© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
Upstream ChangeLog:
2010-11-20 ludovic.rousseau
* [r475] configure.in: release 0.6.6
2010-11-18 ludovic.rousseau
* [r474] src/tools/
src/
daemon.c when needed (for example on
Solaris 10)
See
http://
* [r473] src/tools/daemon.c: Use config.h instead of includes.h
Define _PATH_DEVNULL if needed. It was defined in includes.h in
OpenSSH
* [r472] src/tools/daemon.c: new file from OpenSSH version 5.6p1
openssh-
The licence is BSD 3-clause so compatible with the LGPL v2+ used
by
pam_pkcs11
2010-10-25 ludovic.rousseau
* [r471] configure.in: Fix the change in revision 470
Thanks (again) to Arfrever Frehtes Taifersar Arahesis
http://
* [r470] configure.in: Default is to use pcsc-lite. The argument is
--without-
disable pcsc-lite use/support
Thanks to Arfrever Frehtes Taifersar Arahesis for the bug report
http://
2010-10-23 ludovic.rousseau
* [r469] doc/pam_pkcs11.xml: rename make_hash_link.sh in
pkcs11_
* [r468] configure.in: Display ${libdir} value
* [r467] tools/Makefile.am, tools/make_
tools/
pkcs11_
name
2010-10-19 ludovic.rousseau
* [r465] src/pam_
success
Thanks to Andre Zepezauer for the patch
http://
* [r464] doc/doxygen.
1.7.1
* [r463] configure.in: release 0.6.5
* [r462] po/de.po, po/fr.po, po/nl.po, po/pam_pkcs11.pot, po/pl.po,
po/pt_br.po, po/ru.po: regenerate
* [r461] src/common/
* [r460] src/common/uri.c: get_http(): check if complete message
was transmitted
Thanks to Andre Zepezauer for the patch
http://
* [r459] src/common/uri.c: get_http(): allocate enough memory to
fit http-request
Thanks to Andre Zepezauer for the patch
http://
* [r458] src/common/uri.c: get_http(): add missing return statement
Thanks to Andre Zepezauer for the patch
http://
* [r457] configure.in: If dlopen() is not found in libdl we try to
find it without specifying a
library before exiting in error.
I don't remember why I used this code. Maybe dlopen() is not in
libdl on
some systems.
2010-10-16 ludovic.rousseau
* [r456] po/fr.po: Translate a string
* [r455] po/de.po, po/fr.po, po/nl.po, po/pam_pkcs11.pot, po/pl.po,
po/pt_br.po, po/ru.po: Regenerate
* [r454] src/pam_
"%s found."
Thanks to Mr Dash Four for the bug report
http://
2010-10-15 ludovic.rousseau
* [r453] src/common/
message
2010-09-22 ludovic.rousseau
* [r452] src/common/
PIN returned by getpass is NULL
Thanks to Andre Zepezauer for the patch
http://
* [r451] src/common/
if pkcs11_login() fails
Thanks to Andre Zepezauer for the patch
http://
* [r450] src/common/
a zero length PIN
Thanks to Andre Zepezauer for the patch
http://
* [r449] src/common/
PIN code in debug output only if DEBUG_SHOW_PASSWORD is defined
(not defined by default)
Thanks to Andre Zepezauer for the bug report
http://
2010-09-21 ludovic.rousseau
* [r448] src/pam_
debug value from the configuration file
Thanks to Andre Zepezauer for the patch
http://
2010-08-25 ludovic.rousseau
* [r447] src/tools/
SCardEstabli
handles are invalid after a fork.
Thanks to Patrik Martinsson for the patch
http://
2010-08-19 ludovic.rousseau
* [r446] src/tools/
of SCARD_READERSTATE_A since it was
removed in pcsc-lite >= 1.6.2
2010-08-14 ludovic.rousseau
* [r445] src/mappers/
src/
src/
src/
src/
src/
src/
src/
src/
than one cert/pattern matching)
Thanks to Wolf Geldmacher for the patch.
http://
" Here's a patch to solve the issues I've encountered using
pam_pkcs11.
In regards to #239 (pam_pkcs11 only looks at first certificate on
token):
The fix for this turns out to be somewhat problematic, and I'm
not at
all sure, whether my implementation of the fix is a valid one.
The basic problem (as I understood it from analyzing the code) is
that
finder functions of the mappers return a char*, allowing for a
single
value (NULL) to signalize failure and return the key if no
mapping (i.e.
no value associated with the key) was found (cf. comment for
mapfile_find in src/mappers/
find_user in
src/
or a
key being returned and thus will prematurely terminate on the
first
certificate that passes the other validity tests.
The fix provided changes the finder function interface by
requiring an
additional out parameter that is set to 1, if a real mapping
value was
returned and remains unchanged otherwise. This fix breaks
existing
loadable mappers.
I considered overloading of the value returned (e.g. having a
byte/substring as first character of the value returned to be
able to
distinguish between a value and a key being returned) which would
preserve the interface to the mappers, but refrained from
implementing
it that way as I believe this to be unclean and prone to
difficult to
track errors.
Another solution I considered was the addition of another entry
to the
structure encapsulating the mappers (e.g. a finder2 method), but
as this
is no better in breaking the interface for loadable mappers and
duplicates code I forfeited this solution, too.
If somebody could look into the problem and come up with a
solution that
preserves the interface to external mappers while allowing the
distinction between keys and values, I'd be more than happy to
implement
it.
It might also may make sense to add a new configuration parameter
for
the new behaviour of find_user, allowing existing applications to
continue to work with keys being returned instead of values
(Feedback
anyone? The comment for find_user actually states that a mapping
value
is returned).
In regards to #240 (Allow pattern matching in pam_pkcs11):
I restricted this to only work for mapfiles and the
implementation
turned out to be quite simple - it's essentially an 11 line
change in
src/
fully
anchored (i.e. *must* have initial "^" and *must* end in "$")
pattern as
key in a mapfile.
This now allows syntax like
^.*/
in all mapfiles.
The patch attached contains the changes for both issues.
Cheers,
Wolf "
2010-08-13 ludovic.rousseau
* [r444] src/pam_
parameter for pam_prompt. It is not supported on
FreeBSD.
2010-08-12 ludovic.rousseau
* [r443] src/common/
header file to define strndup if needed.
pkcs11_setup.c: In function ‘scconf_
pkcs11_
‘strndup’
pkcs11_
built-in function ‘strndup’
* [r441] src/pam_
src/
changeset 301 parsing arguments in pam_config.c but skip the
first argument in command line tools.
Thanks to halfline for the patch. Closes ticket #29