Репозиторий Sisyphus
Последнее обновление: 1 октября 2023 | Пакетов: 18631 | Посещений: 37543267
en ru br
Репозитории ALT
S:0.6.12.1-alt1
5.1: 0.6.1-alt5
www.altlinux.org/Changes

Группа :: Система/Основа
Пакет: pam_pkcs11

 Главная   Изменения   Спек   Патчи   Sources   Загрузить   Gear   Bugs and FR  Repocop 

Патч: pam_pkcs11-0.6.9-ask-pin-later.patch
Скачать

 src/pam_pkcs11/pam_pkcs11.c | 174 ++++++++++++++++++++++----------------------
 1 file changed, 87 insertions(+), 87 deletions(-)
diff --git a/src/pam_pkcs11/pam_pkcs11.c b/src/pam_pkcs11/pam_pkcs11.c
index 640008b..e8543c3 100644
--- a/src/pam_pkcs11/pam_pkcs11.c
+++ b/src/pam_pkcs11/pam_pkcs11.c
@@ -470,93 +470,6 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, cons
     return pkcs11_pam_fail;
   }
 
-  rv = get_slot_login_required(ph);
-  if (rv == -1) {
-    ERR1("get_slot_login_required() failed: %s", get_error());
-    if (!configuration->quiet) {
-		pam_syslog(pamh, LOG_ERR, "get_slot_login_required() failed: %s", get_error());
-		pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2314: Slot login failed"));
-		sleep(configuration->err_display_time);
-	}
-    release_pkcs11_module(ph);
-    return pkcs11_pam_fail;
-  } else if (rv) {
-    /* get password */
-	pam_prompt(pamh, PAM_TEXT_INFO, NULL,
-		_("Welcome %.32s!"), get_slot_tokenlabel(ph));
-
-	/* no CKF_PROTECTED_AUTHENTICATION_PATH */
-	rv = get_slot_protected_authentication_path(ph);
-	if ((-1 == rv) || (0 == rv))
-	{
-		char password_prompt[256];
-
-		snprintf(password_prompt,  sizeof(password_prompt), _("%s PIN: "), _(configuration->token_type));
-		if (configuration->use_first_pass) {
-			rv = pam_get_pwd(pamh, &password, NULL, PAM_AUTHTOK, 0);
-		} else if (configuration->try_first_pass) {
-			rv = pam_get_pwd(pamh, &password, password_prompt, PAM_AUTHTOK,
-					PAM_AUTHTOK);
-		} else {
-			rv = pam_get_pwd(pamh, &password, password_prompt, 0, PAM_AUTHTOK);
-		}
-		if (rv != PAM_SUCCESS) {
-			if (!configuration->quiet) {
-				pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2316: password could not be read"));
-				sleep(configuration->err_display_time);
-			}
-			release_pkcs11_module(ph);
-			pam_syslog(pamh, LOG_ERR,
-					"pam_get_pwd() failed: %s", pam_strerror(pamh, rv));
-			return pkcs11_pam_fail;
-		}
-#ifdef DEBUG_SHOW_PASSWORD
-		DBG1("password = [%s]", password);
-#endif
-
-		/* check password length */
-		if (!configuration->nullok && strlen(password) == 0) {
-			release_pkcs11_module(ph);
-			memset(password, 0, strlen(password));
-			free(password);
-			pam_syslog(pamh, LOG_ERR,
-					"password length is zero but the 'nullok' argument was not defined.");
-			if (!configuration->quiet) {
-				pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2318: Empty smartcard PIN not allowed."));
-				sleep(configuration->err_display_time);
-			}
-			return PAM_AUTH_ERR;
-		}
-	}
-	else
-	{
-		pam_prompt(pamh, PAM_TEXT_INFO, NULL,
-			_("Enter your %s PIN on the pinpad"), _(configuration->token_type));
-		/* use pin pad */
-		password = NULL;
-	}
-
-    /* call pkcs#11 login to ensure that the user is the real owner of the card
-     * we need to do thise before get_certificate_list because some tokens
-     * can not read their certificates until the token is authenticated */
-    rv = pkcs11_login(ph, password);
-    /* erase and free in-memory password data asap */
-	if (password)
-	{
-		memset(password, 0, strlen(password));
-		free(password);
-	}
-    if (rv != 0) {
-      ERR1("open_pkcs11_login() failed: %s", get_error());
-		if (!configuration->quiet) {
-			pam_syslog(pamh, LOG_ERR, "open_pkcs11_login() failed: %s", get_error());
-			pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2320: Wrong smartcard PIN"));
-			sleep(configuration->err_display_time);
-		}
-      goto auth_failed_nopw;
-    }
-  }
-
   cert_list = get_certificate_list(ph, &ncert);
   if (rv<0) {
     ERR1("get_certificate_list() failed: %s", get_error());
@@ -681,6 +594,93 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, cons
   }
 
 
+  rv = get_slot_login_required(ph);
+  if (rv == -1) {
+    ERR1("get_slot_login_required() failed: %s", get_error());
+    if (!configuration->quiet) {
+		pam_syslog(pamh, LOG_ERR, "get_slot_login_required() failed: %s", get_error());
+		pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2314: Slot login failed"));
+		sleep(configuration->err_display_time);
+	}
+    release_pkcs11_module(ph);
+    return pkcs11_pam_fail;
+  } else if (rv) {
+    /* get password */
+	pam_prompt(pamh, PAM_TEXT_INFO, NULL,
+		_("Welcome %.32s!"), get_slot_tokenlabel(ph));
+
+	/* no CKF_PROTECTED_AUTHENTICATION_PATH */
+	rv = get_slot_protected_authentication_path(ph);
+	if ((-1 == rv) || (0 == rv))
+	{
+		char password_prompt[256];
+
+		snprintf(password_prompt,  sizeof(password_prompt), _("%s PIN: "), _(configuration->token_type));
+		if (configuration->use_first_pass) {
+			rv = pam_get_pwd(pamh, &password, NULL, PAM_AUTHTOK, 0);
+		} else if (configuration->try_first_pass) {
+			rv = pam_get_pwd(pamh, &password, password_prompt, PAM_AUTHTOK,
+					PAM_AUTHTOK);
+		} else {
+			rv = pam_get_pwd(pamh, &password, password_prompt, 0, PAM_AUTHTOK);
+		}
+		if (rv != PAM_SUCCESS) {
+			if (!configuration->quiet) {
+				pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2316: password could not be read"));
+				sleep(configuration->err_display_time);
+			}
+			release_pkcs11_module(ph);
+			pam_syslog(pamh, LOG_ERR,
+					"pam_get_pwd() failed: %s", pam_strerror(pamh, rv));
+			return pkcs11_pam_fail;
+		}
+#ifdef DEBUG_SHOW_PASSWORD
+		DBG1("password = [%s]", password);
+#endif
+
+		/* check password length */
+		if (!configuration->nullok && strlen(password) == 0) {
+			release_pkcs11_module(ph);
+			memset(password, 0, strlen(password));
+			free(password);
+			pam_syslog(pamh, LOG_ERR,
+					"password length is zero but the 'nullok' argument was not defined.");
+			if (!configuration->quiet) {
+				pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2318: Empty smartcard PIN not allowed."));
+				sleep(configuration->err_display_time);
+			}
+			return PAM_AUTH_ERR;
+		}
+	}
+	else
+	{
+		pam_prompt(pamh, PAM_TEXT_INFO, NULL,
+			_("Enter your %s PIN on the pinpad"), _(configuration->token_type));
+		/* use pin pad */
+		password = NULL;
+	}
+
+    /* call pkcs#11 login to ensure that the user is the real owner of the card
+     * we need to do thise before get_certificate_list because some tokens
+     * can not read their certificates until the token is authenticated */
+    rv = pkcs11_login(ph, password);
+    /* erase and free in-memory password data asap */
+	if (password)
+	{
+		memset(password, 0, strlen(password));
+		free(password);
+	}
+    if (rv != 0) {
+      ERR1("open_pkcs11_login() failed: %s", get_error());
+		if (!configuration->quiet) {
+			pam_syslog(pamh, LOG_ERR, "open_pkcs11_login() failed: %s", get_error());
+			pam_prompt(pamh, PAM_ERROR_MSG , NULL, _("Error 2320: Wrong smartcard PIN"));
+			sleep(configuration->err_display_time);
+		}
+      goto auth_failed_nopw;
+    }
+  }
+
   /* if signature check is enforced, generate random data, sign and verify */
   if (configuration->policy.signature_policy) {
 		pam_prompt(pamh, PAM_TEXT_INFO, NULL, _("Checking signature"));








 






	дизайн и разработка: Vladimir Lettiev aka crux © 2004-2005,
	Andrew Avramenko aka liks © 2007-2008

	текущий майнтейнер: Michael Shigorin