├── .github
    └── workflows
    │   ├── build.yml
    │   └── codespell.yml
├── .gitignore
├── AUTHORS
├── COPYING
├── ChangeLog
├── INSTALL
├── Makefile.am
├── NEWS
├── README
├── README.md
├── TODO
├── aclocal
    ├── ax_pthread.m4
    ├── gettext.m4
    ├── iconv.m4
    ├── lib-ld.m4
    ├── lib-link.m4
    ├── lib-prefix.m4
    ├── nls.m4
    ├── po.m4
    └── progtest.m4
├── bootstrap
├── codespell_ignore_words.txt
├── config.rpath
├── configure.ac
├── doc
    ├── Makefile.am
    ├── README.autologin
    ├── README.eventmgr
    ├── README.ldap_mapper
    ├── README.mappers
    ├── card_eventmgr.1
    ├── doxygen.conf.in
    ├── export-wiki.sh
    ├── export-wiki.xsl
    ├── generate-api.sh
    ├── mappers_api.xml
    ├── pam_pkcs11.8.in
    ├── pam_pkcs11.css
    ├── pam_pkcs11.xml
    ├── pam_pkcs11.xsl
    ├── pkcs11_eventmgr.1
    ├── pkcs11_inspect.1
    ├── pkcs11_listcerts.1
    ├── pkcs11_make_hash_link.1
    ├── pkcs11_setup.1
    └── pklogin_finder.1
├── etc
    ├── Makefile.am
    ├── card_eventmgr.conf.example
    ├── digest_mapping.example
    ├── mail_mapping.example
    ├── pam.d_ignore_no_card.example
    ├── pam.d_login.example.in
    ├── pam_pkcs11.conf.example.in
    ├── pkcs11-eventmgr.service
    ├── pkcs11_eventmgr.conf.example
    └── subject_mapping.example
├── pam_pkcs11.spec
├── po
    ├── Makefile.in.in
    ├── Makevars
    ├── POTFILES.in
    ├── de.po
    ├── fr.po
    ├── it.po
    ├── ka.po
    ├── nl.po
    ├── pam_pkcs11.pot
    ├── pl.po
    ├── pt_BR.po
    ├── remove-potcdate.sed
    ├── remove-potcdate.sin
    ├── ru.po
    ├── tr.po
    └── zh_CN.po
├── src
    ├── Makefile.am
    ├── common
    │   ├── Makefile.am
    │   ├── NSPRerrs.h
    │   ├── SECerrs.h
    │   ├── SSLerrs.h
    │   ├── alg_st.h
    │   ├── algorithm.c
    │   ├── base64.c
    │   ├── base64.h
    │   ├── cert_info.c
    │   ├── cert_info.h
    │   ├── cert_st.h
    │   ├── cert_vfy.c
    │   ├── cert_vfy.h
    │   ├── debug.c
    │   ├── debug.h
    │   ├── error.c
    │   ├── error.h
    │   ├── pam-pkcs11-ossl-compat.h
    │   ├── pkcs11_lib.c
    │   ├── pkcs11_lib.h
    │   ├── rsaref
    │   │   ├── Makefile.am
    │   │   ├── PKCS11_README
    │   │   ├── pkcs11.h
    │   │   ├── pkcs11f.h
    │   │   └── pkcs11t.h
    │   ├── secutil.h
    │   ├── strings.c
    │   ├── strings.h
    │   ├── strndup.c
    │   ├── strndup.h
    │   ├── uri.c
    │   └── uri.h
    ├── mappers
    │   ├── Makefile.am
    │   ├── cn_mapper.c
    │   ├── cn_mapper.h
    │   ├── digest_mapper.c
    │   ├── digest_mapper.h
    │   ├── generic_mapper.c
    │   ├── generic_mapper.h
    │   ├── krb_mapper.c
    │   ├── krb_mapper.h
    │   ├── ldap_mapper.c
    │   ├── ldap_mapper.h
    │   ├── mail_mapper.c
    │   ├── mail_mapper.h
    │   ├── mapper.c
    │   ├── mapper.h
    │   ├── mapperlist.c
    │   ├── mapperlist.h
    │   ├── ms_mapper.c
    │   ├── ms_mapper.h
    │   ├── null_mapper.c
    │   ├── null_mapper.h
    │   ├── opensc_mapper.c
    │   ├── opensc_mapper.h
    │   ├── openssh_mapper.c
    │   ├── openssh_mapper.h
    │   ├── pwent_mapper.c
    │   ├── pwent_mapper.h
    │   ├── subject_mapper.c
    │   ├── subject_mapper.h
    │   ├── uid_mapper.c
    │   └── uid_mapper.h
    ├── pam_pkcs11
    │   ├── Makefile.am
    │   ├── mapper_mgr.c
    │   ├── mapper_mgr.h
    │   ├── pam_config.c
    │   ├── pam_config.h
    │   └── pam_pkcs11.c
    ├── scconf
    │   ├── Makefile.am
    │   ├── README.scconf
    │   ├── internal.h
    │   ├── lex-parse.l
    │   ├── parse.c
    │   ├── scconf.c
    │   ├── scconf.h
    │   ├── sclex.c
    │   └── write.c
    └── tools
    │   ├── Makefile.am
    │   ├── card_eventmgr.c
    │   ├── daemon.c
    │   ├── pkcs11_eventmgr.c
    │   ├── pkcs11_inspect.c
    │   ├── pkcs11_listcerts.c
    │   ├── pkcs11_setup.c
    │   └── pklogin_finder.c
└── tools
    ├── Makefile.am
    └── pkcs11_make_hash_link


/.github/workflows/build.yml:
--------------------------------------------------------------------------------
 1 | name: build
 2 | 
 3 | # Controls when the action will run. Triggers the workflow on push or pull request
 4 | # events but only for the master branch
 5 | on: [push, pull_request]
 6 | 
 7 | # A workflow run is made up of one or more jobs that can run
 8 | # sequentially or in parallel
 9 | jobs:
10 |   # This workflow contains a single job called "build"
11 |   build:
12 |     runs-on: ubuntu-latest
13 | 
14 |     strategy:
15 |       matrix:
16 |         configure_args: [
17 |           "",
18 |           "--with-curl",
19 |           "--with-nss",
20 |         ]
21 | 
22 |     # Steps represent a sequence of tasks that will be executed as part of the job
23 |     steps:
24 |       # Checks-out your repository under $GITHUB_WORKSPACE, so your job
25 |       # can access it
26 |       - uses: actions/checkout@v2
27 | 
28 |       - name: setup prerequisites
29 |         shell: bash
30 |         run: |
31 |           sudo apt update
32 |           sudo apt install \
33 |             docbook-xsl \
34 |             doxygen \
35 |             gettext \
36 |             libcurl4-openssl-dev \
37 |             libldap2-dev \
38 |             libnss3-dev \
39 |             libpam-dev \
40 |             libpcsclite-dev \
41 |             libssl-dev \
42 |             pkg-config \
43 |             xsltproc
44 | 
45 |       - name: compile
46 |         shell: bash
47 |         run: |
48 |           ./bootstrap
49 |           export CFLAGS="-Wall -Wextra -Wformat -Wformat-security -Wmissing-declarations -Wmissing-prototypes -Wold-style-definition -Wpointer-arith -Wredundant-decls -Wshadow -Wstrict-prototypes -Wswitch-enum -Wundef -Wuninitialized -Wunused -Wwrite-strings -Wmissing-noreturn -flto=auto -O2 -Wp,-D_FORTIFY_SOURCE=2"
50 |           ./configure ${{ matrix.configure_args }}
51 |           make V=1
52 | 
53 |       - name: distcheck
54 |         shell: bash
55 |         run: |
56 |           make distcheck
57 | 


--------------------------------------------------------------------------------
/.github/workflows/codespell.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | name: Codespell
 3 | 
 4 | on:
 5 |   pull_request:
 6 |   push:
 7 | 
 8 | jobs:
 9 |   codespell:
10 |     name: Check for spelling errors
11 |     runs-on: ubuntu-latest
12 | 
13 |     steps:
14 |       - uses: actions/checkout@v2
15 |       - uses: codespell-project/actions-codespell@v1
16 |         with:
17 |           skip: ./po/de.po,./po/fr.po,./po/nl.po,./po/pt_BR.po,./po/it.po
18 |           ignore_words_file: codespell_ignore_words.txt
19 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
 1 | # C-Outputs
 2 | *.o
 3 | *.lo
 4 | *.la
 5 | 
 6 | # gettext catalogs
 7 | *.gmo
 8 | po/POTFILES
 9 | po/stamp-po
10 | 
11 | # autoconf-related
12 | aclocal/codeset.m4
13 | aclocal/glibc21.m4
14 | aclocal/glibc2.m4
15 | aclocal/intdiv0.m4
16 | aclocal/intldir.m4
17 | aclocal/intl.m4
18 | aclocal/intlmacosx.m4
19 | aclocal/intmax.m4
20 | aclocal/inttypes_h.m4
21 | aclocal/inttypes-pri.m4
22 | aclocal/lcmessage.m4
23 | aclocal/libtool.m4
24 | aclocal/lock.m4
25 | aclocal/longlong.m4
26 | aclocal/lt~obsolete.m4
27 | aclocal/ltoptions.m4
28 | aclocal/ltsugar.m4
29 | aclocal/ltversion.m4
30 | aclocal.m4
31 | aclocal/printf-posix.m4
32 | aclocal/size_max.m4
33 | aclocal/stdint_h.m4
34 | aclocal/uintmax_t.m4
35 | aclocal/visibility.m4
36 | aclocal/wchar_t.m4
37 | aclocal/wint_t.m4
38 | aclocal/xsize.m4
39 | ar-lib
40 | autom4te.cache/
41 | compile
42 | config.guess
43 | config.h*
44 | config.log
45 | config.status
46 | config.sub
47 | configure
48 | depcomp
49 | install-sh
50 | libtool
51 | ltmain.sh
52 | missing
53 | stamp-h1
54 | 
55 | **/.deps
56 | **/.libs
57 | 
58 | **/Makefile
59 | **/Makefile.in
60 | 
61 | # output
62 | ABOUT-NLS
63 | ChangeLog.git
64 | doc/api
65 | doc/doxygen.conf
66 | doc/mappers_api.html
67 | doc/pam_pkcs11.8
68 | doc/pam_pkcs11.html
69 | etc/pam.d_login.example
70 | etc/pam_pkcs11.conf.example
71 | intl/
72 | m4/
73 | src/tools/card_eventmgr
74 | src/tools/pkcs11_eventmgr
75 | src/tools/pkcs11_inspect
76 | src/tools/pkcs11_listcerts
77 | src/tools/pkcs11_setup
78 | src/tools/pklogin_finder
79 | 


--------------------------------------------------------------------------------
/AUTHORS:
--------------------------------------------------------------------------------
 1 | Mario Strasser <mast@gmx.net> 
 2 | 	Original pam-pkcs11 code
 3 | 
 4 | Juan Antonio Martinez <jonsito@teleline.es>
 5 | 	Configuration file mgmt
 6 | 	Dynamic cert-to-login module mappers
 7 | 
 8 | Antti Tapaninen <aet@cc.hut.fi> 
 9 | Timo Sirainen <tss@iki.fi>
10 | 	scconf configuration file library
11 | 
12 | Ludovic Rousseau <ludovic.rousseau@free.fr>
13 | 	Many fixes and improvements
14 | 	card_eventmgr maintainer
15 | 
16 | Andreas Jellinghaus <aj@dungeon.inka.de>
17 | 	OpenSC and OpenSSH mappers original
18 | 	code from PAM_p11 libraries
19 | 
20 | Dominik Fischer <dom_fischer@web.de>
21 | 	LDAP Mapper
22 | 	Some improvements
23 | 
24 | Ville Skyttä <vskytta@gmail.com>
25 | 	Original pam_pkcs11.spec file
26 | 
27 | Paul Wolneykien <manowar@altlinux.org>
28 | 	Additional features and fixes (card_only, wait_for_card, openssl
29 | 	versions).
30 | 
31 | Also Thanks to all the people at the OpenSC project
32 | 
33 | 


--------------------------------------------------------------------------------
/Makefile.am:
--------------------------------------------------------------------------------
 1 | # $Id$
 2 | 
 3 | SUBDIRS = . po doc etc src tools
 4 | DIST_SUBDIRS = . po doc etc src tools
 5 | 
 6 | EXTRA_DIST = config.rpath ChangeLog COPYING INSTALL \
 7 | 	NEWS README TODO bootstrap pam_pkcs11.spec ChangeLog.git
 8 | 
 9 | MAINTAINERCLEANFILES = \
10 | 	Makefile.in config.h.in configure \
11 | 	install-sh ltmain.sh missing mkinstalldirs \
12 | 	compile depcomp config.log config.status \
13 | 	config.guess config.sub acinclude.m4 aclocal.m4
14 | 
15 | DEPCLEANFILES = config.log configure
16 | 
17 | AUTOMAKE_OPTIONS = foreign
18 | ACLOCAL_AMFLAGS = -I aclocal
19 | 
20 | ChangeLog.git:
21 | 	git log --stat --decorate=short > $@
22 | 


--------------------------------------------------------------------------------
/NEWS:
--------------------------------------------------------------------------------
 1 | 04- Feb 2025
 2 |     - Version 0.6.13.
 3 |     - Added pkcs11-eventmgr systemd service unit.
 4 |     - Updated Russian translations for pam_pkcs11 (thx Max Kosmach
 5 |       and Andrey Cherepanov).
 6 |     - Fixed possible authentication bypass (CVE-2025-24032):
 7 |       Use signatures to verify authentication by default
 8 |       (thx Frank Morgner).
 9 |     - Fixed possible authentication bypass (CVE-2025-24531):
10 |       Restoring the original card_only / wait_for_card behavior
11 |       (thx Matthias Gerstner, Frank Morgner).
12 |     - Move pam_securetty.so upward in the example PAM config.
13 |     - Set 'slot_num' configuration parameter to 0 by default
14 |       (thx Jpereyra316).
15 |     - Print details about configuration parse errors (thx Jpereyra316).
16 |     - Add Chinese (Simplified) translation.
17 |     - Capitalize all PAM messages (thx Alynx Zhou).
18 |     - Made pkcs11_make_hash_link support whitespaces in file names
19 |       (thx Ivan Skorikov).
20 | 
21 | 22- May 2019
22 |     - Version 0.6.11
23 |     - Support OpenSSL 1.1.0
24 |     - use green instead of blue text for logs on the console
25 |     - Solaris runs build process outside of srcdir
26 |     - Fix openssh_mapper_match_keys() for OpenSSL 1.0 & 1.1
27 |     - Fix 64-bit pkcs11_inspect(1) fails on SPARC with a SIBGUS due to misaligned access
28 |     - Add support of ECDSA signature in addition to RSA
29 | 
30 | 12- Sep 2018
31 |     - Version 0.6.10 is out.
32 | 	- Fixed some security issues (thx @frankmorgner):
33 | 	  (https://www.x41-dsec.de/lab/advisories/x41-2018-003-pam_pkcs11/)
34 | 	  -- fixed buffer overflow with long home directory;
35 | 	  -- fixed wiping secrets (now using OpenSSL_cleanse());
36 | 	  -- verify using a nonce from the system, not the card.
37 | 
38 | ... 0.6.9 ... 0.6.0 are yet undescribed.
39 | 
40 | 12- Sep 2005
41 | 	- Finally pam_pkcs11-0.5.3 is out.
42 | 	- New mapper API and Docs
43 | 	- Full documentation available
44 | 	- New mappers: openssh, openssl, ldap, generic and more
45 | 
46 | 12- Apr 2005
47 | 	- Changed name to pam_pkcs11
48 | 	- pam_pkcs11-0.5.2 released
49 | 	- Now pam_pkcs11 is part of OpenSC project web.  
50 | 
51 | 04- Apr 2005
52 | 	- Pkcs11_login-0.5 released:
53 | 	  * Grouped all functions in a common library
54 | 	  * rewritten all mappers ( openssh,opensc,ldap still to be written)
55 | 	  * New certificate digest (md5,sha1, etc) mapper
56 | 	  * Documentation updated and rewritten in DocBook XML
57 | 	  * Tons of bugfixes
58 | 	- New tool: pkcs11_inspect
59 | 
60 | 28- Feb 2005
61 | 	- pkcs11_login-0.4.4 released
62 | 	- New pkcs11_eventmgr tool.
63 | 
64 | 15- Feb 2005
65 | 	- pkcs11_login-0.4.4Beta
66 | 	- Man pages, rpm packages
67 | 
68 | 11- Feb 2005
69 | 	- pkcs11_login-0.4.3 released
70 | 	- Added card_eventmgr tool to launch actions on card insert/remove
71 | 
72 | 9- Feb 2005
73 | 	- pkcs11_login-0.4.2 released. 
74 | 	- See README.autologin to see how to use login-from-certificate
75 | 	  features in console and gdm
76 | 
77 | 8- Feb 2005
78 | 	- pkcs11_login-0.4.1 released. see ChangeLog
79 | 
80 | 7- Feb 2005
81 | 	pkcs11_login-0.4 released:
82 | 	- Now pam_pkcs11 can take arguments from command line 
83 | 	or via configuration file
84 | 	- Certificate to User mapping has been modularized
85 | 	- Preliminary works on entering session without userlogin prompt:
86 | 	just insert certificate and enter PIN
87 | 
88 | 2- Feb 2005
89 | 	Thanks Mario Strasser for allow me re-work in their pam_pkcs11
90 | 	module and re-release it under LGPL
91 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | PAM-PKCS\#11 Login Tools
  2 | ========================
  3 | 
  4 | Description
  5 | -----------
  6 | 
  7 | This Linux-PAM login module allows a X.509 certificate based user login.
  8 | The certificate and its dedicated private key are thereby accessed by
  9 | means of an appropriate PKCS\#11 module. For the verification of the
 10 | users' certificates, locally stored CA certificates as well as either
 11 | online or locally accessible CRLs are used.
 12 | 
 13 | Detailed information about the Linux-PAM system can be found in [The
 14 | Linux-PAM System Administrators'
 15 | Guide](http://www.linux-pam.org/Linux-PAM-html/Linux-PAM_SAG.html),
 16 | [The Linux-PAM Module Writers'
 17 | Guide](http://www.linux-pam.org/Linux-PAM-html/Linux-PAM_MWG.html)
 18 | and [The Linux-PAM Application Developers'
 19 | Guide](http://www.linux-pam.org/Linux-PAM-html/Linux-PAM_ADG.html)
 20 | The specification of the Cryptographic Token Interface Standard
 21 | (PKCS\#11) is available at [PKCS\#11 - Cryptographic Token Interface
 22 | Standard](https://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html).
 23 | 
 24 | PAM-PKCS\#11 package provides:
 25 | 
 26 | * A PAM module able to:
 27 |   * Use certificates to get user credentials
 28 |   * Deduce a login based on provided certificate
 29 | * Several tools:
 30 |   * Standalone cert-to-login finder tool
 31 |   * Certificate contents viewer
 32 |   * Card Event status monitor, to trigger actions on card insert/removal
 33 | 
 34 | You can read the online [PAM-PKCS\#11 User
 35 | Manual](http://opensc.github.io/pam_pkcs11/doc/pam_pkcs11.html) to know
 36 | how to install, configure and use this software.
 37 | 
 38 | ### PKCS\#11 Module Requirements
 39 | 
 40 | The PKCS\#11 modules must fulfill the requirements given by the RSA
 41 | Asymmetric Client Signing Profile, which has been specified in the
 42 |  [PKCS\#11: Conformance Profile
 43 | Specification](http://www.rsa.com/rsalabs/node.asp?id=2133) by RSA
 44 | Laboratories.
 45 | 
 46 | ### User Matching
 47 | 
 48 | To map the ownership of a certificate into a user login, pam-pkcs11 uses
 49 | the concept of *mapper* that is, a list of configurable, stackable
 50 | list of dynamic modules, each one trying to do a specific cert-to-login
 51 | mapping. Several mappers are provided:
 52 | 
 53 | * the common name of the subject matches the login name
 54 | * the unique identifier of the subject matches the login name
 55 | * the user part of an e-mail subject alternative name extension matches the login name
 56 | * the Microsoft universal principal name extension matches the login name
 57 | * etc...(see documentation on provided mappers)
 58 | 
 59 | Many mappers may use also a *mapfile* to translate Certificate
 60 | contents to a login name.
 61 | 
 62 | Download
 63 | --------
 64 | 
 65 | * [pam\_pkcs11-x.y.z.tar.gz](http://sourceforge.net/projects/opensc/files/pam_pkcs11/)
 66 | 
 67 | Packages for [various Linux
 68 | distributions](https://repology.org/metapackage/pam-pkcs11) are
 69 | available through the their standard package management system.
 70 | 
 71 | Installation
 72 | ------------
 73 | 
 74 | Unpack the archive, configure, compile and install it:
 75 | 
 76 | ```sh
 77 | tar xvzf pkcs11_login-X.Y.Z.tar.gz
 78 | cd pkcs11_login-X.Y.Z
 79 | ./configure
 80 | make
 81 | sudo make install
 82 | ```
 83 | 
 84 | If you want to use [cURL](http://curl.haxx.se/libcurl/) instead of
 85 | our native URI-functions for downloading CRLs, use `./configure --with-curl`
 86 | 
 87 | However, up to now cURL is not able to handle binary LDAP replies and
 88 | thus CRL download might not work for all LDAP URIs.
 89 | 
 90 | Next, you have to create the needed openssl-hash-links.
 91 | 
 92 | ```sh
 93 | make_hash_link.sh ${path to the directory with the CA certificates}
 94 | make_hash_link.sh ${path to the directory with the CRLs}
 95 | ```
 96 | 
 97 | Configuration
 98 | -------------
 99 | 
100 | See [PAM-PKCS\#11 User
101 | Manual](http://opensc.github.io/pam_pkcs11/doc/pam_pkcs11.html) to
102 | configure and set up pam\_pkcs11.
103 | 
104 | See [PAM-PKCS\#11 Mappers
105 | API](http://opensc.github.io/pam_pkcs11/doc/mappers_api.html) to get
106 | advanced information on mappers (mainly for developers).
107 | 
108 | Documentation
109 | -------------
110 | 
111 | * Online Manuals
112 | * [PAM-PKCS\#11 User Manual](http://opensc.github.io/pam_pkcs11/doc/pam_pkcs11.html)
113 | * [PAM-PKCS\#11 Mappers API Reference](http://opensc.github.io/pam_pkcs11/doc/mappers_api.html)
114 | * [TODO](https://raw.github.com/OpenSC/pam_pkcs11/master/TODO) file (outdated)
115 | * Man pages
116 |   * [`pam_pkcs11(8)`](https://linux.die.net/man/8/pam_pkcs11)
117 |   * [`card_eventmgr(1)`](https://linux.die.net/man/1/card_eventmgr)
118 |   * [`pkcs11_eventmgr(1)`](https://linux.die.net/man/1/pkcs11_eventmgr)
119 |   * [`pklogin_finder(1)`](https://linux.die.net/man/1/pklogin_finder)
120 |   * [`pkcs11_inspect(1)`](https://linux.die.net/man/1/pkcs11_inspect)
121 | 
122 | Contact
123 | -------
124 | 
125 | [Get involved](https://github.com/OpenSC/pam_pkcs11/issues)
126 | in development! All comments, suggestions and bug reports are welcome.
127 | 


--------------------------------------------------------------------------------
/TODO:
--------------------------------------------------------------------------------
 1 | 0.6 will be a finish-code release. Fix source tree estructure, 
 2 | define devel api and code all to-be-written mappers are task to do
 3 | 
 4 | Expected things to be done in 0.6 release:
 5 | 
 6 | - Create and Define a pam-pkcs11 mapper API & library. 
 7 |   This is mostly done at 0.5.3, but some cleaning is needed. 
 8 |   * Create a mapper "devel" package
 9 |   * Use OpenSC libp11 pkcs11 library
10 | 
11 | - Add remote CA's and CRL's lookups
12 |   Actually, CA's and local CRL's are stored as hash dir. Need
13 |   to recode to use URL's as data sources
14 | 
15 | - Finish mapper coding 
16 |   * opensc:
17 | 	- Generic mapping files
18 | 	0.5.3 searches in ${HOME}/.eid/authorized_certificates. Needs
19 | 	an additional tool to manage a "global" certificate file with
20 | 	user mappings
21 |   * openssh:
22 | 	- Same as opensc. Hint: use "comment" field on ssh public keys
23 | 	to store login name
24 |   * ldap mapper:
25 | 	- Allow use of any certificate content to make queries
26 | 	- find() function is too expensive when navigate across
27 | 	databases of thousand of users. Need to optimize search
28 | 	filters.
29 |   * database mapper:
30 | 	- Define and create a UnixODBC based database mapper
31 |   * Compile as static all mappers that does not depend on extra
32 |   libraries
33 | 
34 | 0.7 is a try to real-life implementation: MS Active directory
35 | configuration, NSS aware configurations, LDAP settings,
36 | many samples and docs, general cleanups, etc. 
37 | 
38 | Things to be done in 0.7 release:
39 | - Review all mappers that depends on remote connections.
40 |   * conditional queries instead of getpwent() query loop
41 | 
42 | - Allow pam-pkcs11 login against MS Active Directory
43 |   * Changes to MS_mapper to real use of UPN Domain
44 |   * Documentation and samples
45 | 
46 | - Manuals on LDAP, NSS and so installations
47 | 
48 | - ncurses (gtk?) tool to create/edit mapfiles
49 | 
50 | 0.8 will be a major cleanup: bugfixes, optimizations, pam-session
51 | handling. Most important: pkinit aware pam module is to be scheduled
52 | here
53 | 
54 | Things to be done in 0.8 release
55 | 
56 | - Call for pin only when needed
57 | - Use certificate only if available for authentication
58 | - Implement of Kerberos PKINIT specification. Rewrite of kpn mapper
59 | - Check content-type of cert fields instead assume utf-8
60 | - proper handle of free() calls when needed
61 | 
62 | 0.9 will be a preview version. No more items are expected to add, 
63 | just bugfixes and feedbacks from users. 
64 | Perhaps it's time for i18n issues
65 | 
66 | 1.0 That's all folks!
67 | 


--------------------------------------------------------------------------------
/aclocal/lib-ld.m4:
--------------------------------------------------------------------------------
  1 | # lib-ld.m4 serial 6
  2 | dnl Copyright (C) 1996-2003, 2009-2014 Free Software Foundation, Inc.
  3 | dnl This file is free software; the Free Software Foundation
  4 | dnl gives unlimited permission to copy and/or distribute it,
  5 | dnl with or without modifications, as long as this notice is preserved.
  6 | 
  7 | dnl Subroutines of libtool.m4,
  8 | dnl with replacements s/_*LT_PATH/AC_LIB_PROG/ and s/lt_/acl_/ to avoid
  9 | dnl collision with libtool.m4.
 10 | 
 11 | dnl From libtool-2.4. Sets the variable with_gnu_ld to yes or no.
 12 | AC_DEFUN([AC_LIB_PROG_LD_GNU],
 13 | [AC_CACHE_CHECK([if the linker ($LD) is GNU ld], [acl_cv_prog_gnu_ld],
 14 | [# I'd rather use --version here, but apparently some GNU lds only accept -v.
 15 | case `$LD -v 2>&1 </dev/null` in
 16 | *GNU* | *'with BFD'*)
 17 |   acl_cv_prog_gnu_ld=yes
 18 |   ;;
 19 | *)
 20 |   acl_cv_prog_gnu_ld=no
 21 |   ;;
 22 | esac])
 23 | with_gnu_ld=$acl_cv_prog_gnu_ld
 24 | ])
 25 | 
 26 | dnl From libtool-2.4. Sets the variable LD.
 27 | AC_DEFUN([AC_LIB_PROG_LD],
 28 | [AC_REQUIRE([AC_PROG_CC])dnl
 29 | AC_REQUIRE([AC_CANONICAL_HOST])dnl
 30 | 
 31 | AC_ARG_WITH([gnu-ld],
 32 |     [AS_HELP_STRING([--with-gnu-ld],
 33 |         [assume the C compiler uses GNU ld [default=no]])],
 34 |     [test "$withval" = no || with_gnu_ld=yes],
 35 |     [with_gnu_ld=no])dnl
 36 | 
 37 | # Prepare PATH_SEPARATOR.
 38 | # The user is always right.
 39 | if test "${PATH_SEPARATOR+set}" != set; then
 40 |   # Determine PATH_SEPARATOR by trying to find /bin/sh in a PATH which
 41 |   # contains only /bin. Note that ksh looks also at the FPATH variable,
 42 |   # so we have to set that as well for the test.
 43 |   PATH_SEPARATOR=:
 44 |   (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \
 45 |     && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \
 46 |            || PATH_SEPARATOR=';'
 47 |        }
 48 | fi
 49 | 
 50 | ac_prog=ld
 51 | if test "$GCC" = yes; then
 52 |   # Check if gcc -print-prog-name=ld gives a path.
 53 |   AC_MSG_CHECKING([for ld used by $CC])
 54 |   case $host in
 55 |   *-*-mingw*)
 56 |     # gcc leaves a trailing carriage return which upsets mingw
 57 |     ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
 58 |   *)
 59 |     ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
 60 |   esac
 61 |   case $ac_prog in
 62 |     # Accept absolute paths.
 63 |     [[\\/]]* | ?:[[\\/]]*)
 64 |       re_direlt='/[[^/]][[^/]]*/\.\./'
 65 |       # Canonicalize the pathname of ld
 66 |       ac_prog=`echo "$ac_prog"| sed 's%\\\\%/%g'`
 67 |       while echo "$ac_prog" | grep "$re_direlt" > /dev/null 2>&1; do
 68 |         ac_prog=`echo $ac_prog| sed "s%$re_direlt%/%"`
 69 |       done
 70 |       test -z "$LD" && LD="$ac_prog"
 71 |       ;;
 72 |   "")
 73 |     # If it fails, then pretend we aren't using GCC.
 74 |     ac_prog=ld
 75 |     ;;
 76 |   *)
 77 |     # If it is relative, then search for the first ld in PATH.
 78 |     with_gnu_ld=unknown
 79 |     ;;
 80 |   esac
 81 | elif test "$with_gnu_ld" = yes; then
 82 |   AC_MSG_CHECKING([for GNU ld])
 83 | else
 84 |   AC_MSG_CHECKING([for non-GNU ld])
 85 | fi
 86 | AC_CACHE_VAL([acl_cv_path_LD],
 87 | [if test -z "$LD"; then
 88 |   acl_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
 89 |   for ac_dir in $PATH; do
 90 |     IFS="$acl_save_ifs"
 91 |     test -z "$ac_dir" && ac_dir=.
 92 |     if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
 93 |       acl_cv_path_LD="$ac_dir/$ac_prog"
 94 |       # Check to see if the program is GNU ld.  I'd rather use --version,
 95 |       # but apparently some variants of GNU ld only accept -v.
 96 |       # Break only if it was the GNU/non-GNU ld that we prefer.
 97 |       case `"$acl_cv_path_LD" -v 2>&1 </dev/null` in
 98 |       *GNU* | *'with BFD'*)
 99 |         test "$with_gnu_ld" != no && break
100 |         ;;
101 |       *)
102 |         test "$with_gnu_ld" != yes && break
103 |         ;;
104 |       esac
105 |     fi
106 |   done
107 |   IFS="$acl_save_ifs"
108 | else
109 |   acl_cv_path_LD="$LD" # Let the user override the test with a path.
110 | fi])
111 | LD="$acl_cv_path_LD"
112 | if test -n "$LD"; then
113 |   AC_MSG_RESULT([$LD])
114 | else
115 |   AC_MSG_RESULT([no])
116 | fi
117 | test -z "$LD" && AC_MSG_ERROR([no acceptable ld found in \$PATH])
118 | AC_LIB_PROG_LD_GNU
119 | ])
120 | 


--------------------------------------------------------------------------------
/aclocal/nls.m4:
--------------------------------------------------------------------------------
 1 | # nls.m4 serial 5 (gettext-0.18)
 2 | dnl Copyright (C) 1995-2003, 2005-2006, 2008-2014 Free Software Foundation,
 3 | dnl Inc.
 4 | dnl This file is free software; the Free Software Foundation
 5 | dnl gives unlimited permission to copy and/or distribute it,
 6 | dnl with or without modifications, as long as this notice is preserved.
 7 | dnl
 8 | dnl This file can can be used in projects which are not available under
 9 | dnl the GNU General Public License or the GNU Library General Public
10 | dnl License but which still want to provide support for the GNU gettext
11 | dnl functionality.
12 | dnl Please note that the actual code of the GNU gettext library is covered
13 | dnl by the GNU Library General Public License, and the rest of the GNU
14 | dnl gettext package package is covered by the GNU General Public License.
15 | dnl They are *not* in the public domain.
16 | 
17 | dnl Authors:
18 | dnl   Ulrich Drepper <drepper@cygnus.com>, 1995-2000.
19 | dnl   Bruno Haible <haible@clisp.cons.org>, 2000-2003.
20 | 
21 | AC_PREREQ([2.50])
22 | 
23 | AC_DEFUN([AM_NLS],
24 | [
25 |   AC_MSG_CHECKING([whether NLS is requested])
26 |   dnl Default is enabled NLS
27 |   AC_ARG_ENABLE([nls],
28 |     [  --disable-nls           do not use Native Language Support],
29 |     USE_NLS=$enableval, USE_NLS=yes)
30 |   AC_MSG_RESULT([$USE_NLS])
31 |   AC_SUBST([USE_NLS])
32 | ])
33 | 


--------------------------------------------------------------------------------
/aclocal/progtest.m4:
--------------------------------------------------------------------------------
 1 | # progtest.m4 serial 7 (gettext-0.18.2)
 2 | dnl Copyright (C) 1996-2003, 2005, 2008-2014 Free Software Foundation, Inc.
 3 | dnl This file is free software; the Free Software Foundation
 4 | dnl gives unlimited permission to copy and/or distribute it,
 5 | dnl with or without modifications, as long as this notice is preserved.
 6 | dnl
 7 | dnl This file can can be used in projects which are not available under
 8 | dnl the GNU General Public License or the GNU Library General Public
 9 | dnl License but which still want to provide support for the GNU gettext
10 | dnl functionality.
11 | dnl Please note that the actual code of the GNU gettext library is covered
12 | dnl by the GNU Library General Public License, and the rest of the GNU
13 | dnl gettext package package is covered by the GNU General Public License.
14 | dnl They are *not* in the public domain.
15 | 
16 | dnl Authors:
17 | dnl   Ulrich Drepper <drepper@cygnus.com>, 1996.
18 | 
19 | AC_PREREQ([2.50])
20 | 
21 | # Search path for a program which passes the given test.
22 | 
23 | dnl AM_PATH_PROG_WITH_TEST(VARIABLE, PROG-TO-CHECK-FOR,
24 | dnl   TEST-PERFORMED-ON-FOUND_PROGRAM [, VALUE-IF-NOT-FOUND [, PATH]])
25 | AC_DEFUN([AM_PATH_PROG_WITH_TEST],
26 | [
27 | # Prepare PATH_SEPARATOR.
28 | # The user is always right.
29 | if test "${PATH_SEPARATOR+set}" != set; then
30 |   # Determine PATH_SEPARATOR by trying to find /bin/sh in a PATH which
31 |   # contains only /bin. Note that ksh looks also at the FPATH variable,
32 |   # so we have to set that as well for the test.
33 |   PATH_SEPARATOR=:
34 |   (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \
35 |     && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \
36 |            || PATH_SEPARATOR=';'
37 |        }
38 | fi
39 | 
40 | # Find out how to test for executable files. Don't use a zero-byte file,
41 | # as systems may use methods other than mode bits to determine executability.
42 | cat >conf$$.file <<_ASEOF
43 | #! /bin/sh
44 | exit 0
45 | _ASEOF
46 | chmod +x conf$$.file
47 | if test -x conf$$.file >/dev/null 2>&1; then
48 |   ac_executable_p="test -x"
49 | else
50 |   ac_executable_p="test -f"
51 | fi
52 | rm -f conf$$.file
53 | 
54 | # Extract the first word of "$2", so it can be a program name with args.
55 | set dummy $2; ac_word=[$]2
56 | AC_MSG_CHECKING([for $ac_word])
57 | AC_CACHE_VAL([ac_cv_path_$1],
58 | [case "[$]$1" in
59 |   [[\\/]]* | ?:[[\\/]]*)
60 |     ac_cv_path_$1="[$]$1" # Let the user override the test with a path.
61 |     ;;
62 |   *)
63 |     ac_save_IFS="$IFS"; IFS=$PATH_SEPARATOR
64 |     for ac_dir in ifelse([$5], , $PATH, [$5]); do
65 |       IFS="$ac_save_IFS"
66 |       test -z "$ac_dir" && ac_dir=.
67 |       for ac_exec_ext in '' $ac_executable_extensions; do
68 |         if $ac_executable_p "$ac_dir/$ac_word$ac_exec_ext"; then
69 |           echo "$as_me: trying $ac_dir/$ac_word..." >&AS_MESSAGE_LOG_FD
70 |           if [$3]; then
71 |             ac_cv_path_$1="$ac_dir/$ac_word$ac_exec_ext"
72 |             break 2
73 |           fi
74 |         fi
75 |       done
76 |     done
77 |     IFS="$ac_save_IFS"
78 | dnl If no 4th arg is given, leave the cache variable unset,
79 | dnl so AC_PATH_PROGS will keep looking.
80 | ifelse([$4], , , [  test -z "[$]ac_cv_path_$1" && ac_cv_path_$1="$4"
81 | ])dnl
82 |     ;;
83 | esac])dnl
84 | $1="$ac_cv_path_$1"
85 | if test ifelse([$4], , [-n "[$]$1"], ["[$]$1" != "$4"]); then
86 |   AC_MSG_RESULT([$][$1])
87 | else
88 |   AC_MSG_RESULT([no])
89 | fi
90 | AC_SUBST([$1])dnl
91 | ])
92 | 


--------------------------------------------------------------------------------
/bootstrap:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | set -e
 4 | set -x
 5 | if test -f Makefile; then
 6 |   make distclean
 7 | fi
 8 | rm -rf *.cache *.m4 config.guess config.log \
 9 | config.status config.sub depcomp ltmain.sh
10 | 
11 | #gettextize --force
12 | aclocal -I aclocal
13 | libtoolize --force --copy
14 | autoheader
15 | automake --add-missing --foreign
16 | autoconf
17 | 


--------------------------------------------------------------------------------
/codespell_ignore_words.txt:
--------------------------------------------------------------------------------
1 | ba
2 | gord
3 | parm
4 | parms
5 | pres
6 | 


--------------------------------------------------------------------------------
/doc/Makefile.am:
--------------------------------------------------------------------------------
 1 | # Process this file with automake to create Makefile.in
 2 | 
 3 | MAINTAINERCLEANFILES = Makefile.in $(HTMLFILES) api/*
 4 | DISTCLEANFILES = doxygen.conf
 5 | 
 6 | XSLTPROC = @XSLTPROC@
 7 | HTMLFILES = pam_pkcs11.html mappers_api.html
 8 | XMLFILES = pam_pkcs11.xml mappers_api.xml \
 9 | 	pam_pkcs11.xsl export-wiki.xsl \
10 | 	pam_pkcs11.css
11 | 
12 | MANSRC = \
13 | 	pam_pkcs11.8 card_eventmgr.1 pklogin_finder.1 \
14 | 	pkcs11_eventmgr.1 pkcs11_inspect.1 \
15 | 	pkcs11_setup.1 pkcs11_listcerts.1 pkcs11_make_hash_link.1
16 | 
17 | man_MANS = $(MANSRC)
18 | noinst_DATA = $(HTMLFILES) doxygen.conf
19 | EXTRA_DIST = $(MANSRC) $(XMLFILES) $(HTMLFILES) doxygen.conf.in \
20 | 	README.mappers README.autologin README.eventmgr \
21 | 	README.ldap_mapper export-wiki.sh generate-api.sh \
22 | 	api/index.html $(shell ls api/*)
23 | 
24 | STYLESHEET = $(srcdir)/pam_pkcs11.xsl
25 | 
26 | %.html: %.xml $(STYLESHEET)
27 | if HAVE_DOCBOOK
28 | 	$(XSLTPROC) \
29 | 	--stringparam  section.autolabel 1 \
30 | 	--stringparam  section.label.includes.component.label 1 \
31 | 	-o $@ $(STYLESHEET) $<
32 | #tidy -im -utf8 -xml $@ || true
33 | else
34 | 	@echo "Docbook support disabled, not building $@" >&2
35 | endif
36 | 
37 | api/index.html: doxygen.conf
38 | 	sh $(srcdir)/generate-api.sh $(srcdir)
39 | 


--------------------------------------------------------------------------------
/doc/README.autologin:
--------------------------------------------------------------------------------
 1 | EXTRACTING LOGIN FROM CERTIFICATE HOWTO
 2 | ---------------------------------------
 3 | 
 4 | Starting at pam_pkcs11-0.4.2 a new feature is provided: pam-pkcs11 can
 5 | deduce user name from certificate, without login prompt.
 6 | 
 7 | This is done when pam_get_user() call returns null or empty string.
 8 | In this case, pam-pcks11 use the module mapper "find" feature instead
 9 | of normal "match".
10 | 
11 | If the finder list returns ok, evaluated user is set to pam via
12 | pam_set_item(PAM_USER) call, and PAM_AUTH_OK is returned.
13 | 
14 | So there are no longer need to enter user name if a certificate is
15 | provided and can be mapped to an user.
16 | 
17 | 
18 | There are to ways to use this feature:
19 | 
20 | a) Patch "gdm" and "login" programs to detect card presence and return
21 | null as user name, without prompt for an user login.
22 | This is a work to be done :-(
23 | 
24 | b) Use unpatched versions, and do the following procedures:
25 | 
26 | b.1) When login from console, just enter " " (space) + Enter. 
27 | 
28 | b.2) When login from gdm, just key Enter at login prompt. 
29 | 
30 | In both cases the procedure continues as:
31 | - If a card is not present, login will ask for password, and gdm will
32 |   prompt again for user login
33 | 
34 | - If a card is present, pam-pkcs11 will ask for the PIN, and then invoke
35 |   finder in module mapper list. When a user is found, this user becomes
36 |   the logged user
37 | 
38 | This feature can be used with pam-mkhomedir.so PAM Session module.
39 | In this case, you can create on-the-fly accounts. This scenario is
40 | ideal for centralized auth services (Winbind, ldap, kerberos, RDBMS auth...)
41 | 
42 | As example, here comes my tested /etc/pam.d/gdm file:
43 | #%PAM-1.0
44 | auth       sufficient   pam_pkcs11.so debug config_file=/etc/pam_pkcs11/pam_pkcs11.conf
45 | auth       required     pam_env.so
46 | auth       required     pam_stack.so service=system-auth
47 | auth       required     pam_nologin.so
48 | account    required     pam_stack.so service=system-auth
49 | password   required     pam_stack.so service=system-auth
50 | session    required     pam_stack.so service=system-auth
51 | session    optional     pam_mkhomedir.so skel=/etc/skel umask=0022
52 | session    optional     pam_console.so
53 | 
54 | IMPORTANT NOTES:
55 |  
56 | For pam_set_item(PAM_USER) success, application using pam must have
57 | enough permissions. If this condition is not met, setting user process
58 | will fail and proper log message registered. So this feature is mainly
59 | provided for logging processes running as root.
60 | 
61 | Improper mapper chain configurations with unauthorized certificates can
62 | lead in the creation of fake accounts in the system if pam_mkhomedir.so
63 | module is used. So be really careful when authenticating users directly
64 | from certificates.
65 | 
66 | Enjoy!
67 | 


--------------------------------------------------------------------------------
/doc/README.eventmgr:
--------------------------------------------------------------------------------
 1 | Using the Card Event Manager
 2 | ----------------------------
 3 | 
 4 | PAM-PKCS11 includes a tool "card_eventmgr" that can be used to
 5 | monitor the status of the card reader and dispatch actions on several
 6 | events. This program can be used for several actions, like screen lock on
 7 | card removal.
 8 | 
 9 | Note that this program has no interaction with pam-pkcs11: is just a
10 | card status monitor. It's up to the sysadmin to define and configure
11 | actions to take on events.
12 | 
13 | To invoke the program, just type "card_eventmgr".
14 | 
15 | Several command lines are recognized:
16 | 
17 | - debug   - to enable debugging. Defaults to unset
18 | - daemon  - to run as daemon. If debug is unset, also detach from tty.
19 |             Default to unset
20 | - timeout=<msecs>    - time in msec between two consecutive status poll.
21 |                        Defaults to 1000 (1 second)
22 | - config_file=<file> - configuration file to use. Defaults to
23 |                        /etc/pam_pkcs11/card_eventmgr.conf
24 | 
25 | Structure of configuration file is described below:
26 | 
27 | card_eventmgr {
28 | 
29 | 	# Run in background.
30 | 	daemon = false;
31 | 
32 | 	# show debug messages
33 | 	debug = false;
34 | 	
35 | 	# polling time in mili-seconds
36 | 	timeout = 1000;
37 | 
38 | 	#
39 | 	# list of events and actions
40 | 
41 | 	# Card inserted
42 | 	event card_insert {
43 | 		# what to do if an action fail?
44 | 		# ignore  : continue to next action
45 | 		# return  : end action sequence
46 | 		# quit    : end program
47 | 		on_error = ignore ;
48 | 
49 | 		# You can enter several, comma-separated action entries
50 | 		# they will be executed in turn
51 | 		action = "/usr/bin/play /usr/share/sounds/warning.wav",
52 | 			"/usr/X11R6/bin/xscreensaver-command -deactivate";
53 | 	}
54 | 
55 | 	# Card has been removed
56 | 	event card_remove { 
57 | 		on_error = ignore;
58 | 		action = "/usr/bin/play /usr/share/sounds/error.wav",
59 | 			"/usr/X11R6/bin/xscreensaver-command -lock";
60 | 	}
61 | 
62 | 	# Too much time locked session
63 | 	event timeout { 
64 | 	}
65 | }
66 | 
67 | As you can see, on each event you can define a list of actions, and what
68 | to do if an action fails.
69 | 
70 | SECURITY ISSUES:
71 | 
72 | The best way to start card monitoring is at user login into the system. 
73 | If so, note that all event commands will be executed with user privileges.
74 | So is up to the user to take care that he has the rights to execute the
75 | desired actions.
76 | 
77 | EXAMPLE: use xscreensaver to lock the screen at card removal
78 | 
79 | you can use the provided configuration sample file. 
80 | Just add to your .xsession or KDE/GNOME Autostart directory
81 | an invocation to card_eventmgr in daemon mode.
82 | 
83 | Additionally you can add this entry to /etc/pam.d/xscreensaver
84 | configuration:
85 | 
86 | #%PAM-1.0
87 | 
88 | # Red Hat says this is right for them, as of 7.3:
89 | auth       sufficient    pam_pkcs11.so debug config_file=/etc/pam_pkcs11/pam_pkcs11.conf
90 | auth       required	pam_stack.so service=system-auth
91 | 
92 | # This is what we were using before:
93 | # auth       required	pam_pwdb.so shadow nullok
94 | At pam-pkcs11-0.4.3 handling of timeout event is not managed yet
95 | 
96 | In this case, when the card is removed the X screen will be locked. When
97 | the card is re-inserted, screen will prompt for the card PIN, check it and
98 | if access is granted the screen will unlock.
99 | 


--------------------------------------------------------------------------------
/doc/README.ldap_mapper:
--------------------------------------------------------------------------------
  1 | Sample config
  2 | ============= 
  3 | 
  4 | pam_pkcs11.conf:
  5 | ----------------
  6 | 
  7 | (...)
  8 |   # Directory ( ldap style ) mapper
  9 |   mapper ldap {
 10 |         debug = false;
 11 |         module = /usr/lib/pam_pkcs11/ldap_mapper.so;
 12 |         # where base directory resides
 13 |         basedir = /etc/pam_pkcs11/mapdir;
 14 |         # hostname of ldap server
 15 |         ldaphost = "localhost";
 16 |         # Port on ldap server to connect
 17 |         ldapport = 389;
 18 |         # Scope of search: 0 = x, 1 = y, 2 = z
 19 |         scope = 2;
 20 |         # DN to bind with. Must have read-access for user entries under "base"
 21 |         binddn = "cn=pam,o=example,c=com";
 22 |         # Password for above DN
 23 |         passwd = "test";
 24 |         # Searchbase for user entries
 25 |         base = "ou=People,o=example,c=com";
 26 |         # Attribute of user entry which contains the certificate
 27 |         attribute = "userCertificate";
 28 |         # Searchfilter for user entry. Must only let pass user entry for the login user.
 29 |         filter = "(&(objectClass=posixAccount)(uid=%s))"
 30 |         # Attribute of user entry which contains the user's login name (optional)
 31 |         uid_attribute = "uid";
 32 |         # List of sets of ldap attribute / cert attribute pairs (optional)
 33 |         attribute_map = "uid=uid&mail=email", "krbprincipalname=upn", "userCertificate;binary=cert";
 34 |   }
 35 | (...)
 36 | 
 37 | Sample structure of the LDAP entries
 38 | ====================================
 39 | 
 40 | /etc/openldap/slapd.conf:
 41 | -------------------------
 42 | 
 43 | include         /etc/openldap/schema/core.schema
 44 | include         /etc/openldap/schema/cosine.schema
 45 | include         /etc/openldap/schema/inetorgperson.schema
 46 | include         /etc/openldap/schema/nis.schema
 47 | allow bind_v2
 48 | pidfile         /var/run/slapd.pid
 49 | argsfile        /var/run/slapd.args
 50 | access to dn.base="" by * read
 51 | access to dn.base="ou=People" by dn=cn=pam,o=example,c=com read
 52 | access to *
 53 |         by self write
 54 |         by users read
 55 |         by anonymous auth
 56 | database        bdb
 57 | suffix          "o=example,c=com"
 58 | rootdn          "cn=root,o=example,c=com"
 59 | rootpw          {SSHA}****
 60 | directory       /var/lib/ldap
 61 | index objectClass                       eq,pres
 62 | index ou,cn,mail,surname,givenname      eq,pres,sub
 63 | index uidNumber,gidNumber,loginShell    eq,pres
 64 | index uid,memberUid                     eq,pres,sub
 65 | index nisMapName,nisMapEntry            eq,pres,sub
 66 | 
 67 | initial.ldif:
 68 | -------------
 69 | dn: o=example,c=com
 70 | objectClass: dcObject
 71 | objectClass: organization
 72 | o: example
 73 | dc: example
 74 | 
 75 | dn: ou=People,o=example,c=com
 76 | ou: People
 77 | objectclass: organizationalUnit
 78 | 
 79 | dn: ou=Groups,o=example,c=com
 80 | ou: Groups
 81 | objectclass: organizationalUnit
 82 | 
 83 | pam.user.ldif:
 84 | --------------
 85 | dn: uid=pam,o=example,c=com
 86 | uid: pam
 87 | givenName: Pamela
 88 | sn: Anderson
 89 | userPassword: pam
 90 | loginShell: /bin/false
 91 | uidNumber: 999999
 92 | gidNumber: 999999
 93 | homeDirectory: /tmp
 94 | shadowMin: -1
 95 | shadowMax: 999999
 96 | shadowWarning: 7
 97 | shadowInactive: -1
 98 | shadowExpire: -1
 99 | shadowFlag: 0
100 | objectClass: top
101 | objectClass: person
102 | objectClass: posixAccount
103 | objectClass: shadowAccount
104 | objectClass: inetOrgPerson
105 | cn: pam
106 | 
107 | sample.user.ldif:
108 | -----------------
109 | dn: uid=testuser,ou=People,o=example,c=com
110 | uid: testuser
111 | givenName: Test
112 | sn: User
113 | cn: Test User
114 | userPassword: abcde
115 | loginShell: /bin/bash
116 | uidNumber: 1000
117 | gidNumber: 1000
118 | homeDirectory: /home/testuser
119 | shadowMin: -1
120 | shadowMax: 999999
121 | shadowWarning: 7
122 | shadowInactive: -1
123 | shadowExpire: -1
124 | shadowFlag: 0
125 | objectClass: top
126 | objectClass: person
127 | objectClass: posixAccount
128 | objectClass: shadowAccount
129 | objectClass: inetOrgPerson
130 | userCertificate;binary:: MIIELD
131 | (...)
132 | Bg==
133 | 
134 | 


--------------------------------------------------------------------------------
/doc/card_eventmgr.1:
--------------------------------------------------------------------------------
 1 | .TH card_eventmgr 1 "Aug 2005" "Juan Antonio Martinez" PAM-PKCS#11
 2 | .SH NAME
 3 | card_eventmgr \- PCSC\-Lite Event Manager
 4 | .SH SYNTAX
 5 | .B card_eventmgr
 6 | .RB [ debug ]
 7 | .RB [[ no ] daemon ]
 8 | .RB [ timeout=\fI<msecs>\fP ]
 9 | .RB [ config_file=\fI<filename>\fP ]
10 | .RB [ kill ]
11 | .RB [ pidfile=\fI<pidfile>\fP ]
12 | .SH DESCRIPTION
13 | .B card_eventmgr
14 | is a smart card monitoring tool that listen to the status of the
15 | card reader and dispatch actions on several events.
16 | .B card_eventmgr
17 | can be used for several actions: like screen lock on card removal.
18 | .P
19 | Three events are supported: card insertion, card removal and timeout on
20 | removed card. Actions are specified in a configuration file.
21 | .SH OPTIONS
22 | .TP 
23 | .B debug
24 | Enable debugging output.
25 | .TP 
26 | .RB [ no ] daemon
27 | Runs in background if daemon or in foreground if nodaemon (default). If
28 | debug is unset, the program detaches itself from the tty.
29 | .TP 
30 | .BI timeout= <msecs>
31 | Set polling timeout in milliseconds. Defaults to 1000 (1 second).
32 | .TP 
33 | .BI config_file= "<configuration file>"
34 | Sets de configuration file. Default value is
35 | .IR /etc/pam_pkcs11/card_eventmgr.conf .
36 | .TP
37 | .BI pidfile= <pidfile>
38 | Store the
39 | .B card_eventmgr
40 | process ID (pid) in the file
41 | .IR pidfile .
42 | .TP
43 | .B kill
44 | Read a process id from
45 | .I pidfile
46 | and kill that process. You must use
47 | the argument
48 | .BI pidfile= <pidfile>
49 | to use
50 | .BR kill .
51 | .SH FILES
52 | \fI/etc/pam_pkcs11/card_eventmgr.conf\fP 
53 | .SH EXAMPLES
54 | To run this program the standard way type:
55 | .P
56 |  card_eventmgr 
57 | .P 
58 | Alternatively you can specify options:
59 | .P 
60 |  card_eventmgr debug nodaemon timeout=500 config_file=$HOME/.card_eventmgr.conf
61 | .P
62 | If you want to start and stop card_eventmgr automatically in an X11
63 | session you can create a \fI~/.xsession\fR file containing:
64 |  # start the card autolock
65 |  card_eventmgr pidfile=$HOME/.card_eventmgr.pid
66 | 
67 |  # start Gnome or something else
68 |  /usr/bin/x-session-manager
69 | 
70 |  # kill the card autolock
71 |  card_eventmgr kill pidfile=$HOME/.card_eventmgr.pid
72 | .SH BUGS
73 | Some applications like 
74 | .B xscreensaver\-command
75 | may fail due
76 | to external events (eg: try to unlock an unlocked session).
77 | In this case, the command incorrectly returns error code.
78 | .SH AUTHORS
79 | Juan Antonio Martinez <jonsito@teleline.es>
80 | .br
81 | Ludovic Rousseau <ludovic.rousseau@free.fr>
82 | .SH "SEE ALSO"
83 | .BR pam_pkcs11 (8),
84 | .BR pkcs11_eventmgr (1),
85 | README.eventmgr, PAM\-PKCS11 User Manual
86 | 


--------------------------------------------------------------------------------
/doc/export-wiki.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | set -e
 4 | 
 5 | test -z "$XSLTPROC" && XSLTPROC="xsltproc"
 6 | test -z "$WGET" && WGET="wget"
 7 | test -z "$WGET_OPTS" && WGET_OPTS="$WGET_OPTS"
 8 | test -z "$SED" && SED="sed"
 9 | test -z "$TR" && TR="tr"
10 | 
11 | test -z "$SERVER" && SERVER="http://www.opensc-project.org"
12 | test -z "$PROJECT" && PROJECT="pam_pkcs11"
13 | 
14 | SRCDIR=.
15 | OUTDIR=wiki
16 | test -n "$1" && SRCDIR="$1"
17 | test -n "$2" &&	OUTDIR="$2"
18 | 
19 | WIKI="$PROJECT/wiki"
20 | XSL="$SRCDIR/export-wiki.xsl"
21 | 
22 | test -f "$SRCDIR"/`basename $0`
23 | 
24 | test -e "$OUTDIR" && rm -fr "$OUTDIR"
25 | 
26 | mkdir "$OUTDIR" || exit 1
27 | 
28 | $WGET $WGET_OPTS $SERVER/$WIKI/TitleIndex -O "$OUTDIR"/TitleIndex.tmp
29 | 
30 | $SED -e "s#</li>#</li>\n#g" < "$OUTDIR"/TitleIndex.tmp \
31 | 	| grep "\"/$WIKI/[^\"]*\"" \
32 |         |$SED -e "s#.*\"/$WIKI/\([^\"]*\)\".*#\1#g" \
33 | 	> "$OUTDIR"/WikiWords.tmp
34 | $SED -e /^Trac/d -e /^Wiki/d -e /^TitleIndex/d -e /^RecentChanges/d \
35 |         -e /^CamelCase/d -e /^SandBox/d -e /^InterMapTxt/d -e /^InterWiki/d \
36 |         -e /^InterTrac/d -i "$OUTDIR"/WikiWords.tmp
37 | 
38 | 
39 | for A in WikiStart `cat "$OUTDIR"/WikiWords.tmp`
40 | do
41 | 	F=`echo $A|$SED -e 's/\//_/g'`
42 | 	$WGET $WGET_OPTS $SERVER/$WIKI/$A  -O "$OUTDIR"/$F.tmp
43 | 	$XSLTPROC --nonet --output "$OUTDIR"/$F.html "$XSL" "$OUTDIR"/$F.tmp
44 | 	$SED -e "s#<a href=\"/$WIKI/\([^\"]*\)\"#<a href=\"\1.html\"#g" \
45 | 		-i "$OUTDIR"/$F.html
46 | done
47 | 
48 | mv "$OUTDIR"/WikiStart.html "$OUTDIR"/index.html
49 | 
50 | $WGET $WGET_OPTS http://www.opensc-project.org/trac/css/trac.css \
51 | 	-O "$OUTDIR"/trac.css
52 | 
53 | cat "$OUTDIR"/*.html |grep "<img src=\"/$PROJECT/attachment/wiki" \
54 | 	|$SED -e 's/.*<img src="\/'$PROJECT'\/attachment\/wiki\/\([^"]*\)?format=raw".*/\1/g' \
55 | 	|sort -u |while read A
56 | do
57 | 	B="`echo $A |$TR / _`"
58 | 	$WGET $WGET_OPTS "$SERVER/$PROJECT/attachment/wiki/$A?format=raw" -O "$OUTDIR"/$B
59 | 	for C in "${OUTDIR}"/*.html
60 | 	do
61 | 		$SED -e 's#\/'$PROJECT'\/attachment\/wiki\/'$A'?format=raw#'$B'#g' -i "$C"
62 | 	done
63 | done
64 | 
65 | for A in "${OUTDIR}"/*.html
66 | do
67 | 	$SED -e 's#href="/'$PROJECT'/wiki/\([^"]*\)"#href="\1.html"#g' \
68 | 		-i $A
69 | done
70 | 
71 | rm "$OUTDIR"/*.tmp
72 | exit 0
73 | 


--------------------------------------------------------------------------------
/doc/export-wiki.xsl:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <xsl:stylesheet version="1.0"
 3 | xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
 4 | xmlns="http://www.w3.org/1999/xhtml"
 5 | xmlns:html="http://www.w3.org/1999/xhtml">
 6 | 	<xsl:output method="html" indent="yes"/>
 7 |   
 8 |   <xsl:template match="/">
 9 |     <xsl:apply-templates />
10 |   </xsl:template>
11 |   
12 |   <xsl:template match="/html:html">
13 |       <html>
14 |         <head>
15 |           <title><xsl:value-of select="/html:html/html:head/html:title" /></title>
16 |           <style type="text/css">
17 |            @import url(trac.css);
18 |           </style>
19 |         </head>
20 |         <body>
21 |           <xsl:apply-templates select="//html:div[@class='wiki']" />
22 |           <div class="footer">
23 |             <hr />
24 |             <p><a href="index.html">Back to Index</a></p>
25 |           </div>
26 |         </body>
27 |       </html>
28 |   </xsl:template>
29 |   
30 |   <xsl:template match="/pages">
31 |       <html>
32 |         <head>
33 |           <title>Wiki Index</title>
34 |           <style type="text/css">
35 |            @import url(trac.css);
36 |           </style>
37 |         </head>
38 |         <body>
39 |           <h1>Index of Wiki Pages</h1>
40 |           <ul>
41 |           <xsl:apply-templates select="page" />
42 |           </ul>
43 |         </body>
44 |       </html>
45 |   </xsl:template>
46 |   
47 |   <xsl:template match="page">
48 |     <li><a href="{.}.html"><xsl:value-of select="." /></a></li>
49 |   </xsl:template>
50 |   
51 |   <xsl:template match="node()|@*" priority="-1">
52 |     <xsl:copy>
53 |       <xsl:apply-templates select="@*|node()"/>
54 |     </xsl:copy>
55 |   </xsl:template>
56 |  
57 | </xsl:stylesheet>
58 | 
59 | 


--------------------------------------------------------------------------------
/doc/generate-api.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | set -e
 4 | 
 5 | SRCDIR=.
 6 | 
 7 | if test -n "$1"
 8 | then
 9 | 	SRCDIR="$1"
10 | fi
11 | 
12 | test -f "$SRCDIR"/`basename $0`
13 | 
14 | if ! test -w "$SRCDIR"
15 | then
16 | 	exit 0
17 | fi
18 | 
19 | rm -rf "$SRCDIR"/api
20 | mkdir "$SRCDIR"/api
21 | cd "$SRCDIR"/..
22 | doxygen doc/doxygen.conf
23 | 
24 | 


--------------------------------------------------------------------------------
/doc/pam_pkcs11.8.in:
--------------------------------------------------------------------------------
 1 | .\" .
 2 | .TH "pam_pkcs11" "8" "15-Feb-2005" "Mario Strasser" "System Administration tools"
 3 | .SH "NAME"
 4 | pam_pkcs11 \- PAM Authentication Module for PKCS#11 token libraries
 5 | .SH "SYNOPSIS"
 6 | .B pam_pkcs11.so
 7 | .RB [ debug ]
 8 | .RB [ configfile= \fI<configfile> "" ]
 9 | .SH "DESCRIPTION"
10 | This Linux\-PAM login module allows a X.509 certificate based user
11 | login. The certificate and its dedicated private key are thereby
12 | accessed by means of an appropriate PKCS #11 module. For the
13 | verification of the users' certificates, locally stored CA
14 | certificates as well as either online or locally accessible CRLs are
15 | used.
16 | .SH "CONFIGURATION"
17 | The program that needs a PAM service should be configured in 
18 | .I /etc/pam.conf
19 | or
20 | .IR /etc/pam.d/<servicename> .
21 | .P
22 | .B pam_pkcs11
23 | can be used in the <auth> PAM chain.
24 | .P
25 | For details on how to configure PAM services, see the PAM
26 | documentation for your system. This manual does not cover PAM
27 | configuration details. The existing PAM service definitions for
28 | other applications on your system is also a good source for examples
29 | on how to configure a PAM service.
30 | .SH "FILES"
31 | \fI@confdir@/pam_pkcs11.conf\fP
32 | .br 
33 | \fI/usr/lib/pam_pkcs11/*_mapper.so\fP
34 | .SH "AUTHOR"
35 | Original PAM\-pkcs11 was written by Mario Strasser <mast@gmx.net>.
36 | Newer versions are from Juan Antonio Martinez
37 | <jonsito@teleline.es>.
38 | .SH "REPORTING BUGS"
39 | Report bugs ideas, comments, bug\-fixes and so to:
40 | .I Juan Antonio Martinez <jonsito@teleline.es>
41 | .SH "SEE ALSO"
42 | .BR pam (8),
43 | .BR pam_pkcs11.conf (5),
44 | PAM Systems Administrator Guide,
45 | .I README.mappers
46 | file, PAM\-PKCS#11 User Manual.
47 | 


--------------------------------------------------------------------------------
/doc/pam_pkcs11.css:
--------------------------------------------------------------------------------
 1 | .screen {
 2 | 	background-color: #f0f0f0;
 3 |   	cellspacing: 1;
 4 | 	cellpadding: 1;
 5 | 	margin: 1em;
 6 | 	padding: 1em;
 7 | 	border: 1px solid;
 8 | }
 9 | 
10 | .prompt, .command {
11 | 	background-color: #e0e0e0;
12 | }
13 | 
14 | .token, .option {
15 | 	font-family: monospace;
16 | 	background-color: #ffe0e0;
17 | }
18 | 
19 | .filename, .application {
20 | 	font-family: monospace;
21 | 	background-color: #ffffe0;
22 | }
23 | 
24 | .code {
25 | 	background-color: #e0ffe0;
26 | }
27 | 
28 | a:hover {
29 | 	background:#ff0;
30 | }
31 | 


--------------------------------------------------------------------------------
/doc/pam_pkcs11.xsl:
--------------------------------------------------------------------------------
 1 | <?xml version='1.0'?>
 2 | <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
 3 | 	<xsl:import href="http://docbook.sourceforge.net/release/xsl/current/xhtml/docbook.xsl"/>
 4 | 
 5 | 	<xsl:param name="html.stylesheet" select="'pam_pkcs11.css'"/>
 6 | 	<xsl:param name="html.cleanup" select="1" />
 7 | 	<xsl:param name="generate.section.toc.level" select="0" />
 8 | 
 9 | </xsl:stylesheet>
10 | 


--------------------------------------------------------------------------------
/doc/pkcs11_eventmgr.1:
--------------------------------------------------------------------------------
 1 | .TH "pkcs11_eventmgr" "1" "0.4.4" "Juan Antonio Martinez" "PAM-pkcs11 tools"
 2 | .SH "NAME"
 3 | .LP 
 4 | pkcs11_eventmgr \- SmartCard PKCS#11 Event Manager
 5 | .SH "SYNTAX"
 6 | .LP 
 7 | pkcs11_eventmgr [\fI[no]debug\fP] [\fI[no]daemon\fP] [\fIpolling_time=<secs>\fP ] [\fIexpire_time=<secs>\fP] [\fIpkcs11_module=<module>\fP ] [\fIconfig_file=<filename>\fP]
 8 | .SH "DESCRIPTION"
 9 | .LP 
10 | card_eventmgr is a SmartCard Monitoring that listen to the status of the card reader and dispatch actions on several events. card_eventmgr can be used to several actions, like lock screen on card removal
11 | .br 
12 | Three events are supported: card insert, card removal and timeout on removed card. Actions to take are specified in the configuration file
13 | .SH "OPTIONS"
14 | .LP 
15 | .TP 
16 | \fB[no]debug\fR 
17 | Enable debugging output. Default is no debug
18 | .TP 
19 | \fB[no]daemon\fR
20 | Runs in background. If debug is unset, detach also from tty. Default: no daemon
21 | .TP 
22 | \fBpolling_time=<secs>\fR
23 | Set polling timeout in secs. Defaults to 1 sec
24 | .TP 
25 | \fBexpire_time=<secs>\fR
26 | Set timeout on card removed. Defaults to 0 (never)
27 | .TP 
28 | \fBconfig_file=<configuration file>\fR
29 | Sets de configuration file. Defaults to /etc/pam_pkcs11/card_eventmgr.conf
30 | .TP 
31 | \fBpkcs11_module=<pkcs11.so library>\fR
32 | Sets the pkcs#11 library module to use. Defaults to /usr/lib/pkcs11/opensc\-pkcs11.so
33 | .SH "FILES"
34 | .LP 
35 | \fI/etc/pam_pkcs11/card_eventmgr.conf\fP 
36 | .LP 
37 | \fI/usr/lib/pkcs11/opensc\-pkcs11.so\fP 
38 | .SH "EXAMPLES"
39 | .LP 
40 | To run this program the standard way type:
41 | .LP 
42 | pkcs11_eventmgr
43 | .LP 
44 | Alternatively you can specify options:
45 | .LP 
46 | pkcs11_eventmgr nodebug nodaemon polling_time=5 config_file=${HOME}/.pkcs11_eventmgr.conf
47 | .SH "BUGS"
48 | .br 
49 | Some PKCS#11 Libraries fails on card removal and re\-insert.
50 | to avoid this, pkcs11_eventmgr try to re\-initialize stuff
51 | by calling C_Finalize() and C_Initialize() on card removal
52 | .br 
53 | Some apps like [\fIxscreensaver\-command\fP] may fail due
54 | to external events ( eg: try to unlock an unlocked session ).
55 | In this case, command incorrectly returns error code.
56 | .br 
57 | User should take care on this circumstance
58 | .SH "AUTHORS"
59 | .LP 
60 | Juan Antonio Martinez <jonsito@teleline.es>
61 | .SH "SEE ALSO"
62 | .LP 
63 | pam_pkcs11(8), card_eventmgr(5)
64 | .br 
65 | README.eventmgr
66 | .br 
67 | PAM\-PKCS11 User Manual
68 | 


--------------------------------------------------------------------------------
/doc/pkcs11_inspect.1:
--------------------------------------------------------------------------------
 1 | .TH pkcs11_inspect 1 "Aug 2005" "Juan Antonio Martinez" "PAM PKCS#11"
 2 | .SH NAME
 3 | pkcs11_inspect \- print certificate contents
 4 | .SH SYNOPSIS
 5 | .B pkcs11_inspect
 6 | .RB [ debug ]
 7 | .RB [ config_file=\fI<filename>\fP ]
 8 | .SH DESCRIPTION
 9 | .B pkcs11_inspect
10 | uses the pam_pkcs11 library infrastructure to get
11 | the content of a certificate and display it.
12 | .P
13 | .B pkcs11_inspect
14 | uses the same configuration file and arguments than
15 | .BR pam_pkcs11 (8)
16 | PAM module. It loads defined mapper modules, and use
17 | them to look into the certificate for required entries (ie: ms_mapper
18 | looks for ms UPN entries, and so on).
19 | .P
20 | When a mapper module finds a proper entry in the certificate, it converts
21 | to UTF\-8 and print it to stdout.
22 | .SH OPTIONS
23 | .TP 
24 | .B debug
25 | Enable debugging output.
26 | .TP 
27 | .B config_file=\fI<filename>\fP
28 | Sets the configuration file to use. Default value is
29 | .IR /etc/pam_pkcs11/pam_pkcs11.conf .
30 | .P
31 | As it uses the same configuration file as pam_pkcs11, all pam_pkcs11
32 | options are also available. Note that some of them have no sense in a
33 | non\-PAM environment, so they will be ignored. Some mapper options
34 | (mapfile, ignorecase) have no effect on certificate contents, so they
35 | will be ignored too.
36 | .SH "RETURN VALUE"
37 | On success
38 | .B pkcs11_inspect
39 | prints on stdout all certificate contents
40 | that are found for mappers and returns 0.
41 | .P
42 | On error it returns 1.
43 | .SH FILES
44 | .LP 
45 | \fI/etc/pam_pkcs11/pam_pkcs11.conf\fP 
46 | .SH EXAMPLES
47 | To run this program the standard way, insert a smart card in the reader
48 | and type:
49 | .P
50 |  pkcs11_inspect
51 | .P 
52 | Alternatively you can specify options:
53 | .P 
54 |  pkcs11_inspect debug config_file=${HOME}/.pam_pkcs11.conf
55 | .SH AUTHORS
56 | .LP 
57 | Juan Antonio Martinez <jonsito@teleline.es>
58 | .SH "SEE ALSO"
59 | \fBpam_pkcs11\fP(8), \fBpklogin_finder\fP(1)
60 | .br 
61 | PAM\-PKCS11 User Manual
62 | 


--------------------------------------------------------------------------------
/doc/pkcs11_listcerts.1:
--------------------------------------------------------------------------------
 1 | .TH "pkcs11_listcerts" "1"
 2 | .SH "NAME"
 3 | .LP 
 4 | pkcs11_listcerts \- SmartCard PKCS#11 certificates listing
 5 | .SH "SYNTAX"
 6 | .LP 
 7 | pkcs11_listcerts [\fIdebug\fP]
 8 | .SH "DESCRIPTION"
 9 | .LP 
10 | pkcs11_listcerts display all the certificates.
11 | .SH "OPTIONS"
12 | .LP 
13 | .TP 
14 | \fBdebug\fR 
15 | Enable debugging output.
16 | .SH "AUTHORS"
17 | .LP 
18 | Juan Antonio Martinez <jonsito@teleline.es>
19 | .SH "SEE ALSO"
20 | .LP 
21 | pam_pkcs11(8)
22 | .br 
23 | PAM\-PKCS11 User Manual
24 | 


--------------------------------------------------------------------------------
/doc/pkcs11_make_hash_link.1:
--------------------------------------------------------------------------------
 1 | .TH "pkcs11_make_hash_link" "1"
 2 | .SH "NAME"
 3 | .LP 
 4 | pkcs11_make_hash_link \- SmartCard PKCS#11 create a CA certificate link
 5 | .SH "SYNTAX"
 6 | .LP 
 7 | pkcs11_make_hash_link
 8 | .SH "DESCRIPTION"
 9 | .LP 
10 | pkcs11_make_hash_link creates a symbolic hash-link for each CA certificate
11 | and each CRL in the given directory.
12 | .SH "EXAMPLE"
13 | .nf
14 | $ cd /etc/pam_pkcs11/cacerts
15 | $ ls \-l
16 | total 4
17 | \-rw\-r\-\-r\-\- 1 root root 985 avr  4  2007 testCA\-cacert.der
18 | $ sudo pkcs11_make_hash_link
19 | $ ls \-l
20 | total 4
21 | lrwxrwxrwx 1 root root  17 déc 17 11:27 d0e0e6f3.0 \-> testCA\-cacert.der
22 | \-rw\-r\-\-r\-\- 1 root root 985 avr  4  2007 testCA\-cacert.der
23 | .fi
24 | .SH "AUTHORS"
25 | .LP 
26 | Juan Antonio Martinez <jonsito@teleline.es>
27 | .SH "SEE ALSO"
28 | .LP 
29 | pam_pkcs11(8)
30 | .br 
31 | PAM\-PKCS11 User Manual
32 | 
33 | 


--------------------------------------------------------------------------------
/doc/pkcs11_setup.1:
--------------------------------------------------------------------------------
 1 | .TH "pkcs11_setup" "1"
 2 | .SH "NAME"
 3 | .LP 
 4 | pkcs11_setup \- SmartCard PKCS#11 setup
 5 | .SH "SYNTAX"
 6 | .LP 
 7 | pkcs11_setup
 8 | .RB [ list_modules ]
 9 | .RB [ debug ]
10 | .RB [ use_module [\fI=<module_name>\fP]]
11 | .RB [ ins_action [\fI=<executable,executable,...>\fP]]
12 | .RB [ rm_action [\fI=<executable,executable,...>\fP]]
13 | .SH "DESCRIPTION"
14 | .LP 
15 | pkcs11_setup display all the certificates.
16 | .SH "OPTIONS"
17 | .LP 
18 | .TP 
19 | .B debug 
20 | Enable debugging output.
21 | .TP
22 | .B list_modules
23 | List the modules available and configured in
24 | \fI/etc/pam_pkcs11/pam_pkcs11.conf\fP.
25 | .TP
26 | .B use_module
27 | Display the module used by pam_pkcs11.
28 | .SH "AUTHORS"
29 | .LP 
30 | Juan Antonio Martinez <jonsito@teleline.es>
31 | .SH "SEE ALSO"
32 | .LP 
33 | pam_pkcs11(8)
34 | .br 
35 | PAM\-PKCS11 User Manual
36 | 


--------------------------------------------------------------------------------
/doc/pklogin_finder.1:
--------------------------------------------------------------------------------
 1 | .TH pklogin_finder 1 "Aug 2005" "Juan Antonio Martinez" PAM-PKCS#11
 2 | .SH NAME
 3 | pklogin_finder \- maps certificates into a user
 4 | .SH SYNTAX
 5 | .B pklogin_finder
 6 | .RB [ debug ]
 7 | .RB [ config_file=\fI<filename>\fP ]
 8 | .SH DESCRIPTION
 9 | .B pklogin_finder
10 | uses the pam_pkcs11 library infrastructure to
11 | interactively map a PKCS#11 provided certificate to a user.
12 | .P
13 | .B pklogin_finder
14 | uses the the same configuration file and arguments than
15 | .BR pam_pkcs11 (8)
16 | PAM module. Load defined mapper modules, and try to
17 | find a map between found certificates and a user login.
18 | .SH OPTIONS
19 | .LP 
20 | .TP 
21 | .B debug 
22 | Enable debugging output. Default is no debug.
23 | .TP 
24 | .BI config_file= "<configuration file>"
25 | Sets the configuration file to use. Default value is
26 | .IR /etc/pam_pkcs11/pam_pkcs11.conf .
27 | .P 
28 | As it uses the same configuration file than pam_pkcs11, all pam_pkcs11
29 | options are also available. Note that some of them has no sense in a
30 | non\-PAM environment, so they will be ignored.
31 | .SH "RETURN VALUE"
32 | On success
33 | .B pklogin_finder
34 | prints on stdout the login name and exits returns 0.
35 | .P
36 | On user mapping error it returns 1.
37 | .P
38 | On no user match it prints nothing and returns 2.
39 | .SH FILES
40 | .I /etc/pam_pkcs11/pam_pkcs11.conf
41 | .SH EXAMPLES
42 | To run this program the standard way, insert a smart card into the
43 | reader and type:
44 |  pklogin_finder 
45 | .P
46 | Alternatively you can specify options:
47 |  pklogin_finder debug config_file=${HOME}/.pam_pkcs11.conf
48 | .SH AUTHORS
49 | .LP 
50 | Juan Antonio Martinez <jonsito@teleline.es>
51 | .SH "SEE ALSO"
52 | .BR pam_pkcs11 (8),
53 | .BR pkcs11_inspect (1),
54 | PAM\-PKCS11 User Manual
55 | 


--------------------------------------------------------------------------------
/etc/Makefile.am:
--------------------------------------------------------------------------------
 1 | # Process this file with automake to create Makefile.in
 2 | 
 3 | MAINTAINERCLEANFILES = Makefile.in
 4 | 
 5 | TO_INSTALL = \
 6 | 	subject_mapping.example \
 7 | 	mail_mapping.example \
 8 | 	digest_mapping.example \
 9 | 	pkcs11_eventmgr.conf.example \
10 | 	card_eventmgr.conf.example
11 | 
12 | EXTRA_DIST = $(TO_INSTALL) \
13 | 	pam.d_ignore_no_card.example \
14 | 	pam.d_login.example.in \
15 | 	pam_pkcs11.conf.example.in \
16 | 	pkcs11-eventmgr.service
17 | 
18 | doc_DATA = $(TO_INSTALL) \
19 | 	pam_pkcs11.conf.example \
20 | 	pam.d_login.example
21 | 
22 | unitdir = $(prefix)/lib/systemd/system
23 | unit_DATA = pkcs11-eventmgr.service
24 | 


--------------------------------------------------------------------------------
/etc/card_eventmgr.conf.example:
--------------------------------------------------------------------------------
 1 | card_eventmgr {
 2 | 
 3 | 	# Run in background? Implies debug=false if set to true
 4 | 	daemon = true;
 5 | 
 6 | 	# show debug messages?
 7 | 	debug = false;
 8 | 	
 9 | 	# polling time in milliseconds
10 | 	timeout = 1000;
11 | 	
12 | 	#
13 | 	# list of events and actions
14 | 
15 | 	# Card inserted
16 | 	event card_insert {
17 | 		# what to do if an action fail?
18 | 		# ignore  : continue to next action
19 | 		# return  : end action sequence
20 | 		# quit    : end program
21 | 		on_error = ignore ;
22 | 
23 | 		# You can enter several, comma-separated action entries
24 | 		# they will be executed in turn
25 | 		action = "play /usr/share/sounds/warning.wav",
26 | 			"xscreensaver-command -deactivate";
27 | 	}
28 | 
29 | 	# Card has been removed
30 | 	event card_remove { 
31 | 		on_error = ignore;
32 | 		action = "play /usr/share/sounds/error.wav",
33 | 			"xscreensaver-command -lock";
34 | 	}
35 | 
36 | 	# Too much time locked session
37 | 	event timeout { 
38 | 	}
39 | }
40 | 


--------------------------------------------------------------------------------
/etc/digest_mapping.example:
--------------------------------------------------------------------------------
1 | # Mapping for certificate sha1 digest
2 | # Format: Cert SHA1 digest (hexdot) -> login
3 | #
4 | #90:17:64:09:4C:42:D6:9C:91:52:7F:1C:86:00:23:DC:BB:5D:27:50 -> jantonio
5 | 


--------------------------------------------------------------------------------
/etc/mail_mapping.example:
--------------------------------------------------------------------------------
1 | # mapping file for Certificate E-email
2 | # format: email -> login
3 | #
4 | #jantonio@dit.upm.es -> jantonio
5 | #juan_a_mtnez@yahoo.es -> jantonio
6 | #jonsito@terra.es -> jantonio
7 | #pjpg@dit.upm.es -> pjpg
8 | 


--------------------------------------------------------------------------------
/etc/pam.d_ignore_no_card.example:
--------------------------------------------------------------------------------
 1 | #%PAM-1.0
 2 | auth		[success=done ignore=ignore default=die]	pam_pkcs11.so
 3 | auth		requisite	pam_succeed_if.so user ingroup wheel
 4 | auth		include		system-auth-local
 5 | 
 6 | account		include		system-auth-local
 7 | 
 8 | password	[success=done ignore=ignore default=die]	pam_pkcs11.so
 9 | password	requisite	pam_succeed_if.so user ingroup wheel
10 | password	include		system-auth-local
11 | 
12 | session		include		system-auth-local
13 | session		required	pam_mkhomedir.so silent
14 | 


--------------------------------------------------------------------------------
/etc/pam.d_login.example.in:
--------------------------------------------------------------------------------
 1 | #%PAM-1.0
 2 | auth       required	pam_securetty.so
 3 | auth       sufficient    pam_pkcs11.so nullok try_first_pass \
 4 |   pkcs11_module=@libdir@/pkcs11/opensc-pkcs11.so \
 5 |   ca_dir=/etc/pam_pkcs11 crl_dir=/etc/pam_pkcs11 cert_policy=none
 6 | auth       required	pam_nologin.so
 7 | account    required	pam_stack.so service=system-auth
 8 | password   required	pam_stack.so service=system-auth
 9 | session    required	pam_stack.so service=system-auth
10 | session    optional	pam_console.so
11 | 


--------------------------------------------------------------------------------
/etc/pkcs11-eventmgr.service:
--------------------------------------------------------------------------------
 1 | [Unit]
 2 | Description=PKCS11 event manager service
 3 | 
 4 | [Service]
 5 | Type=simple
 6 | ExecStart=/usr/bin/pkcs11_eventmgr nodaemon
 7 | 
 8 | [Install]
 9 | WantedBy=multi-user.target
10 | 


--------------------------------------------------------------------------------
/etc/pkcs11_eventmgr.conf.example:
--------------------------------------------------------------------------------
 1 | # Sample pkcs11_eventmgr configuration file
 2 | #
 3 | pkcs11_eventmgr {
 4 | 
 5 | 	# Run in background? Implies debug=false if true
 6 | 	daemon = true;
 7 | 
 8 | 	# show debug messages?
 9 | 	debug = false;
10 | 	
11 | 	# polling time in seconds
12 | 	polling_time = 1;
13 | 
14 | 	# expire time in seconds
15 | 	# default = 0 ( no expire )
16 | 	expire_time = 0;
17 | 	
18 | 	# pkcs11 module to use
19 | 	pkcs11_module = /usr/lib/opensc-pkcs11.so;
20 | 
21 | 	#
22 | 	# list of events and actions
23 | 
24 | 	# Card inserted
25 | 	event card_insert {
26 | 		# what to do if an action fail?
27 | 		# ignore  : continue to next action
28 | 		# return  : end action sequence
29 | 		# quit    : end program
30 | 		on_error = ignore ;
31 | 
32 | 		# You can enter several, comma-separated action entries
33 | 		# they will be executed in turn
34 | 		action = "play /usr/share/sounds/warning.wav",
35 | 			"xscreensaver-command -deactivate";
36 | 	}
37 | 
38 | 	# Card has been removed
39 | 	event card_remove { 
40 | 		on_error = ignore;
41 | 		action = "play /usr/share/sounds/error.wav",
42 | 			"xscreensaver-command -lock";
43 | 	}
44 | 
45 | 	# Too much time card removed
46 | 	event expire_time { 
47 | 		on_error = ignore;
48 | 		action = "/bin/false";
49 | 	}
50 | }
51 | 


--------------------------------------------------------------------------------
/etc/subject_mapping.example:
--------------------------------------------------------------------------------
1 | # Mapping file for Certificate Subject
2 | # format: Certificate Subject -> login
3 | #
4 | #/C=ES/O=FNMT/OU=FNMT Clase 2 CA/OU=500051483/CN=NOMBRE MARTINEZ CASTA\xF1O JUAN ANTONIO - NIF 50431138G -> jantonio
5 | 


--------------------------------------------------------------------------------
/po/Makevars:
--------------------------------------------------------------------------------
 1 | # Makefile variables for PO directory in any package using GNU gettext.
 2 | 
 3 | # Usually the message domain is the same as the package name.
 4 | DOMAIN = $(PACKAGE)
 5 | 
 6 | # These two variables depend on the location of this directory.
 7 | subdir = po
 8 | top_builddir = ..
 9 | 
10 | # These options get passed to xgettext.
11 | XGETTEXT_OPTIONS = --keyword=_ --keyword=N_
12 | 
13 | # This is the copyright holder that gets inserted into the header of the
14 | # $(DOMAIN).pot file.  Set this to the copyright holder of the surrounding
15 | # package.  (Note that the msgstr strings, extracted from the package's
16 | # sources, belong to the copyright holder of the package.)  Translators are
17 | # expected to transfer the copyright for their translations to this person
18 | # or entity, or to disclaim their copyright.  The empty string stands for
19 | # the public domain; in this case the translators are expected to disclaim
20 | # their copyright.
21 | COPYRIGHT_HOLDER = 
22 | 
23 | # This is the email address or URL to which the translators shall report
24 | # bugs in the untranslated strings:
25 | # - Strings which are not entire sentences, see the maintainer guidelines
26 | #   in the GNU gettext documentation, section 'Preparing Strings'.
27 | # - Strings which use unclear terms or require additional context to be
28 | #   understood.
29 | # - Strings which make invalid assumptions about notation of date, time or
30 | #   money.
31 | # - Pluralisation problems.
32 | # - Incorrect English spelling.
33 | # - Incorrect formatting.
34 | # It can be your email address, or a mailing list address where translators
35 | # can write to without being subscribed, or the URL of a web page through
36 | # which the translators can contact you.
37 | MSGID_BUGS_ADDRESS =
38 | 
39 | # This is the list of locale categories, beyond LC_MESSAGES, for which the
40 | # message catalogs shall be used.  It is usually empty.
41 | EXTRA_LOCALE_CATEGORIES =
42 | 


--------------------------------------------------------------------------------
/po/POTFILES.in:
--------------------------------------------------------------------------------
1 | # List of source files which contain translatable strings.
2 | src/pam_pkcs11/pam_pkcs11.c
3 | src/pam_pkcs11/pam_config.c
4 | 


--------------------------------------------------------------------------------
/po/fr.po:
--------------------------------------------------------------------------------
  1 | # SOME DESCRIPTIVE TITLE.
  2 | # This file is put in the public domain.
  3 | # Ludovic Rousseau <ludovic.rousseau@free.fr>, 2007.
  4 | #
  5 | msgid ""
  6 | msgstr ""
  7 | "Project-Id-Version: pam_pkcs11 0.5.4\n"
  8 | "Report-Msgid-Bugs-To: \n"
  9 | "POT-Creation-Date: 2022-12-01 15:13+0800\n"
 10 | "PO-Revision-Date: 2007-05-22 10:27+0200\n"
 11 | "Last-Translator: Ludovic Rousseau <ludovic.rousseau@free.fr>\n"
 12 | "Language-Team: French <fr@li.org>\n"
 13 | "Language: fr\n"
 14 | "MIME-Version: 1.0\n"
 15 | "Content-Type: text/plain; charset=UTF-8\n"
 16 | "Content-Transfer-Encoding: 8bit\n"
 17 | 
 18 | #: src/pam_pkcs11/pam_pkcs11.c:340
 19 | msgid "Error 2302: PKCS#11 module failed loading."
 20 | msgstr ""
 21 | 
 22 | #: src/pam_pkcs11/pam_pkcs11.c:354
 23 | msgid "Error 2304: PKCS#11 module could not be initialized."
 24 | msgstr ""
 25 | 
 26 | #: src/pam_pkcs11/pam_pkcs11.c:385
 27 | #, c-format
 28 | msgid "Please insert your smart card called \"%.32s\"."
 29 | msgstr "Veuillez insérer la carte à puce appelée \"%.32s\"."
 30 | 
 31 | #: src/pam_pkcs11/pam_pkcs11.c:389
 32 | msgid "Please insert your smart card."
 33 | msgstr "Veuillez insérer votre carte à puce."
 34 | 
 35 | #: src/pam_pkcs11/pam_pkcs11.c:408
 36 | msgid "Error 2308: No smart card found."
 37 | msgstr ""
 38 | 
 39 | #: src/pam_pkcs11/pam_pkcs11.c:413
 40 | #, fuzzy
 41 | msgid "No smart card found."
 42 | msgstr "Carte à puce"
 43 | 
 44 | #: src/pam_pkcs11/pam_pkcs11.c:420
 45 | #, c-format
 46 | msgid "%s found."
 47 | msgstr "%s trouvé(e)."
 48 | 
 49 | #: src/pam_pkcs11/pam_pkcs11.c:428
 50 | msgid "Error 2312: Open PKCS#11 session failed."
 51 | msgstr ""
 52 | 
 53 | #: src/pam_pkcs11/pam_pkcs11.c:440
 54 | msgid "Error 2314: Slot login failed."
 55 | msgstr ""
 56 | 
 57 | #: src/pam_pkcs11/pam_pkcs11.c:447
 58 | #, c-format
 59 | msgid "Welcome %.32s!"
 60 | msgstr "Bienvenue %.32s !"
 61 | 
 62 | #: src/pam_pkcs11/pam_pkcs11.c:455
 63 | #, c-format
 64 | msgid "%s PIN: "
 65 | msgstr "PIN du/de la %s : "
 66 | 
 67 | #: src/pam_pkcs11/pam_pkcs11.c:466
 68 | msgid "Error 2316: Password could not be read."
 69 | msgstr ""
 70 | 
 71 | #: src/pam_pkcs11/pam_pkcs11.c:482
 72 | msgid "Error 2318: Empty smart card PIN not allowed."
 73 | msgstr ""
 74 | 
 75 | #: src/pam_pkcs11/pam_pkcs11.c:492
 76 | #, fuzzy, c-format
 77 | msgid "Enter your %s PIN on the pinpad."
 78 | msgstr "Entrez le PIN %s sur le pinpad"
 79 | 
 80 | #: src/pam_pkcs11/pam_pkcs11.c:506
 81 | msgid "Error 2320: Wrong smart card PIN."
 82 | msgstr ""
 83 | 
 84 | #: src/pam_pkcs11/pam_pkcs11.c:519
 85 | msgid "Error 2322: No certificate found."
 86 | msgstr ""
 87 | 
 88 | #: src/pam_pkcs11/pam_pkcs11.c:534
 89 | msgid "Verifying certificate..."
 90 | msgstr ""
 91 | 
 92 | #: src/pam_pkcs11/pam_pkcs11.c:547
 93 | msgid "Error 2324: Certificate has expired."
 94 | msgstr ""
 95 | 
 96 | #: src/pam_pkcs11/pam_pkcs11.c:551
 97 | msgid "Error 2326: Certificate not yet valid."
 98 | msgstr ""
 99 | 
100 | #: src/pam_pkcs11/pam_pkcs11.c:555
101 | msgid "Error 2328: Certificate signature invalid."
102 | msgstr ""
103 | 
104 | #: src/pam_pkcs11/pam_pkcs11.c:559
105 | msgid "Error 2330: Certificate invalid."
106 | msgstr ""
107 | 
108 | #: src/pam_pkcs11/pam_pkcs11.c:594
109 | msgid "Error 2332: Setting PAM user entry failed."
110 | msgstr ""
111 | 
112 | #: src/pam_pkcs11/pam_pkcs11.c:610
113 | msgid "Error 2334: No matching user."
114 | msgstr ""
115 | 
116 | #: src/pam_pkcs11/pam_pkcs11.c:631
117 | msgid "Error 2336: No matching certificate found."
118 | msgstr ""
119 | 
120 | #: src/pam_pkcs11/pam_pkcs11.c:640
121 | msgid "Checking signature..."
122 | msgstr ""
123 | 
124 | #: src/pam_pkcs11/pam_pkcs11.c:660
125 | msgid "Error 2338: Getting random value failed."
126 | msgstr ""
127 | 
128 | #: src/pam_pkcs11/pam_pkcs11.c:674
129 | msgid "Error 2340: Signing failed."
130 | msgstr ""
131 | 
132 | #: src/pam_pkcs11/pam_pkcs11.c:691
133 | msgid "Error 2342: Verifying signature failed."
134 | msgstr ""
135 | 
136 | #: src/pam_pkcs11/pam_pkcs11.c:808
137 | msgid "Smart card authentication cancelled."
138 | msgstr ""
139 | 
140 | #: src/pam_pkcs11/pam_pkcs11.c:854
141 | msgid "Cannot change the password on your smart card."
142 | msgstr "Ne peut pas changer le mot de passe de la carte à puce."
143 | 
144 | #: src/pam_pkcs11/pam_config.c:65
145 | msgid "Smart card"
146 | msgstr "Carte à puce"
147 | 
148 | #, c-format
149 | #~ msgid "Please insert your %s or enter your username."
150 | #~ msgstr "Veuillez insérer votre %s ou entrer votre login."
151 | 
152 | #~ msgid "Found the %s."
153 | #~ msgstr "%s trouvé(e)."
154 | 
155 | #~ msgid "Smart card password: "
156 | #~ msgstr "Mot de passe de la carte à puce : "
157 | 


--------------------------------------------------------------------------------
/po/ka.po:
--------------------------------------------------------------------------------
  1 | # Georgian translation for pam_pkcs11
  2 | # Copyright (C) 2025 pam_pkcs11's authors.
  3 | # This file is distributed under the same license as the pam_pkcs11 package.
  4 | # Ekaterine Papava <papava.e@gtu.ge>, 2025.
  5 | #
  6 | msgid ""
  7 | msgstr ""
  8 | "Project-Id-Version: pam_pkcs11 0.6.12\n"
  9 | "Report-Msgid-Bugs-To: \n"
 10 | "POT-Creation-Date: 2022-12-01 15:13+0800\n"
 11 | "PO-Revision-Date: 2025-02-26 14:09+0100\n"
 12 | "Last-Translator: Ekaterine Papava <papava.e@gtu.ge>\n"
 13 | "Language-Team: Georgian <(nothing)>\n"
 14 | "Language: ka\n"
 15 | "MIME-Version: 1.0\n"
 16 | "Content-Type: text/plain; charset=UTF-8\n"
 17 | "Content-Transfer-Encoding: 8bit\n"
 18 | "X-Generator: Poedit 3.5\n"
 19 | 
 20 | #: src/pam_pkcs11/pam_pkcs11.c:340
 21 | msgid "Error 2302: PKCS#11 module failed loading."
 22 | msgstr "შეცდომა 2302: PKCS#11 მოდულის ჩატვირთვა ჩავარდა."
 23 | 
 24 | #: src/pam_pkcs11/pam_pkcs11.c:354
 25 | msgid "Error 2304: PKCS#11 module could not be initialized."
 26 | msgstr "შეცდომა 2304: PKCS#11 მოდულის ინიციალიზაცია შეუძლებელია."
 27 | 
 28 | #: src/pam_pkcs11/pam_pkcs11.c:385
 29 | #, c-format
 30 | msgid "Please insert your smart card called \"%.32s\"."
 31 | msgstr "ჩადეთ თქვენი სმარტ ბარათი სახელად \"%.32s\"."
 32 | 
 33 | #: src/pam_pkcs11/pam_pkcs11.c:389
 34 | msgid "Please insert your smart card."
 35 | msgstr "ჩადეთ თქვენი სმართ ბარათი."
 36 | 
 37 | #: src/pam_pkcs11/pam_pkcs11.c:408
 38 | msgid "Error 2308: No smart card found."
 39 | msgstr "შეცდომა 2308: სმარტ ბარათი აღმოჩენილი არაა."
 40 | 
 41 | #: src/pam_pkcs11/pam_pkcs11.c:413
 42 | msgid "No smart card found."
 43 | msgstr "სმარტ ბარათები აღმოჩენილი არაა."
 44 | 
 45 | #: src/pam_pkcs11/pam_pkcs11.c:420
 46 | #, c-format
 47 | msgid "%s found."
 48 | msgstr "%s აღმოჩენილია."
 49 | 
 50 | #: src/pam_pkcs11/pam_pkcs11.c:428
 51 | msgid "Error 2312: Open PKCS#11 session failed."
 52 | msgstr "შეცდომა 2312: PKCS#11 სესიის გახსნა ჩავარდა."
 53 | 
 54 | #: src/pam_pkcs11/pam_pkcs11.c:440
 55 | msgid "Error 2314: Slot login failed."
 56 | msgstr "შეცდომა 2314: სლოტის შესვლა ჩავარდა."
 57 | 
 58 | #: src/pam_pkcs11/pam_pkcs11.c:447
 59 | #, c-format
 60 | msgid "Welcome %.32s!"
 61 | msgstr "მოგესალმებით %.32s!"
 62 | 
 63 | #: src/pam_pkcs11/pam_pkcs11.c:455
 64 | #, c-format
 65 | msgid "%s PIN: "
 66 | msgstr "%s-ის PIN-კოდი: "
 67 | 
 68 | #: src/pam_pkcs11/pam_pkcs11.c:466
 69 | msgid "Error 2316: Password could not be read."
 70 | msgstr "პაროლი 2316: პაროლის წაკითხვა შეუძლებელია."
 71 | 
 72 | #: src/pam_pkcs11/pam_pkcs11.c:482
 73 | msgid "Error 2318: Empty smart card PIN not allowed."
 74 | msgstr "შეცდომა 2318: სმარტ ბარათის ცარიელი PIN-კოდი დაშვებული არაა."
 75 | 
 76 | #: src/pam_pkcs11/pam_pkcs11.c:492
 77 | #, c-format
 78 | msgid "Enter your %s PIN on the pinpad."
 79 | msgstr "შეიყვანეთ თქვენი %s-ის PIN-კოდი pinpad-ზე."
 80 | 
 81 | #: src/pam_pkcs11/pam_pkcs11.c:506
 82 | msgid "Error 2320: Wrong smart card PIN."
 83 | msgstr "შეცდომა 2320: არასწორი სმარტ ბარათის PIN-კოდი."
 84 | 
 85 | #: src/pam_pkcs11/pam_pkcs11.c:519
 86 | msgid "Error 2322: No certificate found."
 87 | msgstr "შეცდომა 2322: სერტიფიკატი აღმოჩენილი არაა."
 88 | 
 89 | #: src/pam_pkcs11/pam_pkcs11.c:534
 90 | msgid "Verifying certificate..."
 91 | msgstr "სერტიფიკატის გადამოწმება..."
 92 | 
 93 | #: src/pam_pkcs11/pam_pkcs11.c:547
 94 | msgid "Error 2324: Certificate has expired."
 95 | msgstr "შეცდომა 2324: სერტიფიკატის ვადა ამოიწურა."
 96 | 
 97 | #: src/pam_pkcs11/pam_pkcs11.c:551
 98 | msgid "Error 2326: Certificate not yet valid."
 99 | msgstr "შეცდომა 2326: სერტიფიკატი ჯერ ვარგისი არაა."
100 | 
101 | #: src/pam_pkcs11/pam_pkcs11.c:555
102 | msgid "Error 2328: Certificate signature invalid."
103 | msgstr "შეცდომა 2328: სერტიფიკატის ხელმოწერა არასწორია."
104 | 
105 | #: src/pam_pkcs11/pam_pkcs11.c:559
106 | msgid "Error 2330: Certificate invalid."
107 | msgstr "შეცდომა 2330: სერტიფიკატი არასწორია."
108 | 
109 | #: src/pam_pkcs11/pam_pkcs11.c:594
110 | msgid "Error 2332: Setting PAM user entry failed."
111 | msgstr "შეცდომა 2332: PAM-ის მომხმარებლის ჩანაწერის დაყენება ჩავარდა."
112 | 
113 | #: src/pam_pkcs11/pam_pkcs11.c:610
114 | msgid "Error 2334: No matching user."
115 | msgstr "შეცდომა 2334: შესაბამისი მომხმარებლის გარეშე."
116 | 
117 | #: src/pam_pkcs11/pam_pkcs11.c:631
118 | msgid "Error 2336: No matching certificate found."
119 | msgstr "შეცდომა 2336: შესაბამისი სერტიფიკატი აღმოჩენილი არაა."
120 | 
121 | #: src/pam_pkcs11/pam_pkcs11.c:640
122 | msgid "Checking signature..."
123 | msgstr "მიმდინარეობს ხელმოწერის შემოწმება..."
124 | 
125 | #: src/pam_pkcs11/pam_pkcs11.c:660
126 | msgid "Error 2338: Getting random value failed."
127 | msgstr "შეცდომა 2338: შემთხვევითი მნიშვნელობის მიღება ჩავარდა."
128 | 
129 | #: src/pam_pkcs11/pam_pkcs11.c:674
130 | msgid "Error 2340: Signing failed."
131 | msgstr "შეცდომა 2340: ხელმოწერა ჩავარდა."
132 | 
133 | #: src/pam_pkcs11/pam_pkcs11.c:691
134 | msgid "Error 2342: Verifying signature failed."
135 | msgstr "შეცდომა 2342: ხელმოწერის გადამოწმება ჩავარდა."
136 | 
137 | #: src/pam_pkcs11/pam_pkcs11.c:808
138 | msgid "Smart card authentication cancelled."
139 | msgstr "სმარტ ბარათის ავთენტიკაცია გაუქმდა."
140 | 
141 | #: src/pam_pkcs11/pam_pkcs11.c:854
142 | msgid "Cannot change the password on your smart card."
143 | msgstr "თქვენს სმარტ ბარათზე პაროლის შეცვლა შეუძლებელია."
144 | 
145 | #: src/pam_pkcs11/pam_config.c:65
146 | msgid "Smart card"
147 | msgstr "სმარტ ბარათი"
148 | 


--------------------------------------------------------------------------------
/po/nl.po:
--------------------------------------------------------------------------------
  1 | # SOME DESCRIPTIVE TITLE.
  2 | # This file is put in the public domain.
  3 | # Ludovic Rousseau <ludovic.rousseau@free.fr>, 2007.
  4 | #
  5 | msgid ""
  6 | msgstr ""
  7 | "Project-Id-Version: pam_pkcs11 0.5.4\n"
  8 | "Report-Msgid-Bugs-To: \n"
  9 | "POT-Creation-Date: 2022-12-01 15:13+0800\n"
 10 | "PO-Revision-Date: 2010-05-30 09:00+0200\n"
 11 | "Last-Translator: Guy Zelck <gzelck@gmail.com>\n"
 12 | "Language-Team: Dutch <nl@li.org>\n"
 13 | "Language: nl\n"
 14 | "MIME-Version: 1.0\n"
 15 | "Content-Type: text/plain; charset=UTF-8\n"
 16 | "Content-Transfer-Encoding: 8bit\n"
 17 | 
 18 | #: src/pam_pkcs11/pam_pkcs11.c:340
 19 | msgid "Error 2302: PKCS#11 module failed loading."
 20 | msgstr ""
 21 | 
 22 | #: src/pam_pkcs11/pam_pkcs11.c:354
 23 | msgid "Error 2304: PKCS#11 module could not be initialized."
 24 | msgstr ""
 25 | 
 26 | #: src/pam_pkcs11/pam_pkcs11.c:385
 27 | #, c-format
 28 | msgid "Please insert your smart card called \"%.32s\"."
 29 | msgstr "Gelieve je smartcard genaamd \"%.32s\" aan te brengen."
 30 | 
 31 | #: src/pam_pkcs11/pam_pkcs11.c:389
 32 | msgid "Please insert your smart card."
 33 | msgstr "Gelieve je smartcard aan te brengen."
 34 | 
 35 | #: src/pam_pkcs11/pam_pkcs11.c:408
 36 | msgid "Error 2308: No smart card found."
 37 | msgstr ""
 38 | 
 39 | #: src/pam_pkcs11/pam_pkcs11.c:413
 40 | #, fuzzy
 41 | msgid "No smart card found."
 42 | msgstr "Smartcard"
 43 | 
 44 | #: src/pam_pkcs11/pam_pkcs11.c:420
 45 | #, c-format
 46 | msgid "%s found."
 47 | msgstr ""
 48 | 
 49 | #: src/pam_pkcs11/pam_pkcs11.c:428
 50 | msgid "Error 2312: Open PKCS#11 session failed."
 51 | msgstr ""
 52 | 
 53 | #: src/pam_pkcs11/pam_pkcs11.c:440
 54 | msgid "Error 2314: Slot login failed."
 55 | msgstr ""
 56 | 
 57 | #: src/pam_pkcs11/pam_pkcs11.c:447
 58 | #, c-format
 59 | msgid "Welcome %.32s!"
 60 | msgstr "Welkom %.32s!"
 61 | 
 62 | #: src/pam_pkcs11/pam_pkcs11.c:455
 63 | #, c-format
 64 | msgid "%s PIN: "
 65 | msgstr "PIN van %s : "
 66 | 
 67 | #: src/pam_pkcs11/pam_pkcs11.c:466
 68 | msgid "Error 2316: Password could not be read."
 69 | msgstr ""
 70 | 
 71 | #: src/pam_pkcs11/pam_pkcs11.c:482
 72 | msgid "Error 2318: Empty smart card PIN not allowed."
 73 | msgstr ""
 74 | 
 75 | #: src/pam_pkcs11/pam_pkcs11.c:492
 76 | #, c-format
 77 | msgid "Enter your %s PIN on the pinpad."
 78 | msgstr ""
 79 | 
 80 | #: src/pam_pkcs11/pam_pkcs11.c:506
 81 | msgid "Error 2320: Wrong smart card PIN."
 82 | msgstr ""
 83 | 
 84 | #: src/pam_pkcs11/pam_pkcs11.c:519
 85 | msgid "Error 2322: No certificate found."
 86 | msgstr ""
 87 | 
 88 | #: src/pam_pkcs11/pam_pkcs11.c:534
 89 | msgid "Verifying certificate..."
 90 | msgstr ""
 91 | 
 92 | #: src/pam_pkcs11/pam_pkcs11.c:547
 93 | msgid "Error 2324: Certificate has expired."
 94 | msgstr ""
 95 | 
 96 | #: src/pam_pkcs11/pam_pkcs11.c:551
 97 | msgid "Error 2326: Certificate not yet valid."
 98 | msgstr ""
 99 | 
100 | #: src/pam_pkcs11/pam_pkcs11.c:555
101 | msgid "Error 2328: Certificate signature invalid."
102 | msgstr ""
103 | 
104 | #: src/pam_pkcs11/pam_pkcs11.c:559
105 | msgid "Error 2330: Certificate invalid."
106 | msgstr ""
107 | 
108 | #: src/pam_pkcs11/pam_pkcs11.c:594
109 | msgid "Error 2332: Setting PAM user entry failed."
110 | msgstr ""
111 | 
112 | #: src/pam_pkcs11/pam_pkcs11.c:610
113 | msgid "Error 2334: No matching user."
114 | msgstr ""
115 | 
116 | #: src/pam_pkcs11/pam_pkcs11.c:631
117 | msgid "Error 2336: No matching certificate found."
118 | msgstr ""
119 | 
120 | #: src/pam_pkcs11/pam_pkcs11.c:640
121 | msgid "Checking signature..."
122 | msgstr ""
123 | 
124 | #: src/pam_pkcs11/pam_pkcs11.c:660
125 | msgid "Error 2338: Getting random value failed."
126 | msgstr ""
127 | 
128 | #: src/pam_pkcs11/pam_pkcs11.c:674
129 | msgid "Error 2340: Signing failed."
130 | msgstr ""
131 | 
132 | #: src/pam_pkcs11/pam_pkcs11.c:691
133 | msgid "Error 2342: Verifying signature failed."
134 | msgstr ""
135 | 
136 | #: src/pam_pkcs11/pam_pkcs11.c:808
137 | msgid "Smart card authentication cancelled."
138 | msgstr ""
139 | 
140 | #: src/pam_pkcs11/pam_pkcs11.c:854
141 | msgid "Cannot change the password on your smart card."
142 | msgstr "Kan het paswoord op je smartcard niet wijzigen."
143 | 
144 | #: src/pam_pkcs11/pam_config.c:65
145 | msgid "Smart card"
146 | msgstr "Smartcard"
147 | 
148 | #, c-format
149 | #~ msgid "Please insert your %s or enter your username."
150 | #~ msgstr "Gelieve je %s aan te brengen of je gebruikersnaam in te geven."
151 | 
152 | #~ msgid "Found the %s."
153 | #~ msgstr "%s gevonden."
154 | 
155 | #~ msgid "Smart card password: "
156 | #~ msgstr "Smartcard paswoord : "
157 | 


--------------------------------------------------------------------------------
/po/pam_pkcs11.pot:
--------------------------------------------------------------------------------
  1 | # SOME DESCRIPTIVE TITLE.
  2 | # This file is put in the public domain.
  3 | # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
  4 | #
  5 | #, fuzzy
  6 | msgid ""
  7 | msgstr ""
  8 | "Project-Id-Version: pam_pkcs11 0.6.12\n"
  9 | "Report-Msgid-Bugs-To: \n"
 10 | "POT-Creation-Date: 2022-12-01 15:13+0800\n"
 11 | "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 12 | "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 13 | "Language-Team: LANGUAGE <LL@li.org>\n"
 14 | "Language: \n"
 15 | "MIME-Version: 1.0\n"
 16 | "Content-Type: text/plain; charset=CHARSET\n"
 17 | "Content-Transfer-Encoding: 8bit\n"
 18 | 
 19 | #: src/pam_pkcs11/pam_pkcs11.c:340
 20 | msgid "Error 2302: PKCS#11 module failed loading."
 21 | msgstr ""
 22 | 
 23 | #: src/pam_pkcs11/pam_pkcs11.c:354
 24 | msgid "Error 2304: PKCS#11 module could not be initialized."
 25 | msgstr ""
 26 | 
 27 | #: src/pam_pkcs11/pam_pkcs11.c:385
 28 | #, c-format
 29 | msgid "Please insert your smart card called \"%.32s\"."
 30 | msgstr ""
 31 | 
 32 | #: src/pam_pkcs11/pam_pkcs11.c:389
 33 | msgid "Please insert your smart card."
 34 | msgstr ""
 35 | 
 36 | #: src/pam_pkcs11/pam_pkcs11.c:408
 37 | msgid "Error 2308: No smart card found."
 38 | msgstr ""
 39 | 
 40 | #: src/pam_pkcs11/pam_pkcs11.c:413
 41 | msgid "No smart card found."
 42 | msgstr ""
 43 | 
 44 | #: src/pam_pkcs11/pam_pkcs11.c:420
 45 | #, c-format
 46 | msgid "%s found."
 47 | msgstr ""
 48 | 
 49 | #: src/pam_pkcs11/pam_pkcs11.c:428
 50 | msgid "Error 2312: Open PKCS#11 session failed."
 51 | msgstr ""
 52 | 
 53 | #: src/pam_pkcs11/pam_pkcs11.c:440
 54 | msgid "Error 2314: Slot login failed."
 55 | msgstr ""
 56 | 
 57 | #: src/pam_pkcs11/pam_pkcs11.c:447
 58 | #, c-format
 59 | msgid "Welcome %.32s!"
 60 | msgstr ""
 61 | 
 62 | #: src/pam_pkcs11/pam_pkcs11.c:455
 63 | #, c-format
 64 | msgid "%s PIN: "
 65 | msgstr ""
 66 | 
 67 | #: src/pam_pkcs11/pam_pkcs11.c:466
 68 | msgid "Error 2316: Password could not be read."
 69 | msgstr ""
 70 | 
 71 | #: src/pam_pkcs11/pam_pkcs11.c:482
 72 | msgid "Error 2318: Empty smart card PIN not allowed."
 73 | msgstr ""
 74 | 
 75 | #: src/pam_pkcs11/pam_pkcs11.c:492
 76 | #, c-format
 77 | msgid "Enter your %s PIN on the pinpad."
 78 | msgstr ""
 79 | 
 80 | #: src/pam_pkcs11/pam_pkcs11.c:506
 81 | msgid "Error 2320: Wrong smart card PIN."
 82 | msgstr ""
 83 | 
 84 | #: src/pam_pkcs11/pam_pkcs11.c:519
 85 | msgid "Error 2322: No certificate found."
 86 | msgstr ""
 87 | 
 88 | #: src/pam_pkcs11/pam_pkcs11.c:534
 89 | msgid "Verifying certificate..."
 90 | msgstr ""
 91 | 
 92 | #: src/pam_pkcs11/pam_pkcs11.c:547
 93 | msgid "Error 2324: Certificate has expired."
 94 | msgstr ""
 95 | 
 96 | #: src/pam_pkcs11/pam_pkcs11.c:551
 97 | msgid "Error 2326: Certificate not yet valid."
 98 | msgstr ""
 99 | 
100 | #: src/pam_pkcs11/pam_pkcs11.c:555
101 | msgid "Error 2328: Certificate signature invalid."
102 | msgstr ""
103 | 
104 | #: src/pam_pkcs11/pam_pkcs11.c:559
105 | msgid "Error 2330: Certificate invalid."
106 | msgstr ""
107 | 
108 | #: src/pam_pkcs11/pam_pkcs11.c:594
109 | msgid "Error 2332: Setting PAM user entry failed."
110 | msgstr ""
111 | 
112 | #: src/pam_pkcs11/pam_pkcs11.c:610
113 | msgid "Error 2334: No matching user."
114 | msgstr ""
115 | 
116 | #: src/pam_pkcs11/pam_pkcs11.c:631
117 | msgid "Error 2336: No matching certificate found."
118 | msgstr ""
119 | 
120 | #: src/pam_pkcs11/pam_pkcs11.c:640
121 | msgid "Checking signature..."
122 | msgstr ""
123 | 
124 | #: src/pam_pkcs11/pam_pkcs11.c:660
125 | msgid "Error 2338: Getting random value failed."
126 | msgstr ""
127 | 
128 | #: src/pam_pkcs11/pam_pkcs11.c:674
129 | msgid "Error 2340: Signing failed."
130 | msgstr ""
131 | 
132 | #: src/pam_pkcs11/pam_pkcs11.c:691
133 | msgid "Error 2342: Verifying signature failed."
134 | msgstr ""
135 | 
136 | #: src/pam_pkcs11/pam_pkcs11.c:808
137 | msgid "Smart card authentication cancelled."
138 | msgstr ""
139 | 
140 | #: src/pam_pkcs11/pam_pkcs11.c:854
141 | msgid "Cannot change the password on your smart card."
142 | msgstr ""
143 | 
144 | #: src/pam_pkcs11/pam_config.c:65
145 | msgid "Smart card"
146 | msgstr ""
147 | 


--------------------------------------------------------------------------------
/po/remove-potcdate.sed:
--------------------------------------------------------------------------------
 1 | /^"POT-Creation-Date: .*"$/{
 2 | x
 3 | s/P/P/
 4 | ta
 5 | g
 6 | d
 7 | bb
 8 | :a
 9 | x
10 | :b
11 | }
12 | 


--------------------------------------------------------------------------------
/po/remove-potcdate.sin:
--------------------------------------------------------------------------------
 1 | # Sed script that remove the POT-Creation-Date line in the header entry
 2 | # from a POT file.
 3 | #
 4 | # The distinction between the first and the following occurrences of the
 5 | # pattern is achieved by looking at the hold space.
 6 | /^"POT-Creation-Date: .*"$/{
 7 | x
 8 | # Test if the hold space is empty.
 9 | s/P/P/
10 | ta
11 | # Yes it was empty. First occurrence. Remove the line.
12 | g
13 | d
14 | bb
15 | :a
16 | # The hold space was nonempty. Following occurrences. Do nothing.
17 | x
18 | :b
19 | }
20 | 


--------------------------------------------------------------------------------
/po/tr.po:
--------------------------------------------------------------------------------
  1 | # This file is put in the public domain.
  2 | # Ozan Çağlayan
  3 | #
  4 | msgid ""
  5 | msgstr ""
  6 | "Project-Id-Version: pam_pkcs11 0.6.6\n"
  7 | "Report-Msgid-Bugs-To: \n"
  8 | "POT-Creation-Date: 2022-12-01 15:13+0800\n"
  9 | "PO-Revision-Date: 2011-07-05 11:17:+0300\n"
 10 | "Last-Translator: Ozan Çağlayan <ozan@pardus.org.tr>\n"
 11 | "Language-Team: Turkish <tr@li.org>\n"
 12 | "Language: tr\n"
 13 | "MIME-Version: 1.0\n"
 14 | "Content-Type: text/plain; charset=utf-8\n"
 15 | "Content-Transfer-Encoding: 8bit\n"
 16 | 
 17 | #: src/pam_pkcs11/pam_pkcs11.c:340
 18 | msgid "Error 2302: PKCS#11 module failed loading."
 19 | msgstr ""
 20 | 
 21 | #: src/pam_pkcs11/pam_pkcs11.c:354
 22 | msgid "Error 2304: PKCS#11 module could not be initialized."
 23 | msgstr ""
 24 | 
 25 | #: src/pam_pkcs11/pam_pkcs11.c:385
 26 | #, c-format
 27 | msgid "Please insert your smart card called \"%.32s\"."
 28 | msgstr "Lütfen \"%.32s\" isimli akıllı kartı yerleştirin."
 29 | 
 30 | #: src/pam_pkcs11/pam_pkcs11.c:389
 31 | msgid "Please insert your smart card."
 32 | msgstr "Lütfen akıllı kartı yerleştirin."
 33 | 
 34 | #: src/pam_pkcs11/pam_pkcs11.c:408
 35 | msgid "Error 2308: No smart card found."
 36 | msgstr ""
 37 | 
 38 | #: src/pam_pkcs11/pam_pkcs11.c:413
 39 | #, fuzzy
 40 | msgid "No smart card found."
 41 | msgstr "Akıllı kart"
 42 | 
 43 | #: src/pam_pkcs11/pam_pkcs11.c:420
 44 | #, c-format
 45 | msgid "%s found."
 46 | msgstr "%s bulundu."
 47 | 
 48 | #: src/pam_pkcs11/pam_pkcs11.c:428
 49 | msgid "Error 2312: Open PKCS#11 session failed."
 50 | msgstr ""
 51 | 
 52 | #: src/pam_pkcs11/pam_pkcs11.c:440
 53 | msgid "Error 2314: Slot login failed."
 54 | msgstr ""
 55 | 
 56 | #: src/pam_pkcs11/pam_pkcs11.c:447
 57 | #, c-format
 58 | msgid "Welcome %.32s!"
 59 | msgstr "Hoş geldiniz %.32s"
 60 | 
 61 | #: src/pam_pkcs11/pam_pkcs11.c:455
 62 | #, c-format
 63 | msgid "%s PIN: "
 64 | msgstr "%s PIN: "
 65 | 
 66 | #: src/pam_pkcs11/pam_pkcs11.c:466
 67 | msgid "Error 2316: Password could not be read."
 68 | msgstr ""
 69 | 
 70 | #: src/pam_pkcs11/pam_pkcs11.c:482
 71 | msgid "Error 2318: Empty smart card PIN not allowed."
 72 | msgstr ""
 73 | 
 74 | #: src/pam_pkcs11/pam_pkcs11.c:492
 75 | #, fuzzy, c-format
 76 | msgid "Enter your %s PIN on the pinpad."
 77 | msgstr "PIN klavyesini kullanarak %s PIN kodunu giriniz."
 78 | 
 79 | #: src/pam_pkcs11/pam_pkcs11.c:506
 80 | msgid "Error 2320: Wrong smart card PIN."
 81 | msgstr ""
 82 | 
 83 | #: src/pam_pkcs11/pam_pkcs11.c:519
 84 | msgid "Error 2322: No certificate found."
 85 | msgstr ""
 86 | 
 87 | #: src/pam_pkcs11/pam_pkcs11.c:534
 88 | msgid "Verifying certificate..."
 89 | msgstr ""
 90 | 
 91 | #: src/pam_pkcs11/pam_pkcs11.c:547
 92 | msgid "Error 2324: Certificate has expired."
 93 | msgstr ""
 94 | 
 95 | #: src/pam_pkcs11/pam_pkcs11.c:551
 96 | msgid "Error 2326: Certificate not yet valid."
 97 | msgstr ""
 98 | 
 99 | #: src/pam_pkcs11/pam_pkcs11.c:555
100 | msgid "Error 2328: Certificate signature invalid."
101 | msgstr ""
102 | 
103 | #: src/pam_pkcs11/pam_pkcs11.c:559
104 | msgid "Error 2330: Certificate invalid."
105 | msgstr ""
106 | 
107 | #: src/pam_pkcs11/pam_pkcs11.c:594
108 | msgid "Error 2332: Setting PAM user entry failed."
109 | msgstr ""
110 | 
111 | #: src/pam_pkcs11/pam_pkcs11.c:610
112 | msgid "Error 2334: No matching user."
113 | msgstr ""
114 | 
115 | #: src/pam_pkcs11/pam_pkcs11.c:631
116 | msgid "Error 2336: No matching certificate found."
117 | msgstr ""
118 | 
119 | #: src/pam_pkcs11/pam_pkcs11.c:640
120 | msgid "Checking signature..."
121 | msgstr ""
122 | 
123 | #: src/pam_pkcs11/pam_pkcs11.c:660
124 | msgid "Error 2338: Getting random value failed."
125 | msgstr ""
126 | 
127 | #: src/pam_pkcs11/pam_pkcs11.c:674
128 | msgid "Error 2340: Signing failed."
129 | msgstr ""
130 | 
131 | #: src/pam_pkcs11/pam_pkcs11.c:691
132 | msgid "Error 2342: Verifying signature failed."
133 | msgstr ""
134 | 
135 | #: src/pam_pkcs11/pam_pkcs11.c:808
136 | msgid "Smart card authentication cancelled."
137 | msgstr ""
138 | 
139 | #: src/pam_pkcs11/pam_pkcs11.c:854
140 | msgid "Cannot change the password on your smart card."
141 | msgstr "Akıllı kart parolası değiştirilemiyor."
142 | 
143 | #: src/pam_pkcs11/pam_config.c:65
144 | msgid "Smart card"
145 | msgstr "Akıllı kart"
146 | 
147 | #, c-format
148 | #~ msgid "Please insert your %s or enter your username."
149 | #~ msgstr "Lütfen size ait bir %s yerleştirin veya kullanıcı adınızı girin."
150 | 


--------------------------------------------------------------------------------
/po/zh_CN.po:
--------------------------------------------------------------------------------
  1 | # Chinese translations for pam_pkcs11 package.
  2 | # This file is put in the public domain.
  3 | # Alynx Zhou <alynx.zhou@gmail.com>, 2022.
  4 | #
  5 | msgid ""
  6 | msgstr ""
  7 | "Project-Id-Version: pam_pkcs11 0.6.12\n"
  8 | "Report-Msgid-Bugs-To: \n"
  9 | "POT-Creation-Date: 2022-12-01 14:31+0800\n"
 10 | "PO-Revision-Date: 2022-12-01 14:53+0800\n"
 11 | "Last-Translator: Alynx Zhou <alynx.zhou@gmail.com>\n"
 12 | "Language-Team: Chinese (simplified) <i18n-zh@googlegroups.com>\n"
 13 | "Language: zh_CN\n"
 14 | "MIME-Version: 1.0\n"
 15 | "Content-Type: text/plain; charset=UTF-8\n"
 16 | "Content-Transfer-Encoding: 8bit\n"
 17 | 
 18 | #: src/pam_pkcs11/pam_pkcs11.c:340
 19 | msgid "Error 2302: PKCS#11 module failed loading."
 20 | msgstr "错误 2302：PKCS#11 模块加载失败。"
 21 | 
 22 | #: src/pam_pkcs11/pam_pkcs11.c:354
 23 | msgid "Error 2304: PKCS#11 module could not be initialized."
 24 | msgstr "错误 2304：PKCS#11 模块无法初始化。"
 25 | 
 26 | #: src/pam_pkcs11/pam_pkcs11.c:385
 27 | #, c-format
 28 | msgid "Please insert your smart card called \"%.32s\"."
 29 | msgstr "请插入名为 \"%.32s\" 的智能卡。"
 30 | 
 31 | #: src/pam_pkcs11/pam_pkcs11.c:389
 32 | msgid "Please insert your smart card."
 33 | msgstr "请插入您的智能卡。"
 34 | 
 35 | #: src/pam_pkcs11/pam_pkcs11.c:408
 36 | msgid "Error 2308: No smart card found."
 37 | msgstr "错误 2308：未检测到智能卡。"
 38 | 
 39 | #: src/pam_pkcs11/pam_pkcs11.c:413
 40 | msgid "No smart card found."
 41 | msgstr "未检测到智能卡。"
 42 | 
 43 | #: src/pam_pkcs11/pam_pkcs11.c:420
 44 | #, c-format
 45 | msgid "%s found."
 46 | msgstr "检测到 %s。"
 47 | 
 48 | #: src/pam_pkcs11/pam_pkcs11.c:428
 49 | msgid "Error 2312: Open PKCS#11 session failed."
 50 | msgstr "错误 2312：开启 PKCS#11 会话失败。"
 51 | 
 52 | #: src/pam_pkcs11/pam_pkcs11.c:440
 53 | msgid "Error 2314: Slot login failed."
 54 | msgstr "错误 2314：卡槽登录失败。"
 55 | 
 56 | #: src/pam_pkcs11/pam_pkcs11.c:447
 57 | #, c-format
 58 | msgid "Welcome %.32s!"
 59 | msgstr "欢迎 %.32s！"
 60 | 
 61 | #: src/pam_pkcs11/pam_pkcs11.c:455
 62 | #, c-format
 63 | msgid "%s PIN: "
 64 | msgstr "%s PIN: "
 65 | 
 66 | #: src/pam_pkcs11/pam_pkcs11.c:466
 67 | msgid "Error 2316: Password could not be read."
 68 | msgstr "错误 2316：无法读取密码。"
 69 | 
 70 | #: src/pam_pkcs11/pam_pkcs11.c:482
 71 | msgid "Error 2318: Empty smart card PIN not allowed."
 72 | msgstr "错误 2318：不允许使用空白的智能卡 PIN。"
 73 | 
 74 | #: src/pam_pkcs11/pam_pkcs11.c:492
 75 | #, c-format
 76 | msgid "Enter your %s PIN on the pinpad."
 77 | msgstr "请在密码键盘上输入您的 %s PIN。"
 78 | 
 79 | #: src/pam_pkcs11/pam_pkcs11.c:506
 80 | msgid "Error 2320: Wrong smart card PIN."
 81 | msgstr "错误 2320：智能卡 PIN 不正确。"
 82 | 
 83 | #: src/pam_pkcs11/pam_pkcs11.c:519
 84 | msgid "Error 2322: No certificate found."
 85 | msgstr "错误 2322：未检测到证书。"
 86 | 
 87 | #: src/pam_pkcs11/pam_pkcs11.c:534
 88 | msgid "Verifying certificate..."
 89 | msgstr "正在验证证书……"
 90 | 
 91 | #: src/pam_pkcs11/pam_pkcs11.c:547
 92 | msgid "Error 2324: Certificate has expired."
 93 | msgstr "错误 2324：证书已过期。"
 94 | 
 95 | #: src/pam_pkcs11/pam_pkcs11.c:551
 96 | msgid "Error 2326: Certificate not yet valid."
 97 | msgstr "错误 2326：证书还未生效。"
 98 | 
 99 | #: src/pam_pkcs11/pam_pkcs11.c:555
100 | msgid "Error 2328: Certificate signature invalid."
101 | msgstr "错误 2328：证书签名无效。"
102 | 
103 | #: src/pam_pkcs11/pam_pkcs11.c:559
104 | msgid "Error 2330: Certificate invalid."
105 | msgstr "错误 2330：证书无效。"
106 | 
107 | #: src/pam_pkcs11/pam_pkcs11.c:594
108 | msgid "Error 2332: Setting PAM user entry failed."
109 | msgstr "错误 2332：设置 PAM 用户条目失败。"
110 | 
111 | #: src/pam_pkcs11/pam_pkcs11.c:610
112 | msgid "Error 2334: No matching user."
113 | msgstr "错误 2334：没有匹配到用户。"
114 | 
115 | #: src/pam_pkcs11/pam_pkcs11.c:631
116 | msgid "Error 2336: No matching certificate found."
117 | msgstr "错误 2336：没有匹配到证书。"
118 | 
119 | #: src/pam_pkcs11/pam_pkcs11.c:640
120 | msgid "Checking signature..."
121 | msgstr "正在检查签名……"
122 | 
123 | #: src/pam_pkcs11/pam_pkcs11.c:660
124 | msgid "Error 2338: Getting random value failed."
125 | msgstr "错误 2338：获取随机值失败。"
126 | 
127 | #: src/pam_pkcs11/pam_pkcs11.c:674
128 | msgid "Error 2340: Signing failed."
129 | msgstr "错误 2340：签名失败。"
130 | 
131 | #: src/pam_pkcs11/pam_pkcs11.c:691
132 | msgid "Error 2342: Verifying signature failed."
133 | msgstr "错误 2342：验证签名失败。"
134 | 
135 | #: src/pam_pkcs11/pam_pkcs11.c:808
136 | msgid "Smart card authentication cancelled."
137 | msgstr "智能卡认证取消。"
138 | 
139 | #: src/pam_pkcs11/pam_pkcs11.c:854
140 | msgid "Cannot change the password on your smart card."
141 | msgstr "无法修改智能卡上的密码。"
142 | 
143 | #: src/pam_pkcs11/pam_config.c:65
144 | msgid "Smart card"
145 | msgstr "智能卡"
146 | 


--------------------------------------------------------------------------------
/src/Makefile.am:
--------------------------------------------------------------------------------
1 | # Process this file with automake to create Makefile.in
2 | 
3 | MAINTAINERCLEANFILES = Makefile.in
4 | 
5 | # Order IS important
6 | SUBDIRS = scconf common mappers pam_pkcs11 tools 
7 | 


--------------------------------------------------------------------------------
/src/common/Makefile.am:
--------------------------------------------------------------------------------
 1 | # Process this file with automake to create Makefile.in
 2 | 
 3 | MAINTAINERCLEANFILES = Makefile.in
 4 | 
 5 | AM_CFLAGS = $(CRYPTO_CFLAGS)
 6 | AM_CPPFLAGS = $(CRYPTO_CFLAGS)
 7 | 
 8 | SUBDIRS = . rsaref
 9 | 
10 | noinst_HEADERS = debug.h error.h uri.h strings.h \
11 | 	cert_vfy.h cert_info.h base64.h pkcs11_lib.h \
12 | 	cert_st.h alg_st.h SSLerrs.h SECerrs.h NSPRerrs.h \
13 | 	secutil.h
14 | 
15 | noinst_PROGRAMS = 
16 | noinst_LTLIBRARIES = libcommon.la
17 | 
18 | libcommon_la_SOURCES = algorithm.c cert_vfy.c cert_vfy.h \
19 | 	cert_info.c cert_info.h \
20 | 	debug.c debug.h error.c error.h \
21 | 	uri.c uri.h strings.c strings.h \
22 | 	pkcs11_lib.c \
23 | 	strndup.c strndup.h \
24 | 	pam-pkcs11-ossl-compat.h \
25 | 	base64.c base64.h
26 | 
27 | libcommon_la_LIBADD = $(CRYPTO_LIBS) $(PTHREAD_LIBS) $(LIBDL)
28 | libcommon_la_CFLAGS = $(PTHREAD_CFLAGS)
29 | 


--------------------------------------------------------------------------------
/src/common/alg_st.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * PKCS #11 PAM Login Module
 3 |  * Copyright (C) 2003-2004 Mario Strasser <mast@gmx.net>
 4 |  * Copyright (C) 2005 Juan Antonio Martinez <jonsito@teleline.es>
 5 |  *
 6 |  * This library is free software; you can redistribute it and/or
 7 |  * modify it under the terms of the GNU Lesser General Public
 8 |  * License as published by the Free Software Foundation; either
 9 |  * version 2.1 of the License, or (at your option) any later version.
10 |  *
11 |  * This library is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14 |  * Lesser General Public License for more details.
15 |  *
16 |  * $Id$
17 |  */
18 | 
19 | #ifndef _ALG_ST_H
20 | #define _ALG_ST_H
21 | 
22 | #ifdef HAVE_CONFIG_H
23 | #include <config.h>
24 | #endif
25 | 
26 | 
27 | #ifdef HAVE_NSS
28 | #include <secoid.h>
29 | #include <sechash.h>
30 | typedef SECHashObject ALGDIGEST;
31 | #define ALGORITHM_SHA512 SEC_OID_SHA512
32 | #define ALGORITHM_SHA384 SEC_OID_SHA385
33 | #define ALGORITHM_SHA256 SEC_OID_SHA256
34 | #define ALGORITHM_SHA1  SEC_OID_SHA1
35 | #define ALGORITHM_MD5  SEC_OID_MD5
36 | #define ALGORITHM_MD2  SEC_OID_MD2
37 | #else
38 | #include <openssl/evp.h>
39 | typedef EVP_MD ALGDIGEST;
40 | #define ALGORITHM_SHA512 "sha512"
41 | #define ALGORITHM_SHA384 "sha384"
42 | #define ALGORITHM_SHA256 "sha256"
43 | #define ALGORITHM_SHA1  "sha1"
44 | #define ALGORITHM_MD5  "md5"
45 | #define ALGORITHM_MD2  "md2"
46 | #endif
47 | 
48 | ALGORITHM_TYPE Alg_get_alg_from_string(const char *);
49 | /* EVP_get_digestbyname */
50 | const ALGDIGEST *Alg_get_digest_by_name(ALGORITHM_TYPE hash);
51 | 
52 | #endif /* _ALG_ST_H */
53 | 


--------------------------------------------------------------------------------
/src/common/algorithm.c:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * PKCS #11 PAM Login Module
 3 |  * Copyright (C) 2003-2004 Mario Strasser <mast@gmx.net>
 4 |  * Copyright (C) 2005 Juan Antonio Martinez <jonsito@teleline.es>
 5 |  *
 6 |  * This library is free software; you can redistribute it and/or
 7 |  * modify it under the terms of the GNU Lesser General Public
 8 |  * License as published by the Free Software Foundation; either
 9 |  * version 2.1 of the License, or (at your option) any later version.
10 |  *
11 |  * This library is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14 |  * Lesser General Public License for more details.
15 |  *
16 |  * $Id$
17 |  */
18 | 
19 | 
20 | #ifdef HAVE_CONFIG_H
21 | #include <config.h>
22 | #endif
23 | 
24 | #include <cert_st.h>
25 | #include <alg_st.h>
26 | 
27 | #ifdef HAVE_NSS
28 | ALGORITHM_TYPE Alg_get_alg_from_string(const char *hashString)
29 | {
30 |     /* sigh, we don't have any string to out conversion
31 |      * it would be nice to at least search the oid table by
32 |      * description */
33 |     SECOidTag hashOIDTag;
34 | 
35 |     if (strcasecmp(hashString, "sha1") == 0) {
36 | 	hashOIDTag = SEC_OID_SHA1;
37 |     } else if (strcasecmp(hashString, "md5") == 0) {
38 | 	hashOIDTag = SEC_OID_MD5;
39 |     } else if (strcasecmp(hashString, "md2") == 0) {
40 | 	hashOIDTag = SEC_OID_MD2;
41 |     } else if (strcasecmp(hashString, "sha512") == 0) {
42 | 	hashOIDTag = SEC_OID_SHA512;
43 |     } else if (strcasecmp(hashString, "sha384") == 0) {
44 | 	hashOIDTag = SEC_OID_SHA384;
45 |     } else if (strcasecmp(hashString, "sha256") == 0) {
46 | 	hashOIDTag = SEC_OID_SHA256;
47 |     } else {
48 | 	hashOIDTag = ALGORITHM_NULL;
49 |     }
50 | 
51 |     return hashOIDTag;
52 | }
53 | 
54 | const ALGDIGEST *Alg_get_digest_by_name(ALGORITHM_TYPE hash)
55 | {
56 |     return HASH_GetHashObjectByOidTag(hash);
57 | }
58 | 
59 | #else
60 | 
61 | ALGORITHM_TYPE Alg_get_alg_from_string(const char *hashString)
62 | {
63 |     const EVP_MD *digest = NULL;
64 | 
65 |     digest = EVP_get_digestbyname(hashString);
66 |     if (!digest) {
67 | 	return ALGORITHM_NULL;
68 |     }
69 |     return hashString;
70 | }
71 | 
72 | const ALGDIGEST *Alg_get_digest_by_name(ALGORITHM_TYPE hash)
73 | {
74 |     return EVP_get_digestbyname((char *)hash);
75 | }
76 | #endif
77 | 
78 | 


--------------------------------------------------------------------------------
/src/common/base64.c:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * base64.c: Base64 converting functions
  3 |  *
  4 |  * Copyright (C) 2001, 2002  Juha Yrjölä <juha.yrjola@iki.fi>
  5 |  *
  6 |  * This library is free software; you can redistribute it and/or
  7 |  * modify it under the terms of the GNU Lesser General Public
  8 |  * License as published by the Free Software Foundation; either
  9 |  * version 2.1 of the License, or (at your option) any later version.
 10 |  *
 11 |  * This library is distributed in the hope that it will be useful,
 12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 14 |  * Lesser General Public License for more details.
 15 |  *
 16 |  * You should have received a copy of the GNU Lesser General Public
 17 |  * License along with this library; if not, write to the Free Software
 18 |  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 19 |  */
 20 | 
 21 | #define __BASE64_C_
 22 | 
 23 | #include <stdlib.h>
 24 | #include <string.h>
 25 | #include <stdio.h>
 26 | #include <assert.h>
 27 | 
 28 | #include "debug.h"
 29 | #include "error.h"
 30 | #include "base64.h"
 31 | 
 32 | static const unsigned char codes[66] =
 33 |     "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
 34 | 
 35 | static const unsigned char bin_table[128] = {
 36 | 	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
 37 | 	0xFF, 0xE0, 0xD0, 0xFF, 0xFF, 0xD0, 0xFF, 0xFF,
 38 | 	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
 39 | 	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
 40 | 	0xE0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
 41 | 	0xFF, 0xFF, 0xFF, 0x3E, 0xFF, 0xF2, 0xFF, 0x3F,
 42 | 	0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B,
 43 | 	0x3C, 0x3D, 0xFF, 0xFF, 0xFF, 0xC0, 0xFF, 0xFF,
 44 | 	0xFF, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
 45 | 	0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E,
 46 | 	0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16,
 47 | 	0x17, 0x18, 0x19, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
 48 | 	0xFF, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20,
 49 | 	0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
 50 | 	0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30,
 51 | 	0x31, 0x32, 0x33, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
 52 | };
 53 | 
 54 | static int from_base64(const char *in, unsigned int *out, int *skip) {
 55 | 	unsigned int res = 0, c = 0, s = 18;
 56 | 	const char *in0 = in;
 57 | 
 58 | 	for (c = 0; c < 4; c++, in++) {
 59 | 		unsigned char b;
 60 | 		int k = *in;
 61 | 
 62 | 		if (k < 0) return -1;
 63 | 		if (k == 0 && c == 0) return 0;
 64 | 		b = bin_table[k];
 65 | 		if (b == 0xC0)	/* '=' */ break;
 66 | 		switch (b) {
 67 | 		case 0xD0:	/* '\n' or '\r' */
 68 | 			c--;
 69 | 			continue;
 70 | 		}
 71 | 		if (b > 0x3f) return -1;
 72 | 
 73 | 		res |= b << s;
 74 | 		s -= 6;
 75 | 	}
 76 | 	*skip = in - in0;
 77 | 	*out = res;
 78 | 	return c * 6 / 8;
 79 | }
 80 | 
 81 | int base64_encode(const unsigned char *in,  size_t len, unsigned char *out, size_t *outlen) {
 82 |    size_t i = 0, len2 = 0, leven = 0;
 83 |    unsigned char *p = NULL;
 84 | 
 85 |    if (!in) return -1;
 86 |    if (!out) return -1;
 87 |    if (!outlen) return -1;
 88 | 
 89 |    /* valid output size ? */
 90 |    len2 = 4 * ((len + 2) / 3);
 91 |    if (*outlen < len2 + 1) {
 92 | 	DBG3("Not enough space '%zd' to process '%zd': needed '%zd' bytes",*outlen,len,len2+1);
 93 | 	return -1;
 94 | 		}
 95 |    p = out;
 96 |    leven = 3*(len / 3);
 97 |    for (i = 0; i < leven; i += 3) {
 98 |        *p++ = codes[(in[0] >> 2) & 0x3F];
 99 |        *p++ = codes[(((in[0] & 3) << 4) + (in[1] >> 4)) & 0x3F];
100 |        *p++ = codes[(((in[1] & 0xf) << 2) + (in[2] >> 6)) & 0x3F];
101 |        *p++ = codes[in[2] & 0x3F];
102 |        in += 3;
103 | 	}
104 |    /* Pad it if necessary...  */
105 |    if (i < len) {
106 |        unsigned a = in[0];
107 |        unsigned b = (i+1 < len) ? in[1] : 0;
108 |        *p++ = codes[(a >> 2) & 0x3F];
109 |        *p++ = codes[(((a & 3) << 4) + (b >> 4)) & 0x3F];
110 |        *p++ = (i+1 < len) ? codes[(((b & 0xf) << 2)) & 0x3F] : '=';
111 |        *p++ = '=';
112 | 	}
113 | 
114 |    /* append a NULL byte */
115 |    *p = '\0';
116 | 
117 |    /* return ok */
118 |    *outlen = p - out;
119 | 	return 0;
120 | }
121 | 
122 | int base64_decode(const char *in, unsigned char *out, size_t outlen) {
123 | 	int len = 0, r = 0, skip = 0;
124 | 	unsigned int i = 0;
125 | 
126 | 	while ((r = from_base64(in, &i, &skip)) > 0) {
127 | 		int finished = 0, s = 16;
128 | 
129 | 		if (r < 3) finished = 1;
130 | 		while (r--) {
131 | 			if (outlen <= 0) return -1;
132 | 			*out++ = i >> s;
133 | 			s -= 8;
134 | 			outlen--;
135 | 			len++;
136 | 		}
137 | 		in += skip;
138 | 		if (finished || *in == 0) return len;
139 | 	}
140 | 	if (r == 0) return len;
141 | 	return -1;
142 | }
143 | 
144 | #undef __BASE64_C_
145 | 
146 | /* end of file */
147 | 


--------------------------------------------------------------------------------
/src/common/base64.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * BASE64 Encoding functions
 3 |  * Copyright (C) 2001, 2002  Juha Yrj\uffffl\uffff <juha.yrjola@iki.fi>
 4 |  * Copyright (C) 2003-2004 Mario Strasser <mast@gmx.net>
 5 |  * Copyright (C) 2005 Juan Antonio Martinez <jonsito@teleline.es>
 6 |  *
 7 |  * This library is free software; you can redistribute it and/or
 8 |  * modify it under the terms of the GNU Lesser General Public
 9 |  * License as published by the Free Software Foundation; either
10 |  * version 2.1 of the License, or (at your option) any later version.
11 |  *
12 |  * This library is distributed in the hope that it will be useful,
13 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
15 |  * Lesser General Public License for more details.
16 |  *
17 |  * $Id$
18 |  */
19 | 
20 | #ifndef __BASE64_H_
21 | #define __BASE64_H_
22 | 
23 | #ifndef __BASE64_C_
24 | #define BASE64_EXTERN extern
25 | #else
26 | #define BASE64_EXTERN
27 | #endif
28 | 
29 | /**
30 | * Encode byte array into a base64 string
31 | *@param in Pointer to byte array
32 | *@param len length of input data
33 | *@param out Pointer to preallocated buffer space
34 | *@param outlen Size of buffer
35 | *@return 0 on success, -1 on error
36 | */
37 | BASE64_EXTERN int base64_encode(const unsigned char *in, size_t len, unsigned char *out, size_t *outlen);
38 | 
39 | /**
40 | * Decode a base64 string into a byte array
41 | *@param in Input string data
42 | *@param out Pointer to pre-allocated buffer space
43 | *@param outlen Size of buffer
44 | *@return Length of converted byte array, or -1 on error
45 | */
46 | BASE64_EXTERN int base64_decode(const char *in, unsigned char *out, size_t outlen);
47 | 
48 | #undef BASE64_EXTERN
49 | 
50 | #endif /* __BASE64_H_ */
51 | 


--------------------------------------------------------------------------------
/src/common/cert_info.h:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * PKCS #11 PAM Login Module
  3 |  * Copyright (C) 2003-2004 Mario Strasser <mast@gmx.net>
  4 |  * Copyright (C) 2005 Juan Antonio Martinez <jonsito@teleline.es>
  5 |  *
  6 |  * This library is free software; you can redistribute it and/or
  7 |  * modify it under the terms of the GNU Lesser General Public
  8 |  * License as published by the Free Software Foundation; either
  9 |  * version 2.1 of the License, or (at your option) any later version.
 10 |  *
 11 |  * This library is distributed in the hope that it will be useful,
 12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 14 |  * Lesser General Public License for more details.
 15 |  *
 16 |  * $Id$
 17 |  */
 18 | 
 19 | #ifndef __CERT_INFO_H_
 20 | #define __CERT_INFO_H_
 21 | 
 22 | #include "cert_st.h"
 23 | 
 24 | /** Certificate Common Name */
 25 | #define CERT_CN		1
 26 | /** Certificate subject */
 27 | #define CERT_SUBJECT	2
 28 | /** Kerberos principal name */
 29 | #define CERT_KPN	3
 30 | /** Certificate e-mail */
 31 | #define CERT_EMAIL	4
 32 | /** Microsoft's Universal Principal Name */
 33 | #define CERT_UPN	5
 34 | /** Certificate Unique Identifier */
 35 | #define CERT_UID	6
 36 | /** Certificate Public Key (PEM Format)*/
 37 | #define CERT_PUK	7
 38 | /** Certificate Digest */
 39 | #define CERT_DIGEST	8
 40 | /** Certificate Public key in OpenSSH format */
 41 | #define CERT_SSHPUK	9
 42 | /** Certificate in PEM format */
 43 | #define CERT_PEM	10
 44 | /** Certificate issuer */
 45 | #define CERT_ISSUER	11
 46 | /** Certificate serial number */
 47 | #define CERT_SERIAL	12
 48 | /** Certificate key algorithm */
 49 | #define CERT_KEY_ALG	13
 50 | 
 51 | /** Max size of returned certificate content array */
 52 | #define CERT_INFO_SIZE 16
 53 | /** Max number of entries to find from certificate */
 54 | #define CERT_INFO_MAX_ENTRIES ( CERT_INFO_SIZE - 1 )
 55 | 
 56 | #ifndef __CERT_INFO_C_
 57 | #define CERTINFO_EXTERN extern
 58 | #else
 59 | #define CERTINFO_EXTERN
 60 | #endif
 61 | 
 62 | #define DEFUALT_ENTRIES_SIZE 2
 63 | 
 64 | /**
 65 | * Generate and compose a certificate chain
 66 | * @param cert Certificate to add
 67 | * @param certs pointer to list of certificates
 68 | * @param ncerts pointer to number of certificates in list
 69 | */
 70 | void add_cert(X509 *cert, X509 ***certs, int *ncerts);
 71 | 
 72 | /**
 73 | * Request info on certificate
 74 | * @param x509 certificate to parse
 75 | * @param type information to retrieve
 76 | * @param algorithm to use in evaluate certificate digest; else null
 77 | * @return utf-8 string array with provided information
 78 | */
 79 | CERTINFO_EXTERN char **cert_info(X509 *x509, int type, ALGORITHM_TYPE algorithm);
 80 | 
 81 | /**
 82 |  * @brief free allocated
 83 |  * 
 84 |  * @param entries 
 85 |  * @param count 
 86 |  * @return CERTINFO_EXTERN 
 87 |  */
 88 | CERTINFO_EXTERN void free_entries(char **entries, int count);
 89 | 
 90 | /**
 91 |  * @brief initialize entries
 92 |  * 
 93 |  * @param entries 
 94 |  * @param count 
 95 |  * @return CERTINFO_EXTERN 
 96 |  */
 97 | CERTINFO_EXTERN void init_entries(char **entries, int count);
 98 | 
 99 | #undef CERTINFO_EXTERN
100 | 
101 | #endif /* __CERT_INFO_H_ */
102 | 


--------------------------------------------------------------------------------
/src/common/cert_st.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * PKCS #11 PAM Login Module
 3 |  * Copyright (C) 2003-2004 Mario Strasser <mast@gmx.net>
 4 |  * Copyright (C) 2005 Juan Antonio Martinez <jonsito@teleline.es>
 5 |  *
 6 |  * This library is free software; you can redistribute it and/or
 7 |  * modify it under the terms of the GNU Lesser General Public
 8 |  * License as published by the Free Software Foundation; either
 9 |  * version 2.1 of the License, or (at your option) any later version.
10 |  *
11 |  * This library is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14 |  * Lesser General Public License for more details.
15 |  *
16 |  * $Id$
17 |  */
18 | 
19 | #ifndef _CERT_ST_H
20 | #define _CERT_ST_H
21 | 
22 | #ifdef HAVE_CONFIG_H
23 | #include <config.h>
24 | #endif
25 | 
26 | typedef struct cert_policy_st cert_policy;
27 | 
28 | #ifdef HAVE_NSS
29 | #include <cert.h>
30 | #include <secoidt.h>
31 | typedef SECOidTag ALGORITHM_TYPE;
32 | #define ALGORITHM_NULL  SEC_OID_UNKNOWN
33 | /* we really should make a neutral define for this */
34 | #define X509 CERTCertificate
35 | #else
36 | #include "../common/pam-pkcs11-ossl-compat.h"
37 | #include <openssl/x509.h>
38 | typedef const char *ALGORITHM_TYPE;
39 | #define ALGORITHM_NULL  NULL
40 | #endif
41 | 
42 | 
43 | #endif /* _CERT_ST_H */
44 | 


--------------------------------------------------------------------------------
/src/common/cert_vfy.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * PKCS #11 PAM Login Module
 3 |  * Copyright (C) 2003 Mario Strasser <mast@gmx.net>,
 4 |  *
 5 |  * This library is free software; you can redistribute it and/or
 6 |  * modify it under the terms of the GNU Lesser General Public
 7 |  * License as published by the Free Software Foundation; either
 8 |  * version 2.1 of the License, or (at your option) any later version.
 9 |  *
10 |  * This library is distributed in the hope that it will be useful,
11 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
13 |  * Lesser General Public License for more details.
14 |  *
15 |  * $Id$
16 |  */
17 | 
18 | /** \file
19 | Several routines to:
20 | <ul>
21 | <li> Verify certificate</li>
22 | <li> Check for revocation list</li>
23 | <li> Verify signature</li>
24 | </ul>
25 | */
26 | 
27 | #ifndef __CERT_VFY_H_
28 | #define __CERT_VFY_H_
29 | 
30 | #include "cert_st.h"
31 | 
32 | typedef enum {
33 | 	/** Do not perform any CRL verification */
34 | 	CRLP_NONE,
35 | 	/** Retrieve CRL from CA site */
36 | 	CRLP_ONLINE,
37 | 	/** Retrieve CRL from local filesystem */
38 | 	CRLP_OFFLINE,
39 | 	/** Try CRL check online, else ofline, else fail */
40 | 	CRLP_AUTO
41 | 	} crl_policy_t;
42 | 
43 | typedef enum {
44 | 	OCSP_NONE,
45 | 	OCSP_ON
46 | 	} ocsp_policy_t;
47 | 
48 | struct cert_policy_st {
49 | 	int ca_policy;
50 | 	int crl_policy;
51 | 	int no_signature_policy;
52 | 	const char *ca_dir;
53 | 	const char *crl_dir;
54 | 	const char *nss_dir;
55 | 	int ocsp_policy;
56 | };
57 | 
58 | #ifndef __CERT_VFY_C
59 | #define CERTVFY_EXTERN extern
60 | #else
61 | #define CERTVFY_EXTERN
62 | #endif
63 | 
64 | /**
65 | * Verify provided certificate, and if needed, CRL
66 | *@param x509 Certificate to check
67 | *@param policy CRL verify policy
68 | *@return 1 on cert vfy success, 0 on fail, -1 on process error
69 | */
70 | CERTVFY_EXTERN int verify_certificate(X509 * x509, cert_policy *policy);
71 | 
72 | /**
73 | * Verify signature of provided data
74 | *@param x509 Certificate to be used
75 | *@param data Byte array of data to check
76 | *@param data_length Length of provided byte array
77 | *@param signature Byte array of signature to check
78 | *@param signature_length Length of signature byte array
79 | *@return 1 on signature vfy success, 0 on vfy fail, -1 on process error
80 | */
81 | CERTVFY_EXTERN int verify_signature(X509 * x509, unsigned char *data, int data_length, unsigned char **signature, unsigned long *signature_length);
82 | 
83 | #undef CERTVFY_EXTERN
84 | 
85 | #endif /* __CERT_VFY_H_ */
86 | 


--------------------------------------------------------------------------------
/src/common/debug.c:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * PKCS #11 PAM Login Module
 3 |  * Copyright (C) 2003 Mario Strasser <mast@gmx.net>,
 4 |  *
 5 |  * This library is free software; you can redistribute it and/or
 6 |  * modify it under the terms of the GNU Lesser General Public
 7 |  * License as published by the Free Software Foundation; either
 8 |  * version 2.1 of the License, or (at your option) any later version.
 9 |  *
10 |  * This library is distributed in the hope that it will be useful,
11 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
13 |  * Lesser General Public License for more details.
14 |  *
15 |  * $Id$
16 |  */
17 | 
18 | #include "debug.h"
19 | #include <stdarg.h>
20 | #include <stdio.h>
21 | #include <syslog.h>
22 | #include <unistd.h>
23 | 
24 | /* current debug level */
25 | static int debug_level = 0;
26 | 
27 | void set_debug_level(int level) {
28 |   debug_level = level;
29 | }
30 | 
31 | int get_debug_level(void) {
32 | 	return debug_level;
33 | }
34 | 
35 | void debug_print(int level, const char *file, int line, const char *format, ...) {
36 |   va_list ap;
37 |   if (debug_level >= level) {
38 |     /* is stdout is a tty */
39 |     if (isatty(1)) {
40 |       const char *t = "\033[32mDEBUG"; /* green */
41 | 
42 |       if (-1 == level)
43 |         t = "\033[31mERROR"; /* red */
44 | 
45 |       /* print preamble */
46 |       printf("%s:%s:%d: ", t, file, line);
47 |       /* print message */
48 |       va_start(ap, format);
49 |       vprintf(format, ap);
50 |       va_end(ap);
51 |       /* print postamble */
52 |       printf("\033[0m\n");
53 |     }
54 |     else {
55 | 	  /* else we use syslog(3) */
56 |       char buf[100];
57 | 
58 |       /* print message */
59 |       va_start(ap, format);
60 |       vsnprintf(buf, sizeof(buf), format, ap);
61 |       va_end(ap);
62 | 
63 |       syslog(LOG_INFO, "%s", buf);
64 |     }
65 |   }
66 | }
67 | 


--------------------------------------------------------------------------------
/src/common/debug.h:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * PKCS #11 PAM Login Module
  3 |  * Copyright (C) 2003 Mario Strasser <mast@gmx.net>,
  4 |  *
  5 |  * This library is free software; you can redistribute it and/or
  6 |  * modify it under the terms of the GNU Lesser General Public
  7 |  * License as published by the Free Software Foundation; either
  8 |  * version 2.1 of the License, or (at your option) any later version.
  9 |  *
 10 |  * This library is distributed in the hope that it will be useful,
 11 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 12 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 13 |  * Lesser General Public License for more details.
 14 |  *
 15 |  * $Id$
 16 |  */
 17 | 
 18 | /**
 19 | *@brief
 20 | * This module contains macros for generate debugging messages
 21 | * Will be compiled an linked only when -DDEBUG CFLAG is used
 22 | */
 23 | 
 24 | #ifndef __DEBUG_H_
 25 | #define __DEBUG_H_
 26 | 
 27 | #ifdef HAVE_CONFIG_H
 28 | #include <config.h>
 29 | #endif
 30 | 
 31 | #ifndef DEBUG
 32 | 
 33 | #warning "Debugging is completely disabled!"
 34 | #define DBG
 35 | #define DBG1
 36 | #define DBG2
 37 | #define DBG3
 38 | #define DBG4
 39 | #define DBG5
 40 | 
 41 | #define ERR
 42 | #define ERR1
 43 | #define ERR2
 44 | #define ERR3
 45 | #define ERR4
 46 | #define ERR5
 47 | 
 48 | #else
 49 | 
 50 | /*
 51 | #define DBG(f, ...) debug_print(1, __FILE__, __LINE__, f, ## __VA_ARGS__)
 52 | */
 53 | /* this syntax is redundant in GCC, just used to avoid warns in -pedantic */
 54 | #define DBG(f) debug_print(1, __FILE__, __LINE__, f )
 55 | #define DBG1(f,a) debug_print(1, __FILE__, __LINE__, f , a )
 56 | #define DBG2(f,a,b) debug_print(1, __FILE__, __LINE__, f , a , b )
 57 | #define DBG3(f,a,b,c) debug_print(1, __FILE__, __LINE__, f , a , b , c )
 58 | #define DBG4(f,a,b,c,d) debug_print(1, __FILE__, __LINE__, f , a , b , c , d )
 59 | #define DBG5(f,a,b,c,d,e) debug_print(1, __FILE__, __LINE__, f , a , b , c , d , e )
 60 | 
 61 | #define ERR(f) debug_print(-1, __FILE__, __LINE__, f )
 62 | #define ERR1(f,a) debug_print(-1, __FILE__, __LINE__, f , a )
 63 | #define ERR2(f,a,b) debug_print(-1, __FILE__, __LINE__, f , a , b )
 64 | #define ERR3(f,a,b,c) debug_print(-1, __FILE__, __LINE__, f , a , b , c )
 65 | #define ERR4(f,a,b,c,d) debug_print(-1, __FILE__, __LINE__, f , a , b , c , d )
 66 | #define ERR5(f,a,b,c,d,e) debug_print(-1, __FILE__, __LINE__, f , a , b , c , d , e )
 67 | 
 68 | #ifndef __DEBUG_C_
 69 | #define DEBUG_EXTERN extern
 70 | #else
 71 | #define DEBUG_EXTERN
 72 | #endif
 73 | 
 74 | /**
 75 |  * set_debug_level() Sets the current debug level.
 76 |  *@param level New debug level
 77 |  */
 78 | DEBUG_EXTERN void set_debug_level(int level);
 79 | 
 80 | /**
 81 |  * get_debug_level() Returns the current debug level.
 82 |  *@return Current debug level
 83 |  */
 84 | DEBUG_EXTERN int get_debug_level(void);
 85 | 
 86 | /**
 87 |  * debug_print() prints the given message
 88 | 
 89 |  * if the current debug-level
 90 |  * is greater or equal to the defined level. The format string as well as all
 91 |  * further arguments are interpreted as by the printf() function.
 92 |  *@param level Debug level of message
 93 |  *@param file Name of the file where message is generated
 94 |  *@param line Line number where message is generated
 95 |  *@param format Message format
 96 |  *@param .... Optional arguments
 97 |  */
 98 | DEBUG_EXTERN void debug_print(int level, const char *file, int line, const char *format, ...)
 99 | #if defined __GNUC__
100 | 	__attribute__((format(printf, 4, 5)))
101 | #endif
102 | 	;
103 | 
104 | #undef DEBUG_EXTERN
105 | 
106 | #endif /* DEBUG */
107 | 
108 | #endif /* __DEBUG_H_ */
109 | 


--------------------------------------------------------------------------------
/src/common/error.c:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * PKCS #11 PAM Login Module
 3 |  * Copyright (C) 2003 Mario Strasser <mast@gmx.net>,
 4 |  *
 5 |  * This library is free software; you can redistribute it and/or
 6 |  * modify it under the terms of the GNU Lesser General Public
 7 |  * License as published by the Free Software Foundation; either
 8 |  * version 2.1 of the License, or (at your option) any later version.
 9 |  *
10 |  * This library is distributed in the hope that it will be useful,
11 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
13 |  * Lesser General Public License for more details.
14 |  *
15 |  * $Id$
16 |  */
17 | 
18 | #include "error.h"
19 | #include <string.h>
20 | #include <stdio.h>
21 | 
22 | #define __ERROR_C_
23 | 
24 | static char error_buffer[ERROR_BUFFER_SIZE] = "";
25 | 
26 | /**
27 | * store an error message into a temporary buffer, in a similar way as sprintf does
28 | * @param format String to be stored
29 | * @param ... Additional parameters
30 | */
31 | void set_error(const char *format, ...) {
32 |   static char tmp[ERROR_BUFFER_SIZE];
33 |   va_list ap;
34 |   va_start(ap, format);
35 |   vsnprintf(tmp, ERROR_BUFFER_SIZE, format, ap);
36 |   va_end(ap);
37 |   strcpy(error_buffer, tmp);
38 | }
39 | 
40 | /**
41 | * Retrieve error message string from buffer
42 | *@return Error message
43 | */
44 | const char *get_error(void) {
45 |   return (const char *)error_buffer;
46 | }
47 | 


--------------------------------------------------------------------------------
/src/common/error.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * PKCS #11 PAM Login Module
 3 |  * Copyright (C) 2003 Mario Strasser <mast@gmx.net>,
 4 |  *
 5 |  * This library is free software; you can redistribute it and/or
 6 |  * modify it under the terms of the GNU Lesser General Public
 7 |  * License as published by the Free Software Foundation; either
 8 |  * version 2.1 of the License, or (at your option) any later version.
 9 |  *
10 |  * This library is distributed in the hope that it will be useful,
11 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
13 |  * Lesser General Public License for more details.
14 |  *
15 |  * $Id$
16 |  */
17 | 
18 | #ifndef __ERROR_H_
19 | #define __ERROR_H_
20 | 
21 | #ifdef HAVE_CONFIG_H
22 | #include <config.h>
23 | #endif
24 | 
25 | #include <config.h>
26 | #include <stdarg.h>
27 | #ifndef HAVE_NSS
28 | #include <openssl/err.h>
29 | #endif
30 | #include <errno.h>
31 | 
32 | /** Default error message buffer size */
33 | #define ERROR_BUFFER_SIZE 512
34 | 
35 | #ifndef __ERROR_C_
36 | #define ERROR_EXTERN extern
37 | #else
38 | #define ERROR_EXTERN
39 | #endif
40 | 
41 | /**
42 | * store an error message into a temporary buffer, in a similar way as sprintf does
43 | * @param format String to be stored
44 | * @param ... Additional parameters
45 | */
46 | ERROR_EXTERN void set_error(const char *format, ...);
47 | 
48 | /**
49 | * Retrieve error message string from buffer
50 | *@return Error message
51 | */
52 | ERROR_EXTERN const char *get_error(void);
53 | 
54 | #undef ERROR_EXTERN
55 | #endif /* __ERROR_H_ */
56 | 


--------------------------------------------------------------------------------
/src/common/pkcs11_lib.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * PKCS #11 PAM Login Module
 3 |  * Copyright (C) 2003 Mario Strasser <mast@gmx.net>,
 4 |  *
 5 |  * This library is free software; you can redistribute it and/or
 6 |  * modify it under the terms of the GNU Lesser General Public
 7 |  * License as published by the Free Software Foundation; either
 8 |  * version 2.1 of the License, or (at your option) any later version.
 9 |  *
10 |  * This library is distributed in the hope that it will be useful,
11 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
13 |  * Lesser General Public License for more details.
14 |  *
15 |  * $Id$
16 |  */
17 | #ifndef __PKCS11_LIB_H__
18 | #define __PKCS11_LIB_H__
19 | 
20 | #include "cert_st.h"
21 | 
22 | typedef struct cert_object_str cert_object_t;
23 | typedef struct pkcs11_handle_str pkcs11_handle_t;
24 | 
25 | #ifndef __PKCS11_LIB_C__
26 | #define PKCS11_EXTERN extern
27 | #else
28 | #define PKCS11_EXTERN
29 | #endif
30 | 
31 | PKCS11_EXTERN int crypto_init(cert_policy *policy);
32 | PKCS11_EXTERN int load_pkcs11_module(const char *module, pkcs11_handle_t **h);
33 | PKCS11_EXTERN int init_pkcs11_module(pkcs11_handle_t *h,int flag);
34 | PKCS11_EXTERN int find_slot_by_number(pkcs11_handle_t *h,unsigned int slot_num,
35 |                                       unsigned int *slot);
36 | PKCS11_EXTERN int find_slot_by_number_and_label(pkcs11_handle_t *h,
37 |                                       int slot_num, const char *slot_label,
38 |                                       unsigned int *slot);
39 | PKCS11_EXTERN const char *get_slot_tokenlabel(pkcs11_handle_t *h);
40 | PKCS11_EXTERN int wait_for_token(pkcs11_handle_t *h,
41 |                                  int wanted_slot_num,
42 |                                  const char *wanted_token_label,
43 |                                  unsigned int *slot);
44 | PKCS11_EXTERN int find_slot_by_slotlabel(pkcs11_handle_t *h,
45 |                                  const char *wanted_slot_label,
46 |                                  unsigned int *slot);
47 | PKCS11_EXTERN int find_slot_by_slotlabel_and_tokenlabel(pkcs11_handle_t *h,
48 |                                  const char *wanted_slot_label,
49 |                                  const char *wanted_token_label,
50 |                                  unsigned int *slot);
51 | PKCS11_EXTERN int wait_for_token_by_slotlabel(pkcs11_handle_t *h,
52 |                                  const char *wanted_slot_label,
53 |                                  const char *wanted_token_label,
54 |                                  unsigned int *slot);
55 | PKCS11_EXTERN X509 *get_X509_certificate(cert_object_t *cert);
56 | PKCS11_EXTERN void release_pkcs11_module(pkcs11_handle_t *h);
57 | PKCS11_EXTERN int open_pkcs11_session(pkcs11_handle_t *h, unsigned int slot);
58 | PKCS11_EXTERN int close_pkcs11_session(pkcs11_handle_t *h);
59 | PKCS11_EXTERN int pkcs11_login(pkcs11_handle_t *h, char *password);
60 | PKCS11_EXTERN int pkcs11_pass_login(pkcs11_handle_t *h, int nullok);
61 | PKCS11_EXTERN int get_slot_login_required(pkcs11_handle_t *h);
62 | PKCS11_EXTERN int get_slot_protected_authentication_path(pkcs11_handle_t *h);
63 | PKCS11_EXTERN cert_object_t **get_certificate_list(pkcs11_handle_t *h,
64 |                                                   int *ncert);
65 | PKCS11_EXTERN int get_private_key(pkcs11_handle_t *h, cert_object_t *);
66 | PKCS11_EXTERN int sign_value(pkcs11_handle_t *h, cert_object_t *,
67 |                unsigned char *data, unsigned long length,
68 |                unsigned char **signature, unsigned long *signature_length);
69 | PKCS11_EXTERN int get_random_value(unsigned char *data, int length);
70 | PKCS11_EXTERN void cleanse(void *ptr, size_t len);
71 | 
72 | #undef PKCS11_EXTERN
73 | 
74 | /* end of pkcs11_lib.h */
75 | #endif
76 | 


--------------------------------------------------------------------------------
/src/common/rsaref/Makefile.am:
--------------------------------------------------------------------------------
1 | # Process this file with automake to create Makefile.in
2 | 
3 | MAINTAINERCLEANFILES = Makefile.in
4 | 
5 | EXTRA_DIST = PKCS11_README
6 | 
7 | #include_HEADERS = pkcs11.h pkcs11f.h pkcs11t.h
8 | noinst_HEADERS = pkcs11.h pkcs11f.h pkcs11t.h
9 | 


--------------------------------------------------------------------------------
/src/common/rsaref/PKCS11_README:
--------------------------------------------------------------------------------
 1 | DISCLAIMER
 2 | 
 3 | Regarding the header files in this directory:
 4 | 
 5 | License to copy and use this software is granted provided that it is identified
 6 | as "RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki)"
 7 | in all material mentioning or referencing this software or this function.
 8 | 
 9 | License is also granted to make and use derivative works provided that such
10 | works are identified as "derived from the RSA Security Inc. PKCS #11
11 | Cryptographic Token Interface (Cryptoki)" in all material mentioning or
12 | referencing the derived work.
13 | 
14 | This software is provided AS IS and RSA Security, Inc. disclaims all warranties
15 | including but not limited to the implied warranty of merchantability, fitness
16 | for a particular purpose, and noninfringement.
17 | 
18 | 


--------------------------------------------------------------------------------
/src/common/rsaref/pkcs11.h:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * PKCS #11 PAM Login Module
  3 |  * Copyright (C) 2003 Mario Strasser <mast@gmx.net>,
  4 |  *
  5 |  * This library is free software; you can redistribute it and/or
  6 |  * modify it under the terms of the GNU Lesser General Public
  7 |  * License as published by the Free Software Foundation; either
  8 |  * version 2.1 of the License, or (at your option) any later version.
  9 |  *
 10 |  * This library is distributed in the hope that it will be useful,
 11 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 12 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 13 |  * Lesser General Public License for more details.
 14 |  *
 15 |  * $Id$
 16 |  */
 17 | 
 18 | #ifndef PKCS11_H
 19 | #define PKCS11_H
 20 | 
 21 | #include <openssl/x509.h>
 22 | 
 23 | /* Some UNIX specific macros */
 24 | 
 25 | #define CK_PTR *
 26 | #define CK_DEFINE_FUNCTION(returnType, name) \
 27 |   returnType name
 28 | #define CK_DECLARE_FUNCTION(returnType, name) \
 29 |   returnType name
 30 | #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
 31 |   returnType (* name)
 32 | #define CK_CALLBACK_FUNCTION(returnType, name) \
 33 |   returnType (* name)
 34 | #ifndef NULL_PTR
 35 | #define NULL_PTR 0
 36 | #endif
 37 | 
 38 | /* License to copy and use this software is granted provided that it is
 39 |  * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
 40 |  * (Cryptoki)" in all material mentioning or referencing this software.
 41 | 
 42 |  * License is also granted to make and use derivative works provided that
 43 |  * such works are identified as "derived from the RSA Security Inc. PKCS #11
 44 |  * Cryptographic Token Interface (Cryptoki)" in all material mentioning or
 45 |  * referencing the derived work.
 46 | 
 47 |  * RSA Security Inc. makes no representations concerning either the
 48 |  * merchantability of this software or the suitability of this software for
 49 |  * any particular purpose. It is provided "as is" without express or implied
 50 |  * warranty of any kind.
 51 |  */
 52 | 
 53 | /* All the various Cryptoki types and #define'd values are in the
 54 |  * file pkcs11t.h. */
 55 | #include "pkcs11t.h"
 56 | 
 57 | #define __PASTE(x,y)      x##y
 58 | 
 59 | 
 60 | /* ==============================================================
 61 |  * Define the "extern" form of all the entry points.
 62 |  * ==============================================================
 63 |  */
 64 | 
 65 | #define CK_NEED_ARG_LIST  1
 66 | #define CK_PKCS11_FUNCTION_INFO(name) \
 67 |   extern CK_DECLARE_FUNCTION(CK_RV, name)
 68 | 
 69 | /* pkcs11f.h has all the information about the Cryptoki
 70 |  * function prototypes. */
 71 | #include "pkcs11f.h"
 72 | 
 73 | #undef CK_NEED_ARG_LIST
 74 | #undef CK_PKCS11_FUNCTION_INFO
 75 | 
 76 | 
 77 | /* ==============================================================
 78 |  * Define the typedef form of all the entry points.  That is, for
 79 |  * each Cryptoki function C_XXX, define a type CK_C_XXX which is
 80 |  * a pointer to that kind of function.
 81 |  * ==============================================================
 82 |  */
 83 | 
 84 | #define CK_NEED_ARG_LIST  1
 85 | #define CK_PKCS11_FUNCTION_INFO(name) \
 86 |   typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, __PASTE(CK_,name))
 87 | 
 88 | /* pkcs11f.h has all the information about the Cryptoki
 89 |  * function prototypes. */
 90 | #include "pkcs11f.h"
 91 | 
 92 | #undef CK_NEED_ARG_LIST
 93 | #undef CK_PKCS11_FUNCTION_INFO
 94 | 
 95 | 
 96 | /* ==============================================================
 97 |  * Define structured vector of entry points.  A CK_FUNCTION_LIST
 98 |  * contains a CK_VERSION indicating a library's Cryptoki version
 99 |  * and then a whole slew of function pointers to the routines in
100 |  * the library.  This type was declared, but not defined, in
101 |  * pkcs11t.h.
102 |  * ==============================================================
103 |  */
104 | 
105 | #define CK_PKCS11_FUNCTION_INFO(name) \
106 |   __PASTE(CK_,name) name;
107 | 
108 | struct CK_FUNCTION_LIST {
109 | 
110 |   CK_VERSION version;           /* Cryptoki version */
111 | 
112 | /* Pile all the function pointers into the CK_FUNCTION_LIST. */
113 | /* pkcs11f.h has all the information about the Cryptoki
114 |  * function prototypes. */
115 | #include "pkcs11f.h"
116 | 
117 | };
118 | 
119 | #undef CK_PKCS11_FUNCTION_INFO
120 | #undef __PASTE
121 | 
122 | #endif /* PKCS11_H */
123 | 


--------------------------------------------------------------------------------
/src/common/strings.h:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * PAM-PKCS11 string tools
  3 |  * Copyright (C) 2005 Juan Antonio Martinez <jonsito@teleline.es>
  4 |  * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser <mast@gmx.net>
  5 |  *
  6 |  * This library is free software; you can redistribute it and/or
  7 |  * modify it under the terms of the GNU Lesser General Public
  8 |  * License as published by the Free Software Foundation; either
  9 |  * version 2.1 of the License, or (at your option) any later version.
 10 |  *
 11 |  * This library is distributed in the hope that it will be useful,
 12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 14 |  * Lesser General Public License for more details.
 15 |  *
 16 |  * You should have received a copy of the GNU Lesser General Public
 17 |  * License along with this library; if not, write to the Free Software
 18 |  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 19 |  *
 20 |  * $Id$
 21 |  */
 22 | 
 23 | #ifndef __STRINGS_H_
 24 | #define __STRINGS_H_
 25 | 
 26 | #ifdef HAVE_CONFIG_H
 27 | #include <config.h>
 28 | #endif
 29 | 
 30 | #include <stdlib.h>
 31 | #include <string.h>
 32 | 
 33 | /**
 34 | * String management library
 35 | */
 36 | #ifndef _STRINGS_C_
 37 | #define M_EXTERN extern
 38 | #else
 39 | #define M_EXTERN
 40 | #endif
 41 | 
 42 | /**
 43 |  * Check for a null or spaced string
 44 |  *@param str Tested string
 45 |  *@return nonzero on null, empty or spaced string, else zero
 46 |  */
 47 | M_EXTERN int is_empty_str(const char *str);
 48 | 
 49 | /**
 50 |  * Duplicate a string
 51 |  *@param str String to be cloned
 52 |  *@return Pointer to cloned string or null if error in allocating memory
 53 |  */
 54 | M_EXTERN char *clone_str(const char *str);
 55 | 
 56 | /**
 57 |  * Duplicate a string converting all chars to upper-case
 58 |  *@param str String to be cloned & uppercassed
 59 |  *@return Pointer to result string or null if error in allocating memory
 60 |  */
 61 | M_EXTERN char *toupper_str(const char *str);
 62 | 
 63 | /**
 64 |  * Duplicate a string converting all chars to lower-case
 65 |  *@param str String to be cloned & lowercased
 66 |  *@return Pointer to result string or null if error in allocating memory
 67 |  */
 68 | M_EXTERN char *tolower_str(const char *str);
 69 | 
 70 | /**
 71 |  * Convert a byte array into a colon-separated hexadecimal sequence
 72 |  *@param binstr ByteArray to be parsed
 73 |  *@param len Number of bytes to be converted
 74 |  *@return Pointer to result string or null if error in allocating memory
 75 |  */
 76 | M_EXTERN char *bin2hex(const unsigned char *binstr,const int len);
 77 | 
 78 | /**
 79 |  * Convert a colon-separated hexadecimal data into a byte array
 80 |  *@param hexstr String to be parsed
 81 |  *@return Pointer to resulting byte array, or null if no memory available
 82 |  */
 83 | M_EXTERN unsigned char *hex2bin(const char *hexstr);
 84 | 
 85 | /**
 86 |  * Convert a colon-separated hexadecimal data into a byte array,
 87 |  * store result into a previously allocated space
 88 |  *@param hexstr String to be parsed
 89 |  *@param res Pointer to pre-allocated user space
 90 |  *@param size Pointer to store length of data parsed
 91 |  *@return Pointer to resulting byte array, or null on parse error
 92 |  */
 93 | M_EXTERN unsigned char *hex2bin_static(const char *hexstr,unsigned char **res,int *size);
 94 | 
 95 | /**
 96 |  * Splits a string to an array of nelems by using sep as character separator.
 97 |  *
 98 |  * To free() memory used by this call, call free(res[0]); free(res);
 99 |  *@param str String to be parsed
100 |  *@param sep Character to be used as separator
101 |  *@param nelems Number of elements of resulting array
102 |  *@return res: Pointer to resulting string array, or null if malloc() error
103 |  */
104 | M_EXTERN char **split(const char *str,char sep, int nelems);
105 | 
106 | /**
107 |  * Splits a string to an array of nelems by using sep as character separator,
108 |  * using dest as pre-allocated destination memory for the resulting array
109 |  *
110 |  * To free() memory used by this call, just call free result pointer
111 |  *@param str String to be parsed
112 |  *@param sep Character to be used as separator
113 |  *@param nelems Number of elements of resulting array
114 |  *@param dst Char array to store temporary data
115 |  *@return Pointer to resulting string array, or null if malloc() error
116 |  */
117 | M_EXTERN char **split_static(const char *str,char sep, int nelems,char *dst);
118 | 
119 | /**
120 |  * Remove all extra spaces from a string.
121 |  * a char is considered space if trues isspace()
122 |  *
123 |  *@param str String to be trimmed
124 |  *@return Pointer to cloned string with all spaces trimmed or null if error in allocating memory
125 |  */
126 | M_EXTERN char *trim(const char *str);
127 | 
128 | #undef M_EXTERN
129 | 
130 | #endif
131 | 


--------------------------------------------------------------------------------
/src/common/strndup.c:
--------------------------------------------------------------------------------
 1 | /* strndup.c
 2 |  *
 3 |  */
 4 | 
 5 | /* Written by Niels Möller <nisse@lysator.liu.se>
 6 |  * modified by Ludovic Rousseau <ludovic.rousseau@free.fr>
 7 |  *
 8 |  * This file is hereby placed in the public domain.
 9 |  */
10 | 
11 | #ifdef HAVE_CONFIG_H
12 | #include <config.h>
13 | #endif
14 | #include <stdlib.h>
15 | #include <string.h>
16 | 
17 | #ifndef HAVE_STRNDUP
18 | char * strndup (const char *s, size_t size)
19 | {
20 | 	char *r = NULL;
21 | 	char *end = memchr(s, 0, size);
22 | 
23 | 	if (NULL == end)
24 | 		return NULL;
25 | 
26 | 	/* Length */
27 | 	size = end - s;
28 | 
29 | 	r = malloc(size+1);
30 | 	if (r)
31 | 	{
32 | 		memcpy(r, s, size);
33 | 		r[size] = '\0';
34 | 	}
35 | 	return r;
36 | }
37 | #endif
38 | 


--------------------------------------------------------------------------------
/src/common/strndup.h:
--------------------------------------------------------------------------------
1 | #ifndef HAVE_STRNDUP
2 | char * strndup (const char *s, size_t size);
3 | #endif
4 | 


--------------------------------------------------------------------------------
/src/common/uri.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * PKCS #11 PAM Login Module
 3 |  * Copyright (C) 2003 Mario Strasser <mast@gmx.net>,
 4 |  *
 5 |  * This library is free software; you can redistribute it and/or
 6 |  * modify it under the terms of the GNU Lesser General Public
 7 |  * License as published by the Free Software Foundation; either
 8 |  * version 2.1 of the License, or (at your option) any later version.
 9 |  *
10 |  * This library is distributed in the hope that it will be useful,
11 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
13 |  * Lesser General Public License for more details.
14 |  *
15 |  * $Id$
16 |  */
17 | 
18 | /** \file
19 |  This module contains several functions to retrieve data from an URL
20 | 
21 |  Some examples of valid URL's:
22 |  <ul>
23 |  <li>file:///home/mario/projects/pkcs11_login/tests/ca_crl_0.pem</li>
24 |  <li>ftp://ftp.rediris.es/certs/rediris_cacert.pem</li>
25 |  <li>http://www-t.zhwin.ch/ca/root_ca.crl</li>
26 |  <li>ldap://directory.verisign.com:389/CN=VeriSign IECA, OU=IECA-3, OU=Contractor, OU=PKI, OU=DOD, O=U.S. Government, C=US?certificateRevocationList;binary</li>
27 |  </ul>
28 | */
29 | 
30 | #ifndef __URI_H_
31 | #define __URI_H_
32 | 
33 | #ifdef HAVE_CONFIG_H
34 | #include <config.h>
35 | #endif
36 | #include <stdlib.h>
37 | 
38 | #ifndef __URI_C_
39 | #define URI_EXTERN extern
40 | #else
41 | #define URI_EXTERN
42 | #endif
43 | 
44 | URI_EXTERN int is_uri(const char *path);
45 | URI_EXTERN int is_file(const char *path);
46 | URI_EXTERN int is_dir(const char *path);
47 | URI_EXTERN int is_symlink(const char *path);
48 | 
49 | /**
50 | *  Downloads data from a given URI
51 | *@param uri_str URL string where to retrieve data
52 | *@param data Pointer to a String buffer where data is retrieved
53 | *@param length Length of retrieved data
54 | *@return -1 on error, 0 on success
55 | */
56 | URI_EXTERN int get_from_uri(const char *uri_str, unsigned char **data, size_t *length);
57 | 
58 | #undef URI_EXTERN
59 | 
60 | #endif /* __URI_H_ */
61 | 


--------------------------------------------------------------------------------
/src/mappers/Makefile.am:
--------------------------------------------------------------------------------
  1 | # Process this file with automake to create Makefile.in
  2 | 
  3 | MAINTAINERCLEANFILES = Makefile.in
  4 | 
  5 | libdir = @libdir@/pam_pkcs11
  6 | 
  7 | # Add openssl specific flags
  8 | AM_CFLAGS = $(CRYPTO_CFLAGS)
  9 | AM_CPPFLAGS = $(CRYPTO_CFLAGS)
 10 | 
 11 | # Statically linked mappers list
 12 | # Uncomment to get the referred mapper statically linked
 13 | # DON'T FORGET to update libmappers_la_SOURCES and lib_LTLIBRARIES entries below
 14 | # nor the corresponding "module = ..." in etc/pam_pkcs11.conf.example
 15 | #
 16 | AM_CFLAGS += -DSUBJECT_MAPPER_STATIC
 17 | #AM_CFLAGS += -DLDAP_MAPPER_STATIC
 18 | #AM_CFLAGS += -DOPENSC_MAPPER_STATIC
 19 | AM_CFLAGS += -DMAIL_MAPPER_STATIC
 20 | AM_CFLAGS += -DMS_MAPPER_STATIC
 21 | AM_CFLAGS += -DKRB_MAPPER_STATIC
 22 | AM_CFLAGS += -DDIGEST_MAPPER_STATIC
 23 | AM_CFLAGS += -DCN_MAPPER_STATIC
 24 | AM_CFLAGS += -DUID_MAPPER_STATIC
 25 | AM_CFLAGS += -DPWENT_MAPPER_STATIC
 26 | AM_CFLAGS += -DGENERIC_MAPPER_STATIC
 27 | #AM_CFLAGS += -DOPENSSH_MAPPER_STATIC
 28 | AM_CFLAGS += -DNULL_MAPPER_STATIC
 29 | 
 30 | # list of statically linked mappers
 31 | noinst_LTLIBRARIES = libmappers.la
 32 | libmappers_la_SOURCES = mapper.c mapper.h \
 33 | 	subject_mapper.c subject_mapper.h \
 34 | 	mail_mapper.c mail_mapper.h \
 35 | 	ms_mapper.c ms_mapper.h \
 36 | 	krb_mapper.c krb_mapper.h \
 37 | 	digest_mapper.c digest_mapper.h \
 38 | 	cn_mapper.c cn_mapper.h \
 39 | 	uid_mapper.c uid_mapper.h \
 40 | 	pwent_mapper.c pwent_mapper.h \
 41 | 	generic_mapper.c generic_mapper.h \
 42 | 	null_mapper.c null_mapper.h \
 43 | 	mapperlist.c mapperlist.h
 44 | 
 45 | libmappers_la_LDFLAGS = ../scconf/libscconf.la ../common/libcommon.la -shared
 46 | 
 47 | # list of dynamic linked mappers
 48 | if HAVE_LDAP
 49 | lib_LTLIBRARIES = ldap_mapper.la opensc_mapper.la openssh_mapper.la
 50 | else
 51 | lib_LTLIBRARIES = opensc_mapper.la openssh_mapper.la
 52 | endif
 53 | 
 54 | openssh_mapper_la_SOURCES = openssh_mapper.c openssh_mapper.h
 55 | openssh_mapper_la_LDFLAGS = -module -avoid-version -shared
 56 | openssh_mapper_la_LIBADD = libmappers.la
 57 | 
 58 | # generic_mapper_la_SOURCES = generic_mapper.c generic_mapper.h
 59 | # generic_mapper_la_LDFLAGS = -module -avoid-version -shared
 60 | # generic_mapper_la_LIBADD = libmappers.la
 61 | 
 62 | # subject_mapper_la_SOURCES = subject_mapper.c subject_mapper.h
 63 | # subject_mapper_la_LDFLAGS = -module -avoid-version -shared
 64 | # subject_mapper_la_LIBADD = libmappers.la
 65 | 
 66 | if HAVE_LDAP
 67 | ldap_mapper_la_SOURCES = ldap_mapper.c ldap_mapper.h
 68 | ldap_mapper_la_LDFLAGS = -module -avoid-version -shared
 69 | ldap_mapper_la_LIBADD = libmappers.la
 70 | endif
 71 | 
 72 | opensc_mapper_la_SOURCES = opensc_mapper.c opensc_mapper.h
 73 | opensc_mapper_la_LDFLAGS = -module -avoid-version -shared
 74 | opensc_mapper_la_LIBADD = libmappers.la
 75 | 
 76 | # mail_mapper_la_SOURCES = mail_mapper.c mail_mapper.h
 77 | # mail_mapper_la_LDFLAGS = -module -avoid-version -shared
 78 | # mail_mapper_la_LIBADD = libmappers.la
 79 | 
 80 | # ms_mapper_la_SOURCES = ms_mapper.c ms_mapper.h
 81 | # ms_mapper_la_LDFLAGS = -module -avoid-version -shared
 82 | # ms_mapper_la_LIBADD = libmappers.la
 83 | 
 84 | # krb_mapper_la_SOURCES = krb_mapper.c krb_mapper.h
 85 | # krb_mapper_la_LDFLAGS = -module -avoid-version -shared
 86 | # krb_mapper_la_LIBADD = libmappers.la
 87 | 
 88 | # cn_mapper_la_SOURCES = cn_mapper.c cn_mapper.h
 89 | # cn_mapper_la_LDFLAGS = -module -avoid-version -shared
 90 | # cn_mapper_la_LIBADD = libmappers.la
 91 | 
 92 | # uid_mapper_la_SOURCES = uid_mapper.c uid_mapper.h
 93 | # uid_mapper_la_LDFLAGS = -module -avoid-version -shared
 94 | # uid_mapper_la_LIBADD = libmappers.la
 95 | 
 96 | # pwent_mapper_la_SOURCES = pwent_mapper.c pwent_mapper.h
 97 | # pwent_mapper_la_LDFLAGS = -module -avoid-version -shared
 98 | # pwent_mapper_la_LIBADD = libmappers.la
 99 | 
100 | # digest_mapper_la_SOURCES = digest_mapper.c digest_mapper.h
101 | # digest_mapper_la_LDFLAGS = -module -avoid-version -shared
102 | # digest_mapper_la_LIBADD = libmappers.la
103 | 
104 | # null_mapper_la_SOURCES = null_mapper.c null_mapper.h
105 | # null_mapper_la_LDFLAGS = -module -avoid-version -shared
106 | # null_mapper_la_LIBADD = libmappers.la
107 | 
108 | 


--------------------------------------------------------------------------------
/src/mappers/cn_mapper.c:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * PAM-PKCS11 CN mapper module
  3 |  * Copyright (C) 2005 Juan Antonio Martinez <jonsito@teleline.es>
  4 |  * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser <mast@gmx.net>
  5 |  *
  6 |  * This library is free software; you can redistribute it and/or
  7 |  * modify it under the terms of the GNU Lesser General Public
  8 |  * License as published by the Free Software Foundation; either
  9 |  * version 2.1 of the License, or (at your option) any later version.
 10 |  *
 11 |  * This library is distributed in the hope that it will be useful,
 12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 14 |  * Lesser General Public License for more details.
 15 |  *
 16 |  * You should have received a copy of the GNU Lesser General Public
 17 |  * License along with this library; if not, write to the Free Software
 18 |  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 19 |  *
 20 |  * $Id$
 21 |  */
 22 | 
 23 | #define __CN_MAPPER_C_
 24 | 
 25 | #ifdef HAVE_CONFIG_H
 26 | #include <config.h>
 27 | #endif
 28 | 
 29 | #include "../common/cert_st.h"
 30 | #include "../scconf/scconf.h"
 31 | #include "../common/debug.h"
 32 | #include "../common/error.h"
 33 | #include "../common/strings.h"
 34 | #include "../common/cert_info.h"
 35 | #include "mapper.h"
 36 | #include "cn_mapper.h"
 37 | 
 38 | static const char *mapfile="none";
 39 | static int ignorecase=0;
 40 | static int debug=0;
 41 | 
 42 | /*
 43 | * This mapper uses the common name (CN) entry on the certificate to
 44 | * find user name.
 45 | * When a mapfile is specified, try to map CN entry to a user login
 46 | */
 47 | 
 48 | /**
 49 | * Return array of found CN's
 50 | */
 51 | static char ** cn_mapper_find_entries(X509 *x509, void *context) {
 52 |         char **entries= cert_info(x509,CERT_CN,ALGORITHM_NULL);
 53 |         if (!entries) {
 54 |                 DBG("get_common_name() failed");
 55 |                 return NULL;
 56 |         }
 57 |         return entries;
 58 | }
 59 | 
 60 | /*
 61 | parses the certificate and return the first CN entry found, or NULL
 62 | */
 63 | static char * cn_mapper_find_user(X509 *x509, void *context, int *match) {
 64 |         char *res;
 65 |         char **entries= cert_info(x509,CERT_CN,ALGORITHM_NULL);
 66 |         if (!entries) {
 67 |             DBG("get_common_name() failed");
 68 |             return NULL;
 69 |         }
 70 |         DBG1("trying to map CN entry '%s'",entries[0]);
 71 |         res = mapfile_find(mapfile,entries[0],ignorecase,match);
 72 |         if (!res) {
 73 |             DBG("Error in map process");
 74 |             return NULL;
 75 |         }
 76 |         return clone_str(res);
 77 | }
 78 | 
 79 | /*
 80 | * parses the certificate and try to macht any CN in the certificate
 81 | * with provided user
 82 | */
 83 | static int cn_mapper_match_user(X509 *x509,const char *login, void *context) {
 84 |         char *str;
 85 |         int match_found = 0;
 86 |         char **entries  = cert_info(x509,CERT_CN,ALGORITHM_NULL);
 87 |         if (!entries) {
 88 |             DBG("get_common_name() failed");
 89 |             return -1;
 90 |         }
 91 |         /* parse list of uids until match */
 92 |         for (str=*entries; str && (match_found==0); str=*++entries) {
 93 |             int res=0;
 94 |             DBG1("trying to map & match CN entry '%s'",str);
 95 |             res = mapfile_match(mapfile,str,login,ignorecase);
 96 |             if (!res) {
 97 |                 DBG("Error in map&match process");
 98 |                 return -1; /* or perhaps should be "continue" ??*/
 99 |             }
100 |             if (res>0) match_found=1;
101 |         }
102 |         return match_found;
103 | }
104 | 
105 | _DEFAULT_MAPPER_END
106 | 
107 | static mapper_module * init_mapper_st(scconf_block *blk, const char *name) {
108 | 	mapper_module *pt= malloc(sizeof(mapper_module));
109 | 	if (!pt) return NULL;
110 | 	pt->name = name;
111 | 	pt->block = blk;
112 | 	pt->context = NULL;
113 | 	pt->entries = cn_mapper_find_entries;
114 | 	pt->finder = cn_mapper_find_user;
115 | 	pt->matcher = cn_mapper_match_user;
116 | 	pt->deinit = mapper_module_end;
117 | 	return pt;
118 | }
119 | 
120 | /**
121 | * Initialization routine
122 | */
123 | #ifndef CN_MAPPER_STATIC
124 | mapper_module * mapper_module_init(scconf_block *blk,const char *mapper_name) {
125 | #else
126 | mapper_module * cn_mapper_module_init(scconf_block *blk,const char *mapper_name) {
127 | #endif
128 | 	mapper_module *pt;
129 | 	if (blk) {
130 | 		debug= scconf_get_bool(blk,"debug",0);
131 | 	mapfile= scconf_get_str(blk,"mapfile",mapfile);
132 | 	ignorecase= scconf_get_bool(blk,"ignorecase",ignorecase);
133 | 	} else {
134 | 		DBG1("No block declaration for mapper '%s'",mapper_name);
135 | 	}
136 | 	set_debug_level(debug);
137 | 	pt = init_mapper_st(blk,mapper_name);
138 | 	if (pt) DBG3("CN mapper started. debug: %d, mapfile: %s, icase: %d",debug,mapfile,ignorecase);
139 | 	else DBG("CN mapper initialization error");
140 |         return pt;
141 | }
142 | 
143 | 


--------------------------------------------------------------------------------
/src/mappers/cn_mapper.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * PAM-PKCS11 mapping modules
 3 |  * Copyright (C) 2005 Juan Antonio Martinez <jonsito@teleline.es>
 4 |  * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser <mast@gmx.net>
 5 |  *
 6 |  * This library is free software; you can redistribute it and/or
 7 |  * modify it under the terms of the GNU Lesser General Public
 8 |  * License as published by the Free Software Foundation; either
 9 |  * version 2.1 of the License, or (at your option) any later version.
10 |  *
11 |  * This library is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14 |  * Lesser General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU Lesser General Public
17 |  * License along with this library; if not, write to the Free Software
18 |  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 |  *
20 |  * $Id$
21 |  */
22 | 
23 | #ifndef __CN_MAPPER_H_
24 | #define __CN_MAPPER_H_
25 | 
26 | #ifdef HAVE_CONFIG_H
27 | #include <config.h>
28 | #endif
29 | 
30 | #include "../scconf/scconf.h"
31 | #include "mapper.h"
32 | 
33 | #ifdef CN_MAPPER_STATIC
34 | 
35 | #ifndef __CN_MAPPER_C_
36 | #define CN_EXTERN extern
37 | #else
38 | #define CN_EXTERN
39 | #endif
40 | CN_EXTERN mapper_module * cn_mapper_module_init(scconf_block *blk,const char *mapper_name);
41 | #undef CN_EXTERN
42 | 
43 | /* end of static (if any) declarations */
44 | #endif
45 | 
46 | /* End of cn_mapper.h */
47 | #endif
48 | 


--------------------------------------------------------------------------------
/src/mappers/digest_mapper.c:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * PAM-PKCS11 Certificate digest mapper module
  3 |  * Copyright (C) 2005 Juan Antonio Martinez <jonsito@teleline.es>
  4 |  * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser <mast@gmx.net>
  5 |  *
  6 |  * This library is free software; you can redistribute it and/or
  7 |  * modify it under the terms of the GNU Lesser General Public
  8 |  * License as published by the Free Software Foundation; either
  9 |  * version 2.1 of the License, or (at your option) any later version.
 10 |  *
 11 |  * This library is distributed in the hope that it will be useful,
 12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 14 |  * Lesser General Public License for more details.
 15 |  *
 16 |  * You should have received a copy of the GNU Lesser General Public
 17 |  * License along with this library; if not, write to the Free Software
 18 |  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 19 |  *
 20 |  * $Id$
 21 |  */
 22 | 
 23 | #define __DIGEST_MAPPER_C_
 24 | 
 25 | #ifdef HAVE_CONFIG_H
 26 | #include <config.h>
 27 | #endif
 28 | 
 29 | #include "../common/cert_st.h"
 30 | #include "../common/alg_st.h"
 31 | #include "../scconf/scconf.h"
 32 | #include "../common/debug.h"
 33 | #include "../common/error.h"
 34 | #include "../common/strings.h"
 35 | #include "../common/cert_info.h"
 36 | #include "mapper.h"
 37 | #include "digest_mapper.h"
 38 | /*
 39 | * Create Certificate digest and use it to perform mapping process
 40 | */
 41 | 
 42 | static const char *mapfile = "none";
 43 | static ALGORITHM_TYPE algorithm= ALGORITHM_SHA1;
 44 | static int debug= 0;
 45 | 
 46 | /*
 47 | * return fingerprint of certificate
 48 | */
 49 | static char ** digest_mapper_find_entries(X509 *x509, void *context) {
 50 | 	char **entries;
 51 | 	if ( !x509 ) {
 52 |                 DBG("NULL certificate provided");
 53 | 		return NULL;
 54 | 	}
 55 | 	entries= cert_info(x509,CERT_DIGEST,algorithm);
 56 | 	DBG1("entries() Found digest '%s'",entries[0]);
 57 | 	return entries;
 58 | }
 59 | 
 60 | static char * digest_mapper_find_user(X509 *x509, void *context, int *match) {
 61 | 	char **entries;
 62 | 	if ( !x509 ) {
 63 |                 DBG("NULL certificate provided");
 64 | 		return NULL;
 65 | 	}
 66 | 	entries = cert_info(x509,CERT_DIGEST,algorithm);
 67 | 	DBG1("find() Found digest '%s'",entries[0]);
 68 |         return mapfile_find(mapfile,entries[0],1,match);
 69 | }
 70 | 
 71 | /*
 72 | * parses the certificate and try to match certificate digest
 73 | * with provided user
 74 | */
 75 | static int digest_mapper_match_user(X509 *x509,const char *login, void *context) {
 76 |         char **entries;
 77 |         if (!x509) {
 78 |                 DBG("NULL certificate provided");
 79 |                 return 0;
 80 |         }
 81 | 	entries = cert_info(x509,CERT_DIGEST,algorithm);
 82 | 	DBG1("match() Found digest '%s'",entries[0]);
 83 |         return mapfile_match(mapfile,entries[0],login,1);
 84 | }
 85 | 
 86 | _DEFAULT_MAPPER_END
 87 | 
 88 | static mapper_module * init_mapper_st(scconf_block *blk, const char *name) {
 89 | 	mapper_module *pt= malloc(sizeof(mapper_module));
 90 | 	if (!pt) return NULL;
 91 | 	pt->name = name;
 92 | 	pt->block = blk;
 93 | 	pt->context = NULL;
 94 | 	pt->entries = digest_mapper_find_entries;
 95 | 	pt->finder = digest_mapper_find_user;
 96 | 	pt->matcher = digest_mapper_match_user;
 97 | 	pt->deinit = mapper_module_end;
 98 | 	return pt;
 99 | }
100 | 
101 | /**
102 | * Initialize module
103 | * returns 1 on success, 0 on error
104 | */
105 | #ifndef DIGEST_MAPPER_STATIC
106 | mapper_module * mapper_module_init(scconf_block *blk,const char *mapper_name) {
107 | #else
108 | mapper_module * digest_mapper_module_init(scconf_block *blk,const char *mapper_name) {
109 | #endif
110 | 	mapper_module *pt;
111 | 	const char *hash_alg_string = NULL;
112 | 	if (blk) {
113 | 	debug = scconf_get_bool( blk,"debug",0);
114 | 	hash_alg_string = scconf_get_str( blk,"algorithm","sha1");
115 | 		mapfile= scconf_get_str(blk,"mapfile",mapfile);
116 | 	} else {
117 | 		/* should not occurs, but... */
118 | 		DBG1("No block declaration for mapper '%s'",mapper_name);
119 | 	}
120 | 	set_debug_level(debug);
121 | 	algorithm = Alg_get_alg_from_string(hash_alg_string);
122 | 	if(algorithm == ALGORITHM_NULL) {
123 | 		DBG1("Invalid digest algorithm %s, using 'sha1'", hash_alg_string);
124 | 		algorithm = ALGORITHM_SHA1;
125 | 	}
126 | 	pt = init_mapper_st(blk,mapper_name);
127 | 	if (pt) DBG3("Digest mapper started. debug: %d, mapfile: %s, algorithm: %s",debug,mapfile,hash_alg_string);
128 | 	else DBG("Digest mapper initialization failed");
129 | 	return pt;
130 | }
131 | 


--------------------------------------------------------------------------------
/src/mappers/digest_mapper.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * PAM-PKCS11 mapping modules
 3 |  * Copyright (C) 2005 Juan Antonio Martinez <jonsito@teleline.es>
 4 |  * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser <mast@gmx.net>
 5 |  *
 6 |  * This library is free software; you can redistribute it and/or
 7 |  * modify it under the terms of the GNU Lesser General Public
 8 |  * License as published by the Free Software Foundation; either
 9 |  * version 2.1 of the License, or (at your option) any later version.
10 |  *
11 |  * This library is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14 |  * Lesser General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU Lesser General Public
17 |  * License along with this library; if not, write to the Free Software
18 |  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 |  *
20 |  * $Id$
21 |  */
22 | 
23 | #ifndef __DIGEST_MAPPER_H_
24 | #define __DIGEST_MAPPER_H_
25 | 
26 | #ifdef HAVE_CONFIG_H
27 | #include <config.h>
28 | #endif
29 | 
30 | #include "../scconf/scconf.h"
31 | #include "mapper.h"
32 | 
33 | #ifdef DIGEST_MAPPER_STATIC
34 | 
35 | #ifndef __DIGEST_MAPPER_C_
36 | #define DIGEST_EXTERN extern
37 | #else
38 | #define DIGEST_EXTERN
39 | #endif
40 | DIGEST_EXTERN mapper_module * digest_mapper_module_init(scconf_block *blk,const char *mapper_name);
41 | #undef DIGEST_EXTERN
42 | 
43 | /* end of static (if any) declarations */
44 | #endif
45 | 
46 | /* End of digest_mapper.h */
47 | #endif
48 | 


--------------------------------------------------------------------------------
/src/mappers/generic_mapper.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * PAM-PKCS11 mapping modules
 3 |  * Copyright (C) 2005 Juan Antonio Martinez <jonsito@teleline.es>
 4 |  * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser <mast@gmx.net>
 5 |  *
 6 |  * This library is free software; you can redistribute it and/or
 7 |  * modify it under the terms of the GNU Lesser General Public
 8 |  * License as published by the Free Software Foundation; either
 9 |  * version 2.1 of the License, or (at your option) any later version.
10 |  *
11 |  * This library is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14 |  * Lesser General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU Lesser General Public
17 |  * License along with this library; if not, write to the Free Software
18 |  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 |  *
20 |  * $Id$
21 |  */
22 | 
23 | #ifndef __GENERIC_MAPPER_H_
24 | #define __GENERIC_MAPPER_H_
25 | 
26 | #ifdef HAVE_CONFIG_H
27 | #include <config.h>
28 | #endif
29 | 
30 | #include "../scconf/scconf.h"
31 | #include "mapper.h"
32 | 
33 | #ifdef GENERIC_MAPPER_STATIC
34 | 
35 | #ifndef __GENERIC_MAPPER_C_
36 | #define GENERIC_EXTERN extern
37 | #else
38 | #define GENERIC_EXTERN
39 | #endif
40 | GENERIC_EXTERN mapper_module * generic_mapper_module_init(scconf_block *blk,const char *mapper_name);
41 | #undef GENERIC_EXTERN
42 | 
43 | /* end of static (if any) declarations */
44 | #endif
45 | 
46 | /* End of generic_mapper.h */
47 | #endif
48 | 


--------------------------------------------------------------------------------
/src/mappers/krb_mapper.c:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * PAM-PKCS11 Kerberos Principal Name  mapper module
  3 |  * Copyright (C) 2005 Juan Antonio Martinez <jonsito@teleline.es>
  4 |  * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser <mast@gmx.net>
  5 |  *
  6 |  * This library is free software; you can redistribute it and/or
  7 |  * modify it under the terms of the GNU Lesser General Public
  8 |  * License as published by the Free Software Foundation; either
  9 |  * version 2.1 of the License, or (at your option) any later version.
 10 |  *
 11 |  * This library is distributed in the hope that it will be useful,
 12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 14 |  * Lesser General Public License for more details.
 15 |  *
 16 |  * You should have received a copy of the GNU Lesser General Public
 17 |  * License along with this library; if not, write to the Free Software
 18 |  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 19 |  *
 20 |  * $Id$
 21 |  */
 22 | 
 23 | #define __KRB_MAPPER_C_
 24 | 
 25 | #ifdef HAVE_CONFIG_H
 26 | #include <config.h>
 27 | #endif
 28 | 
 29 | #include "../common/cert_st.h"
 30 | #include "../scconf/scconf.h"
 31 | #include "../common/debug.h"
 32 | #include "../common/error.h"
 33 | #include "../common/strings.h"
 34 | #include "../common/cert_info.h"
 35 | #include "mapper.h"
 36 | #include "krb_mapper.h"
 37 | 
 38 | /*
 39 | * This mapper uses (if available) the optional Kerberos Principal Name
 40 | * entry on the certificate to find user name.
 41 | */
 42 | 
 43 | static int debug = 0;
 44 | /*
 45 | TODO:
 46 | Implement kerberos authentication via PKINIT protocol
 47 | */
 48 | 
 49 | /*
 50 | * get Kerberos principal name of certificate
 51 | */
 52 | /**
 53 | * Return array of found CN's
 54 | */
 55 | static char ** krb_mapper_find_entries(X509 *x509, void *context) {
 56 |         char **entries= cert_info(x509,CERT_KPN,ALGORITHM_NULL);
 57 |         if (!entries) {
 58 |                 DBG("get_krb_principalname() failed");
 59 |                 return NULL;
 60 |         }
 61 |         return entries;
 62 | }
 63 | /*
 64 | parses the certificate and return the email entry found, or NULL
 65 | */
 66 | static char * krb_mapper_find_user(X509 *x509, void *context, int *match) {
 67 |         char *res;
 68 |         char **entries= cert_info(x509,CERT_KPN,ALGORITHM_NULL);
 69 |         if (!entries) {
 70 |             DBG("get_krb_principalname() failed");
 71 |             return NULL;
 72 |         }
 73 |         DBG1("trying to map kpn entry '%s'",entries[0]);
 74 |         res = mapfile_find("none",entries[0],0,match);
 75 |         if (!res) {
 76 |             DBG("Error in map process");
 77 |             return NULL;
 78 |         }
 79 |         return clone_str(res);
 80 | }
 81 | 
 82 | /*
 83 | * parses the certificate and try to macht any CN in the certificate
 84 | * with provided user
 85 | */
 86 | static int krb_mapper_match_user(X509 *x509, const char *login, void *context) {
 87 | 	char *str;
 88 |         int match_found = 0;
 89 |         char **entries  = cert_info(x509,CERT_KPN,ALGORITHM_NULL);
 90 |         if (!entries) {
 91 |             DBG("get_krb_principalname() failed");
 92 |             return -1;
 93 |         }
 94 |         /* parse list of entries until match */
 95 |         for (str=*entries; str && (match_found==0); str=*++entries) {
 96 |             int res=0;
 97 |             DBG1("trying to map & match KPN entry '%s'",str);
 98 |             res = mapfile_match("none",str,login,0);
 99 |             if (!res) {
100 |                 DBG("Error in map&match process");
101 |                 return -1; /* or perhaps should be "continue" ??*/
102 |             }
103 |             if (res>0) match_found=1;
104 |         }
105 |         return match_found;
106 | }
107 | 
108 | _DEFAULT_MAPPER_END
109 | 
110 | static mapper_module * init_mapper_st(scconf_block *blk, const char *name) {
111 | 	mapper_module *pt= malloc(sizeof(mapper_module));
112 | 	if (!pt) return NULL;
113 | 	pt->name = name;
114 | 	pt->block = blk;
115 | 	pt->context = NULL;
116 | 	pt->entries = krb_mapper_find_entries;
117 | 	pt->finder = krb_mapper_find_user;
118 | 	pt->matcher = krb_mapper_match_user;
119 | 	pt->deinit = mapper_module_end;
120 | 	return pt;
121 | }
122 | 
123 | /**
124 | * init routine
125 | * parse configuration block entry
126 | */
127 | #ifndef KRB_MAPPER_STATIC
128 | mapper_module * mapper_module_init(scconf_block *blk,const char *mapper_name) {
129 | #else
130 | mapper_module * krb_mapper_module_init(scconf_block *blk,const char *mapper_name) {
131 | #endif
132 | 	mapper_module *pt;
133 | 	if( blk) debug = scconf_get_bool(blk,"debug",0);
134 | 	set_debug_level(debug);
135 | 	pt=init_mapper_st(blk,mapper_name);
136 | 	if(pt) DBG("KPN mappper started");
137 | 	else DBG("KPN mapper initialization failed");
138 | 	return pt;
139 | }
140 | 
141 | 


--------------------------------------------------------------------------------
/src/mappers/krb_mapper.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * PAM-PKCS11 mapping modules
 3 |  * Copyright (C) 2005 Juan Antonio Martinez <jonsito@teleline.es>
 4 |  * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser <mast@gmx.net>
 5 |  *
 6 |  * This library is free software; you can redistribute it and/or
 7 |  * modify it under the terms of the GNU Lesser General Public
 8 |  * License as published by the Free Software Foundation; either
 9 |  * version 2.1 of the License, or (at your option) any later version.
10 |  *
11 |  * This library is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14 |  * Lesser General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU Lesser General Public
17 |  * License along with this library; if not, write to the Free Software
18 |  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 |  *
20 |  * $Id$
21 |  */
22 | 
23 | #ifndef __KRB_MAPPER_H_
24 | #define __KRB_MAPPER_H_
25 | 
26 | #ifdef HAVE_CONFIG_H
27 | #include <config.h>
28 | #endif
29 | 
30 | #include "../scconf/scconf.h"
31 | #include "mapper.h"
32 | 
33 | #ifdef KRB_MAPPER_STATIC
34 | 
35 | #ifndef __KRB_MAPPER_C_
36 | #define KRB_EXTERN extern
37 | #else
38 | #define KRB_EXTERN
39 | #endif
40 | KRB_EXTERN mapper_module * krb_mapper_module_init(scconf_block *blk,const char *mapper_name);
41 | #undef KRB_EXTERN
42 | 
43 | /* end of static (if any) declarations */
44 | #endif
45 | 
46 | /* End of krb_mapper.h */
47 | #endif
48 | 


--------------------------------------------------------------------------------
/src/mappers/ldap_mapper.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * PAM-PKCS11 mapping modules
 3 |  * Copyright (C) 2005 Juan Antonio Martinez <jonsito@teleline.es>
 4 |  * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser <mast@gmx.net>
 5 |  *
 6 |  * This library is free software; you can redistribute it and/or
 7 |  * modify it under the terms of the GNU Lesser General Public
 8 |  * License as published by the Free Software Foundation; either
 9 |  * version 2.1 of the License, or (at your option) any later version.
10 |  *
11 |  * This library is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14 |  * Lesser General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU Lesser General Public
17 |  * License along with this library; if not, write to the Free Software
18 |  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 |  *
20 |  * $Id$
21 |  */
22 | 
23 | #ifndef __LDAP_MAPPER_H_
24 | #define __LDAP_MAPPER_H_
25 | 
26 | #ifdef HAVE_CONFIG_H
27 | #include <config.h>
28 | #endif
29 | 
30 | #include "../scconf/scconf.h"
31 | #include "mapper.h"
32 | 
33 | #ifdef LDAP_MAPPER_STATIC
34 | 
35 | #ifndef __LDAP_MAPPER_C_
36 | #define LDAP_EXTERN extern
37 | #else
38 | #define LDAP_EXTERN
39 | #endif
40 | LDAP_EXTERN mapper_module * ldap_mapper_module_init(scconf_block *blk,const char *mapper_name);
41 | #undef LDAP_EXTERN
42 | 
43 | /* end of static (if any) declarations */
44 | #endif
45 | 
46 | /* End of ldap_mapper.h */
47 | #endif
48 | 


--------------------------------------------------------------------------------
/src/mappers/mail_mapper.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * PAM-PKCS11 mapping modules
 3 |  * Copyright (C) 2005 Juan Antonio Martinez <jonsito@teleline.es>
 4 |  * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser <mast@gmx.net>
 5 |  *
 6 |  * This library is free software; you can redistribute it and/or
 7 |  * modify it under the terms of the GNU Lesser General Public
 8 |  * License as published by the Free Software Foundation; either
 9 |  * version 2.1 of the License, or (at your option) any later version.
10 |  *
11 |  * This library is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14 |  * Lesser General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU Lesser General Public
17 |  * License along with this library; if not, write to the Free Software
18 |  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 |  *
20 |  * $Id$
21 |  */
22 | 
23 | #ifndef __MAIL_MAPPER_H_
24 | #define __MAIL_MAPPER_H_
25 | 
26 | #ifdef HAVE_CONFIG_H
27 | #include <config.h>
28 | #endif
29 | 
30 | #include "../scconf/scconf.h"
31 | #include "mapper.h"
32 | 
33 | #ifdef MAIL_MAPPER_STATIC
34 | 
35 | #ifndef __MAIL_MAPPER_C_
36 | #define MAIL_EXTERN extern
37 | #else
38 | #define MAIL_EXTERN
39 | #endif
40 | MAIL_EXTERN mapper_module * mail_mapper_module_init(scconf_block *blk,const char *mapper_name);
41 | #undef MAIL_EXTERN
42 | 
43 | /* end of static (if any) declarations */
44 | #endif
45 | 
46 | /* End of mail_mapper.h */
47 | #endif
48 | 


--------------------------------------------------------------------------------
/src/mappers/mapperlist.c:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * PAM-PKCS11 mapping modules
 3 |  * Copyright (C) 2005 Juan Antonio Martinez <jonsito@teleline.es>
 4 |  * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser <mast@gmx.net>
 5 |  *
 6 |  * This library is free software; you can redistribute it and/or
 7 |  * modify it under the terms of the GNU Lesser General Public
 8 |  * License as published by the Free Software Foundation; either
 9 |  * version 2.1 of the License, or (at your option) any later version.
10 |  *
11 |  * This library is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14 |  * Lesser General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU Lesser General Public
17 |  * License along with this library; if not, write to the Free Software
18 |  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 |  *
20 |  * $Id$
21 |  */
22 | 
23 | #define __MAPPERLIST_C_
24 | 
25 | #ifdef HAVE_CONFIG_H
26 | #include <config.h>
27 | #endif
28 | 
29 | #include "mapperlist.h"
30 | 
31 | #include "subject_mapper.h"
32 | #ifdef HAVE_LDAP
33 | #include "ldap_mapper.h"
34 | #endif
35 | #include "opensc_mapper.h"
36 | #include "mail_mapper.h"
37 | #include "ms_mapper.h"
38 | #include "krb_mapper.h"
39 | #include "digest_mapper.h"
40 | #include "cn_mapper.h"
41 | #include "uid_mapper.h"
42 | #include "pwent_mapper.h"
43 | #include "null_mapper.h"
44 | #include "generic_mapper.h"
45 | #include "openssh_mapper.h"
46 | 
47 | mapper_list static_mapper_list[] = {
48 | #ifdef SUBJECT_MAPPER_STATIC
49 | 	{ "subject",subject_mapper_module_init },
50 | #endif
51 | #ifdef HAVE_LDAP
52 | #ifdef LDAP_MAPPER_STATIC
53 | 	{ "ldap",ldap_mapper_module_init },
54 | #endif
55 | #endif
56 | #ifdef OPENSC_MAPPER_STATIC
57 | 	{ "opensc",opensc_mapper_module_init },
58 | #endif
59 | #ifdef MAIL_MAPPER_STATIC
60 | 	{ "mail",mail_mapper_module_init },
61 | #endif
62 | #ifdef MS_MAPPER_STATIC
63 | 	{ "ms",ms_mapper_module_init },
64 | #endif
65 | #ifdef KRB_MAPPER_STATIC
66 | 	{ "krb",krb_mapper_module_init },
67 | #endif
68 | #ifdef DIGEST_MAPPER_STATIC
69 | 	{ "digest",digest_mapper_module_init },
70 | #endif
71 | #ifdef CN_MAPPER_STATIC
72 | 	{ "cn",cn_mapper_module_init },
73 | #endif
74 | #ifdef UID_MAPPER_STATIC
75 | 	{ "uid",uid_mapper_module_init },
76 | #endif
77 | #ifdef PWENT_MAPPER_STATIC
78 | 	{ "pwent",pwent_mapper_module_init },
79 | #endif
80 | #ifdef GENERIC_MAPPER_STATIC
81 | 	{ "generic",generic_mapper_module_init },
82 | #endif
83 | #ifdef OPENSSH_MAPPER_STATIC
84 | 	{ "openssh",openssh_mapper_module_init },
85 | #endif
86 | #ifdef NULL_MAPPER_STATIC
87 | 	{ "null", null_mapper_module_init },
88 | #endif
89 | 	{ NULL, NULL }
90 | };
91 | 
92 | /* End of mapperlist.c */
93 | #undef __MAPPERLIST_C_
94 | 


--------------------------------------------------------------------------------
/src/mappers/mapperlist.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * PAM-PKCS11 mapping modules
 3 |  * Copyright (C) 2005 Juan Antonio Martinez <jonsito@teleline.es>
 4 |  * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser <mast@gmx.net>
 5 |  *
 6 |  * This library is free software; you can redistribute it and/or
 7 |  * modify it under the terms of the GNU Lesser General Public
 8 |  * License as published by the Free Software Foundation; either
 9 |  * version 2.1 of the License, or (at your option) any later version.
10 |  *
11 |  * This library is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14 |  * Lesser General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU Lesser General Public
17 |  * License along with this library; if not, write to the Free Software
18 |  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 |  *
20 |  * $Id$
21 |  */
22 | 
23 | #ifndef __MAPPERLIST_H_
24 | #define __MAPPERLIST_H_
25 | 
26 | #ifdef HAVE_CONFIG_H
27 | #include <config.h>
28 | #endif
29 | 
30 | #include "../mappers/mapper.h"
31 | 
32 | /*
33 | * list of mappers that are statically linked
34 | */
35 | typedef struct mapper_list_st {
36 | 	const char *name;
37 | 	mapper_module * (*init)(scconf_block *blk, const char *mapper_name);
38 | } mapper_list;
39 | 
40 | #ifndef __MAPPERLIST_C_
41 | extern mapper_list static_mapper_list[];
42 | #endif
43 | 
44 | /* End of mapperlist.h */
45 | #endif
46 | 


--------------------------------------------------------------------------------
/src/mappers/ms_mapper.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * PAM-PKCS11 mapping modules
 3 |  * Copyright (C) 2005 Juan Antonio Martinez <jonsito@teleline.es>
 4 |  * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser <mast@gmx.net>
 5 |  *
 6 |  * This library is free software; you can redistribute it and/or
 7 |  * modify it under the terms of the GNU Lesser General Public
 8 |  * License as published by the Free Software Foundation; either
 9 |  * version 2.1 of the License, or (at your option) any later version.
10 |  *
11 |  * This library is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14 |  * Lesser General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU Lesser General Public
17 |  * License along with this library; if not, write to the Free Software
18 |  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 |  *
20 |  * $Id$
21 |  */
22 | 
23 | #ifndef __MS_MAPPER_H_
24 | #define __MS_MAPPER_H_
25 | 
26 | #ifdef HAVE_CONFIG_H
27 | #include <config.h>
28 | #endif
29 | 
30 | #include "../scconf/scconf.h"
31 | #include "mapper.h"
32 | 
33 | #ifdef MS_MAPPER_STATIC
34 | 
35 | #ifndef __MS_MAPPER_C_
36 | #define MS_EXTERN extern
37 | #else
38 | #define MS_EXTERN
39 | #endif
40 | MS_EXTERN mapper_module * ms_mapper_module_init(scconf_block *blk,const char *mapper_name);
41 | #undef MS_EXTERN
42 | 
43 | /* end of static (if any) declarations */
44 | #endif
45 | 
46 | /* End of ms_mapper.h */
47 | #endif
48 | 


--------------------------------------------------------------------------------
/src/mappers/null_mapper.c:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * PAM-PKCS11 NULL mapper module
  3 |  * Copyright (C) 2005 Juan Antonio Martinez <jonsito@teleline.es>
  4 |  * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser <mast@gmx.net>
  5 |  *
  6 |  * This library is free software; you can redistribute it and/or
  7 |  * modify it under the terms of the GNU Lesser General Public
  8 |  * License as published by the Free Software Foundation; either
  9 |  * version 2.1 of the License, or (at your option) any later version.
 10 |  *
 11 |  * This library is distributed in the hope that it will be useful,
 12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 14 |  * Lesser General Public License for more details.
 15 |  *
 16 |  * You should have received a copy of the GNU Lesser General Public
 17 |  * License along with this library; if not, write to the Free Software
 18 |  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 19 |  *
 20 |  * $Id$
 21 |  */
 22 | 
 23 | #define __NULL_MAPPER_C_
 24 | 
 25 | #ifdef HAVE_CONFIG_H
 26 | #include <config.h>
 27 | #endif
 28 | 
 29 | #include "../common/cert_st.h"
 30 | #include "../scconf/scconf.h"
 31 | #include "../common/debug.h"
 32 | #include "../common/error.h"
 33 | #include "../common/strings.h"
 34 | #include "mapper.h"
 35 | #include "null_mapper.h"
 36 | 
 37 | /*
 38 | * A blind mapper: just read from config default value
 39 | * and return it without further checking
 40 | */
 41 | 
 42 | static const char *default_user = "nobody";
 43 | static int Match=0;
 44 | static int debug=0;
 45 | 
 46 | static char * mapper_find_user(X509 *x509,void *context,int *mp) {
 47 | 	if ( !x509 ) return NULL;
 48 | 	if (Match) {
 49 | 	    *mp = 1;
 50 | 	    return clone_str((char *)default_user);
 51 | 	}
 52 | 	return NULL;
 53 | }
 54 | 
 55 | /* not used */
 56 | #if 0
 57 | _DEFAULT_MAPPER_FIND_ENTRIES
 58 | #endif
 59 | 
 60 | _DEFAULT_MAPPER_MATCH_USER
 61 | 
 62 | _DEFAULT_MAPPER_END
 63 | 
 64 | static mapper_module * init_mapper_st(scconf_block *blk, const char *name) {
 65 | 	mapper_module *pt= malloc(sizeof(mapper_module));
 66 | 	if (!pt) return NULL;
 67 | 	pt->name = name;
 68 | 	pt->block = blk;
 69 | 	pt->context = NULL;
 70 | 	/* pt->entries = mapper_find_entries; */ /* nothing to list */
 71 | 	pt->entries = NULL;
 72 | 	pt->finder = mapper_find_user;
 73 | 	pt->matcher = mapper_match_user;
 74 | 	pt->deinit = mapper_module_end;
 75 | 	return pt;
 76 | }
 77 | 
 78 | /**
 79 | * Initialize module
 80 | * returns 1 on success, 0 on error
 81 | */
 82 | #ifndef NULL_MAPPER_STATIC
 83 | mapper_module * mapper_module_init(scconf_block *ctx,const char *mapper_name) {
 84 | #else
 85 | mapper_module * null_mapper_module_init(scconf_block *ctx,const char *mapper_name) {
 86 | #endif
 87 | 	mapper_module *pt= NULL;
 88 | 	if (ctx) {
 89 | 	default_user = scconf_get_str( ctx,"default_user",default_user);
 90 | 	Match = scconf_get_bool( ctx,"default_match",0);
 91 | 		debug = scconf_get_bool( ctx,"debug",0);
 92 | 	} else {
 93 | 		DBG1("No block declaration for mapper '%s'", mapper_name);
 94 | 	}
 95 | 	set_debug_level(debug);
 96 | 	pt = init_mapper_st(ctx,mapper_name);
 97 | 	if (pt) DBG1("Null mapper match set to '%s'",Match?"always":"never");
 98 | 	else DBG("Null mapper initialization failed");
 99 | 	return pt;
100 | }
101 | 
102 | 


--------------------------------------------------------------------------------
/src/mappers/null_mapper.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * PAM-PKCS11 mapping modules
 3 |  * Copyright (C) 2005 Juan Antonio Martinez <jonsito@teleline.es>
 4 |  * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser <mast@gmx.net>
 5 |  *
 6 |  * This library is free software; you can redistribute it and/or
 7 |  * modify it under the terms of the GNU Lesser General Public
 8 |  * License as published by the Free Software Foundation; either
 9 |  * version 2.1 of the License, or (at your option) any later version.
10 |  *
11 |  * This library is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14 |  * Lesser General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU Lesser General Public
17 |  * License along with this library; if not, write to the Free Software
18 |  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 |  *
20 |  * $Id$
21 |  */
22 | 
23 | #ifndef __NULL_MAPPER_H_
24 | #define __NULL_MAPPER_H_
25 | 
26 | #ifdef HAVE_CONFIG_H
27 | #include <config.h>
28 | #endif
29 | 
30 | #include "../scconf/scconf.h"
31 | #include "mapper.h"
32 | 
33 | #ifdef NULL_MAPPER_STATIC
34 | 
35 | #ifndef __NULL_MAPPER_C_
36 | #define NULL_EXTERN extern
37 | #else
38 | #define NULL_EXTERN
39 | #endif
40 | NULL_EXTERN mapper_module * null_mapper_module_init(scconf_block *blk,const char *mapper_name);
41 | #undef NULL_EXTERN
42 | 
43 | /* end of static (if any) declarations */
44 | #endif
45 | 
46 | /* End of null_mapper.h */
47 | #endif
48 | 


--------------------------------------------------------------------------------
/src/mappers/opensc_mapper.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * PAM-PKCS11 mapping modules
 3 |  * Copyright (C) 2005 Juan Antonio Martinez <jonsito@teleline.es>
 4 |  * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser <mast@gmx.net>
 5 |  *
 6 |  * This library is free software; you can redistribute it and/or
 7 |  * modify it under the terms of the GNU Lesser General Public
 8 |  * License as published by the Free Software Foundation; either
 9 |  * version 2.1 of the License, or (at your option) any later version.
10 |  *
11 |  * This library is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14 |  * Lesser General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU Lesser General Public
17 |  * License along with this library; if not, write to the Free Software
18 |  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 |  *
20 |  * $Id$
21 |  */
22 | 
23 | #ifndef __OPENSC_MAPPER_H_
24 | #define __OPENSC_MAPPER_H_
25 | 
26 | #ifdef HAVE_CONFIG_H
27 | #include <config.h>
28 | #endif
29 | 
30 | #include "../scconf/scconf.h"
31 | #include "mapper.h"
32 | 
33 | #ifdef OPENSC_MAPPER_STATIC
34 | 
35 | #ifndef __OPENSC_MAPPER_C_
36 | #define OPENSC_EXTERN extern
37 | #else
38 | #define OPENSC_EXTERN
39 | #endif
40 | OPENSC_EXTERN mapper_module * opensc_mapper_module_init(scconf_block *blk,const char *mapper_name);
41 | #undef OPENSC_EXTERN
42 | 
43 | /* end of static (if any) declarations */
44 | #endif
45 | 
46 | /* End of opensc_mapper.h */
47 | #endif
48 | 


--------------------------------------------------------------------------------
/src/mappers/openssh_mapper.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * PAM-PKCS11 mapping modules
 3 |  * Copyright (C) 2005 Juan Antonio Martinez <jonsito@teleline.es>
 4 |  * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser <mast@gmx.net>
 5 |  *
 6 |  * This library is free software; you can redistribute it and/or
 7 |  * modify it under the terms of the GNU Lesser General Public
 8 |  * License as published by the Free Software Foundation; either
 9 |  * version 2.1 of the License, or (at your option) any later version.
10 |  *
11 |  * This library is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14 |  * Lesser General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU Lesser General Public
17 |  * License along with this library; if not, write to the Free Software
18 |  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 |  *
20 |  * $Id$
21 |  */
22 | 
23 | #ifndef __OPENSSH_MAPPER_H_
24 | #define __OPENSSH_MAPPER_H_
25 | 
26 | #ifdef HAVE_CONFIG_H
27 | #include <config.h>
28 | #endif
29 | 
30 | #include "../scconf/scconf.h"
31 | #include "mapper.h"
32 | 
33 | #ifdef OPENSSH_MAPPER_STATIC
34 | 
35 | #ifndef __OPENSSH_MAPPER_C_
36 | #define OPENSSH_EXTERN extern
37 | #else
38 | #define OPENSSH_EXTERN
39 | #endif
40 | OPENSSH_EXTERN mapper_module * openssh_mapper_module_init(scconf_block *blk,const char *mapper_name);
41 | #undef OPENSSH_EXTERN
42 | 
43 | /* end of static (if any) declarations */
44 | #endif
45 | 
46 | /* End of openssh_mapper.h */
47 | #endif
48 | 


--------------------------------------------------------------------------------
/src/mappers/pwent_mapper.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * PAM-PKCS11 mapping modules
 3 |  * Copyright (C) 2005 Juan Antonio Martinez <jonsito@teleline.es>
 4 |  * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser <mast@gmx.net>
 5 |  *
 6 |  * This library is free software; you can redistribute it and/or
 7 |  * modify it under the terms of the GNU Lesser General Public
 8 |  * License as published by the Free Software Foundation; either
 9 |  * version 2.1 of the License, or (at your option) any later version.
10 |  *
11 |  * This library is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14 |  * Lesser General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU Lesser General Public
17 |  * License along with this library; if not, write to the Free Software
18 |  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 |  *
20 |  * $Id$
21 |  */
22 | 
23 | #ifndef __PWENT_MAPPER_H_
24 | #define __PWENT_MAPPER_H_
25 | 
26 | #ifdef HAVE_CONFIG_H
27 | #include <config.h>
28 | #endif
29 | 
30 | #include "../scconf/scconf.h"
31 | #include "mapper.h"
32 | 
33 | #ifdef PWENT_MAPPER_STATIC
34 | 
35 | #ifndef __PWENT_MAPPER_C_
36 | #define PWENT_EXTERN extern
37 | #else
38 | #define PWENT_EXTERN
39 | #endif
40 | PWENT_EXTERN mapper_module * pwent_mapper_module_init(scconf_block *blk,const char *mapper_name);
41 | #undef PWENT_EXTERN
42 | 
43 | /* end of static (if any) declarations */
44 | #endif
45 | 
46 | /* End of pwent_mapper.h */
47 | #endif
48 | 


--------------------------------------------------------------------------------
/src/mappers/subject_mapper.c:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * PAM-PKCS11 Cert Subject to login file based mapper module
  3 |  * Copyright (C) 2005 Juan Antonio Martinez <jonsito@teleline.es>
  4 |  * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser <mast@gmx.net>
  5 |  *
  6 |  * This library is free software; you can redistribute it and/or
  7 |  * modify it under the terms of the GNU Lesser General Public
  8 |  * License as published by the Free Software Foundation; either
  9 |  * version 2.1 of the License, or (at your option) any later version.
 10 |  *
 11 |  * This library is distributed in the hope that it will be useful,
 12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 14 |  * Lesser General Public License for more details.
 15 |  *
 16 |  * You should have received a copy of the GNU Lesser General Public
 17 |  * License along with this library; if not, write to the Free Software
 18 |  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 19 |  *
 20 |  * $Id$
 21 |  */
 22 | 
 23 | #define __SUBJECT_MAPPER_C_
 24 | 
 25 | #ifdef HAVE_CONFIG_H
 26 | #include <config.h>
 27 | #endif
 28 | 
 29 | /*#include <openssl/objects.h> */
 30 | /*#include <openssl/err.h> */
 31 | #include "../common/cert_st.h"
 32 | #include "../scconf/scconf.h"
 33 | #include "../common/debug.h"
 34 | #include "../common/error.h"
 35 | #include "../common/strings.h"
 36 | #include "../common/cert_info.h"
 37 | #include "mapper.h"
 38 | #include "subject_mapper.h"
 39 | 
 40 | static const char *filename = "none";
 41 | static int ignorecase = 0;
 42 | static int debug = 0;
 43 | 
 44 | /*
 45 | * returns the Certificate subject
 46 | */
 47 | static char ** subject_mapper_find_entries(X509 *x509, void *context) {
 48 | 	char **entries= cert_info(x509,CERT_SUBJECT,ALGORITHM_NULL);
 49 | 	if (!entries) {
 50 | 		DBG("X509_get_subject_name failed");
 51 | 		return NULL;
 52 | 	}
 53 | 	return entries;
 54 | }
 55 | 
 56 | /*
 57 | parses the certificate and return the first Subject entry found, or NULL
 58 | */
 59 | static char * subject_mapper_find_user(X509 *x509, void *context, int *match) {
 60 | 	char **entries = cert_info(x509,CERT_SUBJECT,ALGORITHM_NULL);
 61 | 	if (!entries) {
 62 | 		DBG("X509_get_subject_name failed");
 63 | 		return NULL;
 64 | 	}
 65 | 	char* val = mapfile_find(filename,entries[0],ignorecase,match);
 66 | 	free_entries(entries, DEFUALT_ENTRIES_SIZE);
 67 | 	return val;
 68 | }
 69 | 
 70 | /*
 71 | * parses the certificate and try to match Subject in the certificate
 72 | * with provided user
 73 | */
 74 | static int subject_mapper_match_user(X509 *x509, const char *login, void *context) {
 75 | 	char **entries = cert_info(x509,CERT_SUBJECT,ALGORITHM_NULL);
 76 | 	if (!entries) {
 77 | 		DBG("X509_get_subject_name failed");
 78 | 		return -1;
 79 | 	}
 80 | 	int val =  mapfile_match(filename,entries[0],login,ignorecase);
 81 | 	free_entries(entries, DEFUALT_ENTRIES_SIZE);
 82 | 	return val;
 83 | }
 84 | 
 85 | _DEFAULT_MAPPER_END
 86 | 
 87 | 
 88 | static mapper_module * init_mapper_st(scconf_block *blk, const char *name) {
 89 | 	mapper_module *pt= malloc(sizeof(mapper_module));
 90 | 	if (!pt) return NULL;
 91 | 	pt->name = name;
 92 | 	pt->block = blk;
 93 | 	pt->context = NULL;
 94 | 	pt->entries = subject_mapper_find_entries;
 95 | 	pt->finder = subject_mapper_find_user;
 96 | 	pt->matcher = subject_mapper_match_user;
 97 | 	pt->deinit = mapper_module_end;
 98 | 	return pt;
 99 | }
100 | 
101 | 
102 | /**
103 | * Initialization routine
104 | */
105 | #ifndef SUBJECT_MAPPER_STATIC
106 | mapper_module * mapper_module_init(scconf_block *blk,const char *mapper_name) {
107 | #else
108 | mapper_module * subject_mapper_module_init(scconf_block *blk,const char *mapper_name) {
109 | #endif
110 | 	mapper_module *pt;
111 | 	if (blk) {
112 | 	debug      = scconf_get_bool(blk,"debug",0);
113 | 	filename   = scconf_get_str(blk,"mapfile",filename);
114 | 	ignorecase = scconf_get_bool(blk,"ignorecase",ignorecase);
115 | 	} else {
116 | 		DBG1("No block declaration for mapper '%s'",mapper_name);
117 | 	}
118 | 	set_debug_level(debug);
119 | 	pt= init_mapper_st(blk,mapper_name);
120 | 	if(pt) DBG3("Subject mapper started. debug: %d, mapfile: %s, icase: %d",debug,filename,ignorecase);
121 | 	else DBG("Subject mapper initialization failed");
122 |         return pt;
123 | }
124 | 


--------------------------------------------------------------------------------
/src/mappers/subject_mapper.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * PAM-PKCS11 mapping modules
 3 |  * Copyright (C) 2005 Juan Antonio Martinez <jonsito@teleline.es>
 4 |  * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser <mast@gmx.net>
 5 |  *
 6 |  * This library is free software; you can redistribute it and/or
 7 |  * modify it under the terms of the GNU Lesser General Public
 8 |  * License as published by the Free Software Foundation; either
 9 |  * version 2.1 of the License, or (at your option) any later version.
10 |  *
11 |  * This library is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14 |  * Lesser General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU Lesser General Public
17 |  * License along with this library; if not, write to the Free Software
18 |  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 |  *
20 |  * $Id$
21 |  */
22 | 
23 | #ifndef __SUBJECT_MAPPER_H_
24 | #define __SUBJECT_MAPPER_H_
25 | 
26 | #ifdef HAVE_CONFIG_H
27 | #include <config.h>
28 | #endif
29 | 
30 | #include "../scconf/scconf.h"
31 | #include "mapper.h"
32 | 
33 | #ifdef SUBJECT_MAPPER_STATIC
34 | 
35 | #ifndef __SUBJECT_MAPPER_C_
36 | #define SUBJECT_EXTERN extern
37 | #else
38 | #define SUBJECT_EXTERN
39 | #endif
40 | SUBJECT_EXTERN mapper_module * subject_mapper_module_init(scconf_block *blk,const char *mapper_name);
41 | #undef SUBJECT_EXTERN
42 | 
43 | /* end of static (if any) declarations */
44 | #endif
45 | 
46 | /* End of subject_mapper.h */
47 | #endif
48 | 


--------------------------------------------------------------------------------
/src/mappers/uid_mapper.c:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * PAM-PKCS11 UID mapper module
  3 |  * Copyright (C) 2005 Juan Antonio Martinez <jonsito@teleline.es>
  4 |  * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser <mast@gmx.net>
  5 |  *
  6 |  * This library is free software; you can redistribute it and/or
  7 |  * modify it under the terms of the GNU Lesser General Public
  8 |  * License as published by the Free Software Foundation; either
  9 |  * version 2.1 of the License, or (at your option) any later version.
 10 |  *
 11 |  * This library is distributed in the hope that it will be useful,
 12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 14 |  * Lesser General Public License for more details.
 15 |  *
 16 |  * You should have received a copy of the GNU Lesser General Public
 17 |  * License along with this library; if not, write to the Free Software
 18 |  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 19 |  *
 20 |  * $Id$
 21 |  */
 22 | 
 23 | #define __UID_MAPPER_C_
 24 | 
 25 | #ifdef HAVE_CONFIG_H
 26 | #include <config.h>
 27 | #endif
 28 | 
 29 | #include "../common/cert_st.h"
 30 | #include "../scconf/scconf.h"
 31 | #include "../common/debug.h"
 32 | #include "../common/error.h"
 33 | #include "../common/strings.h"
 34 | #include "../common/cert_info.h"
 35 | #include "mapper.h"
 36 | #include "uid_mapper.h"
 37 | 
 38 | /*
 39 | * This mapper uses the Unique ID (UID) entry on the certificate to
 40 | * find user name.
 41 | */
 42 | 
 43 | static const char *mapfile = "none";
 44 | static int ignorecase = 0;
 45 | static int debug = 0;
 46 | 
 47 | /**
 48 | * Return the list of UID's on this certificate
 49 | */
 50 | static char ** uid_mapper_find_entries(X509 *x509, void *context) {
 51 | 	char **entries= cert_info(x509,CERT_UID,ALGORITHM_NULL);
 52 |         if (!entries) {
 53 |                 DBG("get_unique_id() failed");
 54 |                 return NULL;
 55 |         }
 56 | 
 57 |         return entries;
 58 | }
 59 | 
 60 | /*
 61 | parses the certificate and return the map of the first UID entry found
 62 | If no UID found or map error, return NULL
 63 | */
 64 | static char * uid_mapper_find_user(X509 *x509, void *context, int *match) {
 65 | 	char *res;
 66 | 	char **entries= cert_info(x509,CERT_UID,ALGORITHM_NULL);
 67 |         if (!entries) {
 68 |             DBG("get_unique_id() failed");
 69 |             return NULL;
 70 |         }
 71 |         DBG1("trying to map uid entry '%s'",entries[0]);
 72 |         res = mapfile_find(mapfile,entries[0],ignorecase,match);
 73 | 	if (!res) {
 74 | 	    DBG("Error in map process");
 75 | 	    return NULL;
 76 | 	}
 77 | 	return clone_str(res);
 78 | }
 79 | 
 80 | /*
 81 | * parses the certificate and try to macht any UID in the certificate
 82 | * with provided user
 83 | */
 84 | static int uid_mapper_match_user(X509 *x509, const char *login, void *context) {
 85 | 	char *str;
 86 | 	int match_found = 0;
 87 | 	char **entries  = cert_info(x509,CERT_UID,ALGORITHM_NULL);
 88 |         if (!entries) {
 89 |             DBG("get_unique_id() failed");
 90 |             return -1;
 91 |         }
 92 | 	/* parse list of uids until match */
 93 | 	for (str=*entries; str && (match_found==0); str=*++entries) {
 94 | 	    int res=0;
 95 |             DBG1("trying to map & match uid entry '%s'",str);
 96 |             res = mapfile_match(mapfile,str,login,ignorecase);
 97 | 	    if (!res) {
 98 | 	        DBG("Error in map&match process");
 99 | 	        return -1; /* or perhaps should be "continue" ??*/
100 | 	    }
101 | 	    if (res>0) match_found=1;
102 | 	}
103 | 	return match_found;
104 | }
105 | 
106 | _DEFAULT_MAPPER_END
107 | 
108 | 
109 | static mapper_module * init_mapper_st(scconf_block *blk, const char *name) {
110 | 	mapper_module *pt= malloc(sizeof(mapper_module));
111 | 	if (!pt) return NULL;
112 | 	pt->name = name;
113 | 	pt->block = blk;
114 | 	pt->context = NULL;
115 | 	pt->entries = uid_mapper_find_entries;
116 | 	pt->finder = uid_mapper_find_user;
117 | 	pt->matcher = uid_mapper_match_user;
118 | 	pt->deinit = mapper_module_end;
119 | 	return pt;
120 | }
121 | 
122 | 
123 | #ifndef UID_MAPPER_STATIC
124 | mapper_module * mapper_module_init(scconf_block *blk,const char *mapper_name) {
125 | #else
126 | mapper_module * uid_mapper_module_init(scconf_block *blk,const char *mapper_name) {
127 | #endif
128 | 	mapper_module *pt;
129 |         if (blk) {
130 | 		debug= scconf_get_bool(blk,"debug",0);
131 | 	mapfile = scconf_get_str(blk,"mapfile",mapfile);
132 |         ignorecase = scconf_get_bool(blk,"ignorecase",ignorecase);
133 | 	} else {
134 | 		DBG1("No block declaration for mapper '%s'", mapper_name);
135 | 	}
136 |         set_debug_level(debug);
137 | 	pt= init_mapper_st(blk,mapper_name);
138 |         if(pt) DBG3("UniqueID mapper started. debug: %d, mapfile: %s, icase: %d",debug,mapfile,ignorecase);
139 | 	else DBG("UniqueID mapper initialization failed");
140 |         return pt;
141 | }
142 | 
143 | 


--------------------------------------------------------------------------------
/src/mappers/uid_mapper.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * PAM-PKCS11 mapping modules
 3 |  * Copyright (C) 2005 Juan Antonio Martinez <jonsito@teleline.es>
 4 |  * pam-pkcs11 is copyright (C) 2003-2004 of Mario Strasser <mast@gmx.net>
 5 |  *
 6 |  * This library is free software; you can redistribute it and/or
 7 |  * modify it under the terms of the GNU Lesser General Public
 8 |  * License as published by the Free Software Foundation; either
 9 |  * version 2.1 of the License, or (at your option) any later version.
10 |  *
11 |  * This library is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14 |  * Lesser General Public License for more details.
15 |  *
16 |  * You should have received a copy of the GNU Lesser General Public
17 |  * License along with this library; if not, write to the Free Software
18 |  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 |  *
20 |  * $Id$
21 |  */
22 | 
23 | #ifndef __UID_MAPPER_H_
24 | #define __UID_MAPPER_H_
25 | 
26 | #ifdef HAVE_CONFIG_H
27 | #include <config.h>
28 | #endif
29 | 
30 | #include "../scconf/scconf.h"
31 | #include "mapper.h"
32 | 
33 | #ifdef UID_MAPPER_STATIC
34 | 
35 | #ifndef __UID_MAPPER_C_
36 | #define UID_EXTERN extern
37 | #else
38 | #define UID_EXTERN
39 | #endif
40 | UID_EXTERN mapper_module * uid_mapper_module_init(scconf_block *blk,const char *mapper_name);
41 | #undef UID_EXTERN
42 | 
43 | /* end of static (if any) declarations */
44 | #endif
45 | 
46 | /* End of uid_mapper.h */
47 | #endif
48 | 


--------------------------------------------------------------------------------
/src/pam_pkcs11/Makefile.am:
--------------------------------------------------------------------------------
 1 | # $Id$
 2 | 
 3 | MAINTAINERCLEANFILES = Makefile.in
 4 | 
 5 | AM_CFLAGS = -Wall -fno-strict-aliasing $(CRYPTO_CFLAGS)
 6 | AM_CPPFLAGS = -Wall -fno-strict-aliasing $(CRYPTO_CFLAGS)
 7 | 
 8 | pamdir=$(libdir)/security
 9 | 
10 | pam_LTLIBRARIES = pam_pkcs11.la
11 | noinst_LTLIBRARIES = libfinder.la
12 | 
13 | libfinder_la_SOURCES = mapper_mgr.c pam_config.c
14 | 
15 | pam_pkcs11_la_SOURCES =  pam_pkcs11.c  \
16 | 			mapper_mgr.c mapper_mgr.h \
17 | 			pam_config.c pam_config.h
18 | pam_pkcs11_la_LDFLAGS = -module -avoid-version -shared \
19 | 	-export-symbols-regex '^pam_'
20 | pam_pkcs11_la_LIBADD = ../mappers/libmappers.la @LTLIBINTL@ $(CRYPTO_LIBS)
21 | 
22 | format:
23 | 	indent *.c *.h
24 | 


--------------------------------------------------------------------------------
/src/pam_pkcs11/mapper_mgr.h:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * PKCS #11 PAM Login Module
  3 |  * Copyright (C) 2003 Mario Strasser <mast@gmx.net>,
  4 |  * Mapper module copyright (c) 2005 Juan Antonio Martinez <jonsito@teleline.es>
  5 |  *
  6 |  * This library is free software; you can redistribute it and/or
  7 |  * modify it under the terms of the GNU Lesser General Public
  8 |  * License as published by the Free Software Foundation; either
  9 |  * version 2.1 of the License, or (at your option) any later version.
 10 |  *
 11 |  * This library is distributed in the hope that it will be useful,
 12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 14 |  * Lesser General Public License for more details.
 15 |  *
 16 |  * $Id$
 17 |  */
 18 | 
 19 | /*
 20 | * this module manages dynamic load of mapping modules
 21 | * also is used as entry point for cert matching routines
 22 | */
 23 | 
 24 | #ifndef _MAPPER_MGR_H_
 25 | #define _MAPPER_MGR_H_
 26 | 
 27 | #ifdef HAVE_CONFIG_H
 28 | #include <config.h>
 29 | #endif
 30 | 
 31 | #include "../common/cert_st.h"
 32 | #include "../scconf/scconf.h"
 33 | #include "../mappers/mapper.h"
 34 | 
 35 | /*
 36 | * mapper module descriptor
 37 | */
 38 | struct mapper_instance {
 39 |     void *module_handler;
 40 |     const char *module_name;
 41 |     const char *module_path;
 42 |     mapper_module *module_data;
 43 | };
 44 | 
 45 | /*
 46 | * mapper module list
 47 | */
 48 | struct mapper_listitem {
 49 | 	struct mapper_instance *module;
 50 | 	struct mapper_listitem *next;
 51 | };
 52 | 
 53 | /*
 54 | * load and initialize a module
 55 | * returns descriptor on success, null on fail
 56 | */
 57 | struct mapper_instance *load_module(scconf_context *ctx, const char * name);
 58 | 
 59 | /**
 60 | * Unload a module
 61 | */
 62 | void unload_module( struct mapper_instance *module );
 63 | 
 64 | /**
 65 | * compose mapper module chain
 66 | */
 67 | struct mapper_listitem *load_mappers( scconf_context *ctx );
 68 | 
 69 | /**
 70 | * unload mapper module chain
 71 | */
 72 | void unload_mappers(void);
 73 | 
 74 | /*
 75 | * this function search mapper module list until
 76 | * find a module that returns a login name for
 77 | * provided certificate
 78 | */
 79 | char * find_user(X509 *x509);
 80 | 
 81 | /**
 82 | * This function search mapper module list until
 83 | * find a module that match provided login name
 84 | * if login is null, call find_user and returns 1,or 0 depending on user found
 85 | * @return 1 if match
 86 | *         0 on no match
 87 | *         -1 on error
 88 | */
 89 | int match_user(X509 *x509, const char *login);
 90 | 
 91 | /*
 92 | * This functions goes through the mapper list
 93 | * and trying to get the certificate strings to be used on each
 94 | * module to perform find/match functions.
 95 | * No map / match are done: just print found strings on stdout.
 96 | * This function is mostly used in pkcert_view toool
 97 | */
 98 | void inspect_certificate(X509 *x509);
 99 | 
100 | #endif
101 | 


--------------------------------------------------------------------------------
/src/pam_pkcs11/pam_config.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * PKCS #11 PAM Login Module
 3 |  * Copyright (C) 2003 Mario Strasser <mast@gmx.net>,
 4 |  * config mgmt copyright (c) 2005 Juan Antonio Martinez <jonsito@teleline.es>
 5 |  *
 6 |  * This library is free software; you can redistribute it and/or
 7 |  * modify it under the terms of the GNU Lesser General Public
 8 |  * License as published by the Free Software Foundation; either
 9 |  * version 2.1 of the License, or (at your option) any later version.
10 |  *
11 |  * This library is distributed in the hope that it will be useful,
12 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14 |  * Lesser General Public License for more details.
15 |  *
16 |  * $Id$
17 |  */
18 | 
19 | /*
20 | * configuration related functions
21 | */
22 | #ifndef _PAM_CONFIG_H_
23 | #define _PAM_CONFIG_H_
24 | 
25 | #include "../scconf/scconf.h"
26 | #include "../common/cert_vfy.h"
27 | 
28 | struct configuration_st {
29 | 	const char *config_file;
30 | 	scconf_context *ctx;
31 | 	int debug;
32 | 	int nullok;
33 | 	int try_first_pass;
34 | 	int use_first_pass;
35 | 	int use_authok;
36 | 	int card_only;
37 | 	int wait_for_card;
38 | 	const char *pkcs11_module;
39 | 	const char *pkcs11_modulepath;
40 | 	const char **screen_savers;
41 | 	const char *slot_description;
42 | 	int slot_num;
43 | 	int support_threads;
44 | 	cert_policy policy;
45 | 	const char *token_type;
46 | 	const char *username; /* provided user name */
47 | 	int quiet;
48 | 	int err_display_time;
49 | };
50 | 
51 | struct configuration_st *pk_configure( int argc, const char **argv );
52 | void configure_free(struct configuration_st *pk_configure);
53 | 
54 | #endif
55 | 


--------------------------------------------------------------------------------
/src/scconf/Makefile.am:
--------------------------------------------------------------------------------
 1 | # Process this file with automake to create Makefile.in
 2 | 
 3 | MAINTAINERCLEANFILES = Makefile.in
 4 | 
 5 | DISTCLEANFILES = lex-parse.c
 6 | EXTRA_DIST = README.scconf lex-parse.l
 7 | 
 8 | noinst_HEADERS = internal.h scconf.h
 9 | #noinst_PROGRAMS = test-conf
10 | noinst_LTLIBRARIES = libscconf.la
11 | 
12 | libscconf_la_SOURCES = scconf.h internal.h scconf.c parse.c write.c sclex.c
13 | 
14 | #test_conf_SOURCES = test-conf.c
15 | #test_conf_LDADD = libscconf.la
16 | 


--------------------------------------------------------------------------------
/src/scconf/internal.h:
--------------------------------------------------------------------------------
 1 | /*
 2 |  * $Id$
 3 |  *
 4 |  * Copyright (C) 2002
 5 |  *  Antti Tapaninen <aet@cc.hut.fi>
 6 |  *
 7 |  * This library is free software; you can redistribute it and/or
 8 |  * modify it under the terms of the GNU Lesser General Public
 9 |  * License as published by the Free Software Foundation; either
10 |  * version 2.1 of the License, or (at your option) any later version.
11 |  *
12 |  * This library is distributed in the hope that it will be useful,
13 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
15 |  * Lesser General Public License for more details.
16 |  *
17 |  * You should have received a copy of the GNU Lesser General Public
18 |  * License along with this library; if not, write to the Free Software
19 |  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
20 |  */
21 | 
22 | #ifndef _SCCONF_INTERNAL_H
23 | #define _SCCONF_INTERNAL_H
24 | 
25 | #ifdef __cplusplus
26 | extern "C" {
27 | #endif
28 | 
29 | #define TOKEN_TYPE_COMMENT	0
30 | #define TOKEN_TYPE_NEWLINE	1
31 | #define TOKEN_TYPE_STRING	2
32 | #define TOKEN_TYPE_PUNCT	3
33 | 
34 | typedef struct _scconf_parser {
35 | 	scconf_context *config;
36 | 
37 | 	scconf_block *block;
38 | 	scconf_item *last_item, *current_item;
39 | 
40 | 	char *key;
41 | 	scconf_list *name;
42 | 
43 | 	int state;
44 | 	int last_token_type;
45 | 	int line;
46 | 
47 | 	unsigned int error:1;
48 | 	unsigned int warnings:1;
49 | 	char emesg[256];
50 | } scconf_parser;
51 | 
52 | extern int scconf_lex_parse(scconf_parser * parser, const char *filename);
53 | extern int scconf_lex_parse_string(scconf_parser * parser,
54 | 				   const char *config_string);
55 | extern void scconf_parse_token(scconf_parser * parser, int token_type, const char *token);
56 | 
57 | #ifdef __cplusplus
58 | }
59 | #endif
60 | #endif
61 | 


--------------------------------------------------------------------------------
/src/scconf/lex-parse.l:
--------------------------------------------------------------------------------
 1 | %{
 2 | /*
 3 |  * $Id$
 4 |  *
 5 |  * Copyright (C) 2002
 6 |  *  Antti Tapaninen <aet@cc.hut.fi>
 7 |  *
 8 |  * This library is free software; you can redistribute it and/or
 9 |  * modify it under the terms of the GNU Lesser General Public
10 |  * License as published by the Free Software Foundation; either
11 |  * version 2.1 of the License, or (at your option) any later version.
12 |  *
13 |  * This library is distributed in the hope that it will be useful,
14 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
16 |  * Lesser General Public License for more details.
17 |  *
18 |  * You should have received a copy of the GNU Lesser General Public
19 |  * License along with this library; if not, write to the Free Software
20 |  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
21 |  */
22 | 
23 | #ifdef HAVE_CONFIG_H
24 | #include <config.h>
25 | #endif
26 | #include <stdio.h>
27 | #include "scconf.h"
28 | #include "internal.h"
29 | 
30 | static scconf_parser *parser;
31 | 
32 | %}
33 | 
34 | %option noyywrap
35 | %option nounput
36 | 
37 | %%
38 | 
39 | "#"[^\r\n]*	scconf_parse_token(parser, TOKEN_TYPE_COMMENT, yytext);
40 | 
41 | \n		scconf_parse_token(parser, TOKEN_TYPE_NEWLINE, NULL);
42 | 
43 | [ \t\r]+	/* eat up whitespace */
44 | 
45 | [,{}=;]		scconf_parse_token(parser, TOKEN_TYPE_PUNCT, yytext);
46 | 
47 | \"[^\"\n\r]*\r*[\"\n] scconf_parse_token(parser, TOKEN_TYPE_STRING, yytext);
48 | 
49 | [^;, \t\r\n]+  	scconf_parse_token(parser, TOKEN_TYPE_STRING, yytext);
50 | 
51 | %%
52 | 
53 | #ifndef YY_CURRENT_BUFFER_LVALUE
54 | # define YY_CURRENT_BUFFER_LVALUE	yy_current_buffer
55 | #endif
56 | 
57 | static void do_lex(scconf_parser *p)
58 | {
59 | 	parser = p;
60 | 
61 | 	yylex();
62 | 
63 | #if 1
64 | 	/* For non-reentrant C scanner only. */
65 | 	if (YY_CURRENT_BUFFER) {
66 | 		yy_delete_buffer(YY_CURRENT_BUFFER);
67 | 		YY_CURRENT_BUFFER_LVALUE = NULL;
68 | 		yy_init = 1;
69 | 		yy_start = 0;
70 | 	}
71 | #endif
72 | }
73 | 
74 | int scconf_lex_parse(scconf_parser *p, const char *filename)
75 | {
76 | 	yyin = fopen(filename, "r");
77 | 	if (yyin == NULL)
78 | 		return 0;
79 | 
80 | 	do_lex(p);
81 | 
82 | 	fclose(yyin);
83 | 	yyin = NULL;
84 | 	return 1;
85 | }
86 | 
87 | int scconf_lex_parse_string(scconf_parser *p, const char *conf_string)
88 | {
89 | 	yy_scan_string(conf_string);
90 | 	do_lex(p);
91 | 	return 1;
92 | }
93 | 


--------------------------------------------------------------------------------
/src/scconf/sclex.c:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * $Id$
  3 |  *
  4 |  * Copyright (C) 2003
  5 |  *  Jamie Honan <jhonan@optusnet.com.au>
  6 |  *
  7 |  * This library is free software; you can redistribute it and/or
  8 |  * modify it under the terms of the GNU Lesser General Public
  9 |  * License as published by the Free Software Foundation; either
 10 |  * version 2.1 of the License, or (at your option) any later version.
 11 |  *
 12 |  * This library is distributed in the hope that it will be useful,
 13 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 14 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 15 |  * Lesser General Public License for more details.
 16 |  *
 17 |  * You should have received a copy of the GNU Lesser General Public
 18 |  * License along with this library; if not, write to the Free Software
 19 |  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 20 |  */
 21 | 
 22 | #ifdef HAVE_CONFIG_H
 23 | #include <config.h>
 24 | #endif
 25 | #include <stdio.h>
 26 | #include <stdlib.h>
 27 | #include <string.h>
 28 | #ifdef HAVE_STRINGS_H
 29 | #include <strings.h>
 30 | #endif
 31 | #include "scconf.h"
 32 | #include "internal.h"
 33 | 
 34 | typedef struct {
 35 | 	char *buf;
 36 | 	size_t bufmax;
 37 | 	size_t bufcur;
 38 | 	int saved_char;
 39 | 	const char *saved_string;
 40 | 	FILE *fp;
 41 | } BUFHAN;
 42 | 
 43 | static void buf_init(BUFHAN * bp, FILE * fp, const char *saved_string)
 44 | {
 45 | 	bp->fp = fp;
 46 | 	bp->saved_char = 0;
 47 | 	bp->buf = (char *) malloc(256);
 48 | 	bp->bufmax = 256;
 49 | 	bp->bufcur = 0;
 50 | 	bp->buf[0] = '\0';
 51 | 	bp->saved_string = saved_string;
 52 | }
 53 | 
 54 | static void buf_addch(BUFHAN * bp, char ch)
 55 | {
 56 | 	if (bp->bufcur >= bp->bufmax) {
 57 | 		bp->bufmax += 256;
 58 | 		bp->buf = (char *) realloc(bp->buf, bp->bufmax);
 59 | 	}
 60 | #if 0
 61 | 	printf("pushback %c\n", ch);
 62 | #endif
 63 | 	bp->buf[bp->bufcur++] = ch;
 64 | 	bp->buf[bp->bufcur] = '\0';
 65 | }
 66 | 
 67 | static int buf_nextch(BUFHAN * bp)
 68 | {
 69 | 	int saved;
 70 | 
 71 | 	if (bp->saved_char) {
 72 | 		saved = bp->saved_char;
 73 | 		bp->saved_char = 0;
 74 | 		return saved;
 75 | 	}
 76 | 	if (bp->saved_string) {
 77 | 		if (*(bp->saved_string) == '\0')
 78 | 			return EOF;
 79 | 		saved = (unsigned char) (*(bp->saved_string++));
 80 | 		return saved;
 81 | 	} else {
 82 | 		saved = fgetc(bp->fp);
 83 | 		return saved;
 84 | 	}
 85 | }
 86 | 
 87 | static void buf_finished(BUFHAN * bp)
 88 | {
 89 | 	if (bp->buf) {
 90 | 		free(bp->buf);
 91 | 		bp->buf = NULL;
 92 | 	}
 93 | }
 94 | 
 95 | static void buf_eat_till(BUFHAN * bp, char start, const char *end)
 96 | {
 97 | 	int i;
 98 | 
 99 | 	if (start) {
100 | 		buf_addch(bp, start);
101 | 	}
102 | 	while (1) {
103 | 		i = buf_nextch(bp);
104 | 		if (i == EOF)
105 | 			return;
106 | 		if (strchr(end, i)) {
107 | 			bp->saved_char = i;
108 | 			return;
109 | 		}
110 | 		buf_addch(bp, (char) i);
111 | 	}
112 | }
113 | 
114 | static void buf_zero(BUFHAN * bp)
115 | {
116 | 	bp->bufcur = 0;
117 | 	bp->buf[0] = '\0';
118 | }
119 | 
120 | static int scconf_lex_engine(scconf_parser * parser, BUFHAN * bp)
121 | {
122 | 	int this_char;
123 | 
124 | 	while (1) {
125 | 		switch (this_char = buf_nextch(bp)) {
126 | 		case '#':
127 | 			/* comment till end of line */
128 | 			buf_eat_till(bp, '#', "\r\n");
129 | 			scconf_parse_token(parser, TOKEN_TYPE_COMMENT, bp->buf);
130 | 			buf_zero(bp);
131 | 			continue;
132 | 		case '\n':
133 | 			scconf_parse_token(parser, TOKEN_TYPE_NEWLINE, NULL);
134 | 			continue;
135 | 		case ' ':
136 | 		case '\t':
137 | 		case '\r':
138 | 			/* eat up whitespace */
139 | 			continue;
140 | 		case ',':
141 | 		case '{':
142 | 		case '}':
143 | 		case '=':
144 | 		case ';':
145 | 			buf_addch(bp, (char) this_char);
146 | 			scconf_parse_token(parser, TOKEN_TYPE_PUNCT, bp->buf);
147 | 			buf_zero(bp);
148 | 			continue;
149 | 		case '"':
150 | 			buf_eat_till(bp, (char) this_char, "\"\r\n");
151 | 			buf_addch(bp, (char) buf_nextch(bp));
152 | 			scconf_parse_token(parser, TOKEN_TYPE_STRING, bp->buf);
153 | 			buf_zero(bp);
154 | 			continue;
155 | 		case EOF:
156 | 			break;
157 | 		default:
158 | 			buf_eat_till(bp, (char) this_char, ";, \t\r\n");
159 | 			scconf_parse_token(parser, TOKEN_TYPE_STRING, bp->buf);
160 | 			buf_zero(bp);
161 | 			continue;
162 | 		}
163 | 		break;
164 | 	}
165 | 	buf_finished(bp);
166 | 	return 1;
167 | }
168 | 
169 | int scconf_lex_parse(scconf_parser * parser, const char *filename)
170 | {
171 | 	FILE *fp;
172 | 	BUFHAN bhan;
173 | 	int ret;
174 | 
175 | 	fp = fopen(filename, "r");
176 | 	if (!fp) {
177 | 		parser->error = 1;
178 | 		snprintf(parser->emesg, sizeof(parser->emesg),
179 | 			 "File %s can't be opened\n", filename);
180 | 		return 0;
181 | 	}
182 | 	buf_init(&bhan, fp, (char *) NULL);
183 | 	ret = scconf_lex_engine(parser, &bhan);
184 | 	fclose(fp);
185 | 	return ret;
186 | }
187 | 
188 | int scconf_lex_parse_string(scconf_parser * parser, const char *string)
189 | {
190 | 	BUFHAN bhan;
191 | 	int ret;
192 | 
193 | 	buf_init(&bhan, (FILE *) NULL, string);
194 | 	ret = scconf_lex_engine(parser, &bhan);
195 | 	return ret;
196 | }
197 | 


--------------------------------------------------------------------------------
/src/scconf/write.c:
--------------------------------------------------------------------------------
  1 | /*
  2 |  * $Id$
  3 |  *
  4 |  * Copyright (C) 2002
  5 |  *  Antti Tapaninen <aet@cc.hut.fi>
  6 |  *
  7 |  * This library is free software; you can redistribute it and/or
  8 |  * modify it under the terms of the GNU Lesser General Public
  9 |  * License as published by the Free Software Foundation; either
 10 |  * version 2.1 of the License, or (at your option) any later version.
 11 |  *
 12 |  * This library is distributed in the hope that it will be useful,
 13 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 14 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 15 |  * Lesser General Public License for more details.
 16 |  *
 17 |  * You should have received a copy of the GNU Lesser General Public
 18 |  * License along with this library; if not, write to the Free Software
 19 |  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 20 |  */
 21 | 
 22 | #ifdef HAVE_CONFIG_H
 23 | #include <config.h>
 24 | #endif
 25 | #include <stdio.h>
 26 | #include <stdlib.h>
 27 | #include <string.h>
 28 | #include <ctype.h>
 29 | #include <errno.h>
 30 | #include "scconf.h"
 31 | 
 32 | #define INDENT_CHAR	'\t'
 33 | #define INDENT_LEVEL	1
 34 | 
 35 | typedef struct {
 36 | 	FILE *f;
 37 | 
 38 | 	int indent_char;
 39 | 	int indent_pos;
 40 | 	int indent_level;
 41 | 
 42 | 	int error;
 43 | } scconf_writer;
 44 | 
 45 | static void write_line(scconf_writer * writer, const char *data)
 46 | {
 47 | 	int i;
 48 | 
 49 | 	if (writer->error) {
 50 | 		return;
 51 | 	}
 52 | 	if (!((data) == NULL || (data)[0] == '\0')) {
 53 | 		for (i = 0; i < writer->indent_pos; i++) {
 54 | 			fputc(writer->indent_char, writer->f);
 55 | 		}
 56 | 		fputs(data, writer->f);
 57 | 	}
 58 | 	if (fputc('\n', writer->f) == EOF) {
 59 | 		writer->error = errno;
 60 | 	}
 61 | }
 62 | 
 63 | static int string_need_quotes(const char *str)
 64 | {
 65 | 	/* quote only if there's any non-normal characters */
 66 | 	while (*str != '\0') {
 67 | 		if (!isalnum((int) ((unsigned char) *str)) && *str != '!' &&
 68 | 		    *str != '.' && *str != '/') {
 69 | 			return 1;
 70 | 		}
 71 | 		str++;
 72 | 	}
 73 | 	return 0;
 74 | }
 75 | 
 76 | static char *scconf_list_get_string(scconf_list * list)
 77 | {
 78 | 	char *buffer = NULL, *tmp;
 79 | 	int datalen, len, alloc_len, quote;
 80 | 
 81 | 	if (!list) {
 82 | 		return strdup("");
 83 | 	}
 84 | 	len = 0;
 85 | 	alloc_len = 1024;
 86 | 	buffer = (char *) realloc(buffer, alloc_len);
 87 | 	if (!buffer) {
 88 | 		return strdup("");
 89 | 	}
 90 | 	memset(buffer, 0, alloc_len);
 91 | 	while (list) {
 92 | 		datalen = strlen(list->data);
 93 | 		if (len + datalen + 4 > alloc_len) {
 94 | 			alloc_len += datalen + 2;
 95 | 			tmp = (char *) realloc(buffer, alloc_len);
 96 | 			if (!tmp) {
 97 | 				free(buffer);
 98 | 				return strdup("");
 99 | 			}
100 | 			buffer = tmp;
101 | 		}
102 | 		if (len != 0) {
103 | 			memcpy(buffer + len, ", ", 2);
104 | 			len += 2;
105 | 		}
106 | 		quote = string_need_quotes(list->data);
107 | 		if (quote) {
108 | 			buffer[len++] = '"';
109 | 		}
110 | 		memcpy(buffer + len, list->data, datalen);
111 | 		len += datalen;
112 | 		if (quote) {
113 | 			buffer[len++] = '"';
114 | 		}
115 | 		list = list->next;
116 | 	}
117 | 	buffer[len] = '\0';
118 | 	return buffer;
119 | }
120 | 
121 | static void scconf_write_items(scconf_writer * writer, const scconf_block * block)
122 | {
123 | 	scconf_block *subblock;
124 | 	scconf_item *item;
125 | 	char *data = NULL, *name = NULL;
126 | 	size_t datalen;
127 | 
128 | 	for (item = block->items; item; item = item->next) {
129 | 		switch (item->type) {
130 | 		case SCCONF_ITEM_TYPE_COMMENT:
131 | 			write_line(writer, item->value.comment);
132 | 			break;
133 | 		case SCCONF_ITEM_TYPE_BLOCK:
134 | 			subblock = item->value.block;
135 | 
136 | 			if (!subblock) {
137 | 				fprintf(stderr, "scconf_write_items: Skipping invalid block!\n");
138 | 				continue;
139 | 			}
140 | 
141 | 			/* header */
142 | 			name = scconf_list_get_string(subblock->name);
143 | 			datalen = strlen(item->key) + strlen(name) + 6;
144 | 			data = (char *) malloc(datalen);
145 | 			if (!data) {
146 | 				free(name);
147 | 				continue;
148 | 			}
149 | 			snprintf(data, datalen, "%s %s {", item->key, name);
150 | 			write_line(writer, data);
151 | 			free(data);
152 | 			free(name);
153 | 
154 | 			/* items */
155 | 			writer->indent_pos += writer->indent_level;
156 | 			scconf_write_items(writer, subblock);
157 | 			writer->indent_pos -= writer->indent_level;
158 | 
159 | 			/* footer */
160 | 			write_line(writer, "}");
161 | 			break;
162 | 		case SCCONF_ITEM_TYPE_VALUE:
163 | 			name = scconf_list_get_string(item->value.list);
164 | 			datalen = strlen(item->key) + strlen(name) + 6;
165 | 			data = (char *) malloc(datalen);
166 | 			if (!data) {
167 | 				free(name);
168 | 				continue;
169 | 			}
170 | 			snprintf(data, datalen, "%s = %s;", item->key, name);
171 | 			write_line(writer, data);
172 | 			free(data);
173 | 			free(name);
174 | 			break;
175 | 		}
176 | 	}
177 | }
178 | 
179 | int scconf_write(scconf_context * config, const char *filename)
180 | {
181 | 	scconf_writer writer;
182 | 
183 | 	if (!filename) {
184 | 		filename = config->filename;
185 | 	}
186 | 	writer.f = fopen(filename, "w");
187 | 	if (!writer.f) {
188 | 		return errno;
189 | 	}
190 | 	writer.indent_char = INDENT_CHAR;
191 | 	writer.indent_pos = 0;
192 | 	writer.indent_level = INDENT_LEVEL;
193 | 	writer.error = 0;
194 | 	scconf_write_items(&writer, config->root);
195 | 	fclose(writer.f);
196 | 	return writer.error;
197 | }
198 | 


--------------------------------------------------------------------------------
/src/tools/Makefile.am:
--------------------------------------------------------------------------------
 1 | # Process this file with automake to create Makefile.in
 2 | 
 3 | MAINTAINERCLEANFILES = Makefile.in
 4 | 
 5 | AM_CFLAGS = $(PCSC_CFLAGS) $(CRYPTO_CFLAGS)
 6 | AM_LDFLAGS = $(PCSC_LIBS)
 7 | 
 8 | if HAVE_PCSC
 9 | bin_PROGRAMS = card_eventmgr pkcs11_eventmgr pklogin_finder pkcs11_inspect pkcs11_listcerts pkcs11_setup
10 | card_eventmgr_SOURCES = card_eventmgr.c daemon.c
11 | card_eventmgr_LDADD = ../scconf/libscconf.la ../common/libcommon.la
12 | else
13 | bin_PROGRAMS = pkcs11_eventmgr pklogin_finder pkcs11_inspect pkcs11_listcerts pkcs11_setup
14 | endif
15 | 
16 | pklogin_finder_SOURCES = pklogin_finder.c
17 | pklogin_finder_LDADD = ../pam_pkcs11/libfinder.la ../mappers/libmappers.la
18 | 
19 | pkcs11_listcerts_SOURCES = pkcs11_listcerts.c
20 | pkcs11_listcerts_LDADD = ../pam_pkcs11/libfinder.la ../scconf/libscconf.la ../common/libcommon.la $(OPENSSL_LIBS)
21 | 
22 | pkcs11_eventmgr_SOURCES = pkcs11_eventmgr.c daemon.c
23 | pkcs11_eventmgr_LDADD = ../scconf/libscconf.la ../common/libcommon.la $(CRYPTO_LIBS)
24 | 
25 | pkcs11_inspect_SOURCES = pkcs11_inspect.c
26 | pkcs11_inspect_LDADD = ../pam_pkcs11/libfinder.la ../mappers/libmappers.la
27 | 
28 | pkcs11_setup_SOURCES = pkcs11_setup.c
29 | pkcs11_setup_LDADD = ../scconf/libscconf.la ../common/libcommon.la
30 | 


--------------------------------------------------------------------------------
/src/tools/daemon.c:
--------------------------------------------------------------------------------
 1 | /*	$OpenBSD: daemon.c,v 1.6 2005/08/08 08:05:33 espie Exp $ */
 2 | /*-
 3 |  * Copyright (c) 1990, 1993
 4 |  *	The Regents of the University of California.  All rights reserved.
 5 |  *
 6 |  * Redistribution and use in source and binary forms, with or without
 7 |  * modification, are permitted provided that the following conditions
 8 |  * are met:
 9 |  * 1. Redistributions of source code must retain the above copyright
10 |  *    notice, this list of conditions and the following disclaimer.
11 |  * 2. Redistributions in binary form must reproduce the above copyright
12 |  *    notice, this list of conditions and the following disclaimer in the
13 |  *    documentation and/or other materials provided with the distribution.
14 |  * 3. Neither the name of the University nor the names of its contributors
15 |  *    may be used to endorse or promote products derived from this software
16 |  *    without specific prior written permission.
17 |  *
18 |  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
19 |  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 |  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 |  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
22 |  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 |  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 |  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 |  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26 |  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27 |  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28 |  * SUCH DAMAGE.
29 |  */
30 | 
31 | /* OPENBSD ORIGINAL: lib/libc/gen/daemon.c */
32 | 
33 | #include "config.h"
34 | 
35 | #ifndef HAVE_DAEMON
36 | 
37 | #include <sys/types.h>
38 | 
39 | #ifdef HAVE_SYS_STAT_H
40 | # include <sys/stat.h>
41 | #endif
42 | 
43 | #ifdef HAVE_FCNTL_H
44 | # include <fcntl.h>
45 | #endif
46 | 
47 | #ifdef HAVE_UNISTD_H
48 | # include <unistd.h>
49 | #endif
50 | 
51 | #ifndef _PATH_DEVNULL
52 | # define _PATH_DEVNULL "/dev/null"
53 | #endif
54 | 
55 | int
56 | daemon(int nochdir, int noclose)
57 | {
58 | 	int fd;
59 | 
60 | 	switch (fork()) {
61 | 	case -1:
62 | 		return (-1);
63 | 	case 0:
64 | 		break;
65 | 	default:
66 | 		_exit(0);
67 | 	}
68 | 
69 | 	if (setsid() == -1)
70 | 		return (-1);
71 | 
72 | 	if (!nochdir)
73 | 		(void)chdir("/");
74 | 
75 | 	if (!noclose && (fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {
76 | 		(void)dup2(fd, STDIN_FILENO);
77 | 		(void)dup2(fd, STDOUT_FILENO);
78 | 		(void)dup2(fd, STDERR_FILENO);
79 | 		if (fd > 2)
80 | 			(void)close (fd);
81 | 	}
82 | 	return (0);
83 | }
84 | 
85 | #endif /* !HAVE_DAEMON */
86 | 
87 | 


--------------------------------------------------------------------------------
/tools/Makefile.am:
--------------------------------------------------------------------------------
1 | # $Id$
2 | 
3 | MAINTAINERCLEANFILES = Makefile.in
4 | 
5 | bin_SCRIPTS = pkcs11_make_hash_link
6 | 
7 | EXTRA_DIST = $(bin_SCRIPTS)
8 | 
9 | 


--------------------------------------------------------------------------------
/tools/pkcs11_make_hash_link:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | #
 3 | # Shell-Script which creates a symbolic hash-link for each CA certificate
 4 | # and each CRL in the given directory.
 5 | # Copyright (C) 2003 Mario Strasser <mast@gmx.net>
 6 | #
 7 | # This program is free software; you can redistribute it and/or modify it
 8 | # under the terms of the GNU General Public License as published by the
 9 | # Free Software Foundation; either version 2 of the License, or (at your
10 | # option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
11 | #
12 | # This program is distributed in the hope that it will be useful, but
13 | # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 | # or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
15 | # for more details.
16 | #
17 | # $Id$
18 | #
19 | 
20 | OPENSSL="openssl"
21 | 
22 | # function to create the hash link
23 | function mk_link()
24 | {
25 |   nr=0
26 |   while [ -e $hash$nr ]; do
27 |     if [ $file -ef $hash$nr ] || [ -h $file ]; then
28 |       break;
29 |     fi
30 |     nr=`expr $nr + 1`
31 |   done
32 |   if [ ! $file -ef $hash$nr ] && [ ! -h $file ]; then
33 |     ln -s $file $hash$nr
34 |   fi
35 | }
36 | 
37 | # change to the target directory
38 | if [ $1 ]; then
39 |   if [ -d $1 ]; then
40 |     cd $1
41 |   else
42 |     echo "Error: $1 is not a valid directory!"
43 |     exit -1
44 |   fi
45 | fi
46 | # test the presence of openssl
47 | if [ -z "`$OPENSSL version 2> /dev/null`" ]
48 | then
49 | 	echo "$OPENSSL not found! install openssl first"
50 | 	exit -1
51 | fi
52 | # process all files
53 | 
54 | (
55 |   IFS=$'\n'
56 | 
57 |   for file in *; do
58 |     hash=`$OPENSSL x509 -inform pem -in $file -noout -hash 2> /dev/null`
59 |     if [ ! -z "$hash" ]; then
60 |       is_ca=`$OPENSSL x509 -inform pem -in $file -noout -text | grep 'CA:TRUE'`
61 |       if [ ! -z "$is_ca" ]; then
62 |         hash=$hash.
63 |         mk_link
64 |       fi
65 |       continue
66 |     fi
67 |     hash=`$OPENSSL x509 -inform der -in $file -noout -hash 2> /dev/null`
68 |     if [ ! -z "$hash" ]; then
69 |       is_ca=`$OPENSSL x509 -inform der -in $file -noout -text | grep 'CA:TRUE'`
70 |       if [ ! -z "$is_ca" ]; then
71 |         hash=$hash.
72 |         mk_link
73 |       fi
74 |       continue
75 |     fi
76 |     hash=`$OPENSSL crl -inform pem -in $file -noout -hash 2> /dev/null`
77 |     if [ ! -z "$hash" ]; then
78 |       hash=$hash.r
79 |       mk_link
80 |       continue
81 |     fi
82 |     hash=`$OPENSSL crl -inform der -in $file -noout -hash 2> /dev/null`
83 |     if [ ! -z "$hash" ]; then
84 |       hash=$hash.r
85 |       mk_link
86 |       continue
87 |     fi
88 | 
89 |     # nothing can be done with the file
90 |     echo "we got a problem with: $file"
91 |   done
92 | )
93 | 
94 | exit 0
95 | 


--------------------------------------------------------------------------------