace "Found the %s." by "%s found." Thanks to Mr Dash Four for the bug report http://www.opensc-project.org/pipermail/opensc-devel/2010-October/015135.html src/pam_pkcs11/pam_pkcs11.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9edd2c4728aa009c861ad7f42b4ff645e00af91b Author: Ludovic Rousseau Date: Fri Oct 15 07:34:12 2010 +0000 crypto_init(): fix a typo in log message src/common/pkcs11_lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 76a7b07e0ca65df9a8d9e1021ec1aa548518a9e1 Author: Ludovic Rousseau Date: Wed Sep 22 11:28:55 2010 +0000 pkcs11_pass_login(): check if the PIN returned by getpass is NULL Thanks to Andre Zepezauer for the patch http://www.opensc-project.org/pipermail/opensc-devel/2010-September/014976.html src/common/pkcs11_lib.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 9c4a86b2fb22d44ee0ee08f07329561c832299a3 Author: Ludovic Rousseau Date: Wed Sep 22 07:12:11 2010 +0000 pkcs11_pass_login(): log an error if pkcs11_login() fails Thanks to Andre Zepezauer for the patch http://www.opensc-project.org/pipermail/opensc-devel/2010-September/014964.html src/common/pkcs11_lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f886c31fecb1862e4a060e9a30fb3620544d0a88 Author: Ludovic Rousseau Date: Wed Sep 22 07:10:21 2010 +0000 pkcs11_pass_login(): do not clean a zero length PIN Thanks to Andre Zepezauer for the patch http://www.opensc-project.org/pipermail/opensc-devel/2010-September/014964.html src/common/pkcs11_lib.c | 1 - 1 file changed, 1 deletion(-) commit 7941cabe438cbdb5b7cb8b3b33640b6dcdc5e917 Author: Ludovic Rousseau Date: Wed Sep 22 07:05:17 2010 +0000 Show PIN code in debug output only if DEBUG_SHOW_PASSWORD is defined (not defined by default) Thanks to Andre Zepezauer for the bug report http://www.opensc-project.org/pipermail/opensc-devel/2010-September/014964.html src/common/pkcs11_lib.c | 2 +- src/pam_pkcs11/pam_pkcs11.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit 877babd43fb911574d9b64796f8b1216eb0e3c9c Author: Ludovic Rousseau Date: Tue Sep 21 09:53:51 2010 +0000 parse_config_file(): get the debug value from the configuration file Thanks to Andre Zepezauer for the patch http://www.opensc-project.org/pipermail/opensc-devel/2010-September/014949.html src/pam_pkcs11/pam_config.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit caea4fec05672d0c672ed4cc31ccc89b999cbc8e Author: Ludovic Rousseau Date: Wed Aug 25 08:26:39 2010 +0000 Do not call SCardEstablishContext() before daemonize since pcsc-lite handles are invalid after a fork. Thanks to Patrik Martinsson for the patch http://www.opensc-project.org/pipermail/opensc-devel/2010-August/014632.html src/tools/card_eventmgr.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) commit e5c5efe271fa1f4d297dfaedaebeb910f65664a6 Author: Ludovic Rousseau Date: Thu Aug 19 22:09:18 2010 +0000 Use SCARD_READERSTATE instead of SCARD_READERSTATE_A since it was removed in pcsc-lite >= 1.6.2 src/tools/card_eventmgr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9b7cfcd2258e8b8eb0d38021f08d66fdf9732a1d Author: Ludovic Rousseau Date: Sat Aug 14 16:19:36 2010 +0000 Patch for #239 and #240 (handle more than one cert/pattern matching) Thanks to Wolf Geldmacher for the patch. http://www.opensc-project.org/pipermail/opensc-devel/2010-June/014405.html " Here's a patch to solve the issues I've encountered using pam_pkcs11. In regards to #239 (pam_pkcs11 only looks at first certificate on token): The fix for this turns out to be somewhat problematic, and I'm not at all sure, whether my implementation of the fix is a valid one. The basic problem (as I understood it from analyzing the code) is that finder functions of the mappers return a char*, allowing for a single value (NULL) to signalize failure and return the key if no mapping (i.e. no value associated with the key) was found (cf. comment for mapfile_find in src/mappers/mapper.c). Thus a caller (i.e. find_user in src/pam_pkcs11/mapper_mgr.c) cannot distinguish between a mapping or a key being returned and thus will prematurely terminate on the first certificate that passes the other validity tests. The fix provided changes the finder function interface by requiring an additional out parameter that is set to 1, if a real mapping value was returned and remains unchanged otherwise. This fix breaks existing loadable mappers. I considered overloading of the value returned (e.g. having a byte/substring as first character of the value returned to be able to distinguish between a value and a key being returned) which would preserve the interface to the mappers, but refrained from implementing it that way as I believe this to be unclean and prone to difficult to track errors. Another solution I considered was the addition of another entry to the structure encapsulating the mappers (e.g. a finder2 method), but as this is no better in breaking the interface for loadable mappers and duplicates code I forfeited this solution, too. If somebody could look into the problem and come up with a solution that preserves the interface to external mappers while allowing the distinction between keys and values, I'd be more than happy to implement it. It might also may make sense to add a new configuration parameter for the new behaviour of find_user, allowing existing applications to continue to work with keys being returned instead of values (Feedback anyone? The comment for find_user actually states that a mapping value is returned). In regards to #240 (Allow pattern matching in pam_pkcs11): I restricted this to only work for mapfiles and the implementation turned out to be quite simple - it's essentially an 11 line change in src/mappers/mapper.c - and is triggered by the specification of a fully anchored (i.e. *must* have initial "^" and *must* end in "$") pattern as key in a mapfile. This now allows syntax like ^.*/serialNumber=xxx-xxx-xxx-xxx$ -> username in all mapfiles. The patch attached contains the changes for both issues. Cheers, Wolf " src/mappers/cn_mapper.c | 4 ++-- src/mappers/digest_mapper.c | 4 ++-- src/mappers/generic_mapper.c | 10 +++++++--- src/mappers/krb_mapper.c | 4 ++-- src/mappers/ldap_mapper.c | 3 ++- src/mappers/mail_mapper.c | 7 ++++--- src/mappers/mapper.c | 26 +++++++++++++++++++++----- src/mappers/mapper.h | 11 +++++++---- src/mappers/ms_mapper.c | 3 ++- src/mappers/null_mapper.c | 8 ++++++-- src/mappers/opensc_mapper.c | 7 ++++--- src/mappers/openssh_mapper.c | 5 +++-- src/mappers/pwent_mapper.c | 4 +++- src/mappers/subject_mapper.c | 4 ++-- src/mappers/uid_mapper.c | 4 ++-- src/pam_pkcs11/mapper_mgr.c | 13 ++++++++++--- src/tools/pklogin_finder.c | 4 ++-- 17 files changed, 81 insertions(+), 40 deletions(-) commit 564355857ed49a7b6ff8eb646388e944bf36d359 Author: Ludovic Rousseau Date: Fri Aug 13 16:44:58 2010 +0000 Do not use a variadic parameter for pam_prompt. It is not supported on FreeBSD. src/pam_pkcs11/pam_pkcs11.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 3b237ade4109fa0d345d3d684b86ab2dc93bb20b Author: Ludovic Rousseau Date: Thu Aug 12 22:07:51 2010 +0000 Add a new header file to define strndup if needed. pkcs11_setup.c: In function ‘scconf_replace_str_list’: pkcs11_setup.c:73: warning: implicit declaration of function ‘strndup’ pkcs11_setup.c:73: warning: incompatible implicit declaration of built-in function ‘strndup’ src/common/strndup.h | 3 +++ src/tools/pkcs11_setup.c | 1 + 2 files changed, 4 insertions(+) commit 5b52cebb4dc133c23f82a04acf947cc57a3a9aad Author: Ludovic Rousseau Date: Thu Aug 12 21:45:03 2010 +0000 Revert changeset 301 parsing arguments in pam_config.c but skip the first argument in command line tools. Thanks to halfline for the patch. Closes ticket #29 src/pam_pkcs11/pam_config.c | 4 ++-- src/tools/pkcs11_inspect.c | 2 +- src/tools/pkcs11_listcerts.c | 2 +- src/tools/pklogin_finder.c | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) commit 203e101db638c17a455efc6f951aabedcd9d286f Author: Ludovic Rousseau Date: Sat Jun 12 15:43:46 2010 +0000 release 0.6.4 configure.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit dc7c23a0e2244151784eb6c5b67d2db8b020d731 Author: Ludovic Rousseau Date: Sat Jun 12 15:30:46 2010 +0000 translate a string po/fr.po | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 94ac80b4b132c6005a739513d3b974b2445f36a3 Author: Ludovic Rousseau Date: Sat Jun 12 15:29:04 2010 +0000 regenerate po/de.po | 21 +++++++++++++-------- po/fr.po | 21 +++++++++++++-------- po/nl.po | 21 +++++++++++++-------- po/pam_pkcs11.pot | 23 ++++++++++++++--------- po/pl.po | 21 +++++++++++++-------- po/pt_br.po | 21 +++++++++++++-------- po/ru.po | 21 +++++++++++++-------- 7 files changed, 92 insertions(+), 57 deletions(-) commit 22e498d5d75bd88f2e09abd0ffc9aa1cac4af514 Author: Ludovic Rousseau Date: Tue Jun 8 08:01:32 2010 +0000 Fixes Ticket #26 "Additional check for local X11 Display" src/pam_pkcs11/pam_pkcs11.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) commit fb66d1b73d3cbf121cdd87d88c7926442d1cd2e7 Author: Ludovic Rousseau Date: Tue Jun 8 07:54:09 2010 +0000 Revert revision 422 since Solaris 10 does not support pam_prompt() with a variable number of parameters (like printf) Also remove some cast since Solaris 10 does not have the same prototype for pam_* functions GNU/Linux uses "const" parameters but Solaris does not. src/pam_pkcs11/pam_pkcs11.c | 38 +++++++++++++++++++++----------------- 1 file changed, 21 insertions(+), 17 deletions(-) commit e2adcb89d6cdc881c6f5a51cea46275395520744 Author: Ludovic Rousseau Date: Mon Jun 7 14:53:17 2010 +0000 Add support of CKF_PROTECTED_AUTHENTICATION_PATH for pinpad readers. If a pinpad is present the PIN/password is not asked by PAM but by the pinpad only. Closes: Ticket #19 "enabled pinpad: confusing keyboard interaction" src/common/pkcs11_lib.c | 28 +++++++++++++++++- src/common/pkcs11_lib.h | 1 + src/pam_pkcs11/pam_pkcs11.c | 70 ++++++++++++++++++++++++++++----------------- 3 files changed, 71 insertions(+), 28 deletions(-) commit 31e1d26c35c8af8c8e6a45a00d4cd14c5274582c Author: Ludovic Rousseau Date: Sun May 30 12:08:11 2010 +0000 Add dutch translation Thanks to Guy Zelck configure.in | 2 +- po/nl.po | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+), 1 deletion(-) commit 0f1581b1e89fb687660901e0badc9c1ca5bcd91f Author: Ludovic Rousseau Date: Tue Apr 20 19:05:17 2010 +0000 add Brazilian Portuguese Translation Thanks to Anderson Goulart configure.in | 2 +- po/pt_br.po | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 53 insertions(+), 1 deletion(-) commit 2473998fb38d045c5511893c63820e9e02aab2f4 Author: Ludovic Rousseau Date: Sat Apr 10 21:02:43 2010 +0000 use #ifdef instead of #if Fix pam_pkcs11.c:46:5: warning: "ENABLE_NLS" is not defined src/pam_pkcs11/pam_pkcs11.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 159c471a6c50d0388fa7731742eff7bb228d37b1 Author: Ludovic Rousseau Date: Sat Apr 10 20:53:10 2010 +0000 Use stdlib.h instead of malloc.h (not present on Mac OS X for example) src/common/uri.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 30ca76abe4a700e177b74a40c3aa27e457d04f78 Author: Ludovic Rousseau Date: Sat Apr 10 15:21:46 2010 +0000 Closes: Ticket #22 "get_slot_login_required missing from NSS side." src/common/pkcs11_lib.c | 10 ++++++++++ 1 file changed, 10 insertions(+) commit 9bff4ad0c7e84d2ccf8a843cf2f1243d013a6633 Author: Ludovic Rousseau Date: Sat Apr 10 15:17:34 2010 +0000 Fix compiler when used with NSS algorithm.c:54: error: conflicting types for ‘Alg_get_digest_by_name’ ./alg_st.h:50: note: previous declaration of ‘Alg_get_digest_by_name’ was here src/common/algorithm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5b516d03e217abdc8ff1ade38ae3b01a33e6d570 Author: Ludovic Rousseau Date: Sat Apr 10 15:10:28 2010 +0000 Closes: Ticket #21 "Update for German translation" po/de.po | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) commit c908faef26b2afbbed19209b9c0d87626f373ad4 Author: Ludovic Rousseau Date: Sat Apr 10 15:07:28 2010 +0000 regenerate po/de.po | 18 +++++++++--------- po/fr.po | 18 +++++++++--------- po/pam_pkcs11.pot | 20 ++++++++++---------- po/pl.po | 18 +++++++++--------- po/ru.po | 18 +++++++++--------- 5 files changed, 46 insertions(+), 46 deletions(-) commit c7e5ed37e6dd2e40b99a964766d2cf7aac2e4a62 Author: Ludovic Rousseau Date: Sat Apr 10 14:54:58 2010 +0000 Release 0.6.3 configure.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6e79c826244e5af805181d56ce28690f4e661da7 Author: Ludovic Rousseau Date: Sat Apr 10 14:52:33 2010 +0000 Fix uri.c: In function ‘get_from_uri’: uri.c:595: warning: enumeration value ‘unknown’ not handled in switch src/common/uri.c | 1 + 1 file changed, 1 insertion(+) commit 4e8df5e2de9fdc05a0ec7e4dce1126459c1092e6 Author: Ludovic Rousseau Date: Sat Apr 10 14:49:49 2010 +0000 Fix a potential bug ldap_mapper.c: In function ‘ldap_get_certificate’: ldap_mapper.c:601: warning: ‘rv’ may be used uninitialized in this function src/mappers/ldap_mapper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 182896cb07b4944eb5f8a913a36bf95158652c91 Author: Ludovic Rousseau Date: Sat Apr 10 14:47:04 2010 +0000 Directly use pam_prompt() to format the string instead of sprintf() Fix pam_pkcs11.c: In function ‘pam_sm_authenticate’: pam_pkcs11.c:289: warning: format not a string literal and no format arguments pam_pkcs11.c:358: warning: format not a string literal and no format arguments pam_pkcs11.c:386: warning: format not a string literal and no format arguments pam_pkcs11.c:407: warning: format not a string literal and no format arguments pam_pkcs11.c:428: warning: format not a string literal and no format arguments src/pam_pkcs11/pam_pkcs11.c | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) commit 8f7a2f239353886dfd6eaca51c7743ff78f0dfcd Author: Ludovic Rousseau Date: Sat Apr 10 14:41:23 2010 +0000 Fix compiler warnings pam_pkcs11.c: In function ‘pam_sm_authenticate’: pam_pkcs11.c:622: warning: field precision should have type ‘int’, but argument 4 has type ‘long unsigned int’ pam_pkcs11.c:622: warning: field precision should have type ‘int’, but argument 4 has type ‘long unsigned int’ pam_pkcs11.c:639: warning: field precision should have type ‘int’, but argument 4 has type ‘long unsigned int’ pam_pkcs11.c:639: warning: field precision should have type ‘int’, but argument 4 has type ‘long unsigned int’ pam_pkcs11.c:661: warning: field precision should have type ‘int’, but argument 4 has type ‘long unsigned int’ pam_pkcs11.c:661: warning: field precision should have type ‘int’, but argument 4 has type ‘long unsigned int’ src/pam_pkcs11/pam_pkcs11.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 38330a6e6bad47857cd39dda74651e210c3846f0 Author: Ludovic Rousseau Date: Sat Apr 10 14:38:23 2010 +0000 Fix compiler warning card_eventmgr.c: In function ‘signal_trap’: card_eventmgr.c:302: warning: unused parameter ‘sig’ src/tools/card_eventmgr.c | 1 + 1 file changed, 1 insertion(+) commit 13e1abd2b2d09008d91daa9797894df7054a7185 Author: Ludovic Rousseau Date: Sat Apr 10 14:35:14 2010 +0000 Fix compiler warning pkcs11_lib.c: In function ‘crypto_init’: pkcs11_lib.c:934: warning: unused parameter ‘policy’ src/common/pkcs11_lib.c | 1 + 1 file changed, 1 insertion(+) commit b7422928730153a133a9042c7d76458c91ed5001 Author: Ludovic Rousseau Date: Sat Apr 10 14:33:38 2010 +0000 Update a cast to fix a compiler warning pkcs11_lib.c: In function ‘get_certificate_list’: pkcs11_lib.c:1520: warning: passing argument 2 of ‘d2i_X509’ from incompatible pointer type /usr/include/openssl/x509.h:940: note: expected ‘const unsigned char **’ but argument is of type ‘CK_BYTE **’ src/common/pkcs11_lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7bd62b8110e63d21b595a4034dbb40429e5cb0f2 Author: Ludovic Rousseau Date: Sat Apr 10 14:31:12 2010 +0000 Use a cast to fix compilers warnings pkcs11_lib.c: In function ‘find_slot_by_slotlabel_and_tokenlabel’: pkcs11_lib.c:1264: warning: pointer targets in passing argument 1 of ‘strlen’ differ in signedness /usr/include/string.h:397: note: expected ‘const char *’ but argument is of type ‘CK_UTF8CHAR *’ pkcs11_lib.c:1264: warning: pointer targets in passing argument 2 of ‘__builtin_strcmp’ differ in signedness pkcs11_lib.c:1264: note: expected ‘const char *’ but argument is of type ‘CK_UTF8CHAR *’ pkcs11_lib.c:1264: warning: pointer targets in passing argument 2 of ‘__builtin_strcmp’ differ in signedness pkcs11_lib.c:1264: note: expected ‘const char *’ but argument is of type ‘CK_UTF8CHAR *’ pkcs11_lib.c:1264: warning: pointer targets in passing argument 1 of ‘strlen’ differ in signedness /usr/include/string.h:397: note: expected ‘const char *’ but argument is of type ‘CK_UTF8CHAR *’ pkcs11_lib.c:1264: warning: pointer targets in passing argument 2 of ‘__builtin_strcmp’ differ in signedness pkcs11_lib.c:1264: note: expected ‘const char *’ but argument is of type ‘CK_UTF8CHAR *’ pkcs11_lib.c:1264: warning: pointer targets in passing argument 2 of ‘__builtin_strcmp’ differ in signedness pkcs11_lib.c:1264: note: expected ‘const char *’ but argument is of type ‘CK_UTF8CHAR *’ src/common/pkcs11_lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5eaebe5ed52dcafc4caa9db6768c0202ac4acee6 Author: Ludovic Rousseau Date: Thu Apr 8 07:28:32 2010 +0000 Fix typos in comments src/mappers/Makefile.am | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 3178f05f50fd60bbb2d6aefa1152ba1ac3f0853d Author: Ludovic Rousseau Date: Wed Apr 7 14:32:52 2010 +0000 generate the example files pam_pkcs11.conf.example and pam.d_login.example with the correct libdir path Closes: Ticket #213 "pam-pkcs11: wrong path in /etc/pam_pkcs11/pam_pkcs11.conf for mappers" configure.in | 2 ++ etc/Makefile.am | 11 +++++--- ...{pam.d_login.example => pam.d_login.example.in} | 2 +- ...s11.conf.example => pam_pkcs11.conf.example.in} | 30 +++++++++++----------- 4 files changed, 26 insertions(+), 19 deletions(-) commit f024ddf0baaf3830e9cfbb52015c6161cc0b9786 Author: Ludovic Rousseau Date: Wed Apr 7 14:09:42 2010 +0000 Add a "quiet" configuration option Closes: Ticket #25 "Quiet Mode for pam_pkcs11" src/pam_pkcs11/pam_config.c | 16 +++++++++-- src/pam_pkcs11/pam_config.h | 1 + src/pam_pkcs11/pam_pkcs11.c | 69 ++++++++++++++++++++++++++++++--------------- 3 files changed, 61 insertions(+), 25 deletions(-) commit f0a9a1d16e69dcb290512c24180a163f967949e6 Author: Ludovic Rousseau Date: Wed Apr 7 13:55:49 2010 +0000 Fix cert_vfy.c: In function ‘download_crl’: cert_vfy.c:125: warning: passing argument 2 of ‘d2i_X509_CRL’ from incompatible pointer type cert_vfy.c:131: warning: passing argument 2 of ‘d2i_X509_CRL’ from incompatible pointer type src/common/cert_vfy.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit f857b5bce1abf5f4a0f256e71e70f69e7d1884d6 Author: Ludovic Rousseau Date: Wed Apr 7 13:54:26 2010 +0000 Fix cert_vfy.c: In function ‘setup_store’: cert_vfy.c:347: warning: initialization discards qualifiers from pointer target type cert_vfy.c:354: warning: initialization discards qualifiers from pointer target type cert_vfy.c:373: warning: initialization discards qualifiers from pointer target type cert_vfy.c:380: warning: initialization discards qualifiers from pointer target type src/common/cert_vfy.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit d9d2e15afffffab349d1d2548aea4a2ab24ddcaa Author: Ludovic Rousseau Date: Wed Apr 7 13:52:14 2010 +0000 Fix debug.c: In function ‘debug_print’: debug.c:63: warning: format not a string literal and no format arguments src/common/debug.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b65049680d70601180d30008a94276c99c68ae0d Author: Ludovic Rousseau Date: Wed Apr 7 13:47:30 2010 +0000 Fix pkcs11_eventmgr.c: In function ‘parse_args’: pkcs11_eventmgr.c:231: warning: assignment discards qualifiers from pointer target type src/tools/pkcs11_eventmgr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 8a3e00a2524de30e5de724f35d82014d344e7c5f Author: Ludovic Rousseau Date: Wed Apr 7 13:46:35 2010 +0000 Fix card_eventmgr.c: In function ‘parse_args’: card_eventmgr.c:189: warning: assignment discards qualifiers from pointer target type src/tools/card_eventmgr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit cfaabb84138787d6ac9b7841869bf3f91267d022 Author: Ludovic Rousseau Date: Wed Apr 7 13:43:39 2010 +0000 module argument of load_pkcs11_module() is now a (const char *) Fix pkcs11_inspect.c: In function ‘main’: pkcs11_inspect.c:70: warning: passing argument 1 of ‘load_pkcs11_module’ discards qualifiers from pointer target type pkcs11_listcerts.c: In function ‘main’: pkcs11_listcerts.c:70: warning: passing argument 1 of ‘load_pkcs11_module’ discards qualifiers from pointer target type pklogin_finder.c: In function ‘main’: pklogin_finder.c:72: warning: passing argument 1 of ‘load_pkcs11_module’ discards qualifiers from pointer target type etc. src/common/pkcs11_lib.c | 4 ++-- src/common/pkcs11_lib.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) commit 2ee11e7fabb63fc3e702ec91a9b08c667aae1256 Author: Ludovic Rousseau Date: Wed Apr 7 13:36:19 2010 +0000 Fix cert_info.c: In function ‘cert_key_alg’: cert_info.c:815: warning: initialization discards qualifiers from pointer target type src/common/cert_info.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7b9fa6b09c8caa762478b67a0b45cd376e54df4e Author: Ludovic Rousseau Date: Wed Apr 7 13:32:07 2010 +0000 Fix cert_info.c: In function ‘cert_info_sshpuk’: cert_info.c:694: warning: passing argument 2 of ‘str_append’ discards qualifiers from pointer target type cert_info.c:708: warning: passing argument 2 of ‘str_append’ discards qualifiers from pointer target type src/common/cert_info.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit fe4d146b1031d17d270397739321990284752665 Author: Ludovic Rousseau Date: Wed Apr 7 13:31:04 2010 +0000 cert_info_sshpuk(): use (const char *) for type to avoid compiler warning cert_info.c: In function ‘cert_info_sshpuk’: cert_info.c:690: warning: assignment discards qualifiers from pointer target type cert_info.c:705: warning: assignment discards qualifiers from pointer target type src/common/cert_info.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 345f104b804c88ab71a106708e186796b273a508 Author: Ludovic Rousseau Date: Wed Apr 7 13:28:37 2010 +0000 Change return type of Alg_get_digest_by_name() to avoid a compiler warning algorithm.c: In function ‘Alg_get_digest_by_name’: algorithm.c:74: warning: return discards qualifiers from pointer target type src/common/alg_st.h | 2 +- src/common/algorithm.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit 654e5a82d150b4bdf558d918ace2c0db860b21fd Author: Ludovic Rousseau Date: Wed Apr 7 13:25:49 2010 +0000 Use (const char *) for configuration strings instead of (char *) src/common/cert_vfy.h | 6 +++--- src/pam_pkcs11/pam_config.h | 14 +++++++------- 2 files changed, 10 insertions(+), 10 deletions(-) commit 3179751e7e1b5f9fff32c189f94e530cb9928500 Author: Ludovic Rousseau Date: Wed Apr 7 13:15:16 2010 +0000 Do not use sscanf() to not overwrite the buffers src/pam_pkcs11/pam_config.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit 97771cd0b86d5ae8f96206b5c179a0f85ddd44d9 Author: Ludovic Rousseau Date: Wed Apr 7 13:11:25 2010 +0000 Use DEBUG_CONFIG to trace the configuration src/pam_pkcs11/pam_config.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) commit 37f678fb4363b8dd2a1a7960d1e0a2412e7af429 Author: Ludovic Rousseau Date: Wed Apr 7 13:01:23 2010 +0000 pam_sm_authenticate(): also log the module name that failed to load src/pam_pkcs11/pam_pkcs11.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 43c7cbd53d55700c2af4b03632cba3ff3dc25409 Author: Ludovic Rousseau Date: Wed Apr 7 12:49:53 2010 +0000 Do not cast malloc return value src/common/cert_info.c | 2 +- src/common/pkcs11_lib.c | 4 ++-- src/common/strings.c | 8 ++++---- src/common/uri.c | 8 ++++---- src/pam_pkcs11/mapper_mgr.c | 3 +-- src/pam_pkcs11/pam_config.c | 3 +-- src/tools/pkcs11_eventmgr.c | 3 +-- 7 files changed, 14 insertions(+), 17 deletions(-) commit 57b42caedd9619755d4ecb8fce2ca2983e1bf401 Author: Ludovic Rousseau Date: Fri Apr 2 16:47:22 2010 +0000 Correctly initialize initArgs and .pReserved in particular Fixes Ticket #24 "PKCS#11 Module initialized with incomplete data." src/common/pkcs11_lib.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) commit ae4aee202086a9711a8a7cae6484f39e9d053345 Author: Ludovic Rousseau Date: Fri Apr 2 13:27:26 2010 +0000 Do not prompt for a username if one is already available. Fixes Ticket #23 src/pam_pkcs11/pam_pkcs11.c | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) commit d9f0a266849cf7bfef9ccd1215c2b03da039ad10 Author: Ludovic Rousseau Date: Wed Feb 3 17:41:41 2010 +0000 opensc_mapper_match_certs(): PATH_MAX is not defined (unlimited) on Hurd The correct solution would be to use a dynamic allocation src/mappers/opensc_mapper.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit db8ce9747c189637acccb6f08520334b34986f37 Author: Ludovic Rousseau Date: Wed Feb 3 17:39:21 2010 +0000 release 0.6.2 configure.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2989c7fb7b1eceb600c427c7a06b46fcf18c193c Author: Ludovic Rousseau Date: Sun Jan 3 16:32:48 2010 +0000 fix hyphen-used-as-minus-sign See http://lintian.debian.org/tags/hyphen-used-as-minus-sign.html doc/pkcs11_make_hash_link.1 | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit 869184d64c04f5d14ece76a36eb0cdb80ae80004 Author: Ludovic Rousseau Date: Sun Jan 3 16:30:39 2010 +0000 fix spelling error src/mappers/ldap_mapper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 71b360534a6b843116f756fe04f22f6aecb214ca Author: Ludovic Rousseau Date: Sun Jan 3 16:29:46 2010 +0000 fix spelling error src/mappers/ldap_mapper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9dea81ba5276c366bca139a11f7efbbcb6816fe6 Author: Ludovic Rousseau Date: Thu Dec 17 11:00:11 2009 +0000 document use_module doc/pkcs11_setup.1 | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit 47fa4bc41ae620cab934c4284150475ec7f11829 Author: Ludovic Rousseau Date: Thu Dec 17 10:59:49 2009 +0000 use ERR1() instead of DBG1() in case of error src/tools/pkcs11_setup.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit a570325060f0c35831cb8ae9b1cf7bdd948ab05f Author: Ludovic Rousseau Date: Thu Dec 17 10:44:59 2009 +0000 use printf() instead of DBG1() to display the certificates even if debug mode is not used src/tools/pkcs11_listcerts.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) commit 7670889710515c610f67cbfa013b696d3e77225d Author: Ludovic Rousseau Date: Thu Dec 17 10:33:12 2009 +0000 add an EXAMPLE section doc/pkcs11_make_hash_link.1 | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) commit d79f79376153e53bf335420e6c1275f8c76f7b17 Author: Ludovic Rousseau Date: Thu Dec 17 09:59:13 2009 +0000 use @PACKAGE_VERSION@ so that configure replaces it by the correct value doc/doxygen.conf.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c59b2ca24869ac8432b36b62c2f43a6939a6e5b5 Author: Ludovic Rousseau Date: Thu Dec 17 09:58:33 2009 +0000 generate doc/doxygen.conf configure.in | 1 + 1 file changed, 1 insertion(+) commit 86e8f6d8e6b812adee8534f27c5d2442516db99d Author: Ludovic Rousseau Date: Wed Dec 16 16:46:18 2009 +0000 add missing man pages doc/Makefile.am | 3 ++- doc/pkcs11_listcerts.1 | 23 +++++++++++++++++++++++ doc/pkcs11_make_hash_link.1 | 20 ++++++++++++++++++++ doc/pkcs11_setup.1 | 31 +++++++++++++++++++++++++++++++ 4 files changed, 76 insertions(+), 1 deletion(-) commit e822dfc39cca7edd474a707ca93d943e8de42f2a Author: Ludovic Rousseau Date: Wed Dec 16 16:45:46 2009 +0000 add support of "debug" argument src/tools/pkcs11_setup.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 681befb84c3387588104dae12c91dd40bcf682e7 Author: Ludovic Rousseau Date: Wed Dec 16 15:50:49 2009 +0000 The manpages do not use #PKGVERSION# any more. No need to convert them configure.in | 4 ---- doc/Makefile.am | 3 --- doc/{card_eventmgr.1.in => card_eventmgr.1} | 0 doc/{pkcs11_eventmgr.1.in => pkcs11_eventmgr.1} | 0 doc/{pkcs11_inspect.1.in => pkcs11_inspect.1} | 0 doc/{pklogin_finder.1.in => pklogin_finder.1} | 0 6 files changed, 7 deletions(-) commit 84a42f4eebdf603de4f8b58228647fe90e83dc6c Author: Ludovic Rousseau Date: Wed Dec 16 15:38:10 2009 +0000 link with $(LIBDL) src/common/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d8a1dae86460aa9bbeba71d27a833186e96aeabd Author: Ludovic Rousseau Date: Wed Dec 16 15:37:40 2009 +0000 add a check for dlopen() in libdl configure.in | 6 ++++++ 1 file changed, 6 insertions(+) commit 5b64c0ac3255a095b0ff7ea62544dcc25b737892 Author: Ludovic Rousseau Date: Thu Dec 3 08:40:22 2009 +0000 "pam_pkcs11 doesn't work with cards with no PIN installed. It tries to C_Login() whenever PIN is really needed and fails with "C_Login() failed: 0x00000102". I've made a patch which corrects this behavior: * implements get_slot_login_required() function what checks whether current slot requires login * makes pam_pkcs11 ask for PIN only if it is needed" Thanks to Oleg Smirnov for the patch http://www.opensc-project.org/pipermail/opensc-devel/2009-December/012929.html src/common/pkcs11_lib.c | 13 ++++++++ src/common/pkcs11_lib.h | 1 + src/pam_pkcs11/pam_pkcs11.c | 80 +++++++++++++++++++++++++-------------------- 3 files changed, 58 insertions(+), 36 deletions(-) commit 547c1b9de63ad016cd88257a14ad10ee687b433c Author: Ludovic Rousseau Date: Tue Oct 6 11:51:09 2009 +0000 use -shared to avoid builing the useless static libraries Thanks to Diego Elio Pettenò for the patch http://www.opensc-project.org/pipermail/opensc-devel/2009-October/012598.html src/mappers/Makefile.am | 28 ++++++++++++++-------------- src/pam_pkcs11/Makefile.am | 2 +- 2 files changed, 15 insertions(+), 15 deletions(-) commit e08f826e8076ef39681f63e753263edf60ceba48 Author: Ludovic Rousseau Date: Tue Oct 6 08:08:33 2009 +0000 do not define static library in configure.in but use the .la files in the Makefile.am configure.in | 10 ---------- src/mappers/Makefile.am | 2 +- src/pam_pkcs11/Makefile.am | 2 +- src/tools/Makefile.am | 12 ++++++------ 4 files changed, 8 insertions(+), 18 deletions(-) commit 553e4085ee63d03f8becc69aec9ce1a809f73b00 Author: Ludovic Rousseau Date: Tue Oct 6 07:57:54 2009 +0000 Do not use a custom install override rule Thanks to Diego Elio Pettenò for the patch http://www.opensc-project.org/pipermail/opensc-devel/2009-October/012587.html src/pam_pkcs11/Makefile.am | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) commit 8a2ecec8857452a5471060e3d6c56610cf8f8297 Author: Ludovic Rousseau Date: Tue Oct 6 07:53:19 2009 +0000 use ../pam_pkcs11/libfinder.la instead of directly pointing to .o files src/tools/Makefile.am | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) commit 557d0802d40ca91ecd9b4be79fc5814410753c74 Author: Ludovic Rousseau Date: Tue Oct 6 07:52:57 2009 +0000 create a libfinder.la library for tools in src/tools/ src/pam_pkcs11/Makefile.am | 3 +++ 1 file changed, 3 insertions(+) commit ab1d8e674de5efba3625d9f7c26f2be7e68ff4f5 Author: Ludovic Rousseau Date: Tue Oct 6 07:23:31 2009 +0000 install examples in doc dir instead of pkgdata dir. Thanks to Diego Elio Pettenò for the patch http://www.opensc-project.org/pipermail/opensc-devel/2009-October/012587.html etc/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a49f1fc3fdd431d0f09890735a3a88badb746ed1 Author: Ludovic Rousseau Date: Mon Sep 21 12:08:21 2009 +0000 sync with scconf from OpenSC src/scconf/parse.c | 9 +++++++-- src/scconf/scconf.c | 16 +++++++--------- 2 files changed, 14 insertions(+), 11 deletions(-) commit e3ec22e4ca7092b9abc2bf67f47631ebb5cec4f8 Author: Ludovic Rousseau Date: Thu Sep 17 07:55:14 2009 +0000 find_slot_by_slotlabel(): also check the slot is present Thanks to Aro RANAIVONDRAMBOLA for the patch http://www.opensc-project.org/pipermail/opensc-user/2009-August/003231.html src/common/pkcs11_lib.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit c829e240997315448b6d249c27533330533d793b Author: Ludovic Rousseau Date: Wed Sep 2 12:32:55 2009 +0000 card_eventmgr.c:80: warning: nested extern declaration of ‘environ’ src/tools/card_eventmgr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5ebce8eb6f053f568fccb69e590e51deb7cc2fa8 Author: Ludovic Rousseau Date: Wed Sep 2 12:32:18 2009 +0000 pkcs11_eventmgr.c:118: warning: nested extern declaration of ‘environ’ src/tools/pkcs11_eventmgr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 506d4876df4de8f62347436dce447e66ece18788 Author: Ludovic Rousseau Date: Wed Sep 2 12:28:36 2009 +0000 use the standard format for NAME section W: libpam-pkcs11: manpage-has-bad-whatis-entry usr/share/man/man1/pkcs11_eventmgr.1.gz doc/pkcs11_eventmgr.1.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2948a2e5d1185016525d7ef4a5de45c200bc028f Author: Ludovic Rousseau Date: Mon Jul 6 07:49:46 2009 +0000 cert_info_sshpuk(): avoid a buffer overflow followed by a crash Thanks to Joshua Kinard for the bug report src/common/cert_info.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a97547ec12e0ea680c372bcb49def0a963bd708c Author: Ludovic Rousseau Date: Fri Jul 3 07:52:56 2009 +0000 correct typos and remove spaces at end of lines README | 80 +++++++++++++++++++++++++++++++++--------------------------------- 1 file changed, 40 insertions(+), 40 deletions(-) commit b1a4745ac82effea1d0a6c62f1e643b82f103d85 Author: Ludovic Rousseau Date: Fri Jun 12 08:09:46 2009 +0000 release 0.6.1 configure.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2c1104cbc052859044b5f7ac77a08f60c8404ffb Author: Ludovic Rousseau Date: Fri Jun 12 08:05:29 2009 +0000 update Doxygen comments src/common/cert_vfy.h | 4 +--- src/common/debug.h | 4 ++-- src/common/strings.h | 6 +++--- 3 files changed, 6 insertions(+), 8 deletions(-) commit 2427543a679d7af6ed3d006bb34048e77e312680 Author: Ludovic Rousseau Date: Fri Jun 12 07:55:51 2009 +0000 updated using doxygen -u doc/doxygen.conf.in | 343 +++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 271 insertions(+), 72 deletions(-) commit 9819302be7820701a0c87d8cdff9a1e10251c5d5 Author: Ludovic Rousseau Date: Fri Jun 12 07:51:38 2009 +0000 update po/de.po | 2 +- po/fr.po | 2 +- po/pam_pkcs11.pot | 4 ++-- po/pl.po | 2 +- po/ru.po | 6 +++--- 5 files changed, 8 insertions(+), 8 deletions(-) commit f8402014596d0014d98c5fb1e5df83bedb9fc9c8 Author: Ludovic Rousseau Date: Fri Dec 19 10:21:48 2008 +0000 BN_append(): avoid a possible memory leak (detected by cppcheck tool) src/common/cert_info.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 8d87a3373ecc57aada7b5749cee2eda64cdd045e Author: Ludovic Rousseau Date: Thu Nov 6 14:48:39 2008 +0000 ldap_get_certificate(): in case NSS is used - use CERT_NewTempCertificate() to create a certificate - use CERT_DestroyCertificate() to free a certificate thanks to Robert Relyea for the idea http://www.opensc-project.org/pipermail/opensc-devel/2008-November/011418.html src/mappers/ldap_mapper.c | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) commit fba80e606c8d355a9076d20e9d41f0a52d0eeac9 Author: Ludovic Rousseau Date: Thu Nov 6 14:28:46 2008 +0000 remove trailing tab and space characters src/common/NSPRerrs.h | 38 +++++++------- src/common/SECerrs.h | 4 +- src/common/algorithm.c | 2 +- src/common/base64.h | 2 +- src/common/cert_info.c | 32 ++++++------ src/common/cert_info.h | 20 ++++---- src/common/cert_vfy.c | 10 ++-- src/common/cert_vfy.h | 14 ++--- src/common/debug.c | 4 +- src/common/debug.h | 8 +-- src/common/error.h | 2 +- src/common/pkcs11_lib.c | 84 +++++++++++++++--------------- src/common/pkcs11_lib.h | 8 +-- src/common/rsaref/PKCS11_README | 6 +-- src/common/rsaref/pkcs11.h | 4 +- src/common/rsaref/pkcs11f.h | 14 ++--- src/common/rsaref/pkcs11t.h | 72 +++++++++++++------------- src/common/secutil.h | 32 ++++++------ src/common/strings.h | 6 +-- src/common/uri.c | 6 +-- src/mappers/cn_mapper.c | 2 +- src/mappers/cn_mapper.h | 2 +- src/mappers/digest_mapper.c | 2 +- src/mappers/digest_mapper.h | 2 +- src/mappers/generic_mapper.c | 10 ++-- src/mappers/generic_mapper.h | 2 +- src/mappers/krb_mapper.c | 2 +- src/mappers/krb_mapper.h | 2 +- src/mappers/ldap_mapper.c | 110 ++++++++++++++++++++-------------------- src/mappers/ldap_mapper.h | 2 +- src/mappers/mail_mapper.c | 2 +- src/mappers/mail_mapper.h | 2 +- src/mappers/mapper.c | 4 +- src/mappers/mapper.h | 34 ++++++------- src/mappers/mapperlist.h | 2 +- src/mappers/ms_mapper.c | 6 +-- src/mappers/ms_mapper.h | 2 +- src/mappers/null_mapper.h | 2 +- src/mappers/opensc_mapper.c | 2 +- src/mappers/opensc_mapper.h | 2 +- src/mappers/openssh_mapper.c | 8 +-- src/mappers/openssh_mapper.h | 2 +- src/mappers/pwent_mapper.c | 4 +- src/mappers/pwent_mapper.h | 2 +- src/mappers/subject_mapper.h | 2 +- src/mappers/uid_mapper.c | 4 +- src/mappers/uid_mapper.h | 2 +- src/pam_pkcs11/mapper_mgr.c | 14 ++--- src/pam_pkcs11/mapper_mgr.h | 2 +- src/pam_pkcs11/pam_config.c | 20 ++++---- src/pam_pkcs11/pam_pkcs11.c | 60 +++++++++++----------- src/scconf/README.scconf | 20 ++++---- src/scconf/parse.c | 4 +- src/tools/card_eventmgr.c | 12 ++--- src/tools/pkcs11_eventmgr.c | 40 +++++++-------- src/tools/pkcs11_listcerts.c | 4 +- src/tools/pkcs11_setup.c | 44 ++++++++-------- src/tools/pklogin_finder.c | 2 +- 58 files changed, 404 insertions(+), 404 deletions(-) commit 0d9ba2c8b9001fbee4dcc64a193fbbd2702b6da7 Author: Ludovic Rousseau Date: Thu Nov 6 13:41:43 2008 +0000 ldap_get_certificate(): check the value of ldap_x509[rv] instead of ldap_x509. The previous test was never true src/mappers/ldap_mapper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 439975cd2678fe5d9cd0cbe7be3462635f2770fa Author: Ludovic Rousseau Date: Thu Nov 6 13:39:37 2008 +0000 ldap_get_certificate(): typo in log message src/mappers/ldap_mapper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d20232a09aedeb556bca933c26da2923b4101f4d Author: Ludovic Rousseau Date: Thu Nov 6 13:39:05 2008 +0000 ldap_get_certificate(): check returned value of malloc() src/mappers/ldap_mapper.c | 5 +++++ 1 file changed, 5 insertions(+) commit 9c46072511f4a4095be77a1eba047d7237d189d6 Author: Ludovic Rousseau Date: Tue Nov 4 10:08:49 2008 +0000 use == instead of CERT_CompareCerts() to compare two NSS certificates. Thanks to Robert Relyea for the patch http://www.opensc-project.org/pipermail/opensc-devel/2008-October/011406.html src/common/cert_st.h | 2 -- src/mappers/ldap_mapper.c | 6 +++++- 2 files changed, 5 insertions(+), 3 deletions(-) commit c2b45fd31cbabb730e93595e23caf07f26f40a02 Author: Ludovic Rousseau Date: Fri Oct 24 08:22:13 2008 +0000 common/cert_st.h: define CERT_cmp to be either CERT_CompareCerts for NSS or X509_cmp for OpenSSL mappers/ldap_mapper.c: use CERT_cmp() instead of X509_cmp() the same code should work with NSS or OpenSSL src/common/cert_st.h | 2 ++ src/mappers/ldap_mapper.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) commit b787757b1aa7cb9d0e7e7e5d25254df73d270373 Author: Ludovic Rousseau Date: Thu Oct 16 08:08:05 2008 +0000 declare local function password_passthrough() static pkcs11_lib.c:169: warning: no previous prototype for 'password_passthrough' src/common/pkcs11_lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 13f79b66962ce74fd6e56b771c2d10759a94a1d4 Author: Ludovic Rousseau Date: Thu Oct 16 08:05:49 2008 +0000 find_slot_by_number(): slot_num is unsigned int so to not check for slot_num >= 0 pkcs11_lib.c:353: warning: comparison of unsigned expression >= 0 is always true src/common/pkcs11_lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 946a97f2434fc37c83fbc9fdbc95a5c18950c869 Author: Ludovic Rousseau Date: Thu Oct 16 08:03:48 2008 +0000 opensc_mapper_match_certs(): local variables are only used if NSS is not used src/mappers/opensc_mapper.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 8df09c90db50b713340f6521803e2ebe68a00f37 Author: Ludovic Rousseau Date: Thu Oct 16 07:59:25 2008 +0000 declare two functions static to avoid no previous prototype warnings src/tools/pkcs11_eventmgr.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit e3c1d397acf4fec69bbedc90df3e2b986b759867 Author: Ludovic Rousseau Date: Thu Oct 16 07:56:01 2008 +0000 include .h files to avoid implicit declaration warnings Thanks to Stanislav Brabec for the patch http://www.opensc-project.org/pipermail/opensc-devel/2008-October/011390.html src/common/cert_vfy.c | 2 ++ src/common/error.c | 1 + src/mappers/ldap_mapper.c | 1 + src/tools/pkcs11_eventmgr.c | 2 ++ 4 files changed, 6 insertions(+) commit 7b622e68138ce8c2b99157b0aa62a16dacb34c6a Author: Ludovic Rousseau Date: Thu Oct 16 07:47:48 2008 +0000 pkcs11_lib.c:295: error: conflicting types for 'find_slot_by_number' pkcs11_lib.h:34: error: previous declaration of 'find_slot_by_number' was here src/common/pkcs11_lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a1909a1e3f5ea2d336c8d3d938519fef43248124 Author: Ludovic Rousseau Date: Tue Oct 14 07:59:25 2008 +0000 pkcs11_lib.c: In function 'find_slot_by_number': pkcs11_lib.c:1143: warning: comparison between signed and unsigned pkcs11_lib.c:1150: warning: comparison between signed and unsigned src/common/pkcs11_lib.c | 2 +- src/common/pkcs11_lib.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit 4d131e190fd45e0ad4c944d888a408f9e9cf4dc5 Author: Ludovic Rousseau Date: Tue Oct 14 07:56:38 2008 +0000 rename index in idx pkcs11_lib.c:1212: warning: declaration of 'index' shadows a global declaration /usr/include/string.h:304: warning: shadowed declaration is here src/common/pkcs11_lib.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) commit 5484e5e2f648091d0f548654038dd12b9e164935 Author: Ludovic Rousseau Date: Tue Oct 14 07:52:56 2008 +0000 cert_info.c:841: warning: pointer targets in passing argument 1 of 'bin2hex' differ in signedness src/common/cert_info.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 46454e9674e7ba5f919d9986046731efb88be50b Author: Ludovic Rousseau Date: Tue Oct 14 07:47:15 2008 +0000 Passing slot_description= and token_type= on the command line was not handled correctly (crash) src/pam_pkcs11/pam_config.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 3cc71f802802692c836342c12c6b55609d5fcc9c Author: Ludovic Rousseau Date: Tue Oct 14 07:42:10 2008 +0000 pkcs11_lib.c:124: warning: implicit declaration of function 'isspace' src/common/pkcs11_lib.c | 1 + 1 file changed, 1 insertion(+) commit bfa342290d0b9b55419881b96bbd0884fa8ad0e1 Author: Ludovic Rousseau Date: Tue Oct 14 07:36:46 2008 +0000 Allow to configure the token name in the different PAM prompts. Default value is "Smart card". See token_type= configuration in etc/pam_pkcs11.conf Thanks to Huie-Ying Lee for the patch. etc/pam_pkcs11.conf.example | 5 +++++ po/POTFILES.in | 1 + po/de.po | 37 ++++++++++++++++++++++++------------- po/fr.po | 38 ++++++++++++++++++++++++-------------- po/pam_pkcs11.pot | 29 ++++++++++++++++++----------- po/pl.po | 37 ++++++++++++++++++++++++------------- po/ru.po | 37 ++++++++++++++++++++++++------------- src/pam_pkcs11/pam_config.c | 12 ++++++++++++ src/pam_pkcs11/pam_config.h | 1 + src/pam_pkcs11/pam_pkcs11.c | 22 ++++++++++++++-------- 10 files changed, 147 insertions(+), 72 deletions(-) commit ce8c3f762977400f1f144d62b22d6a72e3e1c5c6 Author: Ludovic Rousseau Date: Fri Sep 26 08:38:11 2008 +0000 add missing secutil.h Thanks to Stanislav Brabec for the patch src/common/Makefile.am | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit a6897e175541ae4b5a008908c6194265d99c8350 Author: Ludovic Rousseau Date: Fri Sep 26 08:34:00 2008 +0000 correctly close ] and ) configure.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4c0e0d472c41f3285823643e2ef39ef341d25224 Author: Ludovic Rousseau Date: Fri Sep 26 08:10:46 2008 +0000 Patch from Jacob Berkman improves Microsoft UPN OID support. Thanks to Stanislav Brabec http://www.opensc-project.org/pipermail/opensc-devel/2008-September/011336.html src/common/cert_info.c | 73 +++++++++++++++++++++++++++++++++++++++++++++++-- src/mappers/ms_mapper.c | 2 +- 2 files changed, 71 insertions(+), 4 deletions(-) commit 708322cd9d51aff3515658d48f35c0831ce4f3f7 Author: Ludovic Rousseau Date: Fri Sep 26 08:00:41 2008 +0000 add NSS (Network Security Service) config sample etc/pam_pkcs11.conf.example | 6 ++++++ 1 file changed, 6 insertions(+) commit 98b7d19a26338cc1ae0e7cdc24df6063f8cf0b24 Author: Ludovic Rousseau Date: Fri Sep 26 07:55:26 2008 +0000 Add support of domainnickname. Thanks to Jacob Berkman for the patch and Stanislav Brabec for the forward src/mappers/ms_mapper.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) commit 4e6d2a5b55f119917193f4ee728a671468ead2a6 Author: Ludovic Rousseau Date: Fri Sep 26 07:50:41 2008 +0000 add a missing ; at end of line Thanks to Stanislav Brabec for the patch Closes OpenSC ticket #154 etc/pam_pkcs11.conf.example | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a89a253e54da2d807434dd0cd9eea1045e990a93 Author: Ludovic Rousseau Date: Thu Sep 25 07:53:26 2008 +0000 load_pkcs11_module(): do not check that the group ownership of libpkcs11.so is 0. It is 2 on Solaris. Thanks to Huie-Ying Lee for the patch http://www.opensc-project.org/pipermail/opensc-devel/2008-September/011334.html src/common/pkcs11_lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 11d74021770ab4b1d6d1772b841d69f2afce31de Author: Ludovic Rousseau Date: Tue Sep 16 08:33:56 2008 +0000 Use daemon() only if supported by the platform (it is not available on Solaris) Thanks to Huie-Ying Lee for the patch http://www.opensc-project.org/pipermail/opensc-devel/2008-September/011326.html configure.in | 2 +- src/tools/pkcs11_eventmgr.c | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) commit fe2b6d06b36d1cbe5469db9612811dd09ec1b8d1 Author: Ludovic Rousseau Date: Fri Sep 12 08:47:01 2008 +0000 Patch to use identify a token by its slot description instead of slot number Thanks to Huie-Ying Lee for the patch http://www.opensc-project.org/pipermail/opensc-devel/2008-September/011317.html ====================================== Problem ====================================== Currently, the pam_pkcs11 module uses slot_num for the slot/token selection. However, this is not safe because there is no guaranteed ordering of slots returned from the PKCS#11 C_GetSlotList() function, according to the RSA PKCS#11 specification. On Solaris OS, the libpkcs11 library uses plug-ins to provide the slots. An administrator can install or uninstall a plug-in by using a utility command called "cryptoadm" on Solaris. Therefore, a particular slot may be associated with different slot numbers on different systems or even on the same system on different runs. ====================================== Solution ====================================== To address the above issue, our solution is to replace the "slot_num" entry with a "slot_description" entry in the "pam_pkcs11.conf" configuration file for the slot/token selection as illustrated below. - pam_pkcs11.conf - pkcs11_module default { module = /usr/lib/libpkcs11.so; description = "Solaris PKCS#11 Cryptographic Framework library"; # # Which slot to use. The slot is specified by the slot description. # For example, slot_description = "Sun Crypto Softtoken". # # An administrator can use the "cryotoadm list -v" command to find # all the available slots and their slot descriptions. For more # information, see the libpkcs11(3LIB) and cryptoadm(1m) man pages. # # The default value is "none" which means to use the first slot with # an available token. # slot_description = "none" ... } The slot_description field will be used to specify the slot to be used. Its value should be the slot label for the slot, which is basically the same as the slotDescription string in the CK_SLOT_INFO structure returned from the C_GetSlotInfo() function. In the original slot_num design, when slot_num is 0, it means to use the first slot with an available token. To provide a similar functionality, an administrator can specify slot_description to be "none", which also means to use the first slot with an available token. etc/pam_pkcs11.conf.example | 23 ++- src/common/pkcs11_lib.c | 374 ++++++++++++++++++++++++++++++++++++++++--- src/common/pkcs11_lib.h | 13 +- src/pam_pkcs11/pam_config.c | 24 ++- src/pam_pkcs11/pam_config.h | 1 + src/pam_pkcs11/pam_pkcs11.c | 35 +++- src/tools/pkcs11_inspect.c | 12 +- src/tools/pkcs11_listcerts.c | 12 +- src/tools/pklogin_finder.c | 11 +- 9 files changed, 464 insertions(+), 41 deletions(-) commit d3c17dfcd2f7a8b89c479d2d5a2ca0a6589cc67a Author: Ludovic Rousseau Date: Tue Sep 9 15:09:19 2008 +0000 find_slot_by_number: complete patch in revision 330 src/common/pkcs11_lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 92d9f8cf0cb50cff39ec6e92c4247e02e7234afe Author: Ludovic Rousseau Date: Tue Sep 9 15:07:11 2008 +0000 find_slot_by_number(): BUG: the slot index is slot_num and not i thanks to Huie-Ying Lee for the patch src/common/pkcs11_lib.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit bce462ddaba01a66cff4f1712acb23c272ba7741 Author: Ludovic Rousseau Date: Tue Sep 9 15:04:00 2008 +0000 pk_configure(): correct a typo "slot_nume" -> "slot_num" Thanks to Huie-Ying Lee for the patch src/pam_pkcs11/pam_config.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d3dc1e567911b29fb276b56414c45e057704e744 Author: Ludovic Rousseau Date: Tue Sep 9 14:56:44 2008 +0000 upgrade (copy from OpenSC) doc/export-wiki.sh | 82 +++++++++++++++++++++++++++++++++++------------------- 1 file changed, 53 insertions(+), 29 deletions(-) commit 883cf989203c5579aedddecfd9cf2b582a65cb05 Author: Andreas Jellinghaus Date: Wed Aug 27 09:27:34 2008 +0000 fix script for wiki export. doc/export-wiki.xsl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b09e9d1c86d5415c13209dd3795cf02f3a60691b Author: Ludovic Rousseau Date: Tue Aug 19 07:48:58 2008 +0000 Provide strndup for platforms without this function (Solaris) configure.in | 2 +- src/common/Makefile.am | 1 + src/common/strndup.c | 37 +++++++++++++++++++++++++++++++++++++ 3 files changed, 39 insertions(+), 1 deletion(-) commit 6a72d499e32efafd79a02137d6d00362b7f12cd7 Author: Ludovic Rousseau Date: Tue Aug 12 06:38:36 2008 +0000 do_init(): typo: use ldapdefport instead of defport Patch from Huie-Ying Lee http://www.opensc-project.org/pipermail/opensc-devel/2008-August/011239.html src/mappers/ldap_mapper.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 18d5c805bd1b2500837f4b1d391611ae9d4b756b Author: Ludovic Rousseau Date: Tue Aug 12 06:32:52 2008 +0000 protect variables with "" before checking the variable length Patch from Huie-Ying Lee http://www.opensc-project.org/pipermail/opensc-devel/2008-August/011239.html tools/make_hash_link.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit 4970a1fba971add72874c09f54061d58422fe602 Author: Ludovic Rousseau Date: Fri May 30 13:50:27 2008 +0000 avoir a double free error when a reader is disconnected and reconnected. Thanks to Frédéric Combeau for the patch src/tools/card_eventmgr.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 53b48080da7f605ccdaf7362e513e6413c455e17 Author: Ludovic Rousseau Date: Mon Mar 31 09:22:31 2008 +0000 use confdir instead of the hardcoded value /etc/pam_pkcs11 configure.in | 6 ++++++ doc/{card_eventmgr.1 => card_eventmgr.1.in} | 0 doc/{pam_pkcs11.8 => pam_pkcs11.8.in} | 2 +- doc/{pkcs11_eventmgr.1 => pkcs11_eventmgr.1.in} | 0 doc/{pkcs11_inspect.1 => pkcs11_inspect.1.in} | 0 doc/{pklogin_finder.1 => pklogin_finder.1.in} | 0 6 files changed, 7 insertions(+), 1 deletion(-) commit 9e3d1952e510cceb73412f26636852e63ce79be5 Author: Ludovic Rousseau Date: Mon Mar 31 09:16:55 2008 +0000 parse_config_file(): also log the error message src/tools/card_eventmgr.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 33dc24a35bc675c7493776480dd2fbf84dfca38b Author: Ludovic Rousseau Date: Tue Mar 25 14:48:35 2008 +0000 add support of CONFDIR instead of the hardcoded "/etc/pam_pkcs11/" src/mappers/openssh_mapper.c | 2 +- src/pam_pkcs11/pam_config.c | 15 ++++++++++++--- src/tools/card_eventmgr.c | 3 ++- src/tools/pkcs11_eventmgr.c | 3 ++- src/tools/pkcs11_setup.c | 4 ++-- 5 files changed, 19 insertions(+), 8 deletions(-) commit 7ca97ae5870708c87f00394ff60a8da4c3d5f189 Author: Ludovic Rousseau Date: Tue Mar 25 14:48:00 2008 +0000 add --with-confdir=DIR to configure the directory containing pam_pkcs11.conf, card_eventmgr.conf and pkcs11_eventmgr.conf (default /etc/pam_pkcs11) configure.in | 11 +++++++++++ 1 file changed, 11 insertions(+) commit 9a8f1bcee82800b1e71853ea1fa7b0db32cb5b4f Author: Ludovic Rousseau Date: Thu Mar 20 09:11:20 2008 +0000 use 0x%08lX instead of %x to format a PKCS#11 error code src/common/pkcs11_lib.c | 52 ++++++++++++++++++++++++------------------------- 1 file changed, 26 insertions(+), 26 deletions(-) commit 817a878905d739a3b8ffecab1d071863df2f71c6 Author: Ludovic Rousseau Date: Mon Feb 25 10:23:40 2008 +0000 doxygen.conf is used by generate-api.sh so api/index.html target must depends on it doc/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c9a5127159f5f6df31881f6f5375fb263ce812af Author: Ludovic Rousseau Date: Mon Feb 25 10:16:11 2008 +0000 add po/remove-potcdate.sin po/remove-potcdate.sin | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) commit ef6038dca4bc5eeed3697067082cc5939f9eeb1c Author: Ludovic Rousseau Date: Mon Feb 25 10:10:49 2008 +0000 add gettext M4 macros aclocal/gettext.m4 | 381 +++++++++++++++++++++++++++ aclocal/iconv.m4 | 180 +++++++++++++ aclocal/lib-ld.m4 | 110 ++++++++ aclocal/lib-link.m4 | 709 ++++++++++++++++++++++++++++++++++++++++++++++++++ aclocal/lib-prefix.m4 | 185 +++++++++++++ aclocal/nls.m4 | 31 +++ aclocal/po.m4 | 449 ++++++++++++++++++++++++++++++++ aclocal/progtest.m4 | 92 +++++++ 8 files changed, 2137 insertions(+) commit ca603dc4cc96accf3ea22449ecc9cb98a2ab927f Author: Ludovic Rousseau Date: Mon Feb 25 10:08:55 2008 +0000 use gettext 0.17 instead of 0.16.1 configure.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit db2e965359014d5836d4f1ec957ba9bddb5d564a Author: Ludovic Rousseau Date: Mon Feb 25 10:03:09 2008 +0000 add po/remove-potcdate.sed po/remove-potcdate.sed | 11 +++++++++++ 1 file changed, 11 insertions(+) commit 9c4e9d039c970d04b08a6858a0be3129fef6c424 Author: Ludovic Rousseau Date: Mon Feb 25 10:00:43 2008 +0000 add po/Makefile.in.in from gettext 0.17-2 po/Makefile.in.in | 429 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 429 insertions(+) commit 6ea5cd0e31cbbcc1c4f68cb9233651b7cf5a2e52 Author: Ludovic Rousseau Date: Mon Feb 25 09:59:36 2008 +0000 add config.rpath from gettext 0.17-2 config.rpath | 666 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 666 insertions(+) commit f05f31013fc1d7f2b426d97e64991de8fa4478b9 Author: Ludovic Rousseau Date: Mon Feb 25 09:54:32 2008 +0000 add void as parameter for thats_all_folks() definition card_eventmgr.c:64: warning: old-style function definition src/tools/card_eventmgr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a2529e6e4cd00d01ecde7a2f97a0896f1277d466 Author: Ludovic Rousseau Date: Mon Feb 25 09:53:37 2008 +0000 add void as parameter for parse_config_file() and get_a_token() pkcs11_eventmgr.c:193: warning: old-style function definition pkcs11_eventmgr.c:354: warning: old-style function definition src/tools/pkcs11_eventmgr.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 80a404b54e5d91ed8561dff474c1ae5426214cd5 Author: Ludovic Rousseau Date: Mon Feb 25 09:51:08 2008 +0000 add void as parameter in parse_config_file() definition card_eventmgr.c:157: warning: old-style function definition src/tools/card_eventmgr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 20f84af6581b2a7309ec982bfdb9c018614ec22a Author: Ludovic Rousseau Date: Mon Feb 25 09:39:21 2008 +0000 #define LDAP_DEPRECATED 1 so that deprecated functions are declared. The code should be updated to avoid the deprecated functions. See ticket #18 src/mappers/ldap_mapper.c | 2 ++ 1 file changed, 2 insertions(+) commit 992ea49e96535ed6ac227d5a6da612ccde324afc Author: Ludovic Rousseau Date: Mon Feb 25 09:17:13 2008 +0000 declare is_spaced_str() as static pam_pkcs11.c:62: warning: no previous prototype for ‘is_spaced_str’ src/pam_pkcs11/pam_pkcs11.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f37fb04d37a99973efaa191693e802fd7f2cfaf3 Author: Ludovic Rousseau Date: Mon Feb 25 09:13:00 2008 +0000 add void in the declaration of get_debug_level debug.c:31: warning: old-style function definition src/common/debug.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c5eb2a47d7d6ded2c76175068f1a8e5b8f7a6f3e Author: Ludovic Rousseau Date: Thu Sep 13 09:00:31 2007 +0000 add German (de) l10n Thanks to Peter Winterer configure.in | 2 +- po/de.po | 45 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+), 1 deletion(-) commit 0bd19f3469b0fe025f9a230d01dbb68afe0ddd24 Author: Ludovic Rousseau Date: Thu Sep 13 08:59:52 2007 +0000 update using "make update-po" po/ru.po | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 7803181c768fb9656f13fa338e464db6ffbf4aba Author: Ludovic Rousseau Date: Tue Sep 11 09:14:54 2007 +0000 add Russian l10n Thanks to Sergio configure.in | 2 +- po/ru.po | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+), 1 deletion(-) commit 31a687dc136f134353e64d01bd4cb56c5de3597b Author: Ludovic Rousseau Date: Mon Aug 13 08:55:52 2007 +0000 arguments starts at argv[1] and not argv[0] Avoids a warning message: "argument pkcs11_inspect is not supported by this module" src/pam_pkcs11/pam_config.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 81e32c5ce8069a3496393277ffbbb725e6fdc937 Author: Ludovic Rousseau Date: Thu Jun 14 21:28:40 2007 +0000 add Polish (.pl) translation Thanks to Jakub Bogusz configure.in | 2 +- po/pl.po | 45 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+), 1 deletion(-) commit f77275bff18086ba30d7903b9cda64a877b5196f Author: Ludovic Rousseau Date: Thu Jun 14 21:27:51 2007 +0000 remove a duplicate config.rpath in EXTRA_DIST Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a2780245292de5f6132f1117a8299eceb719b96a Author: Ludovic Rousseau Date: Mon Jun 11 12:19:59 2007 +0000 release 0.6.0 configure.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4688e38b3c7404256091c608973438d32b4375cc Author: Ludovic Rousseau Date: Mon Jun 11 12:19:25 2007 +0000 update to version 0.6.0 pam_pkcs11.spec | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) commit d4843f20a684eb89fb4c87c06838fb9e603a2571 Author: Ludovic Rousseau Date: Wed Jun 6 11:22:25 2007 +0000 declare pname as unsigned to avoid: pkcs11_setup.c:436: warning: comparison between signed and unsigned pkcs11_setup.c:454: warning: comparison between signed and unsigned src/tools/pkcs11_setup.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit bd590d3d00da885f36a9f648a41ebecc0868fac2 Author: Ludovic Rousseau Date: Wed Jun 6 11:20:44 2007 +0000 declare local functions static src/tools/pkcs11_setup.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) commit 5caf97e7444a3683a300deebb7c3a38a10ed8637 Author: Ludovic Rousseau Date: Wed Jun 6 11:18:20 2007 +0000 pkcs11_setup.c:44: attention : duplicate ‘const’ src/tools/pkcs11_setup.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e8688309c86474e75baa12c13de79d4081248ff0 Author: Ludovic Rousseau Date: Wed Jun 6 11:17:05 2007 +0000 execute_event(): change parameter type from char * to const char * src/tools/pkcs11_eventmgr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 708df71c5da101386a9193de18961bed6cd4362b Author: Ludovic Rousseau Date: Wed Jun 6 11:15:57 2007 +0000 remove unused (and duplicate) global variable expire_count src/tools/pkcs11_eventmgr.c | 2 -- 1 file changed, 2 deletions(-) commit 0468c20d561ea44f2b3b8cbe98492d6b1a484efc Author: Ludovic Rousseau Date: Wed Jun 6 11:05:46 2007 +0000 declare local functions static src/tools/pkcs11_eventmgr.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit 2156720a381e529b23501dbf7aafbd5c49b57bba Author: Ludovic Rousseau Date: Wed Jun 6 10:02:23 2007 +0000 pklogin_finder.c:37: attention : ‘user’ may be used uninitialized in this function src/tools/pklogin_finder.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a01af4d9a393b720c02ecfd3d7830be23eb5c5a7 Author: Ludovic Rousseau Date: Wed Jun 6 09:55:45 2007 +0000 opensc_mapper_match_certs(): #include to avoid: opensc_mapper.c:103: warning: implicit declaration of function 'PEM_read_bio_X509' opensc_mapper.c:103: warning: initialization makes pointer from integer without a cast src/mappers/opensc_mapper.c | 1 + 1 file changed, 1 insertion(+) commit 4f9044be10f9eaf84913e2b0fc0095e8c26001fa Author: Ludovic Rousseau Date: Wed Jun 6 09:50:11 2007 +0000 warning: ISO C90 forbids mixed declarations and code src/mappers/ldap_mapper.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) commit f5332c4cd3a67d5935981652c63e46cf9fd91fad Author: Ludovic Rousseau Date: Wed Jun 6 09:43:53 2007 +0000 ldap_add_uri(): declare the function static ldap_mapper.c:549: warning: no previous prototype for 'ldap_add_uri' src/mappers/ldap_mapper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4d76b3c777e65da386b8630c55b62aef6ee59ea6 Author: Ludovic Rousseau Date: Wed Jun 6 09:42:22 2007 +0000 do_open(): rename parameter ssl_on to ssl_on_local to avoid: ldap_mapper.c:373: warning: declaration of 'ssl_on' shadows a global declarationldap_mapper.c:108: warning: shadowed declaration is here src/mappers/ldap_mapper.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit d62087db4e6ba0b3a53adc679ca84e22cb4c2a39 Author: Ludovic Rousseau Date: Wed Jun 6 09:39:25 2007 +0000 use C instead of C++ comments warning: C++ style comments are not allowed in ISO C90 src/mappers/ldap_mapper.c | 37 ++++++++++++++++--------------------- 1 file changed, 16 insertions(+), 21 deletions(-) commit 024ed3c7a62c399f89f96cdca45a9a086fbd75b7 Author: Ludovic Rousseau Date: Wed Jun 6 09:29:45 2007 +0000 BN_append(): only free(data) if data has been allocated src/common/cert_info.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 55c807d9f3276b529fae6379f784bd9865dd84cd Author: Ludovic Rousseau Date: Tue May 22 08:47:26 2007 +0000 add french l10n configure.in | 4 ++-- po/fr.po | 45 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+), 2 deletions(-) commit dcc267b8f3a8977f8244a2818803f4dca407afc6 Author: Ludovic Rousseau Date: Tue May 22 08:28:40 2007 +0000 sync two texts to use the same l10n string po/pam_pkcs11.pot | 8 ++------ src/pam_pkcs11/pam_pkcs11.c | 2 +- 2 files changed, 3 insertions(+), 7 deletions(-) commit a33358b54f1f6fb60dda9983f74e364b3f460a0a Author: Ludovic Rousseau Date: Tue May 22 08:26:38 2007 +0000 set svn:ignore property commit cbba717e77001672cc0949d17a104932ddec5445 Author: Ludovic Rousseau Date: Tue May 22 08:25:21 2007 +0000 update bootstrap | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) commit c1ab2e8c426fe4db846d60cea924711b5d29917d Author: Ludovic Rousseau Date: Tue May 22 08:19:34 2007 +0000 distribute config.rpath Makefile.am | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 3424181b2161a35c7e597e6d0abd58af6528885d Author: Ludovic Rousseau Date: Tue May 22 08:09:14 2007 +0000 NSS patch part 3 of 3 from Robert Relyea: l10n support Makefile.am | 6 +++--- configure.in | 7 +++++++ pam_pkcs11.spec | 8 +++++--- po/Makevars | 41 +++++++++++++++++++++++++++++++++++++ po/POTFILES.in | 2 ++ po/pam_pkcs11.pot | 50 +++++++++++++++++++++++++++++++++++++++++++++ src/pam_pkcs11/pam_pkcs11.c | 34 ++++++++++++++++++++++-------- 7 files changed, 133 insertions(+), 15 deletions(-) commit 1e45aca5f36e6593f04e8625ece03e6096db2427 Author: Ludovic Rousseau Date: Tue May 22 07:09:32 2007 +0000 generate a distribute ChangeLog.svn Makefile.am | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 934f8762669b87ae7d46f05d8d90f4321d250f0b Author: Ludovic Rousseau Date: Tue May 22 07:04:41 2007 +0000 update svn:ignore commit 7e0449035c51c47783896a4f1212d0d2d9e5c6b6 Author: Ludovic Rousseau Date: Tue May 22 06:59:56 2007 +0000 set svn:ignore properties commit 2199d1762238918ddcb634d24d0eb87e11a99384 Author: Ludovic Rousseau Date: Tue May 22 06:48:56 2007 +0000 new file from pam_pkcs11 NSS patch part 2/3 I just forgot to commit it with revision 270 src/tools/pkcs11_setup.c | 519 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 519 insertions(+) commit 0e9be16e47207456b625caf8816fc69b21bc0884 Author: Ludovic Rousseau Date: Mon May 21 08:22:00 2007 +0000 pam_prompt() is only available on recent PAM versions. check if security/pam_ext.h exists and provide our own pam_prompt() function if not. Thanks to Robert Relyea for the patch configure.in | 1 + src/pam_pkcs11/pam_pkcs11.c | 49 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+) commit f067b4f61cab2de2fb68340117140d38a7a218de Author: Ludovic Rousseau Date: Mon May 21 08:19:49 2007 +0000 typos in comments src/common/cert_info.c | 2 +- src/common/pkcs11_lib.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit 7dd9466105f30c7b6fe9c4b7de936c04a2fcaf24 Author: Ludovic Rousseau Date: Mon May 21 08:13:00 2007 +0000 pam_pkcs11 NSS patch part 2/3 from Robert Relyea http://www.opensc-project.org/pipermail/opensc-devel/2007-April/009751.html Here's patch installment 2 of 3. This patch adds some new semantics to allow pam_pkcs11 to play nice in both command line and gui applications. The heart of this change adds three new configuration options. card_only: 1. If card only is set, pam_pkcs11 does not prompt for the user name if the token is inserted, but gets the user name from the token. 2. If a token is inserted, it must be used to log in with, failure to unlock the token, or validate the certs will cause login to fail. 3. If we logged in using a smart card, we must now authenticate using that same smart card. 4. card_only is required to activate the remaining 2 options. If card_only is not set, the current pam_pkcs11 semantics apply (with the exception of some prompt name changes and the environment variables described below). wait_for_token: wait_for_token is only meaningful if card_only is set. if wait_for_token is set, then pam_pkcs11 will block waiting for an appropriate token to be inserted. An appropriate token is: 1) a token that is inserted in the slot specified for login in the config file (if no slot is specified a token inserted in any slot). 2) a token which matches the token used to log in initially. (only applies if you are logged in and you used a token to do so). screen_savers: is a list of screen saver services. This list is only parsed if card_only is set. Basically the screen saver will bypass pam_pkcs11 if a token was not used to login (The basic idea is you always unlock the screen saver with the same mechanism you used to login). The other major change is the addition of new environment variables: PKCS11_LOGIN_TOKEN_NAME - the name of the token used to log into the system. PKCS11_LOGIN_CERT_ISSUER - the issuer of the cert used to log in (rendered as a human readable string). PKCS11_LOGIN_CERT_SERIAL - the serial number of the cert used to log in (rendered as colon separated hex value). These environment variables are set at initial login. pam_pkcs11 uses PKCS_LOGIN_TOKEN_NAME to determine whether or not it needs to use a specific token to log into. screen savers use this environment variable to determine if it needs to kick in on token removal (this allows screen savers to be picky about when to kick in -- they don't have to kick in if you insert or remove a token that wasn't used to log into). pam_krb uses the PKCS11_LOGIN_CERT_ISSUER and PKCS11_LOGIN_CERT_SERIAL to determine which specific certificate was used to login in (issuer/serial number uniquely identifies a certificate). Typical usage for the patch: For a normal (card_only) case, your pam line would look like: auth [success=ok authinfo_unavail=2 ignore=2 default=die] pam_pkcs11.so For the case where you want to require the smart card as part of the authentication, your pam config line would look like: auth [success=ok ignore=2 default=die] pam_pkcs11.so wait_for_card If you share your pam_config file with all our services, you can restrict which services require smart card login with a pam_succeed_if before your pam_pkcs11 line: auth [success=3 default=ignore] pam_succeed_if.so service notin login:gdm:xdm:kdm:xscreensaver:gnome-screensaver:kscreensaver quiet use_uid -------------------------------------------------- The patch itself, file by file: src/pam_pkcs11/pam_pkcs11.c - Most of the patch is in here. The implementation of the environment variables and new options are in this patch. In addition to the these, the patch has the following change: 1) a bug fix for passing the password on in the pam_stack (required to pam_krb to successfully implement pkinit). 2) use the pam_syslog() function instead of syslog(). 3) use of pam_prompt to allow gui apps to display important information. src/pam_pkcs11/pam_config.[ch] - parse the new options in pam_pkcs11.conf. src/tools/pkcs11_setup.c - src/tools/Makefile.am This is a new tool to allow command line editting of pam_pkcs11.conf and pkcs11_eventmgr.conf. It only supports adding insertion/removal actions and changing the default token. We don't actually use it any more, but it may have utility to others. I think the command may need some work to be more general. It's purpose is to allow perl/python/your favorite scripting language access to display and modify portions of the pam_pkcs11.conf file. (Feel free to drop it if you like, I've included it for completeness). src/tools/pkcs11_eventmgr.c - bug fix for a crash if module loading fails. src/common/cert_info.c Add the ability to fetch the certificate serial number when using the open ssl library. src/common/pkcs11_lib.[ch] Add find_slot_by_number_and_label() which optionally adds the token name as part of the slot selection criteria. Used by pam_pkcs11 in the case we are authenticating after we have already logged in. Add wait_for_token() which waits until an approriate token is inserted. Used to implement the wait_for_token option. src/common/strings.c Fix bug in bin2hex where it would trash the heap if asked to output a string for a zero length buffer. src/common/cert_info.c | 30 ++++- src/common/pkcs11_lib.c | 235 +++++++++++++++++++++++++++++++----- src/common/pkcs11_lib.h | 7 ++ src/common/strings.c | 4 + src/pam_pkcs11/pam_config.c | 35 +++++- src/pam_pkcs11/pam_config.h | 3 + src/pam_pkcs11/pam_pkcs11.c | 286 +++++++++++++++++++++++++++++++++++--------- src/tools/Makefile.am | 7 +- src/tools/pkcs11_eventmgr.c | 7 +- 9 files changed, 518 insertions(+), 96 deletions(-) commit ab63c91ff71a4c9cdb576fed0abc7dcf5ee37186 Author: Ludovic Rousseau Date: Tue May 15 07:18:24 2007 +0000 C_Initalize should be called after each fork The pkcs11_eventmgr first C_Initialize then becomes a daemon... The PKCS#11 standard states that after fork the user must call C_Initialize again, in order to allow proper library initialization at new process. Also, don't quit on major errors... try to reinitialize. Closes ticket #14. Thanks to Alon Bar-Lev for the patch src/common/pkcs11_lib.c | 8 ++++++-- src/tools/pkcs11_eventmgr.c | 24 +++++++++++++++--------- 2 files changed, 21 insertions(+), 11 deletions(-) commit d04a309b01ebf839d4717151ddc3c6d32600ba4b Author: Ludovic Rousseau Date: Wed May 9 08:48:00 2007 +0000 ldap-patches from Sandro Wefel http://www.opensc-project.org/pipermail/opensc-devel/2007-April/009764.html which offers: - support for more than one LDAP server as fallback system - support of secure connection (SSL+TLS) because someone may use simple authentication with username and password - multiple certificates per attribute - LDAP-URI support - selection of base, one-level or subtree search - timeout support and a somewhat enhanced documentation. configure.in | 5 + doc/pam_pkcs11.xml | 178 ++++++++++ etc/pam_pkcs11.conf.example | 52 ++- src/mappers/ldap_mapper.c | 771 +++++++++++++++++++++++++++++++++++++++++--- 4 files changed, 947 insertions(+), 59 deletions(-) commit 659537846a75bfdecf6be2466a077364bad7b3b5 Author: Ludovic Rousseau Date: Wed May 9 08:15:07 2007 +0000 typo in debug message src/pam_pkcs11/pam_pkcs11.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9d67858a6c5ea083a978c0e10f1e87762d0ae4c6 Author: Ludovic Rousseau Date: Wed May 9 08:13:38 2007 +0000 typo: command line argument was checked against "pcs11_module=" instead of "pkcs11_module=" src/pam_pkcs11/pam_config.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 95ce60653d29b6e5adad3b1e2ca90934f2636c0a Author: Ludovic Rousseau Date: Wed May 9 08:11:47 2007 +0000 typo in a debug message src/mappers/mail_mapper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c1e98700c31ebea6a69c05252e22df6f43cd75b3 Author: Ludovic Rousseau Date: Thu Apr 12 14:14:49 2007 +0000 #include de declare sprintf() and sscanf() src/common/uri.c | 1 + 1 file changed, 1 insertion(+) commit 83375ac3459d30dcf9756eaaf5f635a71656fa86 Author: Ludovic Rousseau Date: Thu Apr 12 14:12:19 2007 +0000 use ERR() instead of DBG() to log errors so they are displayed (in red) even if debug is not used src/pam_pkcs11/pam_pkcs11.c | 46 ++++++++++++++++++++++----------------------- 1 file changed, 23 insertions(+), 23 deletions(-) commit f338dc63a65ace8981ed5ad14e5514af4f82ac99 Author: Ludovic Rousseau Date: Thu Apr 12 14:11:12 2007 +0000 log the error "Remote login (from %s) is not (yet) supported if DISPLAY is not local" src/pam_pkcs11/pam_pkcs11.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 11f016aa0a746b39c5ee6abc4f2991d5c802e983 Author: Ludovic Rousseau Date: Thu Apr 12 13:53:12 2007 +0000 use #ifdef instead of #if to avoid a pkcs11_inspect.c:96:5: warning: "HAVE_NSS" is not defined src/tools/pkcs11_inspect.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 53696c8ebbd017f14de2fa0869fc12e89f28dded Author: Ludovic Rousseau Date: Thu Apr 12 13:45:17 2007 +0000 declare local functions as static src/tools/card_eventmgr.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) commit 7839fee0fc9c13de8b752399c86d94dbd2dd5610 Author: Ludovic Rousseau Date: Thu Apr 12 13:41:32 2007 +0000 display_config() is defined but its use is commented so also comments its definition src/pam_pkcs11/pam_config.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 9d74ad25d550a9deeaab951e0df10dabbf6af810 Author: Ludovic Rousseau Date: Thu Apr 12 13:40:05 2007 +0000 declare display_config() and parse_config_file() as static src/pam_pkcs11/pam_config.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 293b73ac2f84e2c823bfeb06c952d01b3136e1b6 Author: Ludovic Rousseau Date: Thu Apr 12 13:32:49 2007 +0000 get_mapped_entries(): remove a duplicate variable declaration generic_mapper.c:75: warning: declaration of 'res' shadows a previous local src/mappers/generic_mapper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b043c04f4b673f928b7c8342eba3e2f04d3b066e Author: Ludovic Rousseau Date: Thu Apr 12 13:31:04 2007 +0000 digest_mapper_module_init(): initialise a variable digest_mapper.c:111: warning: 'hash_alg_string' may be used uninitialized in this function src/mappers/digest_mapper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1b5ee12f9d1edcc2968c6ae67f0a334acb1a5bca Author: Ludovic Rousseau Date: Thu Apr 12 13:22:28 2007 +0000 crypto_init(): add a missing return value src/common/pkcs11_lib.c | 1 + 1 file changed, 1 insertion(+) commit 784c970ba13fcf460744307d9c5415aaa835b4b3 Author: Ludovic Rousseau Date: Thu Apr 12 13:21:49 2007 +0000 remove 3 unused variables src/common/pkcs11_lib.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit 3e564e713dffcedbff9a8ff5e995cefaf3841ba0 Author: Ludovic Rousseau Date: Thu Apr 12 13:20:44 2007 +0000 load_pkcs11_module(): rename variable C_GetFunctionList to C_GetFunctionList_ptr to avoid a compiler warning pkcs11_lib.c:640: warning: declaration of 'C_GetFunctionList' shadows a global declaration rsaref/pkcs11f.h:59: warning: shadowed declaration is here src/common/pkcs11_lib.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit ec7226fd157e7c53f3cd3d752f7cf43bfa05d7ef Author: Ludovic Rousseau Date: Thu Apr 12 13:15:07 2007 +0000 add a const to avoid compiler warnings src/common/uri.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d2beb7be3f82198d714918f5cef7a3f06b3e412b Author: Ludovic Rousseau Date: Thu Apr 12 13:09:52 2007 +0000 debug_print(): declare t as (const char *) to avoid a compiler warning src/common/debug.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 28b456ecc398131da85d8a7e3725a57d77d5f277 Author: Ludovic Rousseau Date: Thu Apr 12 13:08:50 2007 +0000 #include debug.c:38: warning: implicit declaration of function 'isatty' src/common/debug.c | 1 + 1 file changed, 1 insertion(+) commit fc90533aed7be1fe1661720e9f3c1d8dab8f0ec1 Author: Ludovic Rousseau Date: Thu Apr 12 12:55:33 2007 +0000 cert_info_upn(): remove two unused variables src/common/cert_info.c | 2 -- 1 file changed, 2 deletions(-) commit 702a647345c2fc6b07d051ceea29b24dbbfb186b Author: Ludovic Rousseau Date: Thu Apr 12 12:54:04 2007 +0000 setup_store(): declare the function static to avoid a compiler warning cert_vfy.c:321: warning: no previous prototype for 'setup_store' src/common/cert_vfy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 82c2bcf96011b894edd7ebfe3e433f1bbbd7421a Author: Ludovic Rousseau Date: Thu Apr 12 12:51:16 2007 +0000 set_error(): use const char * to avoid compiler warnings src/common/error.c | 4 ++-- src/common/error.h | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) commit 59b04dd5b34fa69320e93947ce978e91b913a8a1 Author: Ludovic Rousseau Date: Thu Apr 12 10:09:12 2007 +0000 debug_print(): use const char * for file and format arguments to avoid compiler warnings src/common/debug.c | 2 +- src/common/debug.h | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) commit 00c0416cbf834ef0ba51955aeef84504494cee11 Author: Ludovic Rousseau Date: Thu Apr 12 10:07:57 2007 +0000 buf_eat_till(): change third argument to const char * instead of char * to avoid sclex.c:128: warning: passing argument 3 of 'buf_eat_till' discards qualifiers from pointer target type src/scconf/sclex.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit bee3b51174bb3291c10a7b1f338891ebe028a513 Author: Ludovic Rousseau Date: Thu Apr 12 07:13:53 2007 +0000 add missing new files for the NSS patch included in revision 238 src/common/Makefile.am | 3 +- src/common/NSPRerrs.h | 153 +++++++++++++++ src/common/SECerrs.h | 506 +++++++++++++++++++++++++++++++++++++++++++++++++ src/common/SSLerrs.h | 371 ++++++++++++++++++++++++++++++++++++ src/common/alg_st.h | 52 +++++ src/common/algorithm.c | 77 ++++++++ src/common/cert_st.h | 42 ++++ src/common/secutil.h | 424 +++++++++++++++++++++++++++++++++++++++++ 8 files changed, 1627 insertions(+), 1 deletion(-) commit 5085d1dcff514e59a03c72e017b13187f230dbb7 Author: Ludovic Rousseau Date: Wed Apr 11 13:58:19 2007 +0000 #include to avoid compiler warnings src/tools/pkcs11_eventmgr.c | 4 ++++ 1 file changed, 4 insertions(+) commit fbe49aed331f6c34aebb148797086c32fd94995b Author: Ludovic Rousseau Date: Wed Apr 11 13:51:20 2007 +0000 use AC_HELP_STRING() to format the help message configure.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit fb43163bb851931f4a367a4e369bb6d8ed551df6 Author: Ludovic Rousseau Date: Wed Apr 11 07:22:08 2007 +0000 pkcs11_eventmgr.c:502: attention : passing argument 2 of ‘load_pkcs11_module’ from incompatible pointer type use &ph instead of ph src/tools/pkcs11_eventmgr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 657395da143ce8c532c66a53741bad2c77732366 Author: Ludovic Rousseau Date: Wed Apr 11 07:16:04 2007 +0000 pam_pkcs11.c:393: warning: label 'auth_failed' defined but not used src/pam_pkcs11/pam_pkcs11.c | 1 - 1 file changed, 1 deletion(-) commit c4af4deec50a024bca17285807c3d7789ff66d1c Author: Ludovic Rousseau Date: Wed Apr 11 07:13:56 2007 +0000 digest_mapper.c:114: warning: assignment discards qualifiers from pointer target type src/mappers/digest_mapper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3b77e81207c6102bd5997c1137afc4e087312d96 Author: Ludovic Rousseau Date: Wed Apr 11 07:04:53 2007 +0000 NSS patch from Robert Relyea http://www.opensc-project.org/pipermail/opensc-devel/2007-April/009724.html ------------------------------------------------------------------------ Introduction to the pam_pkcs11-nss.patch This patch adds compile time support for the NSS crypto libraries. It optionally replaces the raw PKCS #11 operations and open SSL certificate processing with functionsprovided by the NSS crypto libraries. This change is controlled by a configure option, '--with-nss' or '--without-nss'. --without-nss is the default. This package requires nss 3.10 as a minimum. When --with-nss is selected, pam_pkcs11 can support the following: 1) multiple simultaeous pkcs #11 modules used for authentication. NSS already handles multiple smart card handlers running at the same time. This means you can configure your box to log in with both CAC and pkcs #12 tokens by loading both sets of modules. This support must be configured in pam_pkcs11, otherwise NSS will only use the user selected pkcs11 module, same as the current direct to pkcs #11 support. 2) Optional OCSP support. This support is built into NSS already. If you compile --with-nss, you can simply turn it on. 3) with --with-nss, pkcs11_eventmgr automatically uses C_WaitForSlotEvent for those tokens that support it, and pull for those that don't. (NSS has this support built in). 4) with --with-nss, any cert key type NSS supports will work correctly (RSA, DSA, ECDSA, etc). 5) nss automatically supports part of the certificate chain stored on the smart card. This allows you to store a single root certificate in the database and keep the intermediates on the token itself. 6) src/common/rsaref is not need to build any of pam_pkcs11 (if --with-nss is used). Other differences when --with-nss and --without-nss: 1) The crl policy is ignored. NSS handles crls automatically already. It uses standard external tools to keep crls up-to-date. 2) The tools will only display user certs, that is certificates for which the token claims to hold the private key for. The patch itself The changes in this patch can be categorized in the following broad categories: 1) build changes. 2) interface changes to make the crypto operations more generic. 3) implement the NSS versions of the base crypto functions. Changes by file ./configure.in: 1. switch between the nss module and the openssl depending on the state of --with-nss. (openssl is the default). 2. added environment variables CRYPO_CFLAGS and CRYPTO_LIBS 3. added the AM conditional HAVE_NSS ./src/common -- This is where most of the NSS specific code lives. Basically the following interface changes were made: ./src/common/pkcs11_lib.c ./src/common/pkcs11_lib.h cert_object_t and pkcs11_handle_t were made opaque handles. Applications no longer have direct access to their member functions members are accessed through accessor functions. These new accessor functions are: find_slot_by_number: Takes a pkcs11_handle_t, an input slot number, and returns a generic slot number and success for failure. The input slot number is the same 'ones' based index into the SlotList. The generic slot number is library specific (NSS now returns the slotID, the non-NSS code returns the 'zero' based index into the SlotList). If the input slot number is zero, the first present smart card is returned. get_slot_label: takes a pkcs11_handle_t and returns the label for the currently opened slot. get_X509_certificate: takes a cert_object_t and returns the X509 Cert. NOTE: the X509 certificate itself has been made into a generic handle which could be either an openssl X509 or an NSS CERTCertificate. see cert_st.h for more info. crypto_init: This function is called to set up the crypto system. It takes a pointer to the cert policy to help setup. While not exactly an accessor function, it is new. In addition to these accessors, the following existing functions have changed: load_pkcs11_module: now allocates a pkcs11_handle_t and returns it. Since pkcs11_handle_t's are opaque, applications no longer know how big they are, and therefore can't allocate them from the stack. get_certificate_list (was get_certificate): returns an array of pointers to cert_object_t's. unlike the short-lived get_certificate_list in the branch, this function actually operates as an accessor function. The returned certificate list is still 'owned' by the pkcs11_handle_t. Subsequent calls to get_certificate_list will return the same array as the previous calls. The array is freed automatically when the pkcs11_handle_t is closed (just as it is in the original base code). This change was necessary because pkcs11_handle_t is no longer accessible (it no longer holds the same data in the different implementations). get_private_key: takes a handle to a cert_object_t. It looks up the private key for that object and returns failure if it can't find it. This change is because the patch gets rid of the chosen cert field. Applications chose the cert and pass the cert directly into this and the sign function. sign_value: takes a cert_object_t. If the cert_object_t does not have a private key, then sign_value will fail. If get_private_key was not called on cert_object_t at some time in the past, sign_value will automatically call it. This change was also motivated by the removal of the chosen_cert field. Another way of implementing the get_private_key/sign_value is to create an new chosen cert accessor function and reverting the implementation for these two functions. The new APIs, however, allow for multiple certs to sign in a single pkcs11_handle_t context. ./src/common/cert_st.h ./src/common/cert_info.h ./src/common/cert_vfy.h The only interface changes here are: 1) adding nss_dir and ocsp_policy to cert_policy_st. 2) changing the definition of X509 depending on whether which cert library we are using (X509 for openSSL, CERTCertificate or NSS). The use of a #define here limitted the extent of the patch in other modules. 3) generic defines for algorithm types. 4) addition of 3 new CERT_Info types. (Issuer, serial number, key algorithm). cert_st.h is a new function, which other files can include in place of ./src/common/cert_info.c ./src/common/cert_vfy.c These basically accepted the new NSS implementations for the certificate verify and info functions. These patches are relatively straight forward. The original API did not need any tweaking. ./src/common/algorithm.c ./src/common/alg_st.h These new files provide generic API's to do access the hash algorithm to pass to cert_info. If access to actual hashing or crypto were needed, the new functions could be added here. Like cert_st.h, alg_st.h replaces the use of ./src/common/NSPRerrs.h ./src/common/SECerrs.h ./src/common/secutil.h ./src/common/SSLerrs.h These new files provide the NSS error message mappings. Changes in ./src/common make up about 65% of the patch. ./src/mappers/*.c The mapper functions were changes to use the generic form of hashing defined in alg_st.h. (mostly replacing with cert_st.h and NULL in cert_info with ALGORITHM_NULL). exceptions: opensc_mapper.c and oopenssh_mapper.c are not implemented for NSS because of the use of BIO directly. These changes make up less than 10 % of the patch. ./src/pam_pkcs11/pam_config.c Added support to fetch nss_dir and ocsp_policy. ./src/pam_pkcs11/pam_pkcs11.c Change to use the new API. These changes include: 1) calling the new crypto_init function instead of the various openSSL init functions. 2) pam_pkcs11 now holds a pointer to the pkcs11_handle_t rather than a static version. A large number of diffs are simply changing &ph to ph. 3) Use the accessor functions to get the slotnum and the cert list. 4) chosen_cert is now a local variable rather than a field in pkcs11_handle_t 5) move pkcs11_login back before the get_certificate_list. Some tokens need be to authenticated before we can read the certificates. More importantly, the NSS cert code is only returning user certificates (certificates with the private keys). Only a small number of tokens know now to identify user certificates if you aren't logged in. Since this change is a reversion of a previous change in this version of pam_pkcs11, we may need to do more to reconcile it. Perhaps putting explicit #ifdef HAVE_NSS around the early login, adding a later login with #ifndef HAVE_NSS. 6) the get_private_key call was moved into sign_value, so it's removed from pam_pkcs11 itself. It would be easy to revert this change and continue to call get_private_key directly. ./src/tools/pkcs11_eventmgr.c pkcs11_eventmgr is basically 2 implementations of the pkcs11_eventmgr stitched together with ifdefs. A reasonable todo would be to build the proper generic interfaces to have a 'clean' pkcs11_eventmgr and hide the details in src/common/pkcs11_lib.c like we do with all the rest. The existing code doesn't even use the generic init calls that already exist. ./src/tools/*.c [the rest] The same type of generic changes made to pam_pkcs11.c configure.in | 39 +- src/common/Makefile.am | 7 +- src/common/cert_info.c | 235 +++++++++++- src/common/cert_info.h | 10 +- src/common/cert_vfy.c | 58 ++- src/common/cert_vfy.h | 13 +- src/common/debug.c | 2 +- src/common/error.h | 7 + src/common/pkcs11_lib.c | 832 ++++++++++++++++++++++++++++++++++++++----- src/common/pkcs11_lib.h | 54 +-- src/mappers/Makefile.am | 3 +- src/mappers/cn_mapper.c | 8 +- src/mappers/digest_mapper.c | 20 +- src/mappers/generic_mapper.c | 6 +- src/mappers/krb_mapper.c | 8 +- src/mappers/ldap_mapper.c | 4 +- src/mappers/mail_mapper.c | 6 +- src/mappers/mapper.h | 2 +- src/mappers/ms_mapper.c | 8 +- src/mappers/null_mapper.c | 2 +- src/mappers/opensc_mapper.c | 12 +- src/mappers/openssh_mapper.c | 12 +- src/mappers/pwent_mapper.c | 10 +- src/mappers/subject_mapper.c | 12 +- src/mappers/uid_mapper.c | 8 +- src/pam_pkcs11/Makefile.am | 5 +- src/pam_pkcs11/mapper_mgr.c | 2 +- src/pam_pkcs11/mapper_mgr.h | 3 +- src/pam_pkcs11/pam_config.c | 21 +- src/pam_pkcs11/pam_pkcs11.c | 127 +++---- src/tools/Makefile.am | 6 +- src/tools/pkcs11_eventmgr.c | 250 ++++++++++++- src/tools/pkcs11_inspect.c | 67 ++-- src/tools/pkcs11_listcerts.c | 87 ++--- src/tools/pklogin_finder.c | 66 ++-- 35 files changed, 1609 insertions(+), 403 deletions(-) commit b71688df42b044634556faedec6a3bdb13d232b0 Author: Ludovic Rousseau Date: Wed Apr 4 13:50:05 2007 +0000 svn propset svn:keywords Id commit c426014f85ad9be6d40ea8000be2dcdb85cf1a57 Author: Ludovic Rousseau Date: Wed Apr 4 13:49:14 2007 +0000 use $Id:$ instead of $Id$ src/common/debug.c | 2 +- src/common/debug.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit b2edf872f9943837c1f972d2c7559d7f295601ec Author: Ludovic Rousseau Date: Wed Apr 4 13:45:13 2007 +0000 use ERR() (instead of DBG()) in case of errors src/tools/pkcs11_inspect.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) commit 12f9a2c39478e3cee558e95ff0d4cd8520b04d40 Author: Ludovic Rousseau Date: Wed Apr 4 13:44:44 2007 +0000 add support for ERR?() macros src/common/debug.c | 9 +++++++-- src/common/debug.h | 7 +++++++ 2 files changed, 14 insertions(+), 2 deletions(-) commit 2048fe4745525de878e14ce0c893ecf5812b2b8a Author: Ludovic Rousseau Date: Wed Apr 4 09:52:54 2007 +0000 Set svn:keywords Id property to replace $Id$ src/scconf/internal.h | 2 +- src/scconf/lex-parse.l | 2 +- src/scconf/parse.c | 2 +- src/scconf/scconf.c | 2 +- src/scconf/scconf.h | 2 +- src/scconf/sclex.c | 2 +- src/scconf/write.c | 2 +- src/tools/card_eventmgr.c | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) commit dd28746e5522a93021b0171263013bc2dafbf7ac Author: Ludovic Rousseau Date: Wed Apr 4 09:47:38 2007 +0000 display the lib name in case of loading error src/tools/pkcs11_inspect.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit a2e07b453e5ef046d8cbd166f12c2a7bb849f474 Author: Ludovic Rousseau Date: Wed Apr 4 09:43:44 2007 +0000 use $(FOO) instead of @FOO@ src/mappers/Makefile.am | 2 +- src/pam_pkcs11/Makefile.am | 2 +- src/tools/Makefile.am | 10 +++++----- 3 files changed, 7 insertions(+), 7 deletions(-) commit f8504ef7510b406a4f43a8c6419d6ae1d295f5df Author: Andreas Jellinghaus Date: Thu Mar 16 21:38:05 2006 +0000 simply the revision, drop the m4 code. it didn't turn out the way I wanted it (does not contain the _repository_/_branch_ revision). configure.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e7bb9409b8c25979bdc4840bc2469e7ea99d73f4 Author: Andreas Jellinghaus Date: Sun Jan 22 21:16:22 2006 +0000 change to opensc-project till opensc.org dns is back. pam_pkcs11.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 08f5f6b444e8ecdca71f138a1fcad3420776d434 Author: Andreas Jellinghaus Date: Sun Jan 22 21:09:37 2006 +0000 move to opensc-project till opensc.org dns is back. doc/README.mappers | 2 +- doc/export-wiki.sh | 4 ++-- doc/mappers_api.xml | 2 +- doc/pam_pkcs11.xml | 6 +++--- 4 files changed, 7 insertions(+), 7 deletions(-) commit 9954fac2e76677b834fc6c19ee80805f07b31286 Author: Ludovic Rousseau Date: Tue Jan 3 08:20:40 2006 +0000 substitute Revision keyword configure.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 8b4dd4b85e67f7bb979c54e3bcf3fdbfa9ee0f22 Author: Juan Antonio Martinez Date: Mon Jan 2 17:19:16 2006 +0000 use svn revision based version numbers configure.in | 4 ++-- doc/Makefile.am | 8 ++++++-- doc/{doxygen.conf => doxygen.conf.in} | 3 +-- 3 files changed, 9 insertions(+), 6 deletions(-) commit 64c1af0f1d32c5d1c7dfd7e88b4c28879b2e6a28 Author: Juan Antonio Martinez Date: Fri Dec 23 12:27:09 2005 +0000 Add either file or hashdir support for CACerts and local CRL's etc/pam_pkcs11.conf.example | 14 ++-- src/common/cert_vfy.c | 151 ++++++++++++++++++++++++++++++-------------- 2 files changed, 111 insertions(+), 54 deletions(-) commit 72d89f0fee93ced44e2e84692aaa4e89711379b0 Author: Juan Antonio Martinez Date: Fri Dec 23 10:04:54 2005 +0000 Add comodity functions for pathname checks src/common/uri.c | 58 +++++++++++++++++++++++++++++++++++++++++++++++++++++++- src/common/uri.h | 5 +++++ 2 files changed, 62 insertions(+), 1 deletion(-) commit e5abc45c1511c4d9939c0309839d22b3fe4d84df Author: Juan Antonio Martinez Date: Thu Dec 15 15:10:34 2005 +0000 Make pkcs11_listcerts more verbose src/tools/pkcs11_listcerts.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit 59eca33a0cfb4552cecd081ec2c20aa92be9b5c1 Author: Juan Antonio Martinez Date: Thu Dec 15 13:34:52 2005 +0000 Improved extraction of Certificates and Private Keys src/common/pkcs11_lib.c | 275 ++++++++++++++++++------------------------- src/common/pkcs11_lib.h | 15 ++- src/pam_pkcs11/pam_pkcs11.c | 56 ++------- src/tools/pkcs11_inspect.c | 14 +-- src/tools/pkcs11_listcerts.c | 63 +++------- src/tools/pklogin_finder.c | 15 +-- 6 files changed, 166 insertions(+), 272 deletions(-) commit f9b6d68af5d788687ad45ac6452a05b2fffcb2c0 Author: Juan Antonio Martinez Date: Thu Dec 15 10:24:05 2005 +0000 move key_object_t, slot_t and pkcs11_handle_t to pkcs11_lib.h as they are not part of standard RSA headers src/common/pkcs11_lib.h | 25 +++++++++++++++++++++++++ src/common/rsaref/pkcs11.h | 25 ------------------------- 2 files changed, 25 insertions(+), 25 deletions(-) commit 6800828cac0673014c7c21846e8aec7b7eb837a5 Author: Juan Antonio Martinez Date: Mon Dec 12 16:13:02 2005 +0000 Runtime config option for non-null C_Initialize() argument etc/pam_pkcs11.conf.example | 16 ++++++++++++++++ src/common/pkcs11_lib.c | 11 +++-------- src/common/pkcs11_lib.h | 2 +- src/common/rsaref/pkcs11.h | 21 --------------------- src/pam_pkcs11/pam_config.c | 4 ++++ src/pam_pkcs11/pam_config.h | 1 + src/pam_pkcs11/pam_pkcs11.c | 2 +- src/tools/pkcs11_inspect.c | 2 +- src/tools/pkcs11_listcerts.c | 2 +- src/tools/pklogin_finder.c | 2 +- 10 files changed, 29 insertions(+), 34 deletions(-) commit 6b83a3e671cfd6c1f37a0857d332f6f5078439e7 Author: Ludovic Rousseau Date: Mon Dec 12 14:55:25 2005 +0000 do not redefine LIBS and CFLAGS in configure.in but use PTHREAD_LIBS and PTHREAD_CFLAGS in Makefile.am when needed instead configure.in | 2 -- src/common/Makefile.am | 3 ++- 2 files changed, 2 insertions(+), 3 deletions(-) commit ab84aa319cc42409229325dd6edd77f44e4860cc Author: Ludovic Rousseau Date: Mon Dec 12 14:49:09 2005 +0000 do not use AC_DEFINE(HAVE_PTHREAD, 1, ...) since it is already done by ACX_PTHREAD() if its first argument is not defined configure.in | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) commit 12307185f73de51e1d7ed32576402d3fd4c1515e Author: Juan Antonio Martinez Date: Mon Dec 12 13:44:17 2005 +0000 Add native thread support for C_Initialize aclocal/acx_pthread.m4 | 190 ++++++++++++++++++++++++++++++++++++++++++++++++ configure.in | 12 +++ src/common/pkcs11_lib.c | 21 +++++- 3 files changed, 222 insertions(+), 1 deletion(-) commit 637c2abef33ee819e0d4deae7d176286fb046620 Author: Juan Antonio Martinez Date: Sat Dec 10 16:08:21 2005 +0000 Bugfixes + make pkcs11_listcerts behaviour closer to pam module to ease debug src/common/pkcs11_lib.c | 1 - src/pam_pkcs11/pam_pkcs11.c | 1 + src/tools/pkcs11_listcerts.c | 59 +++++++++++++++++++++++++++++++++++++------- 3 files changed, 51 insertions(+), 10 deletions(-) commit 103e9df9310ade275790b56c968f6a548aa542b6 Author: Juan Antonio Martinez Date: Sat Dec 10 13:03:27 2005 +0000 pam module only calls C_Login when really needed src/pam_pkcs11/pam_pkcs11.c | 182 +++++++++++++++++++++++++------------------- 1 file changed, 105 insertions(+), 77 deletions(-) commit e40df308439f42f950a75128c91d85b9c157c1dc Author: Juan Antonio Martinez Date: Sat Dec 10 13:01:41 2005 +0000 Stupid bug in dbg output at pkcs11_listcerts src/tools/pkcs11_listcerts.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d1ad2e04d3ffb969e83e3a504287ae34093abd17 Author: Juan Antonio Martinez Date: Fri Dec 9 13:23:07 2005 +0000 pkcs11_inspect now uses get_certificate_list() src/tools/pkcs11_inspect.c | 42 ++++++++++++++++++------------------------ 1 file changed, 18 insertions(+), 24 deletions(-) commit 75ee29484e03f355651db939ddb0085fe37262c6 Author: Juan Antonio Martinez Date: Fri Dec 9 13:06:33 2005 +0000 pklogin_finder now uses get_certificate_list() src/tools/pkcs11_listcerts.c | 1 + src/tools/pklogin_finder.c | 37 +++++++++++++++++-------------------- 2 files changed, 18 insertions(+), 20 deletions(-) commit 70049e8389f0ea5a98269fbc3dd967669fedc333 Author: Juan Antonio Martinez Date: Fri Dec 9 12:34:26 2005 +0000 Add pkcs11_listcerts tool to enumerate card certificates src/tools/Makefile.am | 7 ++- src/tools/pkcs11_listcerts.c | 142 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 147 insertions(+), 2 deletions(-) commit 9bfc2b765dc4b5275f3787fc033ecceee22a0e8b Author: Juan Antonio Martinez Date: Fri Dec 9 12:32:49 2005 +0000 Add get_certificate_list() to common/pkcs11_lib.c src/common/pkcs11_lib.c | 95 +++++++++++++++++++++++++++++++++++++++++++++++++ src/common/pkcs11_lib.h | 2 ++ 2 files changed, 97 insertions(+) commit 8ad3722bfa8e3fa36045dcf1acd94a2473205f00 Author: Juan Antonio Martinez Date: Fri Dec 9 12:31:09 2005 +0000 Move add_cert() from mappers/opensc_mapper.c to common/cert_info.c src/common/cert_info.c | 29 +++++++++++++++++++++++++++++ src/common/cert_info.h | 8 ++++++++ src/mappers/opensc_mapper.c | 29 ----------------------------- 3 files changed, 37 insertions(+), 29 deletions(-) commit e496762b6f040b851a2a0142e6926579a6095cd2 Author: Juan Antonio Martinez Date: Mon Dec 5 14:17:35 2005 +0000 Documentation updates doc/pam_pkcs11.xml | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) commit 098ff6138d7cb985f2efc62126e87675dabcda52 Author: Juan Antonio Martinez Date: Mon Dec 5 13:56:47 2005 +0000 Perform/skip CA check acording to configuration file src/common/cert_vfy.c | 39 +++++++++++++++++++++++++++++++-------- src/common/cert_vfy.h | 4 +++- src/pam_pkcs11/pam_config.c | 23 +++++++++++------------ src/pam_pkcs11/pam_config.h | 2 -- src/pam_pkcs11/pam_pkcs11.c | 2 +- src/tools/pkcs11_inspect.c | 2 +- src/tools/pklogin_finder.c | 2 +- 7 files changed, 48 insertions(+), 26 deletions(-) commit e79e44ae023b7a7f59112a8c0e745e3f4e8364c4 Author: Juan Antonio Martinez Date: Mon Dec 5 12:51:53 2005 +0000 Perform/Skip signature check according configuration file src/pam_pkcs11/pam_pkcs11.c | 68 ++++++++++++++++++++++++--------------------- 1 file changed, 37 insertions(+), 31 deletions(-) commit 6638576892b59a99389043c90a1e7dd4d783b921 Author: Juan Antonio Martinez Date: Mon Dec 5 11:59:30 2005 +0000 Prepare for configurable ca,crl,and signature verification etc/pam.d_login.example | 2 +- etc/pam_pkcs11.conf.example | 27 +++++++++++-------- src/common/cert_vfy.h | 6 +++++ src/pam_pkcs11/pam_config.c | 64 +++++++++++++++++++++++++++++++++------------ src/pam_pkcs11/pam_config.h | 3 ++- src/pam_pkcs11/pam_pkcs11.c | 2 +- src/tools/pkcs11_inspect.c | 2 +- src/tools/pklogin_finder.c | 2 +- 8 files changed, 76 insertions(+), 32 deletions(-) commit c9ad90f8b781694a11df59dbb836cef9e0d019c4 Author: Juan Antonio Martinez Date: Mon Dec 5 10:33:21 2005 +0000 Get tools using pkcs11_pass_login() src/tools/pkcs11_inspect.c | 24 +++--------------------- src/tools/pklogin_finder.c | 25 ++++--------------------- 2 files changed, 7 insertions(+), 42 deletions(-) commit 00112585039f8f9b8aa0c100405ac0ced89d59a3 Author: Juan Antonio Martinez Date: Mon Dec 5 10:14:44 2005 +0000 Add pkcs11_pass_login() method to pkcs11_lib src/common/pkcs11_lib.c | 32 ++++++++++++++++++++++++++++++++ src/common/pkcs11_lib.h | 1 + 2 files changed, 33 insertions(+) commit 1b2ec1cff3705f2253a51b94f18285d112d10b56 Author: Juan Antonio Martinez Date: Thu Dec 1 12:34:06 2005 +0000 Comment libp11 stuff in configure.in configure.in | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) commit 170e4d71074e70369dbc5c629ca7110ff8be37c3 Author: Juan Antonio Martinez Date: Thu Dec 1 12:30:34 2005 +0000 Rename pkcs11.c to pkcs11_lib.c and add hheader file src/common/Makefile.am | 4 ++-- src/common/{pkcs11.c => pkcs11_lib.c} | 10 +++++--- src/common/pkcs11_lib.h | 43 +++++++++++++++++++++++++++++++++++ src/pam_pkcs11/pam_pkcs11.c | 1 + src/tools/pkcs11_eventmgr.c | 1 + src/tools/pkcs11_inspect.c | 1 + 6 files changed, 55 insertions(+), 5 deletions(-) commit 0c25c10416a1e665279fdc9c3fb4c028927e1b0b Author: Juan Antonio Martinez Date: Wed Nov 30 10:46:23 2005 +0000 Minor change to rsaref/pkcs11_readme src/common/rsaref/PKCS11_README | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit c415f2fe31ba4c200023939af1185de82e3c89f3 Author: Juan Antonio Martinez Date: Wed Nov 30 10:41:41 2005 +0000 Move rsaref files to an independent directory configure.in | 1 + src/common/Makefile.am | 5 +++-- src/common/pkcs11.c | 2 +- src/common/rsaref/Makefile.am | 8 ++++++++ src/common/rsaref/PKCS11_README | 15 +++++++++++++++ src/common/{ => rsaref}/pkcs11.h | 0 src/common/{ => rsaref}/pkcs11f.h | 0 src/common/{ => rsaref}/pkcs11t.h | 0 src/pam_pkcs11/pam_pkcs11.c | 2 +- src/tools/pkcs11_eventmgr.c | 2 +- src/tools/pkcs11_inspect.c | 2 +- src/tools/pklogin_finder.c | 2 +- 12 files changed, 32 insertions(+), 7 deletions(-) commit d8768f41058c5cd78dd4efa5eca5209b9de7b571 Author: Juan Antonio Martinez Date: Wed Nov 30 09:55:11 2005 +0000 Add libp11 support to configure.in configure.in | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) commit af0120e5c5a5c3f51a524e6ac6096d3a101b4381 Author: Ludovic Rousseau Date: Mon Nov 14 15:51:17 2005 +0000 debug_print(): use syslog(3) instead of printf() when stdout is not a tty, for example when using gdm. src/common/debug.c | 31 +++++++++++++++++++++++-------- 1 file changed, 23 insertions(+), 8 deletions(-) commit 2320ac96df427bb99379db1945fc3f179ea7be9a Author: Ludovic Rousseau Date: Mon Oct 3 13:00:16 2005 +0000 rephrase the a "Secure your PAM configuration" paragraph doc/pam_pkcs11.xml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) commit f667a212b038369004e9adb4db7b10b2fecd4340 Author: Ludovic Rousseau Date: Thu Sep 29 13:43:58 2005 +0000 create an empty aclocal directory bootstrap | 1 + 1 file changed, 1 insertion(+) commit aec4e90100b26891fec15dc834ab259893cbd7c4 Author: Ludovic Rousseau Date: Thu Sep 29 13:35:51 2005 +0000 use AC_HELP_STRING configure.in | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit 924f72562f2a9c6b191db48f0c93a629ad804d18 Author: Ludovic Rousseau Date: Thu Sep 29 13:15:55 2005 +0000 files in aclocal/ are not used Makefile.am | 4 +- aclocal/Makefile.am | 5 -- aclocal/acx_pthread.m4 | 190 ------------------------------------------------- aclocal/openssl.m4 | 37 ---------- configure.in | 1 - 5 files changed, 2 insertions(+), 235 deletions(-) commit df695e161404f2620b5a20e6b1804b6be8037aab Author: Ludovic Rousseau Date: Thu Sep 29 13:13:09 2005 +0000 check for OPENSSL before PCSC since the first PKG_CHECK_MODULES() shall not be in an if or some variables will not be initialized configure.in | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) commit 9881a25dd2b3ad0591afb1c4c9647cbd89ff24ec Author: Ludovic Rousseau Date: Thu Sep 29 11:56:27 2005 +0000 improve detection code for PCSC configure.in | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit 870eb8bf6275d71a68479768b5e8b3bc90d2b487 Author: Ludovic Rousseau Date: Thu Sep 29 08:15:19 2005 +0000 The generic_mapper.so is not a external lib anymore (by default) but is internal. Update the configuration sample file to reflect that. Closes ticket #9 "Generic mapper is statically linked by default - config not in sync". Thanks to Ville Skyttä for the bug and patch. etc/pam_pkcs11.conf.example | 3 ++- src/mappers/Makefile.am | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) commit 717e668e0c925db675588c199d05e47bb8bdc8d9 Author: Ludovic Rousseau Date: Thu Sep 29 08:08:56 2005 +0000 comment out example configuration lines so the files can be directly installed by distribution packages. Closes ticket #10. Thanks to Ville Skyttä for the bug report and patch etc/digest_mapping.example | 2 +- etc/mail_mapping.example | 8 ++++---- etc/subject_mapping.example | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) commit 103b21ae474d81f2ed50a6fc829b6de75a1da5a6 Author: Ludovic Rousseau Date: Thu Sep 29 08:05:25 2005 +0000 removed since they are generated from the .xml version and are available from http://www.opensc.org/doc/pam_pkcs11/pam_pkcs11.html and http://www.opensc.org/doc/pam_pkcs11/mappers_api.html doc/mappers_api.html | 548 ----------------------- doc/pam_pkcs11.html | 1210 -------------------------------------------------- 2 files changed, 1758 deletions(-) commit 9a1fe83bf17edd54d1d9cf69eadf49f5b65e6522 Author: Ludovic Rousseau Date: Thu Sep 29 07:58:29 2005 +0000 remove a ' ' before ']' doc/pkcs11_eventmgr.1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ce07f7ca0a2e7887c76fef5ef152cfcfdbce9286 Author: Ludovic Rousseau Date: Tue Sep 27 12:41:23 2005 +0000 play with colors doc/pam_pkcs11.css | 29 ++++++++++++++++++----------- 1 file changed, 18 insertions(+), 11 deletions(-) commit e2caedca58ba4b02df51f53effd68016c6fc9f5b Author: Ludovic Rousseau Date: Tue Sep 27 12:40:51 2005 +0000 regenerate doc/pam_pkcs11.html | 268 +++++++++++++++++++++++++++------------------------- 1 file changed, 138 insertions(+), 130 deletions(-) commit 89e3e05fd70c817b85f057c6e5a0ae64d13ed13c Author: Ludovic Rousseau Date: Tue Sep 27 12:40:33 2005 +0000 corrections doc/pam_pkcs11.xml | 202 +++++++++++++++++++++++++++-------------------------- 1 file changed, 104 insertions(+), 98 deletions(-) commit d23d1b35519642e7fbaf25bff3860bf0f57e5389 Author: Ludovic Rousseau Date: Mon Sep 26 06:48:22 2005 +0000 Use LPSTR instead of LPTSTR to compile with pcsc-lite 1.2.0 Thanks to Ville Skytta for the bug report src/tools/card_eventmgr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a661f530be02d12e381404c2bdfa18be2cea75d3 Author: Ludovic Rousseau Date: Wed Sep 14 09:51:41 2005 +0000 use -nv instead of --non-verbose since wget 1.10 now uses --no-verbose instead. Grr! doc/export-wiki.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit c18c8574a08311cce942a305a31f1f4310c08c09 Author: Ludovic Rousseau Date: Tue Sep 13 12:49:06 2005 +0000 Do not just use PKG_CHECK_MODULES() to test the presence of pcsc-lite but also check for winscard.h and libpcsclite Some distributions do not provide libpcsclite.pc (like SuSE 9.3) configure.in | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) commit fa5b394b0523fd9254ddc2a8dea7a984699bceac Author: Juan Antonio Martinez Date: Sat Sep 10 07:59:49 2005 +0000 Many fixes to get 'gcc -Wall -pedantic' friendly src/common/cert_info.c | 13 +++++++------ src/common/uri.c | 12 ++++++------ src/mappers/ldap_mapper.c | 3 +-- src/mappers/null_mapper.c | 3 +++ src/mappers/opensc_mapper.c | 1 - src/mappers/openssh_mapper.c | 3 +-- src/pam_pkcs11/mapper_mgr.c | 2 +- src/pam_pkcs11/pam_config.c | 9 +++++---- src/tools/card_eventmgr.c | 11 +++++++---- src/tools/pkcs11_eventmgr.c | 5 +++-- 10 files changed, 34 insertions(+), 28 deletions(-) commit 57bfc5a119ae7dc75d63c72b0c0811a28c262c6f Author: Juan Antonio Martinez Date: Thu Sep 8 18:23:53 2005 +0000 Patches from AJ to sync to all others OpenSC projects Makefile.am | 8 ++------ bootstrap | 1 - doc/Makefile.am | 5 ++++- src/common/Makefile.am | 2 +- src/mappers/Makefile.am | 2 +- src/pam_pkcs11/Makefile.am | 4 ++-- src/tools/Makefile.am | 6 +++--- 7 files changed, 13 insertions(+), 15 deletions(-) commit bd9e12c89f2af0169adf50e697e60473031eb82b Author: Juan Antonio Martinez Date: Thu Sep 8 15:41:18 2005 +0000 Changelog NEWS and README's updates ChangeLog | 3 +++ NEWS | 6 ++++++ doc/README.mappers | 47 ++++++++++++++++++++++++++--------------------- 3 files changed, 35 insertions(+), 21 deletions(-) commit beb72ab61a169e929b92dd9dfdf432c1a4e2fa2c Author: Juan Antonio Martinez Date: Wed Sep 7 19:54:10 2005 +0000 Add Ville Skytta to AUTHORS (original pam_pkcs11.spec file) AUTHORS | 3 +++ 1 file changed, 3 insertions(+) commit 13b4aee6cff9afdf7db8c724e1c9690a3785f065 Author: Juan Antonio Martinez Date: Wed Sep 7 18:59:33 2005 +0000 More changes to 'pam_pkcs11.spec' from FC4 team pam_pkcs11.spec | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) commit 5ce450c32e11501dff5b3ee47da2aac97f0419aa Author: Juan Antonio Martinez Date: Wed Sep 7 17:35:24 2005 +0000 Fix license to be LGPL in pam_pkcs11.spec file pam_pkcs11.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f245dc04e46038fdd281856b6d94b74a651de7b0 Author: Juan Antonio Martinez Date: Wed Sep 7 16:58:52 2005 +0000 pam_pkcs11.spec: create independent 'pam_pkcs11-ldap' package pam_pkcs11.spec | 31 +++++++++++++++++++++++++++---- 1 file changed, 27 insertions(+), 4 deletions(-) commit abc6ec9b93d2d567f6f283212cad3c9931fd8dab Author: Juan Antonio Martinez Date: Wed Sep 7 12:52:57 2005 +0000 Changed 'LDAP_SCOPE_SUB' to 'LDAP_SCOPE_SUBTREE' in ldap_mapper.c src/mappers/ldap_mapper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a337ea4920f5da879e08303865cdcee3bab99680 Author: Ludovic Rousseau Date: Wed Sep 7 12:22:19 2005 +0000 regenerate doc/mappers_api.html | 61 ++++++++++++++++++++++++++++++---------------------- 1 file changed, 35 insertions(+), 26 deletions(-) commit 12c1f27257eeac1f235cd058bcb2e6c1602676e4 Author: Ludovic Rousseau Date: Wed Sep 7 12:22:07 2005 +0000 regenerate doc/pam_pkcs11.html | 84 ++++++++++++++++++++++++++--------------------------- 1 file changed, 42 insertions(+), 42 deletions(-) commit ffac13ee9d153150e99efd317d1ee13813c46a81 Author: Juan Antonio Martinez Date: Wed Sep 7 11:17:52 2005 +0000 More 'TODO' updates TODO | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 337e6e427a5e1e84f6e06d934091a526158cf044 Author: Juan Antonio Martinez Date: Wed Sep 7 10:48:06 2005 +0000 Changelog updates ChangeLog | 15 +++++++++++++++ 1 file changed, 15 insertions(+) commit 44f457d1b554d56379cc22e147b57ea7dcdff22f Author: Juan Antonio Martinez Date: Wed Sep 7 10:40:48 2005 +0000 'TODO' roadmap updated TODO | 41 +++++++++++++++++++++++++++++++---------- 1 file changed, 31 insertions(+), 10 deletions(-) commit 0728158f1e038eea65ceb735923d17b0c760c794 Author: Juan Antonio Martinez Date: Wed Sep 7 10:21:14 2005 +0000 ldap_mapper.c: add finder() and entries() methods. Update AUTHORS file AUTHORS | 3 +++ src/mappers/ldap_mapper.c | 64 ++++++++++++++++++++++++++++++++--------------- 2 files changed, 47 insertions(+), 20 deletions(-) commit 3374f26ef68e5b551aa6655ff7195c7dafa52cf2 Author: Juan Antonio Martinez Date: Wed Sep 7 10:02:50 2005 +0000 opensc_mapper.c: Fixes in comments and debug output src/mappers/opensc_mapper.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) commit 13e403c802afa7bb415cd698fc9e6723877c5a4a Author: Juan Antonio Martinez Date: Wed Sep 7 09:13:07 2005 +0000 configure.in: Add '-lldap' and '-lcurl' to LIBS when needed configure.in | 2 ++ 1 file changed, 2 insertions(+) commit 858643bda6f6f9b29bc4029206fa6b71e7c00409 Author: Juan Antonio Martinez Date: Wed Sep 7 08:44:12 2005 +0000 rename 'docs' to 'doc' {docs => doc}/Makefile.am | 0 {docs => doc}/README.autologin | 0 {docs => doc}/README.eventmgr | 0 {docs => doc}/README.ldap_mapper | 0 {docs => doc}/README.mappers | 0 {docs => doc}/card_eventmgr.1 | 0 {docs => doc}/doxygen.conf | 0 {docs => doc}/export-wiki.sh | 0 {docs => doc}/export-wiki.xsl | 0 {docs => doc}/generate-api.sh | 0 {docs => doc}/mappers_api.html | 0 {docs => doc}/mappers_api.xml | 0 {docs => doc}/pam_pkcs11.8 | 0 {docs => doc}/pam_pkcs11.css | 0 {docs => doc}/pam_pkcs11.html | 0 {docs => doc}/pam_pkcs11.xml | 0 {docs => doc}/pam_pkcs11.xsl | 0 {docs => doc}/pkcs11_eventmgr.1 | 0 {docs => doc}/pkcs11_inspect.1 | 0 {docs => doc}/pklogin_finder.1 | 0 20 files changed, 0 insertions(+), 0 deletions(-) commit 0f39d761c01a7dfd5f3ec0463d65d8f319a19d61 Author: Juan Antonio Martinez Date: Wed Sep 7 08:09:55 2005 +0000 Change files to use directory 'doc' instead of 'docs' Makefile.am | 6 +++--- configure.in | 2 +- docs/doxygen.conf | 2 +- docs/generate-api.sh | 2 +- pam_pkcs11.spec | 10 +++++----- 5 files changed, 11 insertions(+), 11 deletions(-) commit 1cb4dc73888e30a867752e3ffc7910972e179b5a Author: Juan Antonio Martinez Date: Wed Sep 7 07:50:08 2005 +0000 missing #endif in ldap_mapper.c src/mappers/ldap_mapper.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 8044846b88bcbedf6de2dc0f90a8770b13f263c4 Author: Juan Antonio Martinez Date: Wed Sep 7 07:11:59 2005 +0000 Set cURL,LDAP,DocBook as configure options in configure.in configure.in | 154 +++++++++++++++++++++++++++++++++++++++++------------------ 1 file changed, 108 insertions(+), 46 deletions(-) commit 2133fb4ed87d1020622c85ed98a75f381af5f881 Author: Juan Antonio Martinez Date: Wed Sep 7 07:08:32 2005 +0000 Update ldap mapper configuration data in pam_pkcs11.conf.example etc/pam_pkcs11.conf.example | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) commit 066dba842bd0ff5f933a0a0b4f3e54c1578d430e Author: Juan Antonio Martinez Date: Wed Sep 7 07:06:17 2005 +0000 Add src/common/uri.c conditional compilation of cURL and LDAP support src/common/uri.c | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) commit c65add405976f9428e22cbac928f48fac3fe094b Author: Juan Antonio Martinez Date: Wed Sep 7 07:03:04 2005 +0000 Preliminary version of LDAP mapper src/mappers/ldap_mapper.c | 196 +++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 185 insertions(+), 11 deletions(-) commit 98e8b56e98bdc9d54cbcc339ef9f07609c565592 Author: Juan Antonio Martinez Date: Wed Sep 7 06:56:24 2005 +0000 Compile LDAP mapper only if ldap support is included src/mappers/Makefile.am | 9 +++++++-- src/mappers/mapperlist.c | 4 ++++ 2 files changed, 11 insertions(+), 2 deletions(-) commit 030ff822b9e1df40b62c3ddad83ff9092b9622cf Author: Juan Antonio Martinez Date: Wed Sep 7 06:53:52 2005 +0000 Fix /home/jantonio/.ssh/authorized_keys filename generation src/mappers/openssh_mapper.c | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) commit a4ebc79d5430d66130556977730effd8fe9d132d Author: Juan Antonio Martinez Date: Wed Sep 7 06:52:10 2005 +0000 Add header files to libscconf_la_SOURCES in src/scconf/Makefile.am src/scconf/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d9860224a6f198c0c1f7ba95c371a732d6cee64b Author: Juan Antonio Martinez Date: Tue Sep 6 09:41:40 2005 +0000 Add README.ldap_mapper documentation file docs/Makefile.am | 2 +- docs/README.ldap_mapper | 129 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 130 insertions(+), 1 deletion(-) commit 95a5dad8f182d85f3133c005cbcff00e99eed51e Author: Juan Antonio Martinez Date: Tue Sep 6 07:37:55 2005 +0000 OpenSSH mapper: move auth_keys filename composition out of key parsing routines src/mappers/openssh_mapper.c | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) commit 41d208792809fb69c1af12217021d77104818cfd Author: Juan Antonio Martinez Date: Tue Sep 6 07:10:22 2005 +0000 Add email if found to ssh-pubk output of openssh_mapper::inspect() src/common/cert_info.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) commit d426b9b9c259561bd23dc9686d8b995cf8e897b9 Author: Juan Antonio Martinez Date: Mon Sep 5 17:26:21 2005 +0000 cert_info.c::cert_info_sshpuk() fixed. OpenSSH mapper written docs/mappers_api.xml | 2 +- src/common/base64.c | 88 +++++------ src/common/base64.h | 3 +- src/common/cert_info.c | 121 ++++++++++++--- src/mappers/openssh_mapper.c | 344 ++++++++++++++++++++++++++++++++----------- src/pam_pkcs11/mapper_mgr.c | 2 +- 6 files changed, 398 insertions(+), 162 deletions(-) commit dd0247be4b0ac5571858ac689b4b008d105193e9 Author: Juan Antonio Martinez Date: Mon Sep 5 09:00:41 2005 +0000 Remove redundant base64_to_bin() at cert_vfy.c src/common/base64.c | 4 ++-- src/common/cert_vfy.c | 48 ++---------------------------------------------- 2 files changed, 4 insertions(+), 48 deletions(-) commit 13fc275e7e8d7266d713ae31d432d771fab2fbed Author: Ludovic Rousseau Date: Mon Sep 5 06:46:34 2005 +0000 make export-wiki.sh and generate-api.sh executable docs/export-wiki.sh | 0 docs/generate-api.sh | 0 2 files changed, 0 insertions(+), 0 deletions(-) commit a75b3d645ee37c295602d063bb8bd20b3901c6dc Author: Juan Antonio Martinez Date: Sat Sep 3 11:18:16 2005 +0000 Add base64 API encoding functions to properly handle rsa-ssh keys docs/mappers_api.xml | 14 +++++ src/common/Makefile.am | 12 ++-- src/common/base64.c | 158 +++++++++++++++++++++++++++++++++++++++++++++++++ src/common/base64.h | 51 ++++++++++++++++ src/common/uri.c | 3 +- 5 files changed, 232 insertions(+), 6 deletions(-) commit 5fd43505d092abd44a090e9ef9edb90a19ccd20c Author: Juan Antonio Martinez Date: Sat Sep 3 10:24:53 2005 +0000 mapper.h cert_vfy.[ch] doxygen updates. Mapper api doc updates docs/mappers_api.xml | 8 +++ src/common/cert_vfy.c | 2 + src/common/cert_vfy.h | 56 +++++++++++++++--- src/mappers/mapper.h | 157 ++++++++++++++++++++++++++++++++++++++------------ 4 files changed, 178 insertions(+), 45 deletions(-) commit e85a3d5e00689ab6d516038259aece0e0894609a Author: Juan Antonio Martinez Date: Sat Sep 3 09:27:11 2005 +0000 Make cert_info.[ch] and uri.[ch] doxygen aware src/common/cert_info.c | 6 +++--- src/common/cert_info.h | 53 ++++++++++++++++++++++++++++++-------------------- src/common/uri.c | 2 ++ src/common/uri.h | 36 +++++++++++++++++++++++++++++----- 4 files changed, 68 insertions(+), 29 deletions(-) commit 25a2c7fef37482667c75f39b903a954d3873f94b Author: Juan Antonio Martinez Date: Sat Sep 3 08:48:27 2005 +0000 Make error.[ch] and debug.[ch] doxygen aware docs/doxygen.conf | 4 ++-- src/common/debug.h | 41 ++++++++++++++++++++++++++++++++--------- src/common/error.c | 17 ++++++++++++----- src/common/error.h | 35 ++++++++++++++++++++++++----------- 4 files changed, 70 insertions(+), 27 deletions(-) commit 92749f6681ab5c7cbd912f0408544976520a0d22 Author: Juan Antonio Martinez Date: Fri Sep 2 19:47:49 2005 +0000 Make src/common/string.h doxygen friendly docs/doxygen.conf | 4 +-- src/common/strings.h | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 80 insertions(+), 2 deletions(-) commit 85051c62eb204d73a4880e9d40f6e10ec0366004 Author: Juan Antonio Martinez Date: Fri Sep 2 12:19:01 2005 +0000 added doxygen API documentation at 'make dist' Makefile.am | 8 +- docs/Makefile.am | 11 +- docs/doxygen.conf | 1225 +++++++++++++++++++++++++++++++++++++++++++++++++- docs/export-wiki.sh | 48 ++ docs/export-wiki.xsl | 58 +++ docs/generate-api.sh | 23 + 6 files changed, 1359 insertions(+), 14 deletions(-) commit bdd1792fcdd5d569678fd5c7ee1c5bc534d01624 Author: Juan Antonio Martinez Date: Fri Sep 2 10:11:47 2005 +0000 Do 'make maintainer-clean' work according OpenSC Team convention Makefile.am | 14 +++++++++++++- aclocal/Makefile.am | 2 ++ docs/Makefile.am | 2 ++ etc/Makefile.am | 2 ++ src/Makefile.am | 2 ++ src/common/Makefile.am | 2 ++ src/mappers/Makefile.am | 2 ++ src/pam_pkcs11/Makefile.am | 2 ++ src/scconf/Makefile.am | 2 ++ src/tools/Makefile.am | 2 ++ tools/Makefile.am | 2 ++ 11 files changed, 33 insertions(+), 1 deletion(-) commit 0ff3a6c7342fcd4758f8767bef960f9189cbd9ff Author: Juan Antonio Martinez Date: Thu Sep 1 20:02:09 2005 +0000 Revert install path of pam_pkcs11.so as broke some 'make distcheck' pam_pkcs11.spec | 2 +- src/pam_pkcs11/Makefile.am | 6 ++---- 2 files changed, 3 insertions(+), 5 deletions(-) commit 48ce4a5a8d32917c94ee4ae91c9ba4069f43a1dd Author: Juan Antonio Martinez Date: Thu Sep 1 13:20:51 2005 +0000 ChangeLog updated ChangeLog | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) commit 6d733103867e3142005f2fd2dc3d52a28544216e Author: Juan Antonio Martinez Date: Thu Sep 1 13:04:10 2005 +0000 OpenSC mapper implementation based on AJ's pam_opensc source code AUTHORS | 7 ++ src/mappers/opensc_mapper.c | 214 ++++++++++++++++++++++++-------------------- 2 files changed, 122 insertions(+), 99 deletions(-) commit 9312274c3d9daa4920159af8342430548100a50e Author: Juan Antonio Martinez Date: Thu Sep 1 11:17:41 2005 +0000 Do not install pam_pkcs11.la and pam_pkcs11.a src/pam_pkcs11/Makefile.am | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit a7f44ef43f960a4b9f9fbaf841cc580cdb1afc36 Author: Juan Antonio Martinez Date: Thu Sep 1 11:13:38 2005 +0000 pam_pkcs11.so to be installed under /lib/security instead of /usr/lib/security pam_pkcs11.spec | 4 ++-- src/pam_pkcs11/Makefile.am | 8 +++++--- 2 files changed, 7 insertions(+), 5 deletions(-) commit 1c4e8fcc9d56fcdb7bcc3f735710d3ea8184e5e4 Author: Juan Antonio Martinez Date: Thu Sep 1 10:22:28 2005 +0000 pam_pkcs11.spec updates: create pam_pkcs11 and pam_pkcs11-pcsc RPM packages pam_pkcs11.spec | 55 +++++++++++++++++++++++++++++++------------------------ 1 file changed, 31 insertions(+), 24 deletions(-) commit 7cf2db381bfd277cc7bfdb3f26bea4ce0d6c86ee Author: Juan Antonio Martinez Date: Wed Aug 31 18:44:36 2005 +0000 Updated pam_pkcs11.xml to reflect changes in mapper API and doc docs/pam_pkcs11.html | 153 +++++++++++++++++++++++++++++++-------------------- docs/pam_pkcs11.xml | 84 ++++++++++++++++++++-------- 2 files changed, 154 insertions(+), 83 deletions(-) commit d14ce7d2dbe1cdfbe2126ba162d8fe607728a022 Author: Juan Antonio Martinez Date: Wed Aug 31 18:23:22 2005 +0000 Set to be statically linked those mappers that no depends on external libraries docs/mappers_api.html | 52 ++++++++++++++--------------- etc/pam_pkcs11.conf.example | 21 ++++++++---- src/mappers/Makefile.am | 79 ++++++++++++++++++++++++--------------------- src/mappers/ldap_mapper.c | 1 + src/mappers/pwent_mapper.c | 2 +- 5 files changed, 85 insertions(+), 70 deletions(-) commit 8881fbf013e66b686755b0c8e716cca6987bdc13 Author: Juan Antonio Martinez Date: Wed Aug 31 18:05:16 2005 +0000 Mapper API documentation writting finished docs/mappers_api.html | 94 +++++++++++++++++++++++++++++++++++++-------------- docs/mappers_api.xml | 91 +++++++++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 156 insertions(+), 29 deletions(-) commit c17351a7f736f3f8d5e329c7ed8e9f9fb5caa90f Author: Juan Antonio Martinez Date: Wed Aug 31 16:12:55 2005 +0000 Fixed sample code in Mapper API doc docs/mappers_api.html | 57 ++++++++++++++++++++++++++------------------------- docs/mappers_api.xml | 9 ++++---- 2 files changed, 34 insertions(+), 32 deletions(-) commit 9e167c0d2b9e27e991b591a1b2c588976e1ac5d0 Author: Juan Antonio Martinez Date: Wed Aug 31 16:05:31 2005 +0000 More work in Mapper API documentation... docs/mappers_api.html | 92 ++++++++++++++++++++++++++++++++++++--------------- docs/mappers_api.xml | 91 +++++++++++++++++++++++++++++++++++++++++++++++--- 2 files changed, 152 insertions(+), 31 deletions(-) commit 1ae9989fd02e6d0258ab981bd498ce107ec1db9a Author: Juan Antonio Martinez Date: Wed Aug 31 14:50:41 2005 +0000 Assume static mapper with default settings when no mapper configuration block is provided src/pam_pkcs11/mapper_mgr.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit 9489443fab849b648877db29e7322ed88b7a6abe Author: Juan Antonio Martinez Date: Wed Aug 31 14:33:19 2005 +0000 Proper handling of debug_level on enter/exit mapper(s) code src/mappers/mapper.h | 1 + src/pam_pkcs11/mapper_mgr.c | 24 ++++++++++++++++++++++-- 2 files changed, 23 insertions(+), 2 deletions(-) commit fa96e9d5432b9a59432a4661fb370fe105b05b89 Author: Ludovic Rousseau Date: Wed Aug 31 14:18:44 2005 +0000 add a HOWTO chapter docs/pam_pkcs11.html | 306 ++++++++++++++++++++++++++++++++------------ docs/pam_pkcs11.xml | 352 +++++++++++++++++++++++++++++++++++++++++++++------ 2 files changed, 541 insertions(+), 117 deletions(-) commit f4f14888f76f3a54d2a99a9494ba283e276407a9 Author: Ludovic Rousseau Date: Wed Aug 31 14:04:45 2005 +0000 remove paths from the executed commands etc/card_eventmgr.conf.example | 8 ++++---- etc/pkcs11_eventmgr.conf.example | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) commit b818fc085dd2eea0afa6ec0cb0e9b8e35376b6d7 Author: Ludovic Rousseau Date: Wed Aug 31 12:53:35 2005 +0000 pam_sm_authenticate(): check if DISPLAY is defined before checking if it is a local or remote login src/pam_pkcs11/pam_pkcs11.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) commit ce740492e6b59d1906819514323d99dcdd5623b5 Author: Juan Antonio Martinez Date: Wed Aug 31 12:31:16 2005 +0000 Mapper API documentation update docs/mappers_api.html | 88 +++++++++++++++++++++++++++++++++------------------ docs/mappers_api.xml | 73 ++++++++++++++++++++++++++++++++---------- src/common/debug.c | 10 +++--- src/common/debug.h | 9 ++++-- src/mappers/mapper.h | 2 +- 5 files changed, 129 insertions(+), 53 deletions(-) commit ffbbcc1bb70d0c8c0c64965997d358db4a04abab Author: Ludovic Rousseau Date: Wed Aug 31 12:14:40 2005 +0000 inspect_certificate(): print "Printing data for mapper %s" on stdout instead of debug output. src/pam_pkcs11/mapper_mgr.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) commit 5fe3ecc67e912cf2e5bb9d62f590745195119e4b Author: Ludovic Rousseau Date: Wed Aug 31 12:09:22 2005 +0000 add definition of DBG5 if no debug is used src/common/debug.h | 1 + 1 file changed, 1 insertion(+) commit 70960ad47752deec4a9a5a8c684fdc38a9781ee6 Author: Juan Antonio Martinez Date: Wed Aug 31 11:33:26 2005 +0000 Set default values in mappers. Config file fixes docs/pam_pkcs11.html | 371 ++++++++++++++++++++++++------------------- etc/pam_pkcs11.conf.example | 6 +- src/mappers/cn_mapper.c | 7 +- src/mappers/digest_mapper.c | 10 +- src/mappers/generic_mapper.c | 12 +- src/mappers/krb_mapper.c | 3 +- src/mappers/mail_mapper.c | 8 +- src/mappers/ms_mapper.c | 7 +- src/mappers/null_mapper.c | 13 +- src/mappers/opensc_mapper.c | 5 +- src/mappers/openssh_mapper.c | 8 +- src/mappers/pwent_mapper.c | 7 +- src/mappers/subject_mapper.c | 7 +- src/mappers/uid_mapper.c | 7 +- src/pam_pkcs11/mapper_mgr.c | 2 +- 15 files changed, 281 insertions(+), 192 deletions(-) commit a88ad948008a6cae29db1f6a36b248f360480050 Author: Ludovic Rousseau Date: Wed Aug 31 11:27:48 2005 +0000 @LIBMAPPERS@ already includes @LIBSCCONF@ @LIBCOMMON@ and @OPENSSL_LIBS@ src/tools/Makefile.am | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 0df126ca1bce6c8b095cc94604647afe0790af64 Author: Ludovic Rousseau Date: Wed Aug 31 09:59:53 2005 +0000 @LIBMAPPERS@ alredy include @LIBSCCONF@ @LIBCOMMON@ so we can remove them here src/pam_pkcs11/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4108afe52eee08615ac006b95cf46590f221e8f4 Author: Ludovic Rousseau Date: Wed Aug 31 09:59:17 2005 +0000 libmappers.la uses functions from scconf/ and common/ so we link with these libraries src/mappers/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 507455555cc89ac6ff3dc120b94e945037d99cfb Author: Ludovic Rousseau Date: Wed Aug 31 09:57:39 2005 +0000 libcommon_la_LIBADD = @OPENSSL_LIBS@ We use OpenSSL so we link with it src/common/Makefile.am | 1 + 1 file changed, 1 insertion(+) commit 9f155d5985f8617b1f514384dfe3ee42b3769496 Author: Ludovic Rousseau Date: Wed Aug 31 09:54:52 2005 +0000 load_module(): initialise res variable to NULL to avoid a compiler warning src/pam_pkcs11/mapper_mgr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e4ea513d74baef0e48610163a4816cfb3dc450da Author: Ludovic Rousseau Date: Wed Aug 31 07:59:36 2005 +0000 default OpenSC module is now /usr/lib/opensc-pkcs11.so src/tools/pkcs11_eventmgr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7511285cbb3c96ac8632a6c99a1ac4fb71ac997d Author: Ludovic Rousseau Date: Wed Aug 31 07:37:10 2005 +0000 improve comments etc/card_eventmgr.conf.example | 4 ++-- etc/pkcs11_eventmgr.conf.example | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) commit 03398541bac2b2bde85addea6651d5af57898666 Author: Juan Antonio Martinez Date: Tue Aug 30 18:40:28 2005 +0000 Mapper API manual update docs/mappers_api.html | 116 ++++++++++++++++++++++++++++++++++++--------- docs/mappers_api.xml | 128 +++++++++++++++++++++++++++++++++++++++++++++----- 2 files changed, 211 insertions(+), 33 deletions(-) commit 6ccc2aad50b606e8bcf74942325bfa963fff6266 Author: Juan Antonio Martinez Date: Tue Aug 30 17:20:11 2005 +0000 Simplify and optimize mapper interface docs/mappers_api.html | 76 +++++++++++++++++------------------------ docs/mappers_api.xml | 46 ++++++++++--------------- src/mappers/cn_mapper.c | 53 ++++++++++++----------------- src/mappers/cn_mapper.h | 3 +- src/mappers/digest_mapper.c | 52 ++++++++++++---------------- src/mappers/digest_mapper.h | 3 +- src/mappers/generic_mapper.c | 55 +++++++++++++----------------- src/mappers/generic_mapper.h | 3 +- src/mappers/krb_mapper.c | 51 ++++++++++++---------------- src/mappers/krb_mapper.h | 3 +- src/mappers/ldap_mapper.c | 27 ++++++++------- src/mappers/ldap_mapper.h | 3 +- src/mappers/mail_mapper.c | 52 ++++++++++++---------------- src/mappers/mail_mapper.h | 3 +- src/mappers/mapper.h | 81 ++++++++++++++------------------------------ src/mappers/mapperlist.c | 28 +++++++-------- src/mappers/mapperlist.h | 3 +- src/mappers/ms_mapper.c | 51 ++++++++++++---------------- src/mappers/ms_mapper.h | 3 +- src/mappers/null_mapper.c | 48 +++++++++++--------------- src/mappers/null_mapper.h | 3 +- src/mappers/opensc_mapper.c | 80 +++++++++++++++++-------------------------- src/mappers/opensc_mapper.h | 3 +- src/mappers/openssh_mapper.c | 51 ++++++++++++---------------- src/mappers/openssh_mapper.h | 3 +- src/mappers/pwent_mapper.c | 50 ++++++++++++--------------- src/mappers/pwent_mapper.h | 3 +- src/mappers/subject_mapper.c | 50 ++++++++++++--------------- src/mappers/subject_mapper.h | 3 +- src/mappers/uid_mapper.c | 50 ++++++++++++--------------- src/mappers/uid_mapper.h | 3 +- src/pam_pkcs11/mapper_mgr.c | 41 ++++++++++------------ src/pam_pkcs11/mapper_mgr.h | 10 +++--- 33 files changed, 402 insertions(+), 592 deletions(-) commit 9bdf7add3ae2a8ee1474c5da38fec406af1e0d5c Author: Ludovic Rousseau Date: Tue Aug 30 14:58:57 2005 +0000 update docs/pam_pkcs11.xml | 427 +++++++++++++++++++++++++++++++++------------------- 1 file changed, 271 insertions(+), 156 deletions(-) commit d5165313017ffbf7692dda97aec33fea8d573054 Author: Juan Antonio Martinez Date: Tue Aug 30 13:15:54 2005 +0000 add mappers_api.html to svn tarball docs/mappers_api.html | 366 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 366 insertions(+) commit ef789abef756aedf807f86f8dcf8a0d111535e5c Author: Juan Antonio Martinez Date: Tue Aug 30 12:49:51 2005 +0000 stupid bug in docs/Makefile.am docs/Makefile.am | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 8a2cd6d85121b468cf7cab13a498067b9b32a09a Author: Juan Antonio Martinez Date: Tue Aug 30 12:46:27 2005 +0000 Add Mappers API documentation (wip) docs/Makefile.am | 2 +- docs/mappers_api.xml | 605 +++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 606 insertions(+), 1 deletion(-) commit 9e222b8cf6e7903337c008386c7317ed3c2266e5 Author: Juan Antonio Martinez Date: Tue Aug 30 09:28:34 2005 +0000 Fixes for some '-Wall -pedantic' warnings src/common/cert_info.c | 4 ++-- src/common/strings.c | 4 ++-- src/mappers/Makefile.am | 2 +- src/mappers/opensc_mapper.c | 2 -- src/mappers/openssh_mapper.c | 2 -- src/tools/card_eventmgr.c | 4 ++-- src/tools/pkcs11_eventmgr.c | 4 ++-- 7 files changed, 9 insertions(+), 13 deletions(-) commit 92feeae30c4b759bf0fc7fa26eac0e3130f6baf2 Author: Juan Antonio Martinez Date: Mon Aug 29 19:30:55 2005 +0000 Bugfixes on compiling some static mappers src/mappers/Makefile.am | 67 +++++++++++++++++++++++++++++--------------- src/mappers/cn_mapper.h | 2 +- src/mappers/digest_mapper.h | 2 +- src/mappers/generic_mapper.h | 2 +- src/mappers/krb_mapper.h | 2 +- src/mappers/ldap_mapper.h | 2 +- src/mappers/mail_mapper.h | 2 +- src/mappers/mapperlist.c | 26 ++++++++--------- src/mappers/mapperlist.h | 2 +- src/mappers/ms_mapper.h | 2 +- src/mappers/null_mapper.c | 8 +++--- src/mappers/null_mapper.h | 2 +- src/mappers/opensc_mapper.h | 2 +- src/mappers/openssh_mapper.h | 2 +- src/mappers/pwent_mapper.h | 2 +- src/mappers/subject_mapper.h | 2 +- src/mappers/uid_mapper.h | 2 +- src/tools/Makefile.am | 4 +-- 18 files changed, 78 insertions(+), 55 deletions(-) commit 2432b3fafd03ec7a5ba1e3a190104c7a1734a808 Author: Juan Antonio Martinez Date: Mon Aug 29 18:13:23 2005 +0000 Mappers now supports static linking src/mappers/cn_mapper.c | 22 +++++++++++++++++++++- src/mappers/digest_mapper.c | 21 ++++++++++++++++++++- src/mappers/generic_mapper.c | 20 +++++++++++++++++++- src/mappers/krb_mapper.c | 21 ++++++++++++++++++++- src/mappers/ldap_mapper.c | 24 ++++++++++++++++++++++-- src/mappers/mail_mapper.c | 22 +++++++++++++++++++++- src/mappers/mapper.h | 25 ++++++++++++++++--------- src/mappers/ms_mapper.c | 21 ++++++++++++++++++++- src/mappers/null_mapper.c | 22 +++++++++++++++++++++- src/mappers/opensc_mapper.c | 23 +++++++++++++++++++++-- src/mappers/openssh_mapper.c | 21 ++++++++++++++++++++- src/mappers/pwent_mapper.c | 21 ++++++++++++++++++++- src/mappers/subject_mapper.c | 21 ++++++++++++++++++++- src/mappers/uid_mapper.c | 21 ++++++++++++++++++++- 14 files changed, 281 insertions(+), 24 deletions(-) commit 7b2e0bae2bcdd38cd2ddc60a8357e4f6fea0001e Author: Juan Antonio Martinez Date: Mon Aug 29 17:26:37 2005 +0000 Adding mappers header files src/mappers/Makefile.am | 29 +++++++++++------------- src/mappers/cn_mapper.h | 48 +++++++++++++++++++++++++++++++++++++++ src/mappers/digest_mapper.h | 48 +++++++++++++++++++++++++++++++++++++++ src/mappers/generic_mapper.h | 48 +++++++++++++++++++++++++++++++++++++++ src/mappers/krb_mapper.h | 48 +++++++++++++++++++++++++++++++++++++++ src/mappers/ldap_mapper.h | 48 +++++++++++++++++++++++++++++++++++++++ src/mappers/mail_mapper.h | 48 +++++++++++++++++++++++++++++++++++++++ src/mappers/mapperlist.c | 53 ++++++++++++++++++++++++++++++++++++++++++++ src/mappers/ms_mapper.h | 48 +++++++++++++++++++++++++++++++++++++++ src/mappers/null_mapper.h | 48 +++++++++++++++++++++++++++++++++++++++ src/mappers/opensc_mapper.h | 48 +++++++++++++++++++++++++++++++++++++++ src/mappers/openssh_mapper.h | 48 +++++++++++++++++++++++++++++++++++++++ src/mappers/pwent_mapper.h | 48 +++++++++++++++++++++++++++++++++++++++ src/mappers/subject_mapper.h | 48 +++++++++++++++++++++++++++++++++++++++ src/mappers/uid_mapper.h | 48 +++++++++++++++++++++++++++++++++++++++ 15 files changed, 690 insertions(+), 16 deletions(-) commit 7244cc9e41e6c1643d0be574a39b7225e3175641 Author: Juan Antonio Martinez Date: Mon Aug 29 16:51:12 2005 +0000 Move mapper.[ch] to libmapper docs/pam_pkcs11.html | 313 ++++++++++++++++++++++-------------------------- src/mappers/Makefile.am | 59 ++++----- 2 files changed, 174 insertions(+), 198 deletions(-) commit 32cc86d5e04f1e170ee791aa1da8cbaf99bae7dc Author: Ludovic Rousseau Date: Mon Aug 29 14:08:38 2005 +0000 change official site URL to http://www.opensc.org/pam_pkcs11/ docs/pam_pkcs11.xml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) commit b7a0e5d90ff6f4be376980149090cb22ded43e0c Author: Ludovic Rousseau Date: Mon Aug 29 14:05:02 2005 +0000 remove empty lines in parts docs/pam_pkcs11.xml | 24 ++++++++---------------- 1 file changed, 8 insertions(+), 16 deletions(-) commit c9a05b8eac9e10becea2711b6e707d3f7a112d80 Author: Ludovic Rousseau Date: Mon Aug 29 14:02:23 2005 +0000 chapter 3. Fundamentals: include the reference in the text instead as a footnote docs/pam_pkcs11.xml | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) commit 35c45d522a57f1ec0b9e25747cb76149452d7521 Author: Ludovic Rousseau Date: Mon Aug 29 13:59:47 2005 +0000 add section numbering docs/Makefile.am | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit d0a6c82bf25d1e5e8105643955971bb2c9c06033 Author: Ludovic Rousseau Date: Mon Aug 29 13:51:56 2005 +0000 chapter 2. Introduction: include the references in the text instead as footnote docs/pam_pkcs11.xml | 69 +++++++++++++++++++---------------------------------- 1 file changed, 24 insertions(+), 45 deletions(-) commit b4633eeb267d4ccd87fea53eb6ebb6c138e2e169 Author: Ludovic Rousseau Date: Mon Aug 29 13:16:31 2005 +0000 use instead of < > for emails docs/pam_pkcs11.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 0ca73ec6724c77a5596bc80b1abfef680e8a1601 Author: Juan Antonio Martinez Date: Mon Aug 29 13:15:26 2005 +0000 Preliminary work on statically linked mappers configure.in | 2 ++ src/Makefile.am | 2 +- src/mappers/Makefile.am | 19 +++++++++++++++- src/mappers/mapper.h | 2 +- src/mappers/mapperlist.c | 36 +++++++++++++++++++++++++++++ src/mappers/mapperlist.h | 46 +++++++++++++++++++++++++++++++++++++ src/mappers/null_mapper.c | 2 -- src/pam_pkcs11/Makefile.am | 2 +- src/pam_pkcs11/mapper_mgr.c | 55 +++++++++++++++++++++++++++++++-------------- src/tools/Makefile.am | 4 ++-- 10 files changed, 145 insertions(+), 25 deletions(-) commit 0e287bc5ef633ab4e089f89e28590246e2b2bdbe Author: Ludovic Rousseau Date: Mon Aug 29 13:02:30 2005 +0000 minor editing docs/card_eventmgr.1 | 87 +++++++++++++++++++++++++++++----------------------- 1 file changed, 48 insertions(+), 39 deletions(-) commit 214b92fb4369666a5fcaf205f2c9730d3370ef68 Author: Ludovic Rousseau Date: Mon Aug 29 12:49:29 2005 +0000 minor editing docs/pklogin_finder.1 | 52 ++++++++++++++++++++++++++++----------------------- 1 file changed, 29 insertions(+), 23 deletions(-) commit 3fe7df692e6f8492f3ce568d078f15c7225e262f Author: Ludovic Rousseau Date: Mon Aug 29 12:42:48 2005 +0000 minor editing docs/pkcs11_inspect.1 | 64 ++++++++++++++++++++++++++++----------------------- 1 file changed, 35 insertions(+), 29 deletions(-) commit 6d2d1ac2520602b9867b04e6a9683c968d9e8c9d Author: Ludovic Rousseau Date: Mon Aug 29 12:31:12 2005 +0000 remove the NOTE about running the lib as root using a suid bit. You should not do that. docs/pam_pkcs11.8 | 12 ------------ 1 file changed, 12 deletions(-) commit da41417143766a0e909eab44e1699f61797dbe87 Author: Ludovic Rousseau Date: Mon Aug 29 12:28:40 2005 +0000 improve style docs/pam_pkcs11.8 | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) commit efa86a2aaf392ab64280a7179b917af95ad7b377 Author: Ludovic Rousseau Date: Mon Aug 29 11:27:07 2005 +0000 OpenSC PKCS#11 lib is now /usr/lib/opensc-pkcs11.so instead of /usr/lib/pkcs11/opensc-pkcs11.so etc/pam_pkcs11.conf.example | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3eba554f7e66ffabd9d54353350b7c36e202693f Author: Ludovic Rousseau Date: Tue Jul 5 12:17:46 2005 +0000 remove 'MAINTAINERCLEANFILES = pam_pkcs11.html' as pam_pkcs11.html is stored in subversion and should not be removed docs/Makefile.am | 2 -- 1 file changed, 2 deletions(-) commit 6e962e9780e559b5839c6b19178b63fee56e9945 Author: Ludovic Rousseau Date: Tue Jul 5 11:59:32 2005 +0000 use @OPENSSL_CFLAGS@ and @OPENSSL_LIBS@ src/mappers/Makefile.am | 27 ++++++++++++++------------- src/tools/Makefile.am | 8 ++++---- 2 files changed, 18 insertions(+), 17 deletions(-) commit e72bbf2c0126489d8c113cb66d8de5904bbd969a Author: Ludovic Rousseau Date: Tue Jul 5 11:58:42 2005 +0000 use @OPENSSL_CFLAGS@ and @OPENSSL_LIBS@ src/pam_pkcs11/Makefile.am | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 39faebf84718350c6f1d3cddb93ce7c742f263fb Author: Ludovic Rousseau Date: Tue Jul 5 11:58:21 2005 +0000 use PKG_CHECK_MODULES to find OpenSSL configure.in | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 9f05513ecc484cccb198a15fe771d48a16a6d6b5 Author: Ludovic Rousseau Date: Tue Jul 5 10:10:33 2005 +0000 remove test on HAVE_PCSC_OLD, old pcsc-lite is not more supported src/tools/card_eventmgr.c | 4 ---- 1 file changed, 4 deletions(-) commit 215729e34694843f199a96df8b5fa915aa444b6d Author: Ludovic Rousseau Date: Tue Jul 5 10:09:58 2005 +0000 do not compile card_eventmgr if pcsc-lite is not installed src/tools/Makefile.am | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit 22c7712e2c0037a290021f95713c821b28028298 Author: Ludovic Rousseau Date: Tue Jul 5 10:09:01 2005 +0000 greatly simplify the detection of pcsc-lite define HAVE_PCSC to allow conditional compilation (do not compile tools using pcsc-lite if pcsc-lite is not installed) configure.in | 112 +++++------------------------------------------------------ 1 file changed, 9 insertions(+), 103 deletions(-) commit 4094bb366168ebac2bbb69a9c9b99e7857fbb786 Author: Ludovic Rousseau Date: Tue Jul 5 09:37:22 2005 +0000 pam_sm_authenticate(): fail if the user is remote (XMDCP) src/pam_pkcs11/pam_pkcs11.c | 10 ++++++++++ 1 file changed, 10 insertions(+) commit aa5884b26dbb9e06a2cf43a0a4363fa97b581ec3 Author: Juan Antonio Martinez Date: Mon Jun 13 10:28:31 2005 +0000 Support for nonstandard openssl paths (openssl.m4 missing) aclocal/openssl.m4 | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) commit fb2e02e982762ef059446b809e7c9cb1b0740819 Author: Juan Antonio Martinez Date: Mon Jun 13 10:27:54 2005 +0000 Support for nonstandard openssl paths aclocal/Makefile.am | 2 +- configure.in | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) commit 8649e6bacaa56ed41cdb9886468f5c863d1276ad Author: Juan Antonio Martinez Date: Thu Jun 9 20:07:22 2005 +0000 Preliminary work on OpenSC mapper src/mappers/opensc_mapper.c | 177 +++++++++++++++++++++++++++++++++++++++++-- src/mappers/openssh_mapper.c | 2 +- 2 files changed, 171 insertions(+), 8 deletions(-) commit d1f26ec5f75803aedc2e5d279f51301c7fdc70ea Author: Juan Antonio Martinez Date: Thu Jun 9 10:52:43 2005 +0000 Updated User Manual docs/pam_pkcs11.html | 3353 +++++++++++++------------------------------------- 1 file changed, 868 insertions(+), 2485 deletions(-) commit ad67938afb5281d1707423221453ee2ef28527e4 Author: Juan Antonio Martinez Date: Thu Jun 9 10:47:37 2005 +0000 Updated ChangeLog ChangeLog | 5 +++++ 1 file changed, 5 insertions(+) commit 8bde44089362af53e0c77abe42a5e123e239dd05 Author: Juan Antonio Martinez Date: Thu Jun 9 10:44:59 2005 +0000 Implemented cert(PEM),pubk(PEM),pubk(SSH) data entries src/common/cert_info.c | 73 +++++++++++++++++++++++++++++++++++++++++++------- src/common/cert_info.h | 3 ++- 2 files changed, 66 insertions(+), 10 deletions(-) commit ea1a66a2e8eed435d6927f12f2dce40f4ea750a6 Author: Juan Antonio Martinez Date: Thu Jun 9 10:40:47 2005 +0000 Finished openssh-mapper.c coding src/mappers/openssh_mapper.c | 40 ++++++++++++++++++++++++---------------- 1 file changed, 24 insertions(+), 16 deletions(-) commit 395a02b50c78aff1b835b69ed436a86ebf36ef5b Author: Juan Antonio Martinez Date: Thu Jun 9 07:43:30 2005 +0000 pkcs11_inspect: print correct certificate number src/tools/pkcs11_inspect.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6753eb0557b18d3492c3f4ff831cf7824290aca4 Author: Juan Antonio Martinez Date: Wed Jun 8 11:13:46 2005 +0000 more work on extracting certificate's public key src/common/cert_info.c | 53 +++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 50 insertions(+), 3 deletions(-) commit 4f38d16944997cb24b712b7596899707a2605478 Author: Juan Antonio Martinez Date: Tue Jun 7 12:23:26 2005 +0000 Add openssh_mapper.c to svn :-) src/mappers/openssh_mapper.c | 198 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 198 insertions(+) commit 3b14b432b94e633230ae65bb6ff3d369f477521e Author: Juan Antonio Martinez Date: Tue Jun 7 12:15:07 2005 +0000 OpenSSH mapper documentation typos docs/pam_pkcs11.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 7835f2202965e15bcc5410582b1fbf745f03b073 Author: Juan Antonio Martinez Date: Tue Jun 7 12:10:20 2005 +0000 OpenSSH mapper documentation docs/pam_pkcs11.xml | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) commit f1fd3d39481569eaa641abec6feccbd0e9167a3b Author: Juan Antonio Martinez Date: Tue Jun 7 11:39:09 2005 +0000 Adding OpenSSH mapper (work-in-progress) etc/pam_pkcs11.conf.example | 9 ++++++++- src/common/cert_info.c | 15 +++++++++++++++ src/common/cert_info.h | 1 + src/mappers/Makefile.am | 5 ++++- src/mappers/mapper.c | 5 ++++- 5 files changed, 32 insertions(+), 3 deletions(-) commit 30f70eed5edd73ece7928dbd567bed74de077877 Author: Juan Antonio Martinez Date: Tue Jun 7 09:07:56 2005 +0000 Added new methods for string mgmt src/common/strings.c | 89 ++++++++++++++++++++++++++++++++++++++++++++++++++++ src/common/strings.h | 5 +++ 2 files changed, 94 insertions(+) commit 0d47edc5eda86970e94a01df06c3fa4004066414 Author: Martin Paljak Date: Mon Jun 6 14:14:39 2005 +0000 Correct name docs/pam_pkcs11.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0908c49d44e8d2f8c02b4e5873106c4219408c53 Author: Ludovic Rousseau Date: Mon Jun 6 14:10:06 2005 +0000 english grammar correction docs/pam_pkcs11.xml | 188 +++++++++++++++++++++++++++------------------------- 1 file changed, 98 insertions(+), 90 deletions(-) commit ce796f4309b18525ce1b386f4eb5592f581564d4 Author: Ludovic Rousseau Date: Mon Jun 6 14:09:57 2005 +0000 english grammar corrections etc/card_eventmgr.conf.example | 2 +- etc/pam_pkcs11.conf.example | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit 40abafec35cc70f8b9f0ddf7ca31669fa7913641 Author: Ludovic Rousseau Date: Mon Jun 6 13:19:47 2005 +0000 do not call tidy since it modifies the generated html in a bad way docs/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 766fa99f0a8a7595ba4933014b6909f2e0b91bba Author: Ludovic Rousseau Date: Mon Jun 6 13:14:51 2005 +0000 correct some punctuation (end of phrase dot, extra space in parenthesis) docs/pam_pkcs11.xml | 252 ++++++++++++++++++++++++++++++++-------------------- 1 file changed, 157 insertions(+), 95 deletions(-) commit 45e6a2df5a7d09e62b6326fe5c99b78d49c3405a Author: Ludovic Rousseau Date: Mon Jun 6 12:59:12 2005 +0000 remove tags and reformat data docs/pam_pkcs11.xml | 32 ++++++++++++++++++++------------ 1 file changed, 20 insertions(+), 12 deletions(-) commit b67ce9d1c0b44fb3d4e47da862feb7e6409a5fdb Author: Ludovic Rousseau Date: Mon Jun 6 12:18:48 2005 +0000 use firstname & surname instead of the invalid name tag docs/pam_pkcs11.xml | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) commit 50b0770f147f5af81a1ee877e88ac44efcb8e84e Author: Ludovic Rousseau Date: Mon Jun 6 08:25:29 2005 +0000 re-add this generated file since it is displayed by the website docs/pam_pkcs11.html | 2622 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 2622 insertions(+) commit d71704dc4a7655e43e0901948163eb96ac2510ff Author: Ludovic Rousseau Date: Mon Jun 6 08:19:35 2005 +0000 Declare the DTD using so that rxp (XML validator) can find it docs/pam_pkcs11.xml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit b3ef7b67c902a33f881720ccef2b85e3a65be9a5 Author: Ludovic Rousseau Date: Mon Jun 6 08:11:05 2005 +0000 file generated from pam_pkcs11.xml so should not be in subversion docs/pam_pkcs11.html | 882 --------------------------------------------------- 1 file changed, 882 deletions(-) commit 8264c0288234bca32afb09704d45b0e93c8b8439 Author: Ludovic Rousseau Date: Mon Jun 6 08:09:39 2005 +0000 remove shade.verbatim declaration since it is useless(?) and generates warnings: The shade.verbatim parameter is deprecated. Use CSS instead, docs/pam_pkcs11.xsl | 1 - 1 file changed, 1 deletion(-) commit 3ff5dcbae5cfeafe82a4b13e53f421c1b83a496d Author: Ludovic Rousseau Date: Mon Jun 6 08:05:08 2005 +0000 do not use a hard coded path for docbook.xsl docs/pam_pkcs11.xsl | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) commit d22413d60037922acdb7d185d350121f66815565 Author: Ludovic Rousseau Date: Mon Jun 6 08:04:43 2005 +0000 use --path to specify different locations to find docbook.xsl docs/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit cf4178750ab092817ee4b24c37e8fcbc1cc6c21d Author: Ludovic Rousseau Date: Mon Jun 6 07:56:41 2005 +0000 remove the definition of MAINTAINERCLEANFILES since the indicated files are already removed by the implicit 'make maintainer-clean' Makefile.am | 6 ------ 1 file changed, 6 deletions(-) commit ce057da0187d6bec6af30803f022d7f61bad78b9 Author: Ludovic Rousseau Date: Mon Jun 6 07:54:55 2005 +0000 do not use 'MAINTAINERCLEANFILES = Makefile.in' since is it implicit 'make maintainer-clean' can be used to remove Makefile.in files aclocal/Makefile.am | 2 -- docs/Makefile.am | 2 +- etc/Makefile.am | 2 -- src/Makefile.am | 2 -- src/common/Makefile.am | 4 ---- src/mappers/Makefile.am | 2 -- src/pam_pkcs11/Makefile.am | 2 -- src/scconf/Makefile.am | 1 - src/tools/Makefile.am | 2 -- tools/Makefile.am | 2 -- 10 files changed, 1 insertion(+), 20 deletions(-) commit 18e0e479c5864b5b35dc2dd696e6e05d7dc9de01 Author: Ludovic Rousseau Date: Mon Jun 6 07:48:13 2005 +0000 get_mapent(): skip comment lines src/mappers/mapper.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 650169add0b8764409e659c79aee33b1b3333bbe Author: Ludovic Rousseau Date: Mon Jun 6 07:32:54 2005 +0000 get_mapent(): allocate len+1 instead of len bytes to store a NULL-terminated string src/mappers/mapper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 16b08e798112d81dcd2b59bf55ab486564e16088 Author: Ludovic Rousseau Date: Mon Jun 6 07:27:28 2005 +0000 add a \n for a printf() src/tools/pklogin_finder.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b03b046afa939475ac9243440dbc3123f5670f79 Author: Ludovic Rousseau Date: Mon Jun 6 07:26:27 2005 +0000 add pam_pkcs11.html to MAINTAINERCLEANFILES (make maintainer-clean) docs/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 736564007898e38018531a47a5e7a2de67cb8d90 Author: Ludovic Rousseau Date: Mon Jun 6 07:24:42 2005 +0000 the html files also depends on $(STYLESHEET) docs/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4cc89290ac6e6102f299272a0e4d2b4803aa5d42 Author: Ludovic Rousseau Date: Mon Jun 6 07:18:55 2005 +0000 use * instead of "*" to match the files tools/make_hash_link.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit cb49a45f1f90fece3d8c922a10c52362ccb46061 Author: Ludovic Rousseau Date: Tue May 24 13:29:57 2005 +0000 only set first_loop = FALSE; after looping on all readers src/tools/card_eventmgr.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit 9593b23f4a005a19bb3077af8f95a1282be3d85d Author: Ludovic Rousseau Date: Tue May 24 13:24:41 2005 +0000 cleanly exit in case of error (remove pidfile) src/tools/card_eventmgr.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit e7a64ad0130094e65a76fcd4c18227f625d0e8dd Author: Ludovic Rousseau Date: Tue May 24 13:22:01 2005 +0000 cleanly exit in case of error (remove pidfile) src/tools/card_eventmgr.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit 8546e5addbdf64567445fd95cdc9e74ccd7b4a00 Author: Ludovic Rousseau Date: Tue May 24 13:18:19 2005 +0000 exit if no reader is found at startup src/tools/card_eventmgr.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) commit 61429f54204f7d4e060e2a15ea5a58b9d58ba9f6 Author: Ludovic Rousseau Date: Tue May 24 09:49:03 2005 +0000 remove card state parsing debug src/tools/card_eventmgr.c | 25 +++---------------------- 1 file changed, 3 insertions(+), 22 deletions(-) commit e026099a8e404b659f49c83c87a6fd7560d90dd5 Author: Ludovic Rousseau Date: Tue May 24 09:43:18 2005 +0000 remove \n in debug strings src/tools/card_eventmgr.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit 9edde5ff05ac3b8e8a23b93f9855a4d395bb7b38 Author: Ludovic Rousseau Date: Tue May 24 09:41:42 2005 +0000 trap signals even if pidfile=<> argument is not used so we always have a clean exit src/tools/card_eventmgr.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) commit 48a9b4a2005f293fd5ca9430a26a59b104be22ce Author: Ludovic Rousseau Date: Tue May 24 09:35:28 2005 +0000 remove the timestamp information src/tools/card_eventmgr.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) commit fc6cfad1959d0076afb4d91aba1cd51574438531 Author: Ludovic Rousseau Date: Tue May 24 09:28:40 2005 +0000 main(): remove a useless call to fflush(stdout); that was directly imported from pcsc_scan src/tools/card_eventmgr.c | 1 - 1 file changed, 1 deletion(-) commit 380a9b578a79d5e1b14d5febb2b7a59c2b913e09 Author: Ludovic Rousseau Date: Mon May 23 12:41:57 2005 +0000 document kill and pidfile= arguments docs/card_eventmgr.1 | 36 ++++++++++++++++++++++++++++++------ 1 file changed, 30 insertions(+), 6 deletions(-) commit 2b53dffef77bac2fbc1339b68b562d941f91e54d Author: Ludovic Rousseau Date: Mon May 23 09:10:49 2005 +0000 add support for kill and pidfile= src/tools/card_eventmgr.c | 121 +++++++++++++++++++++++++++++++++++++++------- 1 file changed, 103 insertions(+), 18 deletions(-) commit 389f87e55581563851683be54eae153baa4f6ce3 Author: Juan Antonio Martinez Date: Thu May 19 09:31:35 2005 +0000 Add Ludovic to author's list AUTHORS | 4 ++++ docs/pam_pkcs11.xml | 4 ++++ 2 files changed, 8 insertions(+) commit cf63bb1543d9055431a7f1000626ce7af2cea577 Author: Juan Antonio Martinez Date: Thu May 19 09:27:26 2005 +0000 Generic mapper documentation docs/pam_pkcs11.xml | 66 +++++++++++++++++++++++++++++++++++++++++++-- etc/pam_pkcs11.conf.example | 17 +++++++----- 2 files changed, 74 insertions(+), 9 deletions(-) commit 7221762803862997dec22a9b71831287c18681db Author: Ludovic Rousseau Date: Wed May 18 13:51:13 2005 +0000 add two missing \n with fprintf(stderr,..) src/tools/pkcs11_eventmgr.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 4e9ed9e9d449b3ea4a7d7859a2f8933f7ca92b83 Author: Ludovic Rousseau Date: Wed May 18 08:51:16 2005 +0000 convert spaces in tab etc/pkcs11_eventmgr.conf.example | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit bb958681d46f1beae6aa68af502e157d8c048ba7 Author: Ludovic Rousseau Date: Wed May 18 08:16:26 2005 +0000 add two missing \n with fprintf(stderr,..) src/tools/card_eventmgr.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit d8c862c79eb5e2693ea098d23b6ae636068a8a5e Author: Ludovic Rousseau Date: Wed May 18 07:02:56 2005 +0000 generic_mapper_find_user()/generic_mapper_match_user(): remove two unused variables src/mappers/generic_mapper.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 95472f9ef98317e011cacfc457ff8b43722fcbaa Author: Ludovic Rousseau Date: Wed May 18 06:54:53 2005 +0000 do not use `ls *` to get the list of files but "*" to correctly manage files with spaces in their name tools/make_hash_link.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 66a7a2ce428bf973bf9008327d8640bd5e785899 Author: Ludovic Rousseau Date: Wed May 18 06:48:30 2005 +0000 do not save/restore the current directory since we do not need to tools/make_hash_link.sh | 4 ---- 1 file changed, 4 deletions(-) commit c4de0eb6426c43264aa88078e28824414ace662b Author: Ludovic Rousseau Date: Wed May 18 06:46:28 2005 +0000 remove space characters at end of lines tools/make_hash_link.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit 1d8069eb72ea901f41771b2ede872b3b8377e4f9 Author: Ludovic Rousseau Date: Wed May 18 06:44:35 2005 +0000 display the filename of files we can't do anything with. Maybe it is because the format is wrong or they can't be read or whatever. tools/make_hash_link.sh | 3 +++ 1 file changed, 3 insertions(+) commit 545a0250c810f8a2db8b4a6e0bbf7af4ea85f849 Author: Ludovic Rousseau Date: Wed May 18 06:40:42 2005 +0000 revert my previous patch. We need to redirect stderr since the certificate may not be in pem format and openssl will shout tools/make_hash_link.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit fbb45351658f0d925ab1e762a111798d47df3d76 Author: Ludovic Rousseau Date: Wed May 18 06:31:25 2005 +0000 do not redirect stderr to /dev/null in the hash generation to get errors like "Permission denied" if the certificate can't be read tools/make_hash_link.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit bdf6d23b9d01e9a6f2f2496e0b8b5b8cd52a67a4 Author: Ludovic Rousseau Date: Wed May 18 06:29:47 2005 +0000 in the test of the presence of openssl we escape the result string to have only one strings even with space characters tools/make_hash_link.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9c5a4f597769ca82150c4fb82ff92e279176c8fc Author: Juan Antonio Martinez Date: Tue May 17 19:18:32 2005 +0000 typos in generic_mapper.c src/mappers/generic_mapper.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 8fb67f7b3e24197d35760c9e310466e79897fc46 Author: Ludovic Rousseau Date: Tue May 17 15:14:27 2005 +0000 check that openssl is installed tools/make_hash_link.sh | 6 ++++++ 1 file changed, 6 insertions(+) commit 90dda8b87f756f7b6cda64dd6f9b28a9f1b73110 Author: Ludovic Rousseau Date: Tue May 17 14:19:09 2005 +0000 add _DEFAULT_MAPPER_FIND_USER to avoid an undefined symbol: mapper_find_user src/mappers/null_mapper.c | 2 ++ 1 file changed, 2 insertions(+) commit 67c8b98056680202dafde5b9c083bfd050dd88a2 Author: Ludovic Rousseau Date: Tue May 17 13:33:45 2005 +0000 add @LIBCOMMON@ to ldap_mapper_la_LIBADD and opensc_mapper_la_LIBADD to avoid missing symbols at link time src/mappers/Makefile.am | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 9c9af4d8f629622a79bd78f619052e3b8de32765 Author: Ludovic Rousseau Date: Thu May 12 08:19:03 2005 +0000 reformat docs/README.mappers | 189 +++++++++++++++++++++++++++------------------------- 1 file changed, 97 insertions(+), 92 deletions(-) commit afa60c7625b7de96c5a22687f3ecb6b6f57ae374 Author: Ludovic Rousseau Date: Thu May 12 07:52:12 2005 +0000 rephrase and reformat docs/README.eventmgr | 47 ++++++++++++++++++++++++++++------------------- 1 file changed, 28 insertions(+), 19 deletions(-) commit ac2e94646e2f60b6964c35c054a777cfa9b1f486 Author: Ludovic Rousseau Date: Thu May 12 07:47:29 2005 +0000 reformat docs/README.autologin | 44 +++++++++++++++++++++++--------------------- 1 file changed, 23 insertions(+), 21 deletions(-) commit 9c860737d42b8a14e7864adab9d1e73a0175e1a1 Author: Ludovic Rousseau Date: Thu May 12 07:39:41 2005 +0000 rephrase and reformat docs/pklogin_finder.1 | 58 ++++++++++++++++++++++++--------------------------- 1 file changed, 27 insertions(+), 31 deletions(-) commit 87bbd531cf34a4fa77f8c10482ef663c8b446ec4 Author: Ludovic Rousseau Date: Thu May 12 06:27:46 2005 +0000 reformat docs/pam_pkcs11.8 | 44 +++++++++++++++++--------------------------- 1 file changed, 17 insertions(+), 27 deletions(-) commit 7a7db2ee0a50c247b13ec48828167ebdbd46fdc6 Author: Ludovic Rousseau Date: Thu May 12 06:21:15 2005 +0000 rephrase and reformat docs/card_eventmgr.1 | 50 +++++++++++++++++++++++--------------------------- 1 file changed, 23 insertions(+), 27 deletions(-) commit 9a69f99253834303309503a7d549e22651ade7eb Author: Ludovic Rousseau Date: Wed May 11 17:57:55 2005 +0000 rephrase and reformat docs/pkcs11_inspect.1 | 66 +++++++++++++++++++++++++-------------------------- 1 file changed, 33 insertions(+), 33 deletions(-) commit 94a86e3663085fba70862134adae59b25ae586aa Author: Juan Antonio Martinez Date: Fri May 6 07:54:20 2005 +0000 Makefile fix for x64 arch src/pam_pkcs11/Makefile.am | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 6cecad47a42a1f27fb932d5d595ceea9b690b92d Author: Juan Antonio Martinez Date: Thu Apr 14 16:21:22 2005 +0000 generic_mapper coding finished ChangeLog | 5 +++ NEWS | 5 +++ etc/pam_pkcs11.conf.example | 14 +++++++ src/mappers/generic_mapper.c | 92 ++++++++++++++++++++++++++------------------ src/mappers/mapper.c | 40 +++++++++++++++++++ src/mappers/mapper.h | 5 +++ src/mappers/pwent_mapper.c | 37 +----------------- 7 files changed, 126 insertions(+), 72 deletions(-) commit 7001592858ea471a3f360807f8c9bf22bbec3471 Author: Juan Antonio Martinez Date: Wed Apr 13 11:06:18 2005 +0000 preliminary works on generic mapper src/mappers/generic_mapper.c | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) commit 21cd7094abb97fae6efabf22e4dee15ddb604313 Author: Andreas Jellinghaus Date: Tue Apr 12 21:09:07 2005 +0000 add bootstrap script for developers and the snapshot mechanism. bootstrap | 11 +++++++++++ 1 file changed, 11 insertions(+) commit a4d1f27c5ca0ec26dbf9199a2371774c17ab1ab2 Author: Andreas Jellinghaus Date: Tue Apr 12 20:46:52 2005 +0000 set the version to "WIP" (work in progress) for the snapshot script. configure.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit b85b032f2906e9a949284beb99dc0045a4b63744 Author: Andreas Jellinghaus Date: Tue Apr 12 19:41:29 2005 +0000 remove a few Makefile.in on make maintainer-clean src/mappers/Makefile.am | 2 ++ src/pam_pkcs11/Makefile.am | 2 ++ tools/Makefile.am | 2 ++ 3 files changed, 6 insertions(+) commit d9803c13a26203b8d7680ed279f99ba5a82636d4 Merge: 0f8590b 5ed63ba Author: Andreas Jellinghaus Date: Tue Apr 12 19:40:26 2005 +0000 copy release 0.5.2 to trunk. commit 5ed63ba934aec5e82416f8eb29d556250505a673 (tag: pam_pkcs11-0.5.2) Author: Andreas Jellinghaus Date: Tue Apr 12 19:37:31 2005 +0000 import current version 0.5.2 AUTHORS | 10 + COPYING | 504 +++++++++++++ ChangeLog | 142 ++++ INSTALL | 229 ++++++ Makefile.am | 16 + NEWS | 40 + README | 174 +++++ TODO | 47 ++ aclocal/Makefile.am | 5 + aclocal/acx_pthread.m4 | 190 +++++ configure.in | 226 ++++++ docs/Makefile.am | 27 + docs/README.autologin | 64 ++ docs/README.eventmgr | 89 +++ docs/README.mappers | 173 +++++ docs/card_eventmgr.1 | 56 ++ docs/doxygen.conf | 7 + docs/pam_pkcs11.8 | 64 ++ docs/pam_pkcs11.css | 23 + docs/pam_pkcs11.html | 882 ++++++++++++++++++++++ docs/pam_pkcs11.xml | 1496 ++++++++++++++++++++++++++++++++++++++ docs/pam_pkcs11.xsl | 13 + docs/pkcs11_eventmgr.1 | 67 ++ docs/pkcs11_inspect.1 | 55 ++ docs/pklogin_finder.1 | 52 ++ etc/Makefile.am | 13 + etc/card_eventmgr.conf.example | 39 + etc/digest_mapping.example | 4 + etc/mail_mapping.example | 7 + etc/pam.d_login.example | 11 + etc/pam_pkcs11.conf.example | 197 +++++ etc/pkcs11_eventmgr.conf.example | 50 ++ etc/subject_mapping.example | 4 + pam_pkcs11.spec | 142 ++++ src/Makefile.am | 6 + src/common/Makefile.am | 16 + src/common/cert_info.c | 343 +++++++++ src/common/cert_info.h | 54 ++ src/common/cert_vfy.c | 389 ++++++++++ src/common/cert_vfy.h | 30 + src/common/debug.c | 43 ++ src/common/debug.h | 63 ++ src/common/error.c | 38 + src/common/error.h | 35 + src/common/pkcs11.c | 491 +++++++++++++ src/common/pkcs11.h | 168 +++++ src/common/pkcs11f.h | 844 +++++++++++++++++++++ src/common/pkcs11t.h | 1428 ++++++++++++++++++++++++++++++++++++ src/common/strings.c | 92 +++ src/common/strings.h | 47 ++ src/common/uri.c | 545 ++++++++++++++ src/common/uri.h | 29 + src/mappers/Makefile.am | 49 ++ src/mappers/cn_mapper.c | 128 ++++ src/mappers/digest_mapper.c | 117 +++ src/mappers/generic_mapper.c | 149 ++++ src/mappers/krb_mapper.c | 129 ++++ src/mappers/ldap_mapper.c | 45 ++ src/mappers/mail_mapper.c | 187 +++++ src/mappers/mapper.c | 188 +++++ src/mappers/mapper.h | 180 +++++ src/mappers/ms_mapper.c | 176 +++++ src/mappers/null_mapper.c | 77 ++ src/mappers/opensc_mapper.c | 43 ++ src/mappers/pwent_mapper.c | 178 +++++ src/mappers/subject_mapper.c | 105 +++ src/mappers/uid_mapper.c | 126 ++++ src/pam_pkcs11/Makefile.am | 18 + src/pam_pkcs11/mapper_mgr.c | 276 +++++++ src/pam_pkcs11/mapper_mgr.h | 101 +++ src/pam_pkcs11/pam_config.c | 218 ++++++ src/pam_pkcs11/pam_config.h | 46 ++ src/pam_pkcs11/pam_pkcs11.c | 438 +++++++++++ src/scconf/Makefile.am | 14 + src/scconf/README.scconf | 329 +++++++++ src/scconf/internal.h | 60 ++ src/scconf/lex-parse.l | 92 +++ src/scconf/parse.c | 420 +++++++++++ src/scconf/scconf.c | 729 +++++++++++++++++++ src/scconf/scconf.h | 227 ++++++ src/scconf/sclex.c | 196 +++++ src/scconf/write.c | 197 +++++ src/tools/Makefile.am | 21 + src/tools/card_eventmgr.c | 463 ++++++++++++ src/tools/pkcs11_eventmgr.c | 364 ++++++++++ src/tools/pkcs11_inspect.c | 183 +++++ src/tools/pklogin_finder.c | 190 +++++ tools/Makefile.am | 6 + tools/make_hash_link.sh | 84 +++ 89 files changed, 16328 insertions(+) commit 0f8590b5ebc082ff1e79454b984b75dd121d8267 Author: Andreas Jellinghaus Date: Tue Apr 12 19:33:29 2005 +0000 add minimal structure.