├── src ├── README ├── util │ ├── configure-stamp.in │ ├── util-local.h │ ├── defs.h.in │ ├── filenames.h │ ├── membuf.h │ ├── Makefile.am │ ├── convert.c │ ├── filenames.c │ ├── simplelog.h │ ├── util.h │ ├── membuf.c │ ├── support.h │ └── simpleparse.h ├── scd │ ├── README │ ├── Makefile.am │ ├── scd.h │ └── ChangeLog ├── assuan │ ├── README │ ├── ChangeLog │ ├── isascii.c │ ├── putc_unlocked.c │ ├── memrchr.c │ ├── stpcpy.c │ ├── Makefile.am │ ├── funopen.c │ ├── assuan-connect.c │ ├── libassuan-config.in │ ├── assuan-listen.c │ ├── assuan-util.c │ ├── assuan-io-pth.c │ ├── assuan-pipe-server.c │ ├── assuan-socket-connect.c │ └── assuan-socket-server.c ├── Makefile.am ├── pam │ ├── auth-method-localdb │ │ ├── defs-localdb.h │ │ ├── key-lookup.h │ │ ├── Makefile.am │ │ ├── usersdb.h │ │ ├── ChangeLog │ │ └── key-lookup.c │ ├── auth-support │ │ ├── wait-for-card.h │ │ ├── Makefile.am │ │ ├── getpin-cb.h │ │ ├── conv.h │ │ ├── wait-for-card.c │ │ ├── ChangeLog │ │ ├── ctx.h │ │ └── conv.c │ ├── auth-method-x509 │ │ ├── Makefile.am │ │ ├── dirmngr.h │ │ └── ChangeLog │ ├── Makefile.am │ └── auth-methods.h ├── ChangeLog └── poldi.h ├── am ├── Makefile.am ├── ChangeLog └── cmacros.am ├── EXPERIMENTAL ├── po ├── LINGUAS ├── quot.sed ├── boldquot.sed ├── remove-potcdate.sin ├── insert-header.sin ├── ChangeLog ├── POTFILES.in ├── en@quot.header ├── en@boldquot.header ├── Makevars ├── Rules-quot └── poldi.pot ├── BUGS ├── m4 ├── Makefile.am ├── ChangeLog ├── nls.m4 ├── progtest.m4 ├── lib-ld.m4 ├── ksba.m4 └── libassuan.m4 ├── README ├── THANKS ├── conf ├── scdaemon.conf.skel ├── poldi.conf.skel ├── README.keys ├── users.skel ├── ChangeLog └── Makefile.am ├── .gitignore ├── AUTHORS ├── tools ├── Makefile.am └── set-login-with-default-pin.sh ├── doc ├── Makefile.am ├── ChangeLog └── mdate-sh ├── tests ├── ChangeLog ├── README ├── Makefile.am ├── parse-test.c └── pam-test.c ├── Makefile.am ├── TODO ├── MIGRATION ├── NEWS ├── acinclude.m4 └── autogen.sh /src/README: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /am/Makefile.am: -------------------------------------------------------------------------------- 1 | EXTRA_DIST = cmacros.am 2 | -------------------------------------------------------------------------------- /EXPERIMENTAL: -------------------------------------------------------------------------------- 1 | Poldi is still marked as experimental. 2 | -------------------------------------------------------------------------------- /po/LINGUAS: -------------------------------------------------------------------------------- 1 | # Set of available languages. 2 | 3 | de 4 | -------------------------------------------------------------------------------- /BUGS: -------------------------------------------------------------------------------- 1 | -*- outline -*- 2 | -------------------------------------------------------------------------------- /src/util/configure-stamp.in: -------------------------------------------------------------------------------- 1 | /* configure-stamp, only used for dependency tracking. */ 2 | -------------------------------------------------------------------------------- /m4/Makefile.am: -------------------------------------------------------------------------------- 1 | EXTRA_DIST = iconv.m4 lib-ld.m4 lib-link.m4 lib-prefix.m4 nls.m4 po.m4 progtest.m4 libassuan.m4 2 | -------------------------------------------------------------------------------- /README: -------------------------------------------------------------------------------- 1 | This is Poldi, a PAM module implementing authentication via OpenPGP 2 | smartcards. See the Texinfo manual for more information. 3 | -------------------------------------------------------------------------------- /src/scd/README: -------------------------------------------------------------------------------- 1 | This directory contains a basic scdaemon access layer. Contains only 2 | the features required by Poldi. Depends on simplelog. 3 | -------------------------------------------------------------------------------- /po/quot.sed: -------------------------------------------------------------------------------- 1 | s/"\([^"]*\)"/“\1”/g 2 | s/`\([^`']*\)'/‘\1’/g 3 | s/ '\([^`']*\)' / ‘\1’ /g 4 | s/ '\([^`']*\)'$/ ‘\1’/g 5 | s/^'\([^`']*\)' /‘\1’ /g 6 | s/“”/""/g 7 | -------------------------------------------------------------------------------- /am/ChangeLog: -------------------------------------------------------------------------------- 1 | 2008-08-03 Moritz 2 | 3 | * cmacros.am: Added LOCALEDIR defintion. 4 | 5 | 2007-06-30 Moritz 6 | 7 | * Makefile.am, cmacros.am: New files. 8 | -------------------------------------------------------------------------------- /src/assuan/README: -------------------------------------------------------------------------------- 1 | This directory contains a copy of libassuan. The only Poldi-related 2 | changes are encapsulated in assuan.h and Makefile.am. The latter is a 3 | basically a stripped version of the original file. 4 | -------------------------------------------------------------------------------- /am/cmacros.am: -------------------------------------------------------------------------------- 1 | AM_CPPFLAGS += -DGNUPG_BINDIR="\"$(bindir)\"" \ 2 | -DGNUPG_LIBEXECDIR="\"$(libexecdir)\"" 3 | datadir = @datadir@ 4 | localedir = $(datadir)/locale 5 | DEFS = -DLOCALEDIR=\"$(localedir)\" @DEFS@ 6 | -------------------------------------------------------------------------------- /THANKS: -------------------------------------------------------------------------------- 1 | I'd like to thank the following people for valuable suggestions, 2 | patches or testing: 3 | 4 | Alessandro Rubini 5 | Joachim Breitner 6 | Stefano Maffulli 7 | Gordian Klein 8 | Peter Lewis 9 | Lionel Elie Mamane 10 | -------------------------------------------------------------------------------- /po/boldquot.sed: -------------------------------------------------------------------------------- 1 | s/"\([^"]*\)"/“\1”/g 2 | s/`\([^`']*\)'/‘\1’/g 3 | s/ '\([^`']*\)' / ‘\1’ /g 4 | s/ '\([^`']*\)'$/ ‘\1’/g 5 | s/^'\([^`']*\)' /‘\1’ /g 6 | s/“”/""/g 7 | s/“/“/g 8 | s/”/”/g 9 | s/‘/‘/g 10 | s/’/’/g 11 | -------------------------------------------------------------------------------- /src/util/util-local.h: -------------------------------------------------------------------------------- 1 | /* This "util" library is supposed to be easy to integrate in other 2 | projects. This file is supposed to contain "project-specific" code, 3 | which is to be included by every util source file. */ 4 | #include 5 | -------------------------------------------------------------------------------- /conf/scdaemon.conf.skel: -------------------------------------------------------------------------------- 1 | # 2 | # Disable internal CCID driver (but always use PC/SC driver) 3 | # disable-ccid 4 | # 5 | # Useful options to debug: 6 | # 7 | # debug-level guru 8 | # debug-all 9 | # log-file /tmp/scd.log 10 | # debug-ccid-driver 11 | # 12 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | Makefile.in 2 | aclocal.m4 3 | compile 4 | config.guess 5 | config.sub 6 | depcomp 7 | install-sh 8 | missing 9 | autom4te.cache/ 10 | configure 11 | config.h.in 12 | doc/poldi.info* 13 | doc/stamp-vti 14 | doc/version.texi 15 | po/*.gmo 16 | po/stamp-po -------------------------------------------------------------------------------- /AUTHORS: -------------------------------------------------------------------------------- 1 | Program: Poldi 2 | Homepage: http://www.g10code.com/p-poldi.html 3 | Maintainer: Moritz Schulte 4 | Bug reports: http://bugs.gnupg.org 5 | Security related bug reports: 6 | License: GPLv3+ 7 | 8 | 9 | * Moritz Schulte 10 | -------------------------------------------------------------------------------- /src/assuan/ChangeLog: -------------------------------------------------------------------------------- 1 | 2008-11-22 Moritz 2 | 3 | * Makefile.am: Updated libassuan copy. 4 | 5 | 2008-06-14 Moritz 6 | 7 | * Makefile.am: Added mkerrors file to EXTRA_DIST. 8 | 9 | 2008-05-03 Moritz 10 | 11 | * assuan.h: Adjusted definitions for Poldi. 12 | -------------------------------------------------------------------------------- /conf/poldi.conf.skel: -------------------------------------------------------------------------------- 1 | # This is the main configuration file of Poldi. 2 | 3 | # Specify authentication method: 4 | # (supported methods: localdb, x509) 5 | auth-method localdb 6 | 7 | # Specify the log file: 8 | log-file /var/log/poldi 9 | 10 | # Enable debugging messages 11 | debug 12 | 13 | # Specify SCDaemon executable 14 | scdaemon-program /usr/lib/gnupg2/scdaemon 15 | -------------------------------------------------------------------------------- /po/remove-potcdate.sin: -------------------------------------------------------------------------------- 1 | # Sed script that remove the POT-Creation-Date line in the header entry 2 | # from a POT file. 3 | # 4 | # The distinction between the first and the following occurrences of the 5 | # pattern is achieved by looking at the hold space. 6 | /^"POT-Creation-Date: .*"$/{ 7 | x 8 | # Test if the hold space is empty. 9 | s/P/P/ 10 | ta 11 | # Yes it was empty. First occurrence. Remove the line. 12 | g 13 | d 14 | bb 15 | :a 16 | # The hold space was nonempty. Following occurrences. Do nothing. 17 | x 18 | :b 19 | } 20 | -------------------------------------------------------------------------------- /src/scd/Makefile.am: -------------------------------------------------------------------------------- 1 | AM_CPPFLAGS = 2 | include $(top_srcdir)/am/cmacros.am 3 | 4 | noinst_LIBRARIES = libscd.a libscd_shared.a 5 | 6 | EXTRA_DIST = README 7 | 8 | scd_CFLAGS = \ 9 | -Wall \ 10 | -I$(top_builddir) \ 11 | -I$(top_srcdir)/src \ 12 | -I$(top_srcdir)/src/assuan \ 13 | -I$(top_srcdir)/src/util \ 14 | $(GPG_ERROR_CFLAGS) \ 15 | $(LIBGCRYPT_CFLAGS) 16 | 17 | scd_SOURCES = scd.c scd.h 18 | 19 | libscd_a_SOURCES = $(scd_SOURCES) 20 | libscd_a_CFLAGS = $(scd_CFLAGS) 21 | libscd_shared_a_SOURCES = $(scd_SOURCES) 22 | libscd_shared_a_CFLAGS = -fPIC $(scd_CFLAGS) 23 | -------------------------------------------------------------------------------- /m4/ChangeLog: -------------------------------------------------------------------------------- 1 | 2008-08-03 gettextize 2 | 3 | * iconv.m4: New file, from gettext-0.17. 4 | * lib-ld.m4: New file, from gettext-0.17. 5 | * lib-link.m4: New file, from gettext-0.17. 6 | * lib-prefix.m4: New file, from gettext-0.17. 7 | * nls.m4: New file, from gettext-0.17. 8 | * po.m4: New file, from gettext-0.17. 9 | * progtest.m4: New file, from gettext-0.17. 10 | * Makefile.am (EXTRA_DIST): Add the new files. 11 | 12 | 2008-07-25 Moritz 13 | 14 | * gettext.m4: New file. 15 | 16 | 2007-10-28 Moritz 17 | 18 | * gpg-error.m4: New. 19 | * libgcrypt.m4: New. 20 | * ksba.m4: New. 21 | -------------------------------------------------------------------------------- /conf/README.keys: -------------------------------------------------------------------------------- 1 | (extracted from the Poldi Manual) 2 | 3 | This directory contains the "key database" for Poldis "local database" 4 | authentication method. When Poldi needs the key belonging to a given 5 | smartcard serial number, it looks up a file in this directory whose 6 | name is exactly the serial number. 7 | 8 | Usually only the system administrator is able to modify this directory 9 | and thus establish the mapping between smartcards and keys. But it 10 | might make sense for the administrator to make a file in this 11 | directory writable for a ordinary user as well, since this would allow 12 | that user to update his smartcard's key and adjust the mapping himself 13 | without bothering the admin. 14 | -------------------------------------------------------------------------------- /conf/users.skel: -------------------------------------------------------------------------------- 1 | # This is the database used by Poldis "local database" authentication 2 | # method. Syntax of this file is: 3 | # 4 | # This file consists of entries - one entry per line. 5 | # Entries are of the form: "\n" 6 | # (without quotation marks and without angle brackets. Allowed 7 | # whitespaces are spaces and tabs. is the serial number 8 | # of an OpenPGP smartcard. It can be obtained by "gpg --card-status" 9 | # command as ``Application ID''. is a valid username on 10 | # the system. Comments are opened with "#" and terminated by a newline. 11 | # 12 | # So, a valid entry would look like: 13 | # "D2760001240101010001000006550000 moritz" 14 | -------------------------------------------------------------------------------- /po/insert-header.sin: -------------------------------------------------------------------------------- 1 | # Sed script that inserts the file called HEADER before the header entry. 2 | # 3 | # At each occurrence of a line starting with "msgid ", we execute the following 4 | # commands. At the first occurrence, insert the file. At the following 5 | # occurrences, do nothing. The distinction between the first and the following 6 | # occurrences is achieved by looking at the hold space. 7 | /^msgid /{ 8 | x 9 | # Test if the hold space is empty. 10 | s/m/m/ 11 | ta 12 | # Yes it was empty. First occurrence. Read the file. 13 | r HEADER 14 | # Output the file's contents by reading the next line. But don't lose the 15 | # current line while doing this. 16 | g 17 | N 18 | bb 19 | :a 20 | # The hold space was nonempty. Following occurrences. Do nothing. 21 | x 22 | :b 23 | } 24 | -------------------------------------------------------------------------------- /tools/Makefile.am: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2008 g10 Code GmbH 2 | # 3 | # This file is part of Poldi. 4 | # 5 | # Poldi is free software; you can redistribute it and/or modify it 6 | # under the terms of the GNU General Public License as published by 7 | # the Free Software Foundation; either version 2 of the License, or 8 | # (at your option) any later version. 9 | # 10 | # Poldi is distributed in the hope that it will be useful, but WITHOUT 11 | # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 12 | # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public 13 | # License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License 16 | # along with this program; if not, write to the Free Software 17 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 18 | # 02111-1307, USA 19 | 20 | EXTRA_DIST = set-login-with-default-pin.sh 21 | -------------------------------------------------------------------------------- /doc/Makefile.am: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2004 g10 Code GmbH 2 | # 3 | # This file is part of Poldi. 4 | # 5 | # Poldi is free software; you can redistribute it and/or modify it 6 | # under the terms of the GNU General Public License as published by 7 | # the Free Software Foundation; either version 2 of the License, or 8 | # (at your option) any later version. 9 | # 10 | # Poldi is distributed in the hope that it will be useful, but WITHOUT 11 | # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 12 | # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public 13 | # License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License 16 | # along with this program; if not, write to the Free Software 17 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 18 | # 02111-1307, USA 19 | 20 | info_TEXINFOS = poldi.texi 21 | EXTRA_DIST = gpl.texi 22 | -------------------------------------------------------------------------------- /po/ChangeLog: -------------------------------------------------------------------------------- 1 | 2009-08-08 Moritz 2 | 3 | * de.po: Updated translation. 4 | * LINGUAS: New file. 5 | 6 | 2008-08-08 Moritz 7 | 8 | * de.po: Improved. 9 | Minor msg fix. 10 | 11 | 2008-08-04 Moritz 12 | 13 | * POTFILES.in: Updated. 14 | 15 | 2008-08-03 Moritz 16 | 17 | * de.po: Added german translation. 18 | 19 | 2008-08-03 gettextize 20 | 21 | * Makefile.in.in: New file, from gettext-0.17. 22 | * boldquot.sed: New file, from gettext-0.17. 23 | * en@boldquot.header: New file, from gettext-0.17. 24 | * en@quot.header: New file, from gettext-0.17. 25 | * insert-header.sin: New file, from gettext-0.17. 26 | * quot.sed: New file, from gettext-0.17. 27 | * remove-potcdate.sin: New file, from gettext-0.17. 28 | * Rules-quot: New file, from gettext-0.17. 29 | * POTFILES.in: New file. 30 | 31 | -------------------------------------------------------------------------------- /conf/ChangeLog: -------------------------------------------------------------------------------- 1 | 2009-08-08 Moritz 2 | 3 | * poldi.conf.skel: Fixed log-file path. 4 | 5 | 2008-08-17 Moritz 6 | 7 | * Makefile.am: Added several missing instances of DESTDIR. Thanks 8 | to Joachim Breitner. 9 | 10 | 2008-08-07 Moritz 11 | 12 | * poldi.conf.skel: New file. 13 | * Makefile.am (install-conf-skeleton): Install poldi.conf.skel. 14 | * users.skel: Removed example entry. 15 | 16 | 2008-04-13 Moritz 17 | 18 | * README.keys: Cosmetics. 19 | 20 | 2008-04-05 Moritz 21 | 22 | * README.keys, users.skel: New files. 23 | * Makefile.am (install-conf-skeleton): use "localdb" prefix; 24 | install new files. 25 | 26 | 2005-12-11 Moritz Schulte 27 | 28 | * Makefile.am: Touch user database file. 29 | 30 | 2005-09-25 Moritz Schulte 31 | 32 | * Makefile.am: New file. 33 | -------------------------------------------------------------------------------- /src/Makefile.am: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2004, 2007, 2008 g10 Code GmbH 2 | # 3 | # This file is part of Poldi. 4 | # 5 | # Poldi is free software; you can redistribute it and/or modify it 6 | # under the terms of the GNU General Public License as published by 7 | # the Free Software Foundation; either version 2 of the License, or 8 | # (at your option) any later version. 9 | # 10 | # Poldi is distributed in the hope that it will be useful, but WITHOUT 11 | # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 12 | # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public 13 | # License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License 16 | # along with this program; if not, write to the Free Software 17 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 18 | # 02111-1307, USA 19 | 20 | SUBDIRS = assuan util scd pam 21 | 22 | EXTRA_DIST = README poldi.h 23 | -------------------------------------------------------------------------------- /tests/ChangeLog: -------------------------------------------------------------------------------- 1 | 2009-05-10 Moritz 2 | 3 | * Makefile.am (parse_test_CFLAGS): Use $(GPG_ERROR_CFLAGS). 4 | (parse_test_LDADD): Use $(GPG_ERROR_LIBS) and $(LIBGCRYPT_LIBS). 5 | 6 | 2009-02-16 Moritz 7 | 8 | * parse-test.c: Added comment. 9 | * README: Cosmetic change. 10 | * pam-test.c (print_help): Cosmetic change. 11 | (PROGRAM_VERSION): New symbol.. 12 | (print_version): use it here. 13 | 14 | 2008-11-22 Moritz 15 | 16 | * README: Improved. 17 | 18 | 2008-07-20 Moritz 19 | 20 | * parse-test.c: Adjusted to new simpleparse API. 21 | 22 | 2008-05-25 Moritz 23 | 24 | * pam-test.c: Added GPL3 header. 25 | 26 | 2007-12-15 Moritz Schulte 27 | 28 | * pam-test.c: Slightly polished, uses getopt now. 29 | 30 | 2007-12-13 Moritz Schulte 31 | 32 | * pam-test.c, Makefile.am: New files. 33 | -------------------------------------------------------------------------------- /src/assuan/isascii.c: -------------------------------------------------------------------------------- 1 | /* isascii.c - Replacement for isascii. 2 | * Copyright (C) 2002, 2005 Free Software Foundation, Inc. 3 | * 4 | * This file is part of Assuan. 5 | * 6 | * Assuan is free software; you can redistribute it and/or modify it 7 | * under the terms of the GNU Lesser General Public License as 8 | * published by the Free Software Foundation; either version 2.1 of 9 | * the License, or (at your option) any later version. 10 | * 11 | * Assuan is distributed in the hope that it will be useful, but 12 | * WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 | * Lesser General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU Lesser General Public 17 | * License along with this program; if not, see . 18 | */ 19 | 20 | #ifdef HAVE_CONFIG_H 21 | #include 22 | #endif 23 | 24 | int 25 | isascii (int c) 26 | { 27 | return (((c) & ~0x7f) == 0); 28 | } 29 | -------------------------------------------------------------------------------- /Makefile.am: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2004, 2005, 2007, 2008 g10 Code GmbH 2 | # 3 | # This file is part of Poldi. 4 | # 5 | # Poldi is free software; you can redistribute it and/or modify it 6 | # under the terms of the GNU General Public License as published by 7 | # the Free Software Foundation; either version 2 of the License, or 8 | # (at your option) any later version. 9 | # 10 | # Poldi is distributed in the hope that it will be useful, but WITHOUT 11 | # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 12 | # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public 13 | # License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License 16 | # along with this program; if not, write to the Free Software 17 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 18 | # 02111-1307, USA 19 | 20 | ACLOCAL_AMFLAGS = -I m4 21 | 22 | SUBDIRS = src doc conf am m4 tests tools po 23 | 24 | install-conf-skeleton: 25 | $(MAKE) -C conf install-conf-skeleton 26 | 27 | EXTRA_DIST = config.rpath MIGRATION EXPERIMENTAL 28 | -------------------------------------------------------------------------------- /src/assuan/putc_unlocked.c: -------------------------------------------------------------------------------- 1 | /* putc_unlocked.c - Replacement for putc_unlocked. 2 | * Copyright (C) 2002, 2005 Free Software Foundation, Inc. 3 | * 4 | * This file is part of Assuan. 5 | * 6 | * Assuan is free software; you can redistribute it and/or modify it 7 | * under the terms of the GNU Lesser General Public License as 8 | * published by the Free Software Foundation; either version 2.1 of 9 | * the License, or (at your option) any later version. 10 | * 11 | * Assuan is distributed in the hope that it will be useful, but 12 | * WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 | * Lesser General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU Lesser General Public 17 | * License along with this program; if not, see . 18 | */ 19 | 20 | #ifdef HAVE_CONFIG_H 21 | #include 22 | #endif 23 | 24 | #include 25 | 26 | int 27 | putc_unlocked (int c, FILE *stream) 28 | { 29 | return putc (c, stream); 30 | } 31 | -------------------------------------------------------------------------------- /po/POTFILES.in: -------------------------------------------------------------------------------- 1 | # List of source files which contain translatable strings. 2 | 3 | ./src/pam/auth-method-localdb/auth-localdb.c 4 | ./src/pam/auth-method-localdb/key-lookup.c 5 | ./src/pam/auth-method-localdb/key-lookup.h 6 | ./src/pam/auth-method-localdb/usersdb.c 7 | ./src/pam/auth-method-localdb/usersdb.h 8 | ./src/pam/auth-method-x509/auth-x509.c 9 | ./src/pam/auth-method-x509/dirmngr.c 10 | ./src/pam/auth-method-x509/dirmngr.h 11 | ./src/pam/auth-methods.h 12 | ./src/pam/auth-support/conv.c 13 | ./src/pam/auth-support/conv.h 14 | ./src/pam/auth-support/ctx.h 15 | ./src/pam/auth-support/getpin-cb.c 16 | ./src/pam/auth-support/getpin-cb.h 17 | ./src/pam/auth-support/wait-for-card.c 18 | ./src/pam/auth-support/wait-for-card.h 19 | ./src/pam/pam_poldi.c 20 | ./src/poldi.h 21 | ./src/scd/scd.c 22 | ./src/scd/scd.h 23 | ./src/util/convert.c 24 | ./src/util/defs.h.in 25 | ./src/util/filenames.c 26 | ./src/util/filenames.h 27 | ./src/util/membuf.c 28 | ./src/util/membuf.h 29 | ./src/util/simplelog.c 30 | ./src/util/simplelog.h 31 | ./src/util/simpleparse.c 32 | ./src/util/simpleparse.h 33 | ./src/util/support.c 34 | ./src/util/support.h 35 | ./src/util/util-local.h 36 | ./src/util/util.h 37 | -------------------------------------------------------------------------------- /tests/README: -------------------------------------------------------------------------------- 1 | README for pam-test 2 | =================== 3 | 4 | Usage: pam-test [options] 5 | Test PAM authentication. 6 | 7 | Options: 8 | -h, --help print help information 9 | -v, --version print version information 10 | -u, --username specify username for authentication 11 | 12 | Report bugs to . 13 | 14 | pam-test is a small utility suitable for testing authentication 15 | through PAM. pam-test is not Poldi specific at all; rather it's a 16 | generic tool for testing authentication through PAM. 17 | 18 | PAM authentication methods are identified by a "service name" 19 | (e.g. "su", "login", "gdm"). Testing authentication is thus only a 20 | matter of typing: 21 | 22 | $ ./pam-test SERVICENAME 23 | 24 | Testing Poldi authentication can be achieved by defining a new service 25 | name "poldi" using pam_poldi.so and then typing: 26 | 27 | $ ./pam-test poldi 28 | 29 | This is how a successful run looks like: 30 | 31 | $ ./pam-test poldi 32 | Waiting for card... 33 | Trying authentication as user `moritz'... 34 | Authentication succeeded 35 | Authenticated as user `moritz' 36 | $ 37 | 38 | Have fun. 39 | -------------------------------------------------------------------------------- /src/pam/auth-method-localdb/defs-localdb.h: -------------------------------------------------------------------------------- 1 | /* defs-localdb.h - Some definitions for the localdb authentication 2 | Copyright (C) 2008 g10 Code GmbH 3 | 4 | This file is part of Poldi. 5 | 6 | Poldi is free software; you can redistribute it and/or modify it 7 | under the terms of the GNU General Public License as published by 8 | the Free Software Foundation; either version 3 of the License, or 9 | (at your option) any later version. 10 | 11 | Poldi is distributed in the hope that it will be useful, but 12 | WITHOUT ANY WARRANTY; without even the implied warranty of 13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 | General Public License for more details. 15 | 16 | You should have received a copy of the GNU General Public License 17 | along with this program; if not, see 18 | . */ 19 | 20 | #ifndef INCLUDED_DEFS_LOCALDB_H 21 | #define INCLUDED_DEFS_LOCALDB_H 22 | 23 | #include "util/defs.h" 24 | 25 | #define POLDI_LOCALDB_DIRECTORY POLDI_CONF_DIRECTORY "/localdb" 26 | 27 | #define POLDI_USERS_DB_FILE POLDI_LOCALDB_DIRECTORY "/users" 28 | #define POLDI_KEY_DIRECTORY POLDI_LOCALDB_DIRECTORY "/keys" 29 | 30 | #endif 31 | -------------------------------------------------------------------------------- /src/util/defs.h.in: -------------------------------------------------------------------------------- 1 | /* -*- c -*- 2 | defs.h.in - Some definitions for Poldi 3 | Copyright (C) 2004, 2005, 2007, 2008 g10 Code GmbH 4 | 5 | This file is part of Poldi. 6 | 7 | Poldi is free software; you can redistribute it and/or modify it 8 | under the terms of the GNU general Public License as published by 9 | the Free Software Foundation; either version 2 of the License, or 10 | (at your option) any later version. 11 | 12 | Poldi is distributed in the hope that it will be useful, but 13 | WITHOUT ANY WARRANTY; without even the implied warranty of 14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 15 | General Public License for more details. 16 | 17 | You should have received a copy of the GNU Lesser General Public 18 | License along with this program; if not, write to the Free Software 19 | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 20 | 02111-1307, USA. */ 21 | 22 | /* General internal build-time definitions. */ 23 | #ifndef POLDI_DEFS_H 24 | #define POLDI_DEFS_H 25 | 26 | #define POLDI_CONF_DIRECTORY "@POLDI_CONF_DIRECTORY@" 27 | #define POLDI_CONF_FILE POLDI_CONF_DIRECTORY "/poldi.conf" 28 | 29 | #endif 30 | -------------------------------------------------------------------------------- /tests/Makefile.am: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2008, 2009 g10 Code GmbH 2 | # 3 | # This file is part of Poldi. 4 | # 5 | # Poldi is free software; you can redistribute it and/or modify it 6 | # under the terms of the GNU General Public License as published by 7 | # the Free Software Foundation; either version 2 of the License, or 8 | # (at your option) any later version. 9 | # 10 | # Poldi is distributed in the hope that it will be useful, but WITHOUT 11 | # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 12 | # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public 13 | # License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License 16 | # along with this program; if not, write to the Free Software 17 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 18 | # 02111-1307, USA 19 | 20 | noinst_PROGRAMS = parse-test pam-test 21 | 22 | parse_test_SOURCES = parse-test.c 23 | parse_test_CFLAGS = -Wall -I$(top_srcdir)/src/util -I$(top_srcdir)/src \ 24 | $(GPG_ERROR_CFLAGS) 25 | parse_test_LDADD = $(top_builddir)/src/util/libpoldi-util.a \ 26 | $(GPG_ERROR_LIBS) $(LIBGCRYPT_LIBS) 27 | 28 | pam_test_SOURCES = pam-test.c 29 | pam_test_CFLAGS = -Wall 30 | 31 | pam_test_LDADD = -lpam -lpam_misc 32 | -------------------------------------------------------------------------------- /src/assuan/memrchr.c: -------------------------------------------------------------------------------- 1 | /* memrchr.c - Replacement for memrchr. 2 | * Copyright (C) 2002, 2004, 2005 Free Software Foundation, Inc. 3 | * 4 | * This file is part of Assuan. 5 | * 6 | * Assuan is free software; you can redistribute it and/or modify it 7 | * under the terms of the GNU Lesser General Public License as 8 | * published by the Free Software Foundation; either version 2.1 of 9 | * the License, or (at your option) any later version. 10 | * 11 | * Assuan is distributed in the hope that it will be useful, but 12 | * WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 | * Lesser General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU Lesser General Public 17 | * License along with this program; if not, see . 18 | */ 19 | 20 | #ifdef HAVE_CONFIG_H 21 | #include 22 | #endif 23 | 24 | #include 25 | 26 | void * 27 | memrchr (const void *block, int c, size_t size) 28 | { 29 | const unsigned char *p = block; 30 | 31 | if (size) 32 | { 33 | for (p += size - 1; size; p--, size--) 34 | if (*p == c) 35 | return (void *)p; 36 | } 37 | return NULL; 38 | } 39 | 40 | -------------------------------------------------------------------------------- /src/pam/auth-method-localdb/key-lookup.h: -------------------------------------------------------------------------------- 1 | /* key-lookup.c - Lookup keys for localdb authentication 2 | Copyright (C) 2004, 2005, 2007, 2008 g10 Code GmbH 3 | 4 | This file is part of Poldi. 5 | 6 | Poldi is free software; you can redistribute it and/or modify it 7 | under the terms of the GNU General Public License as published by 8 | the Free Software Foundation; either version 3 of the License, or 9 | (at your option) any later version. 10 | 11 | Poldi is distributed in the hope that it will be useful, but 12 | WITHOUT ANY WARRANTY; without even the implied warranty of 13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 | General Public License for more details. 15 | 16 | You should have received a copy of the GNU General Public License 17 | along with this program; if not, see 18 | . */ 19 | 20 | #ifndef KEY_LOOKUP_H 21 | #define KEY_LOOKUP_H 22 | 23 | #include 24 | #include 25 | 26 | #include 27 | 28 | /* Lookup the key belonging the card specified by SERIALNO. Returns a 29 | proper error code. */ 30 | gpg_error_t key_lookup_by_serialno (poldi_ctx_t ctx, 31 | const char *serialno, gcry_sexp_t *key); 32 | 33 | #endif 34 | -------------------------------------------------------------------------------- /po/en@quot.header: -------------------------------------------------------------------------------- 1 | # All this catalog "translates" are quotation characters. 2 | # The msgids must be ASCII and therefore cannot contain real quotation 3 | # characters, only substitutes like grave accent (0x60), apostrophe (0x27) 4 | # and double quote (0x22). These substitutes look strange; see 5 | # http://www.cl.cam.ac.uk/~mgk25/ucs/quotes.html 6 | # 7 | # This catalog translates grave accent (0x60) and apostrophe (0x27) to 8 | # left single quotation mark (U+2018) and right single quotation mark (U+2019). 9 | # It also translates pairs of apostrophe (0x27) to 10 | # left single quotation mark (U+2018) and right single quotation mark (U+2019) 11 | # and pairs of quotation mark (0x22) to 12 | # left double quotation mark (U+201C) and right double quotation mark (U+201D). 13 | # 14 | # When output to an UTF-8 terminal, the quotation characters appear perfectly. 15 | # When output to an ISO-8859-1 terminal, the single quotation marks are 16 | # transliterated to apostrophes (by iconv in glibc 2.2 or newer) or to 17 | # grave/acute accent (by libiconv), and the double quotation marks are 18 | # transliterated to 0x22. 19 | # When output to an ASCII terminal, the single quotation marks are 20 | # transliterated to apostrophes, and the double quotation marks are 21 | # transliterated to 0x22. 22 | # 23 | -------------------------------------------------------------------------------- /src/pam/auth-support/wait-for-card.h: -------------------------------------------------------------------------------- 1 | /* wait-for-card.h - Waiting for smartcard insertion (Poldi) 2 | Copyright (C) 2004, 2005, 2007, 2008 g10 Code GmbH 3 | 4 | This file is part of Poldi. 5 | 6 | Poldi is free software; you can redistribute it and/or modify it 7 | under the terms of the GNU General Public License as published by 8 | the Free Software Foundation; either version 3 of the License, or 9 | (at your option) any later version. 10 | 11 | Poldi is distributed in the hope that it will be useful, but 12 | WITHOUT ANY WARRANTY; without even the implied warranty of 13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 | General Public License for more details. 15 | 16 | You should have received a copy of the GNU General Public License 17 | along with this program; if not, see 18 | . */ 19 | 20 | #ifndef WAIT_FOR_CARD_H 21 | #define WAIT_FOR_CARD_H 22 | 23 | #include 24 | 25 | #include "scd/scd.h" 26 | 27 | /* Wait for insertion of a card in slot specified by SLOT, 28 | communication with the user through the PAM conversation function 29 | CONV. 30 | 31 | Returns proper error code. */ 32 | gpg_error_t wait_for_card (scd_context_t ctx, unsigned int timeout); 33 | 34 | #endif 35 | -------------------------------------------------------------------------------- /m4/nls.m4: -------------------------------------------------------------------------------- 1 | # nls.m4 serial 3 (gettext-0.15) 2 | dnl Copyright (C) 1995-2003, 2005-2006 Free Software Foundation, Inc. 3 | dnl This file is free software; the Free Software Foundation 4 | dnl gives unlimited permission to copy and/or distribute it, 5 | dnl with or without modifications, as long as this notice is preserved. 6 | dnl 7 | dnl This file can can be used in projects which are not available under 8 | dnl the GNU General Public License or the GNU Library General Public 9 | dnl License but which still want to provide support for the GNU gettext 10 | dnl functionality. 11 | dnl Please note that the actual code of the GNU gettext library is covered 12 | dnl by the GNU Library General Public License, and the rest of the GNU 13 | dnl gettext package package is covered by the GNU General Public License. 14 | dnl They are *not* in the public domain. 15 | 16 | dnl Authors: 17 | dnl Ulrich Drepper , 1995-2000. 18 | dnl Bruno Haible , 2000-2003. 19 | 20 | AC_PREREQ(2.50) 21 | 22 | AC_DEFUN([AM_NLS], 23 | [ 24 | AC_MSG_CHECKING([whether NLS is requested]) 25 | dnl Default is enabled NLS 26 | AC_ARG_ENABLE(nls, 27 | [ --disable-nls do not use Native Language Support], 28 | USE_NLS=$enableval, USE_NLS=yes) 29 | AC_MSG_RESULT($USE_NLS) 30 | AC_SUBST(USE_NLS) 31 | ]) 32 | -------------------------------------------------------------------------------- /tools/set-login-with-default-pin.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # -*- sh -*- 3 | # set-login-with-default-bin.sh 4 | # Copyright (C) 2008 g10 Code GmbH 5 | # 6 | # This file is part of Poldi. 7 | # 8 | # Poldi is free software; you can redistribute it and/or modify it 9 | # under the terms of the GNU General Public License as published by 10 | # the Free Software Foundation; either version 3 of the License, or 11 | # (at your option) any later version. 12 | # 13 | # Poldi is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program; if not, see . 20 | 21 | program_name="set-login-with-default-pin.sh" 22 | 23 | if [ "$#" != "1" ]; then 24 | echo "Usage: ${program_name} " >&2 25 | exit 1 26 | fi 27 | 28 | logindata="$1" 29 | logindata_final=$(echo -ne "${logindata}" | sed -e 's/+/%2b/;' | sed -e 's/ /+/;') 30 | logindata_final="${logindata_final}%0a%14F=3%18" 31 | 32 | #echo "'$logindata_final'" 33 | echo "SCD SETATTR LOGIN-DATA ${logindata_final}" | gpg-connect-agent 34 | 35 | exit 0 36 | -------------------------------------------------------------------------------- /src/ChangeLog: -------------------------------------------------------------------------------- 1 | 2008-08-07 Moritz 2 | 3 | * poldi.h: Also include , not only . 4 | 5 | 2008-07-14 Moritz 6 | 7 | * Makefile.am (SUBDIRS): Removed pam-test; added poldi.h to 8 | EXTRA_DIST. 9 | 10 | 2008-05-02 Moritz 11 | 12 | * Makefile.am: Build assuan. 13 | 14 | * assuan: New directory, contains a copy of libassuan source. 15 | 16 | 2008-04-05 Moritz 17 | 18 | Renamed directory "common" to "util". 19 | Renamed directory "test" to "pam-test". 20 | Removed directory "dirmngr". 21 | * Makefile.am: adjusted. 22 | 23 | 2007-12-13 Moritz Schulte 24 | 25 | * test: New directory. 26 | * Makefile.am (SUBDIRS): Added test. 27 | 28 | 2007-10-28 Moritz 29 | 30 | * Makefile.am (dirmngr): Depending on conditional 31 | AUTH_METHOD_X509, add directory dirmngr to SUBDIRS. 32 | 33 | 2007-10-27 Moritz 34 | 35 | * scd-support: Removed directory. 36 | * Makefile.am (SUBDIRS): Likewise. 37 | 38 | 2007-06-29 Moritz 39 | 40 | * libscd: Directory removed. 41 | * scd: New directory. 42 | * scd-support: Likewise. 43 | * README: New file. 44 | * Makefile.am (SUBDIRS): Adjusted to new directory tree. 45 | (EXTRA_DIST): README. 46 | 47 | 2005-10-08 Moritz Schulte 48 | 49 | * Makefile.am: Remove install-pam-module target. 50 | -------------------------------------------------------------------------------- /po/en@boldquot.header: -------------------------------------------------------------------------------- 1 | # All this catalog "translates" are quotation characters. 2 | # The msgids must be ASCII and therefore cannot contain real quotation 3 | # characters, only substitutes like grave accent (0x60), apostrophe (0x27) 4 | # and double quote (0x22). These substitutes look strange; see 5 | # http://www.cl.cam.ac.uk/~mgk25/ucs/quotes.html 6 | # 7 | # This catalog translates grave accent (0x60) and apostrophe (0x27) to 8 | # left single quotation mark (U+2018) and right single quotation mark (U+2019). 9 | # It also translates pairs of apostrophe (0x27) to 10 | # left single quotation mark (U+2018) and right single quotation mark (U+2019) 11 | # and pairs of quotation mark (0x22) to 12 | # left double quotation mark (U+201C) and right double quotation mark (U+201D). 13 | # 14 | # When output to an UTF-8 terminal, the quotation characters appear perfectly. 15 | # When output to an ISO-8859-1 terminal, the single quotation marks are 16 | # transliterated to apostrophes (by iconv in glibc 2.2 or newer) or to 17 | # grave/acute accent (by libiconv), and the double quotation marks are 18 | # transliterated to 0x22. 19 | # When output to an ASCII terminal, the single quotation marks are 20 | # transliterated to apostrophes, and the double quotation marks are 21 | # transliterated to 0x22. 22 | # 23 | # This catalog furthermore displays the text between the quotation marks in 24 | # bold face, assuming the VT100/XTerm escape sequences. 25 | # 26 | -------------------------------------------------------------------------------- /src/util/filenames.h: -------------------------------------------------------------------------------- 1 | /* filenames.h - Functions for dealing with filenames. 2 | Copyright (C) 1998, 1999, 2000, 2001, 2003, 3 | 2004, 2005 Free Software Foundation, Inc. 4 | Copyright (C) 2004, 2005, 2007, 2008 g10 Code GmbH 5 | 6 | This file is part of Poldi. 7 | 8 | Poldi is free software; you can redistribute it and/or modify it 9 | under the terms of the GNU General Public License as published by 10 | the Free Software Foundation; either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | Poldi is distributed in the hope that it will be useful, but 14 | WITHOUT ANY WARRANTY; without even the implied warranty of 15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 16 | General Public License for more details. 17 | 18 | You should have received a copy of the GNU General Public License 19 | along with this program; if not, see 20 | . */ 21 | 22 | #ifndef INCLUDED_FILENAMES_H 23 | #define INCLUDED_FILENAMES_H 24 | 25 | #include 26 | 27 | /* Construct a filename from the NULL terminated list of parts, 28 | including tilde expansion at the beginning. Stores the newly 29 | allocated string in *PATH, which needs to be freed with xfree(). 30 | Returns error code. This is based on make_filename() as found in 31 | jnlib. */ 32 | gpg_error_t make_filename (char **path, const char *first_part, ...); 33 | 34 | #endif 35 | -------------------------------------------------------------------------------- /src/pam/auth-method-x509/Makefile.am: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2008 g10 Code GmbH 2 | # 3 | # This file is part of Poldi. 4 | # 5 | # Poldi is free software; you can redistribute it and/or modify it 6 | # under the terms of the GNU General Public License as published by 7 | # the Free Software Foundation; either version 2 of the License, or 8 | # (at your option) any later version. 9 | # 10 | # Poldi is distributed in the hope that it will be useful, but WITHOUT 11 | # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 12 | # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public 13 | # License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License 16 | # along with this program; if not, write to the Free Software 17 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 18 | # 02111-1307, USA 19 | 20 | AM_CPPFLAGS = \ 21 | -I$(top_srcdir)/src/pam/auth-support \ 22 | -I$(top_srcdir)/src/pam \ 23 | -I$(top_srcdir)/src/scd \ 24 | -I$(top_srcdir)/src/util \ 25 | -I$(top_srcdir)/src/jnlib \ 26 | -I$(top_builddir)/src \ 27 | -I$(top_srcdir)/src \ 28 | -I$(top_srcdir)/src/assuan 29 | 30 | include $(top_srcdir)/am/cmacros.am 31 | 32 | noinst_LIBRARIES = libpoldi-auth-x509.a 33 | 34 | libpoldi_auth_x509_a_SOURCES = \ 35 | auth-x509.c \ 36 | dirmngr.h dirmngr.c 37 | 38 | 39 | libpoldi_auth_x509_a_CFLAGS = \ 40 | -fPIC -Wall -I$(top_srcdir)/src/pam -I$(top_srcdir)/src \ 41 | $(GPG_ERROR_CFLAGS) $(KSBA_CFLAGS) 42 | -------------------------------------------------------------------------------- /src/pam/auth-method-localdb/Makefile.am: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2008 g10 Code GmbH 2 | # 3 | # This file is part of Poldi. 4 | # 5 | # Poldi is free software; you can redistribute it and/or modify it 6 | # under the terms of the GNU General Public License as published by 7 | # the Free Software Foundation; either version 2 of the License, or 8 | # (at your option) any later version. 9 | # 10 | # Poldi is distributed in the hope that it will be useful, but WITHOUT 11 | # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 12 | # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public 13 | # License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License 16 | # along with this program; if not, write to the Free Software 17 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 18 | # 02111-1307, USA 19 | 20 | AM_CPPFLAGS = \ 21 | -I$(top_srcdir)/src/pam/auth-support \ 22 | -I$(top_srcdir)/src/pam \ 23 | -I$(top_srcdir)/src/scd \ 24 | -I$(top_srcdir)/src/util \ 25 | -I$(top_srcdir)/src/jnlib \ 26 | -I$(top_builddir)/src \ 27 | -I$(top_srcdir)/src \ 28 | -I$(top_srcdir)/src/assuan 29 | 30 | include $(top_srcdir)/am/cmacros.am 31 | 32 | noinst_LIBRARIES = libpoldi-auth-localdb.a 33 | 34 | libpoldi_auth_localdb_a_SOURCES = \ 35 | auth-localdb.c defs-localdb.h \ 36 | key-lookup.c key-lookup.h \ 37 | usersdb.h usersdb.c 38 | 39 | libpoldi_auth_localdb_a_CFLAGS = \ 40 | -Wall -fPIC -I$(top_srcdir)/src/pam -I$(top_srcdir)/src \ 41 | $(GPG_ERROR_CFLAGS) 42 | -------------------------------------------------------------------------------- /src/pam/auth-support/Makefile.am: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2008 g10 Code GmbH 2 | # 3 | # This file is part of Poldi. 4 | # 5 | # Poldi is free software; you can redistribute it and/or modify it 6 | # under the terms of the GNU General Public License as published by 7 | # the Free Software Foundation; either version 2 of the License, or 8 | # (at your option) any later version. 9 | # 10 | # Poldi is distributed in the hope that it will be useful, but WITHOUT 11 | # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 12 | # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public 13 | # License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License 16 | # along with this program; if not, write to the Free Software 17 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 18 | # 02111-1307, USA 19 | 20 | AM_CPPFLAGS = \ 21 | -I$(top_srcdir)/src/pam/auth-support \ 22 | -I$(top_srcdir)/src/pam \ 23 | -I$(top_srcdir)/src/scd \ 24 | -I$(top_srcdir)/src/util \ 25 | -I$(top_srcdir)/src/jnlib \ 26 | -I$(top_builddir)/src \ 27 | -I$(top_srcdir)/src \ 28 | -I$(top_srcdir)/src/assuan 29 | 30 | include $(top_srcdir)/am/cmacros.am 31 | 32 | PAM_MODULE_DIRECTORY = @PAM_MODULE_DIRECTORY@ 33 | 34 | AM_CFLAGS = \ 35 | -Wall -fPIC \ 36 | $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) 37 | 38 | noinst_LIBRARIES = libpam-poldi-auth-support.a 39 | 40 | libpam_poldi_auth_support_a_SOURCES = \ 41 | ctx.h \ 42 | conv.c conv.h \ 43 | getpin-cb.c getpin-cb.h \ 44 | wait-for-card.c wait-for-card.h 45 | -------------------------------------------------------------------------------- /src/assuan/stpcpy.c: -------------------------------------------------------------------------------- 1 | /* Copyright (C) 1992, 1995, 1997, 2002, 2004 Free Software Foundation, Inc. 2 | This file is part of the GNU C Library. 3 | 4 | The GNU C Library is free software; you can redistribute it and/or 5 | modify it under the terms of the GNU Lesser General Public 6 | License as published by the Free Software Foundation; either 7 | version 2.1 of the License, or (at your option) any later version. 8 | 9 | The GNU C Library is distributed in the hope that it will be useful, 10 | but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 | Lesser General Public License for more details. 13 | 14 | You should have received a copy of the GNU Lesser General Public 15 | License along with the GNU C Library; if not, 16 | see . */ 17 | 18 | #ifdef HAVE_CONFIG_H 19 | # include 20 | #endif 21 | 22 | #include 23 | 24 | #undef __stpcpy 25 | #undef stpcpy 26 | 27 | #ifndef weak_alias 28 | # define __stpcpy stpcpy 29 | #endif 30 | 31 | /* Copy SRC to DEST, returning the address of the terminating '\0' in DEST. */ 32 | char * 33 | __stpcpy (dest, src) 34 | char *dest; 35 | const char *src; 36 | { 37 | register char *d = dest; 38 | register const char *s = src; 39 | 40 | do 41 | *d++ = *s; 42 | while (*s++ != '\0'); 43 | 44 | return d - 1; 45 | } 46 | #ifdef libc_hidden_def 47 | libc_hidden_def (__stpcpy) 48 | #endif 49 | #ifdef weak_alias 50 | weak_alias (__stpcpy, stpcpy) 51 | #endif 52 | #ifdef libc_hidden_builtin_def 53 | libc_hidden_builtin_def (stpcpy) 54 | #endif 55 | -------------------------------------------------------------------------------- /src/poldi.h: -------------------------------------------------------------------------------- 1 | /* poldi.h - Main include file for PAM Poldi 2 | Copyright (C) 2008 g10 Code GmbH 3 | 4 | This file is part of Poldi. 5 | 6 | Poldi is free software; you can redistribute it and/or modify it 7 | under the terms of the GNU General Public License as published by 8 | the Free Software Foundation; either version 3 of the License, or 9 | (at your option) any later version. 10 | 11 | Poldi is distributed in the hope that it will be useful, but 12 | WITHOUT ANY WARRANTY; without even the implied warranty of 13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 | General Public License for more details. 15 | 16 | You should have received a copy of the GNU General Public License 17 | along with this program; if not, see 18 | . */ 19 | 20 | /* This is the main Poldi include file. It is to be included by all 21 | Poldi components. */ 22 | 23 | #ifndef INCLUDED_POLDI_H 24 | #define INCLUDED_POLDI_H 25 | 26 | #include 27 | 28 | /* Throughout Poldi we use the gpg_error_t datatype for error code 29 | propagation. */ 30 | #include 31 | 32 | /* We use the Libgcrypt memory allocator. */ 33 | 34 | #include 35 | #define xtrymalloc(n) gcry_malloc(n) 36 | #define xtrymalloc_secure(n) gcry_malloc_secure(n) 37 | #define xtrystrdup(p) gcry_strdup(p) 38 | #define xtryrealloc(p,n) gcry_realloc(p,n) 39 | #define xfree(p) gcry_free(p) 40 | 41 | /* Poldi allows for NLS. */ 42 | 43 | #include 44 | #include 45 | #define _(String) dgettext (PACKAGE, String) 46 | #define gettext_noop(String) String 47 | #define N_(String) gettext_noop (String) 48 | 49 | #endif /* INCLUDED_POLDI_H */ 50 | -------------------------------------------------------------------------------- /src/pam/auth-support/getpin-cb.h: -------------------------------------------------------------------------------- 1 | /* getpin-cb.h - getpin Assuan Callback (Poldi) 2 | Copyright (C) 2007, 2008 g10 Code GmbH 3 | 4 | This file is part of Poldi. 5 | 6 | Poldi is free software; you can redistribute it and/or modify it 7 | under the terms of the GNU General Public License as published by 8 | the Free Software Foundation; either version 3 of the License, or 9 | (at your option) any later version. 10 | 11 | Poldi is distributed in the hope that it will be useful, but 12 | WITHOUT ANY WARRANTY; without even the implied warranty of 13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 | General Public License for more details. 15 | 16 | You should have received a copy of the GNU General Public License 17 | along with this program; if not, see 18 | . */ 19 | 20 | /* This is an assuan callback. It's called when an assuan server 21 | (scdaemon) wants to retrieve the PIN from Poldi. This specific 22 | implementation of the getpin callback API tries to retrieve the PIN 23 | through PAM conversation. */ 24 | 25 | #ifndef GETPIN_CB_H 26 | #define GETPIN_CB_H 27 | 28 | #include "ctx.h" 29 | 30 | /* Structure for passing data to getpin_cb. */ 31 | struct getpin_cb_data 32 | { 33 | poldi_ctx_t poldi_ctx; /* Poldi context; contains the PAM 34 | conversation object, etc. */ 35 | }; 36 | 37 | /* This is the Assuan callback, which is to be used for SCDaemon 38 | transactions. It takes care of PIN querying through PAM 39 | conversation functions. This function is used by authentiation 40 | methods. OPAQUE is expected to be a pointer to struct 41 | getpin_cb_data. */ 42 | int getpin_cb (void *opaque, const char *info, char *buf, size_t maxbuf); 43 | 44 | #endif 45 | -------------------------------------------------------------------------------- /src/util/membuf.h: -------------------------------------------------------------------------------- 1 | /* membuf.h - A simple implementation of a dynamic buffer 2 | * Copyright (C) 2001, 2003 Free Software Foundation, Inc. 3 | * 4 | * This file is part of GnuPG. 5 | * 6 | * GnuPG is free software; you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License as published by 8 | * the Free Software Foundation; either version 3 of the License, or 9 | * (at your option) any later version. 10 | * 11 | * GnuPG is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, see . 18 | */ 19 | 20 | #ifndef GNUPG_COMMON_MEMBUF_H 21 | #define GNUPG_COMMON_MEMBUF_H 22 | 23 | /* The definition of the structure is private, we only need it here, 24 | so it can be allocated on the stack. */ 25 | struct private_membuf_s 26 | { 27 | size_t len; 28 | size_t size; 29 | char *buf; 30 | int out_of_core; 31 | }; 32 | 33 | typedef struct private_membuf_s membuf_t; 34 | 35 | /* Return the current length of the membuf. */ 36 | #define get_membuf_len(a) ((a)->len) 37 | #define is_membuf_ready(a) ((a)->buf || (a)->out_of_core) 38 | #define MEMBUF_ZERO { 0, 0, NULL, 0} 39 | 40 | void init_membuf (membuf_t *mb, int initiallen); 41 | void init_membuf_secure (membuf_t *mb, int initiallen); 42 | void put_membuf (membuf_t *mb, const void *buf, size_t len); 43 | void put_membuf_str (membuf_t *mb, const char *string); 44 | void *get_membuf (membuf_t *mb, size_t *len); 45 | 46 | 47 | #endif /*GNUPG_COMMON_MEMBUF_H*/ 48 | -------------------------------------------------------------------------------- /TODO: -------------------------------------------------------------------------------- 1 | Final: 2 | * allow for Dirmngr to be started on demand (in pipe mode) (NO <- Why?!) 3 | 4 | Low priority: 5 | * allow user to skip card authentication without submitting a wrong 6 | PIN to the card, e.g. by entering an empty PIN? Return 7 | PAM_CRED_INSUFFICIENT in that case? PAM_AUTHINFO_UNAVAIL? PAM_AUTH_ERR? 8 | * figure out what exactly the dependencies on the OpenPGP smartcard are. 9 | * improve doc 10 | * work on MIGRATION text 11 | * fix install-conf-skeleton (does nothing for x509?) 12 | * better (new?) error codes 13 | * verify we don't need pam_sm_setcred; i still don't get what this 14 | call is needed for - most PAM modules in Linux-PAM implement it as a 15 | dummy. 16 | * poldi shouldn't contain any global state (explain why), reference 17 | needed: as far as i understand it, PAM modules should be rather 18 | reentrant; at least thread safe. so that applications do can call 19 | pam_authenticate without danger. 20 | * conf skeleton for x509 method? 21 | * do we want to respect conv_tell error codes or should it be void? 22 | * give user a chance to enter PIN twice? 23 | * check if information on Applications in the manual are still uptodate. 24 | * figure what needs to be done for enabling LTSP logins through Poldi (interesting!) 25 | * allow user to override scdaemon to use through environment variables 26 | or something (probably required for ltsp). 27 | * what does "6 characters minimum" mean in openpgp-card.pdf? is it "bytes" or really "utf8 characters"? 28 | * shall we really forbid to use non-digit characters in PIN? 29 | * system wide scdaemon? 30 | * disallow login in case of key expiration 31 | * diplay expiration info before key is expired 32 | * portability to non- GNU/Linux systems that support PAM 33 | * workaround for older cards regarding public key retrival? 34 | 35 | High priority: 36 | * general audit 37 | -------------------------------------------------------------------------------- /src/assuan/Makefile.am: -------------------------------------------------------------------------------- 1 | # Assuan Makefile 2 | # Copyright (C) 2001, 2002, 2003, 2008 Free Software Foundation, Inc. 3 | # 4 | # This file is part of Assuan. 5 | # 6 | # Assuan is free software; you can redistribute it and/or modify it 7 | # under the terms of the GNU Lesser General Public License as 8 | # published by the Free Software Foundation; either version 2.1 of 9 | # the License, or (at your option) any later version. 10 | # 11 | # Assuan is distributed in the hope that it will be useful, but 12 | # WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 | # Lesser General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU Lesser General Public 17 | # License along with this program; if not, see . 18 | ## Process this file with automake to produce Makefile.in 19 | 20 | # Modified for Poldi. Based von libassuans Makefile.am. 21 | 22 | EXTRA_DIST = mkerrors 23 | AM_CPPFLAGS = -I.. -I$(top_srcdir)/include 24 | BUILT_SOURCES = assuan-errors.c 25 | MOSTLYCLEANFILES = assuan-errors.c 26 | 27 | noinst_LIBRARIES = libassuan.a 28 | 29 | common_sources = \ 30 | assuan.h \ 31 | assuan-defs.h \ 32 | assuan-util.c \ 33 | assuan-errors.c \ 34 | assuan-buffer.c \ 35 | assuan-handler.c \ 36 | assuan-inquire.c \ 37 | assuan-listen.c \ 38 | assuan-connect.c \ 39 | assuan-client.c \ 40 | assuan-pipe-server.c \ 41 | assuan-socket-server.c \ 42 | assuan-pipe-connect.c \ 43 | assuan-socket-connect.c \ 44 | assuan-uds.c \ 45 | assuan-logging.c \ 46 | assuan-socket.c 47 | 48 | libassuan_a_SOURCES = $(common_sources) assuan-io.c 49 | libassuan_a_LIBADD = @LIBOBJS@ 50 | 51 | AM_CFLAGS = -Wall -fPIC 52 | 53 | assuan-errors.c : assuan.h mkerrors 54 | $(srcdir)/mkerrors < $(srcdir)/assuan.h > assuan-errors.c 55 | -------------------------------------------------------------------------------- /src/util/Makefile.am: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2004, 2007, 2008, 2009 g10 Code GmbH 2 | # 3 | # This file is part of Poldi. 4 | # 5 | # Poldi is free software; you can redistribute it and/or modify it 6 | # under the terms of the GNU General Public License as published by 7 | # the Free Software Foundation; either version 2 of the License, or 8 | # (at your option) any later version. 9 | # 10 | # Poldi is distributed in the hope that it will be useful, but WITHOUT 11 | # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 12 | # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public 13 | # License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License 16 | # along with this program; if not, write to the Free Software 17 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 18 | # 02111-1307, USA 19 | 20 | AM_CPPFLAGS = 21 | 22 | include $(top_srcdir)/am/cmacros.am 23 | 24 | noinst_LIBRARIES = libpoldi-util.a libpoldi-util_shared.a 25 | 26 | poldi_util_SOURCES = \ 27 | util-local.h \ 28 | support.c support.h \ 29 | membuf.c membuf.h \ 30 | util.h \ 31 | convert.c \ 32 | simplelog.c simplelog.h \ 33 | simpleparse.c simpleparse.h \ 34 | filenames.c filenames.h 35 | 36 | poldi_util_CFLAGS = \ 37 | -Wall \ 38 | -I$(top_builddir) \ 39 | -I$(top_srcdir)/src \ 40 | $(GPG_ERROR_CFLAGS) \ 41 | $(LIBGCRYPT_CFLAGS) 42 | 43 | BUILT_SOURCES = \ 44 | defs.h 45 | 46 | libpoldi_util_a_CFLAGS = $(poldi_util_CFLAGS) 47 | libpoldi_util_shared_a_CFLAGS = -fPIC $(poldi_util_CFLAGS) 48 | libpoldi_util_a_SOURCES = $(poldi_util_SOURCES) 49 | libpoldi_util_shared_a_SOURCES = $(poldi_util_SOURCES) 50 | 51 | generate = \ 52 | sed \ 53 | -e 's,[@]POLDI_CONF_DIRECTORY[@],$(POLDI_CONF_DIRECTORY),g' 54 | 55 | defs.h: defs.h.in configure-stamp 56 | $(generate) < $< > $@ 57 | 58 | EXTRA_DIST = \ 59 | defs.h.in configure-stamp.in 60 | 61 | CLEANFILES = $(BUILT_SOURCES) configure-stamp 62 | -------------------------------------------------------------------------------- /po/Makevars: -------------------------------------------------------------------------------- 1 | # Makefile variables for PO directory in any package using GNU gettext. 2 | 3 | # Usually the message domain is the same as the package name. 4 | DOMAIN = $(PACKAGE) 5 | 6 | # These two variables depend on the location of this directory. 7 | subdir = po 8 | top_builddir = .. 9 | 10 | # These options get passed to xgettext. 11 | XGETTEXT_OPTIONS = --keyword=_ --keyword=N_ 12 | 13 | # This is the copyright holder that gets inserted into the header of the 14 | # $(DOMAIN).pot file. Set this to the copyright holder of the surrounding 15 | # package. (Note that the msgstr strings, extracted from the package's 16 | # sources, belong to the copyright holder of the package.) Translators are 17 | # expected to transfer the copyright for their translations to this person 18 | # or entity, or to disclaim their copyright. The empty string stands for 19 | # the public domain; in this case the translators are expected to disclaim 20 | # their copyright. 21 | COPYRIGHT_HOLDER = g10Code GmbH 22 | 23 | # This is the email address or URL to which the translators shall report 24 | # bugs in the untranslated strings: 25 | # - Strings which are not entire sentences, see the maintainer guidelines 26 | # in the GNU gettext documentation, section 'Preparing Strings'. 27 | # - Strings which use unclear terms or require additional context to be 28 | # understood. 29 | # - Strings which make invalid assumptions about notation of date, time or 30 | # money. 31 | # - Pluralisation problems. 32 | # - Incorrect English spelling. 33 | # - Incorrect formatting. 34 | # It can be your email address, or a mailing list address where translators 35 | # can write to without being subscribed, or the URL of a web page through 36 | # which the translators can contact you. 37 | MSGID_BUGS_ADDRESS = 38 | 39 | # This is the list of locale categories, beyond LC_MESSAGES, for which the 40 | # message catalogs shall be used. It is usually empty. 41 | EXTRA_LOCALE_CATEGORIES = 42 | -------------------------------------------------------------------------------- /doc/ChangeLog: -------------------------------------------------------------------------------- 1 | 2009-08-08 Moritz 2 | 3 | * poldi.texi (Configuration): Documented scdaemon-program and 4 | scdaemon-options. 5 | 6 | 2009-05-16 Moritz 7 | 8 | * poldi.texi (XScreensaver): Added note for GNOME Screensaver. 9 | (Configuration): Documented "quiet"-option and 10 | "modify-environment"-option. 11 | 12 | 2009-04-08 Marcus Brinkmann 13 | 14 | * poldi.texi (Notes on Applications): Fix section menu. 15 | 16 | 2009-03-29 Moritz 17 | 18 | * poldi.texi (XScreensaver): New section. 19 | 20 | 2009-02-16 Moritz 21 | 22 | * poldi.texi (Configuration): Documentation bug fix: the option is 23 | named "log-file", not "logfile". Thanks, Malte. 24 | 25 | 2008-12-22 Moritz 26 | 27 | * poldi.texi (Overview): Use footnotes plus cosmetic change. 28 | 29 | 2008-04-20 Moritz 30 | 31 | * poldi.texi: Several smaller fixes. 32 | 33 | 2008-04-13 Moritz 34 | 35 | * poldi.texi: Many improvements (primarily in respect to X509 36 | auth). 37 | 38 | 2008-04-05 Moritz 39 | 40 | * poldi.tex: Updated and improved. 41 | 42 | 2008-01-04 Moritz Schulte 43 | 44 | * poldi.texi: Started with a major reorganization of this manual. 45 | 46 | 2006-01-09 Moritz Schulte 47 | 48 | * poldi.texi: Mention kdm. 49 | 50 | 2005-12-11 Moritz Schulte 51 | 52 | * poldi.texi: Improved documentation. 53 | 54 | 2005-12-03 Moritz Schulte 55 | 56 | * poldi.texi: Remove the paragraph saying that Poldi implements a 57 | 1:1 mapping between cards and accounts. 58 | 59 | 2005-10-15 Moritz Schulte 60 | 61 | * poldi.texi (Installing): Improved. 62 | 63 | 2005-10-08 Moritz Schulte 64 | 65 | * poldi.texi: Improve documentation, add application-specific 66 | information. 67 | -------------------------------------------------------------------------------- /po/Rules-quot: -------------------------------------------------------------------------------- 1 | # Special Makefile rules for English message catalogs with quotation marks. 2 | 3 | DISTFILES.common.extra1 = quot.sed boldquot.sed en@quot.header en@boldquot.header insert-header.sin Rules-quot 4 | 5 | .SUFFIXES: .insert-header .po-update-en 6 | 7 | en@quot.po-create: 8 | $(MAKE) en@quot.po-update 9 | en@boldquot.po-create: 10 | $(MAKE) en@boldquot.po-update 11 | 12 | en@quot.po-update: en@quot.po-update-en 13 | en@boldquot.po-update: en@boldquot.po-update-en 14 | 15 | .insert-header.po-update-en: 16 | @lang=`echo $@ | sed -e 's/\.po-update-en$$//'`; \ 17 | if test "$(PACKAGE)" = "gettext"; then PATH=`pwd`/../src:$$PATH; GETTEXTLIBDIR=`cd $(top_srcdir)/src && pwd`; export GETTEXTLIBDIR; fi; \ 18 | tmpdir=`pwd`; \ 19 | echo "$$lang:"; \ 20 | ll=`echo $$lang | sed -e 's/@.*//'`; \ 21 | LC_ALL=C; export LC_ALL; \ 22 | cd $(srcdir); \ 23 | if $(MSGINIT) -i $(DOMAIN).pot --no-translator -l $$ll -o - 2>/dev/null | sed -f $$tmpdir/$$lang.insert-header | $(MSGCONV) -t UTF-8 | $(MSGFILTER) sed -f `echo $$lang | sed -e 's/.*@//'`.sed 2>/dev/null > $$tmpdir/$$lang.new.po; then \ 24 | if cmp $$lang.po $$tmpdir/$$lang.new.po >/dev/null 2>&1; then \ 25 | rm -f $$tmpdir/$$lang.new.po; \ 26 | else \ 27 | if mv -f $$tmpdir/$$lang.new.po $$lang.po; then \ 28 | :; \ 29 | else \ 30 | echo "creation of $$lang.po failed: cannot move $$tmpdir/$$lang.new.po to $$lang.po" 1>&2; \ 31 | exit 1; \ 32 | fi; \ 33 | fi; \ 34 | else \ 35 | echo "creation of $$lang.po failed!" 1>&2; \ 36 | rm -f $$tmpdir/$$lang.new.po; \ 37 | fi 38 | 39 | en@quot.insert-header: insert-header.sin 40 | sed -e '/^#/d' -e 's/HEADER/en@quot.header/g' $(srcdir)/insert-header.sin > en@quot.insert-header 41 | 42 | en@boldquot.insert-header: insert-header.sin 43 | sed -e '/^#/d' -e 's/HEADER/en@boldquot.header/g' $(srcdir)/insert-header.sin > en@boldquot.insert-header 44 | 45 | mostlyclean: mostlyclean-quot 46 | mostlyclean-quot: 47 | rm -f *.insert-header 48 | -------------------------------------------------------------------------------- /src/pam/auth-method-localdb/usersdb.h: -------------------------------------------------------------------------------- 1 | /* usersdb.h - PAM authentication via OpenPGP smartcards. 2 | Copyright (C) 2004, 2005, 2008 g10 Code GmbH 3 | 4 | This file is part of Poldi. 5 | 6 | Poldi is free software; you can redistribute it and/or modify it 7 | under the terms of the GNU General Public License as published by 8 | the Free Software Foundation; either version 3 of the License, or 9 | (at your option) any later version. 10 | 11 | Poldi is distributed in the hope that it will be useful, but 12 | WITHOUT ANY WARRANTY; without even the implied warranty of 13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 | General Public License for more details. 15 | 16 | You should have received a copy of the GNU General Public License 17 | along with this program; if not, see 18 | . */ 19 | 20 | #ifndef INCLUDED_USERSDB_H 21 | #define INCLUDED_USERSDB_H 22 | 23 | #include 24 | 25 | /* This functions figures out wether the provided (SERIALNO, USERNAME) 26 | pair is contained in the users database. */ 27 | gpg_error_t usersdb_check (const char *serialno, const char *username); 28 | 29 | /* This function tries to lookup a username by it's serial number; 30 | this is only possible in case the specified serial number SERIALNO 31 | is associated with exactly one username. The username will be 32 | stored in newly allocated memory in *USERNAME. Returns proper 33 | error code. */ 34 | gpg_error_t usersdb_lookup_by_serialno (const char *serialno, char **username); 35 | 36 | /* This function tries to lookup a serial number by it's username; 37 | this is only possible in case the specified username USERNAME is 38 | associated with exactly one serial number. The serial number will 39 | be stored in newly allocated memory in *SERIALNO. Returns proper 40 | error code. */ 41 | gpg_error_t usersdb_lookup_by_username (const char *username, char **serialno); 42 | 43 | #endif /* INCLUDED_USERSDB_H */ 44 | -------------------------------------------------------------------------------- /src/pam/auth-support/conv.h: -------------------------------------------------------------------------------- 1 | /* conv.h - PAM conversation abstraction for Poldi. 2 | Copyright (C) 2007, 2008 g10 Code GmbH 3 | 4 | This file is part of Poldi. 5 | 6 | Poldi is free software; you can redistribute it and/or modify it 7 | under the terms of the GNU General Public License as published by 8 | the Free Software Foundation; either version 3 of the License, or 9 | (at your option) any later version. 10 | 11 | Poldi is distributed in the hope that it will be useful, but 12 | WITHOUT ANY WARRANTY; without even the implied warranty of 13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 | General Public License for more details. 15 | 16 | You should have received a copy of the GNU General Public License 17 | along with this program; if not, see 18 | . */ 19 | 20 | #ifndef POLDI_CONV_H 21 | #define POLDI_CONV_H 22 | 23 | #include 24 | #include 25 | 26 | #define PAM_SM_AUTH 27 | #include 28 | 29 | struct conv_s; 30 | 31 | typedef struct conv_s *conv_t; 32 | 33 | /* Create a new PAM conversation object based in PAM_CONV and store it 34 | in *CONV. Returns proper error code. */ 35 | gpg_error_t conv_create (conv_t *conv, const struct pam_conv *pam_conv); 36 | 37 | /* Destroy the conv object CONV. */ 38 | void conv_destroy (conv_t conv); 39 | 40 | /* Pass the (format string) message FMT to the PAM user through the 41 | PAM Poldi context CTX. Return proper error code. */ 42 | gpg_error_t conv_tell (conv_t conv, const char *fmt, ...); 43 | 44 | /* Use the PAM Poldi context CTX to pass the (format string) message 45 | FMT to the PAM user and query for a response, which is to be stored 46 | in *RESPONSE (newly allocated). Depending on the boolean value 47 | ASK_SECRET, a secret response is queried (e.g. PIN). Returns 48 | proper error code. */ 49 | gpg_error_t conv_ask (conv_t conv, int ask_secret, char **response, 50 | const char *fmt, ...); 51 | 52 | #endif 53 | -------------------------------------------------------------------------------- /conf/Makefile.am: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2005, 2008 g10 Code GmbH 2 | # 3 | # This file is part of Poldi. 4 | # 5 | # Poldi is free software; you can redistribute it and/or modify it 6 | # under the terms of the GNU General Public License as published by 7 | # the Free Software Foundation; either version 2 of the License, or 8 | # (at your option) any later version. 9 | # 10 | # Poldi is distributed in the hope that it will be useful, but WITHOUT 11 | # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 12 | # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public 13 | # License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License 16 | # along with this program; if not, write to the Free Software 17 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 18 | # 02111-1307, USA 19 | 20 | install-conf-skeleton: 21 | $(INSTALL) -d $(DESTDIR)$(POLDI_CONF_DIRECTORY)/localdb/keys 22 | install -m 644 -T $(top_srcdir)/conf/README.keys \ 23 | $(DESTDIR)$(POLDI_CONF_DIRECTORY)/localdb/keys/README 24 | if test -e $(DESTDIR)$(POLDI_CONF_DIRECTORY)/localdb/users; then \ 25 | echo "$(POLDI_CONF_DIRECTORY)/localdb/users exists, doing nothing here"; \ 26 | else \ 27 | install -m 644 -T $(top_srcdir)/conf/users.skel \ 28 | $(DESTDIR)$(POLDI_CONF_DIRECTORY)/localdb/users; \ 29 | fi 30 | if test -e $(DESTDIR)$(POLDI_CONF_DIRECTORY)/poldi.conf; then \ 31 | echo "$(DESTDIR)$(POLDI_CONF_DIRECTORY)/poldi.conf exists, doing nothing here"; \ 32 | else \ 33 | install -m 644 -T $(top_srcdir)/conf/poldi.conf.skel \ 34 | $(DESTDIR)$(POLDI_CONF_DIRECTORY)/poldi.conf; \ 35 | fi 36 | if test -e $(DESTDIR)$(POLDI_CONF_DIRECTORY)/scdaemon.conf; then \ 37 | echo "$(DESTDIR)$(POLDI_CONF_DIRECTORY)/scdaemon.conf exists, doing nothing here"; \ 38 | else \ 39 | install -m 644 -T $(top_srcdir)/conf/scdaemon.conf.skel \ 40 | $(DESTDIR)$(POLDI_CONF_DIRECTORY)/scdaemon.conf; \ 41 | fi 42 | 43 | EXTRA_DIST = poldi.conf.skel users.skel scdaemon.conf.skel README.keys 44 | -------------------------------------------------------------------------------- /MIGRATION: -------------------------------------------------------------------------------- 1 | Migration from Poldi 0.3 2 | ======================== 3 | 4 | Several things have changed with the release of Poldi 0.4. This 5 | document explains how to upgrade smoothly from Poldi 0.3 to Poldi 0.4 6 | or greater. 7 | 8 | * Authentication Methods 9 | 10 | Poldi 0.3 only supported one mechanism to authenticate a user: a 11 | challenge-response protocol in combination with a smartcard<-->user 12 | mapping stored in a plain text file. Now, Poldi supports two 13 | so-called "authentication methods" with the Poldi 0.3 way of 14 | authenticating being one such method, which is named "localdb". 15 | 16 | The other supported authentication method named "x509" implements 17 | authentication against a X509 PKI with the help of Dirmngr. 18 | 19 | There is no default authentication method, thus if you want to use 20 | the new Poldi just like Poldi 0.3, you need to specify "auth-method 21 | localdb" in the configuration file poldi.conf. 22 | 23 | * Configuration 24 | 25 | With Poldi 0.3 it was possible to "register" smartcards and control 26 | the mapping between users and smartcards with the poldi-ctrl 27 | utility. As of Poldi 0.4 poldi-ctrl has been stripped in this 28 | respect; it does not contain this functionality anymore. Instead the 29 | system administrator has to edit the appropriate files manually. 30 | 31 | * Paths 32 | 33 | Some paths have changed since Poldi 0.3. In particular: 34 | ${sysconfdir}/poldi/keys -> ${sysconfdir}/poldi/localdb/keys 35 | ${sysconfdir}/poldi/users -> ${sysconfdir}/poldi/localdb/users 36 | 37 | * Lost configuration options 38 | 39 | Having unimplemented options in Poldis configuration file causes 40 | Poldi to bail out during initialization. Note that the following 41 | configuration options have been removed during the development of 42 | Poldi 0.4: 43 | 44 | - "debug-sc" 45 | - "ctapi-driver" 46 | - "pcsc-driver" 47 | - "reader-port" 48 | - "disable-ccid" 49 | - "debug-ccid-driver" 50 | - "disable-opensc" 51 | - "fake-wait-for-card" 52 | - "require-card-switch" 53 | - "wait-timeout" 54 | - "try_pin" 55 | - "quiet" 56 | -------------------------------------------------------------------------------- /src/assuan/funopen.c: -------------------------------------------------------------------------------- 1 | /* funopen.c - Replacement for funopen. 2 | * Copyright (C) 2003, 2005 Free Software Foundation, Inc. 3 | * 4 | * This file is part of Assuan. 5 | * 6 | * Assuan is free software; you can redistribute it and/or modify it 7 | * under the terms of the GNU Lesser General Public License as 8 | * published by the Free Software Foundation; either version 2.1 of 9 | * the License, or (at your option) any later version. 10 | * 11 | * Assuan is distributed in the hope that it will be useful, but 12 | * WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 | * Lesser General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU Lesser General Public 17 | * License along with this program; if not, see . 18 | */ 19 | 20 | #ifdef HAVE_CONFIG_H 21 | #include 22 | #endif 23 | 24 | #include 25 | 26 | 27 | /* Replacement for the *BSD function: 28 | 29 | FILE *funopen (void *cookie, 30 | int (*readfn)(void *, char *, int), 31 | int (*writefn)(void *, const char *, int), 32 | fpos_t (*seekfn)(void *, fpos_t, int), 33 | int (*closefn)(void *)); 34 | 35 | The functions to provide my either be NULL if not required or 36 | similar to the unistd function with the exception of using the 37 | cookie instead of the fiel descripor. 38 | */ 39 | 40 | 41 | #ifdef HAVE_FOPENCOOKIE 42 | FILE * 43 | _assuan_funopen(void *cookie, 44 | cookie_read_function_t *readfn, 45 | cookie_write_function_t *writefn, 46 | cookie_seek_function_t *seekfn, 47 | cookie_close_function_t *closefn) 48 | { 49 | cookie_io_functions_t io; 50 | 51 | io.read = readfn; 52 | io.write = writefn; 53 | io.seek = seekfn; 54 | io.close = closefn; 55 | 56 | return fopencookie (cookie, 57 | readfn ? ( writefn ? "rw" : "r" ) 58 | : ( writefn ? "w" : ""), io); 59 | } 60 | #else 61 | #error No known way to implement funopen. 62 | #endif 63 | -------------------------------------------------------------------------------- /src/pam/auth-method-localdb/ChangeLog: -------------------------------------------------------------------------------- 1 | 2009-01-17 Moritz 2 | 3 | * auth-localdb.c (auth_method_localdb_auth_do): Skip calls to 4 | conv_tell in case ctx->quiet is true. 5 | 6 | 2008-12-22 Moritz 7 | 8 | * auth-localdb.c (auth_method_localdb_auth_do): Be more verbose in 9 | debugging mode. 10 | 11 | 2008-08-07 Moritz 12 | 13 | * usersdb.c: Include defs-localdb.h instead of util/defs.h. 14 | * key-lookup.c: Likewise. 15 | 16 | * Makefile.am (libpoldi_auth_localdb_a_SOURCES): Added 17 | defs-localdb.h. 18 | 19 | * defs-localdb.h: New file. 20 | 21 | * auth-localdb.c (auth_method_localdb_auth_do): Use xfree instead 22 | of free for card_username. 23 | 24 | * usersdb.c: Include . Use strtok_r instead of 25 | strtok (requires new local variable save_ptr). Improved some 26 | comments. Do not include ; use gpg_error_from_syserror() 27 | instead of gpg_error_from_errno(). 28 | (usersdb_lookup_cb): Use xtrystrdup instead of strdup. 29 | (usersdb_lookup_by_serialno, usersdb_lookup_by_username): Use 30 | xfree instead of free. 31 | 32 | 2008-08-04 Moritz 33 | 34 | * auth-localdb.c (auth_method_localdb_auth_do): Adjusted to new 35 | scd_pksign() interface, removed variable cb_data. 36 | Do not include "getpin-cb.h". 37 | 38 | * key-lookup.c (key_lookup_by_serialno): Use xfree instead of 39 | free. 40 | Mark strings for i18n. 41 | 42 | * usersdb.c: Replaced calls to gcry_error() with calls to 43 | gpg_error(). Replaced calls to gpg_error_from_errno() with calls 44 | to gpg_error_from_syserror(). 45 | 46 | 2008-07-29 Moritz 47 | 48 | * key-lookup.c: Mark strings for i18n. 49 | * auth-localdb.c: Likewise. 50 | 51 | 2008-05-25 Moritz 52 | 53 | Some cleanups, added GPL3 headers. 54 | 55 | 2008-05-24 Moritz 56 | 57 | * auth-localdb.c (auth_method_localdb_auth_do): Don't forget to initialize card_username. 58 | 59 | 2008-04-21 Moritz 60 | 61 | * auth-localdb.c (auth_method_localdb_auth_do): New local 62 | variable: cb_data, fill and pass to scd_pksign instead of conv 63 | object directly. 64 | -------------------------------------------------------------------------------- /src/pam/auth-method-x509/dirmngr.h: -------------------------------------------------------------------------------- 1 | /* dirmngr.h - Poldi dirmngr access layer 2 | * Copyright (C) 2007, 2008 Free Software Foundation, Inc. 3 | * 4 | * This file is part of Poldi. 5 | * 6 | * Poldi is free software; you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License as published by 8 | * the Free Software Foundation; either version 3 of the License, or 9 | * (at your option) any later version. 10 | * 11 | * Poldi is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, see . 18 | */ 19 | 20 | #ifndef DIRMNGR_H 21 | #define DIRMNGR_H 22 | 23 | #include 24 | #include 25 | #include 26 | 27 | #include 28 | 29 | /* Handle for accessing the dirmngr. */ 30 | typedef struct dirmngr_ctx_s *dirmngr_ctx_t; 31 | 32 | /* Connect to a running dirmngr through the local socket named by 33 | SOCK, using LOG_HANDLE as logging handle and flags FLAGS. The new 34 | context is stored in *CTX. Returns proper error code. */ 35 | gpg_error_t dirmngr_connect (dirmngr_ctx_t *ctx, 36 | const char *sock, 37 | unsigned int flags, 38 | log_handle_t log_handle); 39 | 40 | /* Close the dirmngr connection associated with CTX and release all 41 | related resources. */ 42 | void dirmngr_disconnect (dirmngr_ctx_t ctx); 43 | 44 | /* Retrieve the certificate stored under the url URL through the 45 | dirmngr context CTX and store it in *CERTIFICATE. Returns proper 46 | error code. */ 47 | gpg_error_t dirmngr_lookup_url (dirmngr_ctx_t ctx, 48 | const char *url, ksba_cert_t *cert); 49 | 50 | /* Validate the certificate CERT through the dirmngr context 51 | CTX. Returns zero in case the certificate is considered valid, an 52 | appropriate error code otherwise. */ 53 | gpg_error_t dirmngr_validate (dirmngr_ctx_t ctx, ksba_cert_t cert); 54 | 55 | #endif 56 | -------------------------------------------------------------------------------- /src/pam/auth-support/wait-for-card.c: -------------------------------------------------------------------------------- 1 | /* wait-for-card.c - Waiting for smartcard insertion (Poldi) 2 | Copyright (C) 2004, 2005, 2007, 2008 g10 Code GmbH 3 | 4 | This file is part of Poldi. 5 | 6 | Poldi is free software; you can redistribute it and/or modify it 7 | under the terms of the GNU General Public License as published by 8 | the Free Software Foundation; either version 3 of the License, or 9 | (at your option) any later version. 10 | 11 | Poldi is distributed in the hope that it will be useful, but 12 | WITHOUT ANY WARRANTY; without even the implied warranty of 13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 | General Public License for more details. 15 | 16 | You should have received a copy of the GNU General Public License 17 | along with this program; if not, see 18 | . */ 19 | 20 | #include 21 | 22 | #include 23 | #include 24 | 25 | #include "scd.h" 26 | 27 | 28 | 29 | /* Wait for insertion of a card in slot specified by SLOT, 30 | communication with the user through the PAM conversation function 31 | CONV. 32 | 33 | Returns proper error code. */ 34 | gpg_error_t 35 | wait_for_card (scd_context_t ctx, unsigned int timeout) 36 | { 37 | gpg_error_t err; /* <- rc? */ 38 | time_t t0; 39 | time_t t; 40 | 41 | if (timeout) 42 | time (&t0); 43 | 44 | err = 0; 45 | 46 | while (1) 47 | { 48 | err = scd_serialno (ctx, NULL); 49 | 50 | if (err == 0) 51 | /* Card present! */ 52 | break; 53 | else if (gpg_err_code (err) == GPG_ERR_CARD_NOT_PRESENT) 54 | 55 | { 56 | /* Card not present. */ 57 | 58 | /* FIXME: are there error codes besides 59 | GPG_ERR_CARD_NOT_PRESENT, which can be thrown in case a 60 | smartcard is not currently inserted? */ 61 | 62 | #ifdef HAVE_NANOSLEEP 63 | { 64 | /* Wait 500ms. */ 65 | struct timespec augenblick; 66 | 67 | augenblick.tv_sec = 0; 68 | augenblick.tv_nsec = 500000000; 69 | nanosleep (&augenblick, NULL); 70 | } 71 | #else 72 | sleep (1); 73 | #endif 74 | 75 | if (timeout) 76 | { 77 | time (&t); 78 | if ((t - t0) > timeout) 79 | { 80 | err = GPG_ERR_CARD_NOT_PRESENT; 81 | break; 82 | } 83 | } 84 | } 85 | else 86 | /* Unexpected different error -> stop waiting and propagate 87 | error upwards. */ 88 | break; 89 | } 90 | 91 | return err; 92 | } 93 | -------------------------------------------------------------------------------- /po/poldi.pot: -------------------------------------------------------------------------------- 1 | # SOME DESCRIPTIVE TITLE. 2 | # Copyright (C) YEAR g10Code GmbH 3 | # This file is distributed under the same license as the poldi package. 4 | # FIRST AUTHOR , YEAR. 5 | # 6 | #, fuzzy 7 | msgid "" 8 | msgstr "" 9 | "Project-Id-Version: poldi 0.4.2.git\n" 10 | "Report-Msgid-Bugs-To: gnupg-devel@gnupg.org\n" 11 | "POT-Creation-Date: 2016-11-15 13:02+0900\n" 12 | "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" 13 | "Last-Translator: FULL NAME \n" 14 | "Language-Team: LANGUAGE \n" 15 | "Language: \n" 16 | "MIME-Version: 1.0\n" 17 | "Content-Type: text/plain; charset=CHARSET\n" 18 | "Content-Transfer-Encoding: 8bit\n" 19 | 20 | #: src/pam/auth-method-localdb/auth-localdb.c:108 21 | msgid "Please enter username: " 22 | msgstr "" 23 | 24 | #: src/pam/auth-method-localdb/auth-localdb.c:123 25 | #, c-format 26 | msgid "Trying authentication as user `%s'..." 27 | msgstr "" 28 | 29 | #: src/pam/auth-method-localdb/auth-localdb.c:135 30 | #, c-format 31 | msgid "Serial number %s is not associated with user %s" 32 | msgstr "" 33 | 34 | #: src/pam/auth-method-x509/auth-x509.c:102 35 | msgid "Specify local socket for dirmngr access" 36 | msgstr "" 37 | 38 | #: src/pam/auth-method-x509/auth-x509.c:104 39 | msgid "Specify X509 domain for this host" 40 | msgstr "" 41 | 42 | #: src/pam/auth-support/getpin-cb.c:75 43 | msgid "PIN too short" 44 | msgstr "" 45 | 46 | #: src/pam/auth-support/getpin-cb.c:228 src/pam/auth-support/getpin-cb.c:247 47 | msgid "Please enter the PIN:" 48 | msgstr "" 49 | 50 | #: src/pam/pam_poldi.c:591 51 | #, c-format 52 | msgid "Insert authentication card for user `%s'" 53 | msgstr "" 54 | 55 | #: src/pam/pam_poldi.c:598 56 | msgid "Insert authentication card" 57 | msgstr "" 58 | 59 | #: src/util/simpleparse.c:149 60 | #, c-format 61 | msgid "Please report bugs to <%s>.\n" 62 | msgstr "" 63 | 64 | #: src/util/simpleparse.c:308 src/util/simpleparse.c:597 65 | #, c-format 66 | msgid "unknown option '%s'" 67 | msgstr "" 68 | 69 | #: src/util/simpleparse.c:321 src/util/simpleparse.c:335 70 | #: src/util/simpleparse.c:352 src/util/simpleparse.c:378 71 | #, c-format 72 | msgid "parse-callback returned error '%s' for argument '%s'" 73 | msgstr "" 74 | 75 | #: src/util/simpleparse.c:365 src/util/simpleparse.c:619 76 | #, c-format 77 | msgid "missing required argument for '%s'" 78 | msgstr "" 79 | 80 | #: src/util/simpleparse.c:608 src/util/simpleparse.c:628 81 | #, c-format 82 | msgid "too many arguments specified for option '%s'" 83 | msgstr "" 84 | -------------------------------------------------------------------------------- /src/util/convert.c: -------------------------------------------------------------------------------- 1 | /* convert.c - Hex conversion functions. 2 | * Copyright (C) 2006, 2008 Free Software Foundation, Inc. 3 | * 4 | * This file is part of GnuPG. 5 | * 6 | * GnuPG is free software; you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License as published by 8 | * the Free Software Foundation; either version 3 of the License, or 9 | * (at your option) any later version. 10 | * 11 | * GnuPG is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, see . 18 | */ 19 | 20 | #include 21 | 22 | #include 23 | #include 24 | #include 25 | 26 | #include "util.h" 27 | 28 | 29 | #define tohex(n) ((n) < 10 ? ((n) + '0') : (((n) - 10) + 'A')) 30 | 31 | static char * 32 | do_bin2hex (const void *buffer, size_t length, char *stringbuf, int with_colon) 33 | { 34 | const unsigned char *s; 35 | char *p; 36 | 37 | if (!stringbuf) 38 | { 39 | /* Not really correct for with_colon but we don't care about the 40 | one wasted byte. */ 41 | size_t n = with_colon? 3:2; 42 | size_t nbytes = n * length + 1; 43 | if (length && (nbytes-1) / n != length) 44 | { 45 | errno = ENOMEM; 46 | return NULL; 47 | } 48 | stringbuf = xtrymalloc (nbytes); 49 | if (!stringbuf) 50 | return NULL; 51 | } 52 | 53 | for (s = buffer, p = stringbuf; length; length--, s++) 54 | { 55 | if (with_colon && s != buffer) 56 | *p++ = ':'; 57 | *p++ = tohex ((*s>>4)&15); 58 | *p++ = tohex (*s&15); 59 | } 60 | *p = 0; 61 | 62 | return stringbuf; 63 | } 64 | 65 | 66 | /* Convert LENGTH bytes of data in BUFFER into hex encoding and store 67 | that at the provided STRINGBUF. STRINGBUF must be allocated of at 68 | least (2*LENGTH+1) bytes or be NULL so that the function mallocs an 69 | appropriate buffer. Returns STRINGBUF or NULL on error (which may 70 | only occur if STRINGBUF has been NULL and the internal malloc 71 | failed). */ 72 | char * 73 | bin2hex (const void *buffer, size_t length, char *stringbuf) 74 | { 75 | return do_bin2hex (buffer, length, stringbuf, 0); 76 | } 77 | -------------------------------------------------------------------------------- /src/util/filenames.c: -------------------------------------------------------------------------------- 1 | /* filenames.c - Functions for dealing with filenames. 2 | Copyright (C) 1998, 1999, 2000, 2001, 2003, 3 | 2004, 2005 Free Software Foundation, Inc. 4 | Copyright (C) 2004, 2005, 2007, 2008 g10 Code GmbH 5 | 6 | This file is part of Poldi. 7 | 8 | Poldi is free software; you can redistribute it and/or modify it 9 | under the terms of the GNU General Public License as published by 10 | the Free Software Foundation; either version 3 of the License, or 11 | (at your option) any later version. 12 | 13 | Poldi is distributed in the hope that it will be useful, but 14 | WITHOUT ANY WARRANTY; without even the implied warranty of 15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 16 | General Public License for more details. 17 | 18 | You should have received a copy of the GNU General Public License 19 | along with this program; if not, see 20 | . */ 21 | 22 | #include 23 | 24 | #include 25 | #include 26 | #include 27 | #include 28 | 29 | /* Construct a filename from the NULL terminated list of parts, 30 | including tilde expansion at the beginning. Stores the newly 31 | allocated string in *PATH, which needs to be freed with xfree(). 32 | Returns error code. This is based on make_filename() as found in 33 | jnlib. */ 34 | gpg_error_t 35 | make_filename (char **path, const char *first_part, ...) 36 | { 37 | va_list ap; 38 | size_t n; 39 | const char *s; 40 | char *name, *home, *p; 41 | gpg_error_t err = 0; 42 | 43 | name = NULL; 44 | 45 | va_start (ap, first_part); 46 | n = strlen (first_part) + 1; 47 | while ((s = va_arg (ap, const char *))) 48 | n += strlen (s) + 1; 49 | va_end (ap); 50 | 51 | home = NULL; 52 | if (*first_part == '~' && first_part[1] == '/') 53 | { 54 | home = getenv ("HOME"); 55 | if (home && *home) 56 | n += strlen (home); 57 | } 58 | 59 | name = xtrymalloc (n); 60 | if (!name) 61 | { 62 | err = gpg_error_from_errno (errno); 63 | goto out; 64 | } 65 | 66 | p = name; 67 | if (home) 68 | { 69 | p = stpcpy (p, home); 70 | p = stpcpy (p, first_part+1); 71 | } 72 | else 73 | p = stpcpy (p, first_part); 74 | 75 | va_start (ap, first_part); 76 | while ((s = va_arg (ap, const char *))) 77 | { 78 | p = stpcpy (p, "/"); 79 | p = stpcpy (p, s); 80 | } 81 | va_end (ap); 82 | 83 | out: 84 | 85 | *path = name; 86 | 87 | return err; 88 | } 89 | 90 | /* END */ 91 | -------------------------------------------------------------------------------- /src/assuan/assuan-connect.c: -------------------------------------------------------------------------------- 1 | /* assuan-connect.c - Establish a connection (client) 2 | * Copyright (C) 2001, 2002 Free Software Foundation, Inc. 3 | * 4 | * This file is part of Assuan. 5 | * 6 | * Assuan is free software; you can redistribute it and/or modify it 7 | * under the terms of the GNU Lesser General Public License as 8 | * published by the Free Software Foundation; either version 2.1 of 9 | * the License, or (at your option) any later version. 10 | * 11 | * Assuan is distributed in the hope that it will be useful, but 12 | * WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 | * Lesser General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU Lesser General Public 17 | * License along with this program; if not, see . 18 | */ 19 | 20 | #ifdef HAVE_CONFIG_H 21 | #include 22 | #endif 23 | 24 | #include 25 | #include 26 | #include 27 | #include 28 | #include 29 | #include 30 | #include 31 | #ifndef HAVE_W32_SYSTEM 32 | #include 33 | #endif 34 | 35 | #include "assuan-defs.h" 36 | 37 | /* Disconnect and release the context CTX. */ 38 | void 39 | assuan_disconnect (assuan_context_t ctx) 40 | { 41 | if (ctx) 42 | { 43 | assuan_write_line (ctx, "BYE"); 44 | ctx->finish_handler (ctx); 45 | ctx->deinit_handler (ctx); 46 | ctx->deinit_handler = NULL; 47 | _assuan_release_context (ctx); 48 | } 49 | } 50 | 51 | /* Return the PID of the peer or -1 if not known. This function works 52 | in some situations where assuan_get_ucred fails. */ 53 | pid_t 54 | assuan_get_pid (assuan_context_t ctx) 55 | { 56 | return (ctx && ctx->pid)? ctx->pid : -1; 57 | } 58 | 59 | 60 | #ifndef HAVE_W32_SYSTEM 61 | /* Return user credentials. PID, UID and GID amy be gived as NULL if 62 | you are not interested in this value. For getting the pid of the 63 | peer the assuan_get_pid is usually better suited. */ 64 | assuan_error_t 65 | assuan_get_peercred (assuan_context_t ctx, pid_t *pid, uid_t *uid, gid_t *gid) 66 | { 67 | if (!ctx) 68 | return _assuan_error (ASSUAN_Invalid_Value); 69 | if (!ctx->peercred.valid) 70 | return _assuan_error (ASSUAN_General_Error); 71 | 72 | #ifdef HAVE_SO_PEERCRED 73 | if (pid) 74 | *pid = ctx->peercred.pid; 75 | if (uid) 76 | *uid = ctx->peercred.uid; 77 | if (gid) 78 | *gid = ctx->peercred.gid; 79 | #endif 80 | 81 | return 0; 82 | } 83 | #endif /* HAVE_W32_SYSTEM */ 84 | -------------------------------------------------------------------------------- /src/pam/Makefile.am: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2004, 2005, 2007, 2008 g10 Code GmbH 2 | # 3 | # This file is part of Poldi. 4 | # 5 | # Poldi is free software; you can redistribute it and/or modify it 6 | # under the terms of the GNU General Public License as published by 7 | # the Free Software Foundation; either version 2 of the License, or 8 | # (at your option) any later version. 9 | # 10 | # Poldi is distributed in the hope that it will be useful, but WITHOUT 11 | # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 12 | # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public 13 | # License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License 16 | # along with this program; if not, write to the Free Software 17 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 18 | # 02111-1307, USA 19 | 20 | AM_CPPFLAGS = \ 21 | -I$(top_srcdir)/src/pam \ 22 | -I$(top_srcdir)/src \ 23 | -I$(top_builddir)/src/pam \ 24 | -I$(top_builddir)/src \ 25 | -I$(top_builddir) \ 26 | -I$(top_srcdir)/src/assuan 27 | 28 | 29 | include $(top_srcdir)/am/cmacros.am 30 | 31 | PAM_MODULE_DIRECTORY = @PAM_MODULE_DIRECTORY@ 32 | 33 | AM_CFLAGS = \ 34 | -fPIC \ 35 | -Wall \ 36 | -I$(top_builddir) \ 37 | -I$(top_srcdir)/src \ 38 | -I$(top_srcdir)/util \ 39 | $(GPG_ERROR_CFLAGS) \ 40 | $(LIBGCRYPT_CFLAGS) 41 | 42 | AUTH_METHODS = 43 | AUTH_METHODS_LIBS = 44 | 45 | if AUTH_METHOD_LOCALDB 46 | AUTH_METHODS += auth-method-localdb 47 | AUTH_METHODS_LIBS += auth-method-localdb/libpoldi-auth-localdb.a 48 | endif 49 | 50 | if AUTH_METHOD_X509 51 | AUTH_METHODS += auth-method-x509 52 | AUTH_METHODS_LIBS += auth-method-x509/libpoldi-auth-x509.a 53 | endif 54 | 55 | SUBDIRS = auth-support $(AUTH_METHODS) 56 | 57 | noinst_LIBRARIES = libpam_poldi.a 58 | 59 | libpam_poldi_a_SOURCES = \ 60 | pam_poldi.c auth-methods.h 61 | 62 | pam_poldi.so: libpam_poldi.a $(AUTH_METHODS_LIBS) auth-support/libpam-poldi-auth-support.a \ 63 | ../scd/libscd_shared.a ../util/libpoldi-util_shared.a 64 | $(CC) $(LDFLAGS) -shared -o pam_poldi.so -Wl,-u,pam_sm_authenticate \ 65 | libpam_poldi.a \ 66 | $(AUTH_METHODS_LIBS) auth-support/libpam-poldi-auth-support.a \ 67 | ../scd/libscd_shared.a ../util/libpoldi-util_shared.a ../assuan/libassuan.a \ 68 | $(LIBGCRYPT_LIBS) $(KSBA_LIBS) 69 | 70 | all-local: pam_poldi.so 71 | 72 | install-exec-local: 73 | $(INSTALL) -d $(DESTDIR)$(PAM_MODULE_DIRECTORY) 74 | $(INSTALL) pam_poldi.so $(DESTDIR)$(PAM_MODULE_DIRECTORY) 75 | 76 | uninstall-local: 77 | rm -f $(DESTDIR)$(PAM_MODULE_DIRECTORY)/pam_poldi.so 78 | 79 | CLEANFILES = pam_poldi.so 80 | 81 | # FIXME: LDFLAGS for other libs missing.... 82 | -------------------------------------------------------------------------------- /src/util/simplelog.h: -------------------------------------------------------------------------------- 1 | /* simplelog.c - Simple logging subsystem for Poldi 2 | Copyright (C) 2008 g10 Code GmbH 3 | 4 | This file is part of Poldi. 5 | 6 | Poldi is free software; you can redistribute it and/or modify it 7 | under the terms of the GNU General Public License as published by 8 | the Free Software Foundation; either version 3 of the License, or 9 | (at your option) any later version. 10 | 11 | Poldi is distributed in the hope that it will be useful, but 12 | WITHOUT ANY WARRANTY; without even the implied warranty of 13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 | General Public License for more details. 15 | 16 | You should have received a copy of the GNU General Public License 17 | along with this program; if not, see 18 | . */ 19 | 20 | #ifndef SIMPLELOG_H 21 | #define SIMPLELOG_H 22 | 23 | #include 24 | #include 25 | 26 | #include 27 | 28 | typedef struct log_handle *log_handle_t; 29 | 30 | #define LOG_FLAG_WITH_PREFIX (1 << 0) 31 | #define LOG_FLAG_WITH_TIME (1 << 1) 32 | #define LOG_FLAG_WITH_PID (1 << 2) 33 | 34 | typedef enum 35 | { 36 | LOG_BACKEND_NONE, 37 | LOG_BACKEND_STREAM, 38 | LOG_BACKEND_FILE, 39 | LOG_BACKEND_SYSLOG 40 | } log_backend_t; 41 | 42 | typedef enum 43 | { 44 | LOG_LEVEL_DEBUG = 1, 45 | LOG_LEVEL_INFO, 46 | LOG_LEVEL_ERROR, 47 | LOG_LEVEL_FATAL 48 | } log_level_t; 49 | 50 | #define LOG_PREFIX_LENGTH 128 51 | 52 | gpg_error_t log_create (log_handle_t *handle); 53 | void log_destroy (log_handle_t handle); 54 | 55 | void log_set_flags (log_handle_t handle, unsigned int flags); 56 | void log_unset_flags (log_handle_t handle, unsigned int flags); 57 | void log_set_prefix (log_handle_t handle, const char *prefix); 58 | void log_set_min_level (log_handle_t handle, log_level_t min_level); 59 | 60 | gpg_error_t log_set_backend_stream (log_handle_t handle, FILE *fp); 61 | gpg_error_t log_set_backend_file (log_handle_t handle, const char *filename); 62 | gpg_error_t log_set_backend_syslog (log_handle_t handle); 63 | 64 | gpg_error_t log_write (log_handle_t handle, log_level_t level, 65 | const char *fmt, ...); 66 | gpg_error_t log_write_va (log_handle_t handle, log_level_t level, 67 | const char *fmt, va_list ap); 68 | 69 | gpg_error_t log_msg_debug (log_handle_t handle, const char *fmt, ...); 70 | gpg_error_t log_msg_info (log_handle_t handle, const char *fmt, ...); 71 | gpg_error_t log_msg_error (log_handle_t handle, const char *fmt, ...); 72 | gpg_error_t log_msg_fatal (log_handle_t handle, const char *fmt, ...); 73 | 74 | #endif 75 | -------------------------------------------------------------------------------- /src/util/util.h: -------------------------------------------------------------------------------- 1 | /* util.h - Utility functions for GnuPG 2 | * Copyright (C) 2001, 2002, 2003, 2004, 2007 Free Software Foundation, Inc. 3 | * 4 | * This file is part of GnuPG. 5 | * 6 | * GnuPG is free software; you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License as published by 8 | * the Free Software Foundation; either version 2 of the License, or 9 | * (at your option) any later version. 10 | * 11 | * GnuPG is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, write to the Free Software 18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, 19 | * USA. 20 | */ 21 | 22 | #ifndef GNUPG_COMMON_UTIL_H 23 | #define GNUPG_COMMON_UTIL_H 24 | 25 | #include /* We need this for the memory function protos. */ 26 | #include /* We need time_t. */ 27 | #include /* We need errno. */ 28 | #include /* We need gpg_error_t. */ 29 | #include 30 | 31 | /* Get all the stuff from jnlib. */ 32 | //#include "../jnlib/logging.h" 33 | //#include "../jnlib/argparse.h" 34 | //#include "../jnlib/stringhelp.h" 35 | //#include "../jnlib/mischelp.h" 36 | //#include "../jnlib/strlist.h" 37 | //#include "../jnlib/utf8conv.h" 38 | 39 | #define DIM(v) (sizeof(v)/sizeof((v)[0])) 40 | #define DIMof(type,member) DIM(((type *)0)->member) 41 | 42 | /*-- convert.c --*/ 43 | char *bin2hex (const void *buffer, size_t length, char *stringbuf); 44 | 45 | /*-- Macros to replace ctype ones to avoid locale problems. --*/ 46 | #define spacep(p) (*(p) == ' ' || *(p) == '\t') 47 | #define digitp(p) (*(p) >= '0' && *(p) <= '9') 48 | #define hexdigitp(a) (digitp (a) \ 49 | || (*(a) >= 'A' && *(a) <= 'F') \ 50 | || (*(a) >= 'a' && *(a) <= 'f')) 51 | /* Note this isn't identical to a C locale isspace() without \f and 52 | \v, but works for the purposes used here. */ 53 | #define ascii_isspace(a) ((a)==' ' || (a)=='\n' || (a)=='\r' || (a)=='\t') 54 | 55 | /* The atoi macros assume that the buffer has only valid digits. */ 56 | #define atoi_1(p) (*(p) - '0' ) 57 | #define atoi_2(p) ((atoi_1(p) * 10) + atoi_1((p)+1)) 58 | #define atoi_4(p) ((atoi_2(p) * 100) + atoi_2((p)+2)) 59 | #define xtoi_1(p) (*(p) <= '9'? (*(p)- '0'): \ 60 | *(p) <= 'F'? (*(p)-'A'+10):(*(p)-'a'+10)) 61 | #define xtoi_2(p) ((xtoi_1(p) * 16) + xtoi_1((p)+1)) 62 | #define xtoi_4(p) ((xtoi_2(p) * 256) + xtoi_2((p)+2)) 63 | 64 | 65 | 66 | #endif /*GNUPG_COMMON_UTIL_H*/ 67 | -------------------------------------------------------------------------------- /src/pam/auth-method-x509/ChangeLog: -------------------------------------------------------------------------------- 1 | 2008-12-22 Moritz 2 | 3 | * Makefile.am (libpoldi_auth_x509_a_CFLAGS): Added $(KSBA_CFLAGS). 4 | 5 | 2008-08-07 Moritz 6 | 7 | * auth-x509.c: Some minor cosmetic changes. 8 | (extract_username_from_cert): New parameter: poldi_ctx_t ctx.... 9 | (auth_method_x509_auth_do): ... change caller. 10 | (extract_username_from_cert): Added some logging. 11 | 12 | * dirmngr.c (struct lookup_parm_s): New member: dirmngr_ctx_t ctx. 13 | 14 | 2008-08-04 Moritz 15 | 16 | * auth-x509.c: Mark strings for i18n. 17 | (auth_method_x509_auth_do): Adjust to new scd_pksign() interface; 18 | removed cb_data variable. 19 | Do not include "getpin-cb.h". 20 | 21 | 2008-07-30 Moritz 22 | 23 | * dirmngr.c (dirmngr_ctx_init): New static variable... 24 | (dirmngr_connect): ... use it here. 25 | Added some assert() checks. 26 | Use x* memory functions, not malloc/free directly. 27 | Cosmetic changes (added comments, etc.). 28 | 29 | 2008-07-20 Moritz 30 | 31 | * dirmngr.c: Removed two unused struct definitions. 32 | 33 | 2008-07-20 Moritz 34 | 35 | * dirmngr.c: Include poldi.h and simplelog.h. 36 | (struct dirmngr_ctx_s): New member: log_handle. 37 | (dirmngr_connect): Tages new parameter: log_handle; insteall 38 | log_handle in new context. 39 | (struct inq_cert_parm_s): Replaced assuan_context_t ctx member 40 | with dirmngr_ctx_t ctx. 41 | 42 | * dirmngr.h: Adjusted for new dirmngr_connect API; include 43 | simplelog.h. 44 | 45 | 2008-07-14 Moritz 46 | 47 | * auth-x509.c: Include simpleparse.h, simplelog.h, poldi.h. 48 | Use x* memory allocator. 49 | Use simpleparse subsystem, not ARGPARSE, adjust parsing cb, etc. 50 | Use simplelog subsystem. 51 | 52 | 2008-05-25 Moritz 53 | 54 | Minor cleanups. 55 | 56 | 2008-05-01 Moritz 57 | 58 | * Makefile.am (libpoldi_auth_x509_a_CFLAGS): Use -fPIC. 59 | 60 | 2008-04-21 Moritz 61 | 62 | * auth-x509.c (auth_method_x509_auth_do): New local variable: 63 | cb_data, fill and pass to scd_pksign instead of conv object 64 | directly. 65 | 66 | 2008-04-13 Moritz 67 | 68 | * auth-x509.c (auth_method_x509_auth_do): Initialize DIRMNGR to 69 | NULL. 70 | (auth_method_x509_parsecb): Added missing "break". 71 | (email_address_match): Fix logic. 72 | (auth_method_x509_auth_do): on success, set 73 | (auth_method_x509_auth_do): Pass ctx->conv to scd_pksign, not ctx. 74 | 75 | *username_authenticated, only free card_username in case of error. 76 | * dirmngr.c (dirmngr_connect): Rename parameter PATH to SOCK. 77 | * dirmngr.h: Likewise. 78 | * dirmngr.c (dirmngr_connect_socket): Removed dummy function. 79 | * dirmngr.h: Likewise. 80 | * dirmngr.c (dirmngr_connect): Use assuan_socket_connect to 81 | connect to dirmngr, not connect_pipe(). 82 | (connect_pipe): Removed function. 83 | -------------------------------------------------------------------------------- /src/pam/auth-methods.h: -------------------------------------------------------------------------------- 1 | /* auth-methods.h - Auth method definitions (Poldi) 2 | Copyright (C) 2008 g10 Code GmbH 3 | 4 | This file is part of Poldi. 5 | 6 | Poldi is free software; you can redistribute it and/or modify it 7 | under the terms of the GNU General Public License as published by 8 | the Free Software Foundation; either version 3 of the License, or 9 | (at your option) any later version. 10 | 11 | Poldi is distributed in the hope that it will be useful, but 12 | WITHOUT ANY WARRANTY; without even the implied warranty of 13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 | General Public License for more details. 15 | 16 | You should have received a copy of the GNU General Public License 17 | along with this program; if not, see 18 | . */ 19 | 20 | #ifndef POLDI_AUTH_METHODS_H 21 | #define POLDI_AUTH_METHODS_H 22 | 23 | #include 24 | 25 | #include 26 | 27 | #include "auth-support/ctx.h" 28 | 29 | 30 | 31 | /* This function is called at initialization time (before 32 | authentication method specific argument parsing is done) in order 33 | to properly setup an authentication method specific cookie 34 | object. */ 35 | typedef gpg_error_t (*auth_method_func_init_t) (void **cookie); 36 | 37 | /* This function is called after an authentication run in order to 38 | free any resources allocated through the call to the initialization 39 | function. */ 40 | typedef void (*auth_method_func_deinit_t) (void *cookie); 41 | 42 | /* Try to authenticate a user. The user's identity on the system is 43 | figured out during the authentication process. COOKIE is the 44 | cookie for this authentication method. CTX is the Poldi context 45 | object. On successful authentication, the newly allocated username 46 | as which the user has been authenticated is stored in *USERNAME. 47 | Returns TRUE on success, FALSE on failure. */ 48 | typedef int (*auth_method_func_auth_t) (poldi_ctx_t ctx, void *cookie, 49 | char **username); 50 | 51 | /* Try to authenticate a user as USERNAME. COOKIE is the cookie for 52 | this authentication method. CTX is the Poldi context object. 53 | Returns TRUE on success, FALSE on failure. */ 54 | typedef int (*auth_method_func_auth_as_t) (poldi_ctx_t ctx, void *cookie, 55 | const char *username); 56 | 57 | struct auth_method_parse_cookie 58 | { 59 | poldi_ctx_t poldi_ctx; 60 | void *method_ctx; 61 | }; 62 | 63 | /* Each authentication method must define one such object. */ 64 | struct auth_method_s 65 | { 66 | auth_method_func_init_t func_init; 67 | auth_method_func_deinit_t func_deinit; 68 | auth_method_func_auth_t func_auth; 69 | auth_method_func_auth_as_t func_auth_as; 70 | simpleparse_opt_spec_t *opt_specs; 71 | simpleparse_parse_cb_t parsecb; 72 | const char *config; 73 | }; 74 | 75 | typedef struct auth_method_s *auth_method_t; 76 | 77 | #endif 78 | -------------------------------------------------------------------------------- /src/pam/auth-support/ChangeLog: -------------------------------------------------------------------------------- 1 | 2009-08-08 Moritz 2 | 3 | * getpin-cb.c (getpin_cb): Fixed fallback prompts. Thanks to Lionel. 4 | * ctx.h (struct poldi_ctx_s): New member: scdaemon_options. 5 | 6 | 2009-05-16 Moritz 7 | 8 | * ctx.h (struct poldi_ctx_s): New member: modify_environment. 9 | 10 | 2009-01-17 Moritz 11 | 12 | * ctx.h (struct poldi_ctx_s): New struct member: quiet. 13 | 14 | 2008-08-17 Moritz 15 | 16 | * ctx.h (struct poldi_ctx_s): Removed member scdaemon_socket. 17 | 18 | 2008-08-08 Moritz 19 | 20 | * getpin-cb.c (keypad_mode_enter): New argument: INFO. Send INFO 21 | to conv_tell() instead of the old hard-coded string... 22 | (getpin_cb): ... change caller. 23 | (getpin_cb): Only frob info string if it is not "PIN", use 24 | hard-coded string as argument to query_user()/keypad_mode_enter() 25 | if the info string was "PIN". 26 | Use xtrymalloc/xfree instead of gcry_malloc/gcry_free. 27 | 28 | 2008-08-04 Moritz 29 | 30 | * getpin-cb.h: Include "ctx.h". 31 | 32 | 2008-07-30 Moritz 33 | 34 | * getpin-cb.c: Do not include "i18n.h". 35 | 36 | 2008-07-14 Moritz 37 | 38 | * getpin-cb.c: 39 | 40 | 2008-07-06 Moritz 41 | 42 | * ctx.h: Include simplelog.h, simpleparse.h. 43 | (struct poldi_ctx_s): New members: loghandle, parsehandle; removed 44 | old member logfile. 45 | 46 | 2008-06-14 Moritz 47 | 48 | * getpin-cb.c (getpin_cb): New local variable: info_frobbed; use 49 | frob_info_msg. 50 | (frob_info_msg): New function. 51 | (strcpy_escaped): New function, taken from Pinentry. 52 | 53 | 2008-05-25 Moritz 54 | 55 | Some cleanups, added GPL 3 headers. 56 | 57 | * ctx.h: Added comments. 58 | 59 | * getpin-cb.c (query_user): Make sure that returned buffer is 60 | padded with zeros. It seems (at least some) zero padding is 61 | required by scdaemon (utf8 related). 62 | 63 | * ctx.h (struct poldi_ctx_s): New members: scdaemon_socket, 64 | scdaemon_program. 65 | 66 | * getpin-cb.c (keypad_mode_enter, keypad_mode_leave): changed user 67 | messages. 68 | Include "i18n.h", not . 69 | 70 | 2008-04-21 Moritz 71 | 72 | * getpin-cb.c: Include "getpin-cb.h"; heavily stripped, needs more 73 | thinking. 74 | 75 | 2008-04-20 Moritz 76 | 77 | * getpin-cb.h: New struct: getpin_cb_data. 78 | 79 | 2008-04-19 Moritz 80 | 81 | * getpin-cb.c (getpin_cb): Removed flag handling, removed 82 | variables: ends, any_flags, again_text. 83 | (agent_popup_message_start, agent_popup_message_stop): Removed to 84 | ... 85 | (keypad_mode_enter, keypad_mode_leave): ... this. 86 | 87 | 2008-04-05 Moritz 88 | 89 | * conv.c, conf.h, ctx.h, getpin-cb.c, getpin-cb.h, Makefile.am, 90 | pam-util.c, pam-util.h, wait-for-card.h, wait-for-card.c: New. 91 | 92 | -------------------------------------------------------------------------------- /src/pam/auth-method-localdb/key-lookup.c: -------------------------------------------------------------------------------- 1 | /* key-lookup.c - Lookup keys for localdb authentication 2 | Copyright (C) 2004, 2005, 2007, 2008 g10 Code GmbH 3 | 4 | This file is part of Poldi. 5 | 6 | Poldi is free software; you can redistribute it and/or modify it 7 | under the terms of the GNU General Public License as published by 8 | the Free Software Foundation; either version 3 of the License, or 9 | (at your option) any later version. 10 | 11 | Poldi is distributed in the hope that it will be useful, but 12 | WITHOUT ANY WARRANTY; without even the implied warranty of 13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 | General Public License for more details. 15 | 16 | You should have received a copy of the GNU General Public License 17 | along with this program; if not, see 18 | . */ 19 | 20 | #include 21 | 22 | #include 23 | #include 24 | #include 25 | 26 | #include 27 | #include 28 | 29 | #include "util/support.h" 30 | #include "util/filenames.h" 31 | #include "key-lookup.h" 32 | #include "defs-localdb.h" 33 | 34 | 35 | 36 | /* This functions construct a new C-string containing the absolute 37 | path for the file, which is to expected to contain the public key 38 | for the card identified by SERIALNO. Returns proper error 39 | code. */ 40 | static gpg_error_t 41 | key_filename_construct (char **filename, const char *serialno) 42 | { 43 | return make_filename (filename, POLDI_KEY_DIRECTORY, serialno, NULL); 44 | } 45 | 46 | /* Lookup the key belonging to the card specified by SERIALNO. 47 | Returns a proper error code. */ 48 | gpg_error_t 49 | key_lookup_by_serialno (poldi_ctx_t ctx, const char *serialno, gcry_sexp_t *key) 50 | { 51 | gcry_sexp_t key_sexp; 52 | char *key_string; 53 | char *key_path; 54 | gpg_error_t err; 55 | 56 | key_path = NULL; 57 | key_string = NULL; 58 | 59 | err = key_filename_construct (&key_path, serialno); 60 | if (err) 61 | { 62 | log_msg_error (ctx->loghandle, 63 | "failed to construct key file path " 64 | "for serial number `%s': %s\n", 65 | serialno, gpg_strerror (err)); 66 | goto out; 67 | } 68 | 69 | err = file_to_string (key_path, &key_string); 70 | if ((! err) && (! key_string)) 71 | err = gpg_error (GPG_ERR_NO_PUBKEY); 72 | if (err) 73 | { 74 | log_msg_error (ctx->loghandle, 75 | "failed to retrieve key from key file `%s': %s\n", 76 | key_path, gpg_strerror (err)); 77 | goto out; 78 | } 79 | 80 | err = string_to_sexp (&key_sexp, key_string); 81 | if (err) 82 | { 83 | log_msg_error (ctx->loghandle, 84 | "failed to convert key " 85 | "from `%s' into S-Expression: %s\n", 86 | key_path, gpg_strerror (err)); 87 | goto out; 88 | } 89 | 90 | *key = key_sexp; 91 | 92 | out: 93 | 94 | xfree (key_path); 95 | xfree (key_string); 96 | 97 | return err; 98 | } 99 | 100 | 101 | -------------------------------------------------------------------------------- /m4/progtest.m4: -------------------------------------------------------------------------------- 1 | # progtest.m4 serial 4 (gettext-0.14.2) 2 | dnl Copyright (C) 1996-2003, 2005 Free Software Foundation, Inc. 3 | dnl This file is free software; the Free Software Foundation 4 | dnl gives unlimited permission to copy and/or distribute it, 5 | dnl with or without modifications, as long as this notice is preserved. 6 | dnl 7 | dnl This file can can be used in projects which are not available under 8 | dnl the GNU General Public License or the GNU Library General Public 9 | dnl License but which still want to provide support for the GNU gettext 10 | dnl functionality. 11 | dnl Please note that the actual code of the GNU gettext library is covered 12 | dnl by the GNU Library General Public License, and the rest of the GNU 13 | dnl gettext package package is covered by the GNU General Public License. 14 | dnl They are *not* in the public domain. 15 | 16 | dnl Authors: 17 | dnl Ulrich Drepper , 1996. 18 | 19 | AC_PREREQ(2.50) 20 | 21 | # Search path for a program which passes the given test. 22 | 23 | dnl AM_PATH_PROG_WITH_TEST(VARIABLE, PROG-TO-CHECK-FOR, 24 | dnl TEST-PERFORMED-ON-FOUND_PROGRAM [, VALUE-IF-NOT-FOUND [, PATH]]) 25 | AC_DEFUN([AM_PATH_PROG_WITH_TEST], 26 | [ 27 | # Prepare PATH_SEPARATOR. 28 | # The user is always right. 29 | if test "${PATH_SEPARATOR+set}" != set; then 30 | echo "#! /bin/sh" >conf$$.sh 31 | echo "exit 0" >>conf$$.sh 32 | chmod +x conf$$.sh 33 | if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then 34 | PATH_SEPARATOR=';' 35 | else 36 | PATH_SEPARATOR=: 37 | fi 38 | rm -f conf$$.sh 39 | fi 40 | 41 | # Find out how to test for executable files. Don't use a zero-byte file, 42 | # as systems may use methods other than mode bits to determine executability. 43 | cat >conf$$.file <<_ASEOF 44 | #! /bin/sh 45 | exit 0 46 | _ASEOF 47 | chmod +x conf$$.file 48 | if test -x conf$$.file >/dev/null 2>&1; then 49 | ac_executable_p="test -x" 50 | else 51 | ac_executable_p="test -f" 52 | fi 53 | rm -f conf$$.file 54 | 55 | # Extract the first word of "$2", so it can be a program name with args. 56 | set dummy $2; ac_word=[$]2 57 | AC_MSG_CHECKING([for $ac_word]) 58 | AC_CACHE_VAL(ac_cv_path_$1, 59 | [case "[$]$1" in 60 | [[\\/]]* | ?:[[\\/]]*) 61 | ac_cv_path_$1="[$]$1" # Let the user override the test with a path. 62 | ;; 63 | *) 64 | ac_save_IFS="$IFS"; IFS=$PATH_SEPARATOR 65 | for ac_dir in ifelse([$5], , $PATH, [$5]); do 66 | IFS="$ac_save_IFS" 67 | test -z "$ac_dir" && ac_dir=. 68 | for ac_exec_ext in '' $ac_executable_extensions; do 69 | if $ac_executable_p "$ac_dir/$ac_word$ac_exec_ext"; then 70 | echo "$as_me: trying $ac_dir/$ac_word..." >&AS_MESSAGE_LOG_FD 71 | if [$3]; then 72 | ac_cv_path_$1="$ac_dir/$ac_word$ac_exec_ext" 73 | break 2 74 | fi 75 | fi 76 | done 77 | done 78 | IFS="$ac_save_IFS" 79 | dnl If no 4th arg is given, leave the cache variable unset, 80 | dnl so AC_PATH_PROGS will keep looking. 81 | ifelse([$4], , , [ test -z "[$]ac_cv_path_$1" && ac_cv_path_$1="$4" 82 | ])dnl 83 | ;; 84 | esac])dnl 85 | $1="$ac_cv_path_$1" 86 | if test ifelse([$4], , [-n "[$]$1"], ["[$]$1" != "$4"]); then 87 | AC_MSG_RESULT([$]$1) 88 | else 89 | AC_MSG_RESULT(no) 90 | fi 91 | AC_SUBST($1)dnl 92 | ]) 93 | -------------------------------------------------------------------------------- /src/util/membuf.c: -------------------------------------------------------------------------------- 1 | /* membuf.c - A simple implementation of a dynamic buffer 2 | * Copyright (C) 2001, 2003, 2008 Free Software Foundation, Inc. 3 | * 4 | * This file is part of GnuPG. 5 | * 6 | * GnuPG is free software; you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License as published by 8 | * the Free Software Foundation; either version 3 of the License, or 9 | * (at your option) any later version. 10 | * 11 | * GnuPG is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program; if not, see . 18 | */ 19 | 20 | #include "util-local.h" 21 | 22 | #include 23 | #include 24 | 25 | #include "membuf.h" 26 | 27 | #include "util.h" 28 | 29 | 30 | /* A simple implementation of a dynamic buffer. Use init_membuf() to 31 | create a buffer, put_membuf to append bytes and get_membuf to 32 | release and return the buffer. Allocation errors are detected but 33 | only returned at the final get_membuf(), this helps not to clutter 34 | the code with out of core checks. */ 35 | 36 | void 37 | init_membuf (membuf_t *mb, int initiallen) 38 | { 39 | mb->len = 0; 40 | mb->size = initiallen; 41 | mb->out_of_core = 0; 42 | mb->buf = xtrymalloc (initiallen); 43 | if (!mb->buf) 44 | mb->out_of_core = errno; 45 | } 46 | 47 | /* Same as init_membuf but allocates the buffer in secure memory. */ 48 | void 49 | init_membuf_secure (membuf_t *mb, int initiallen) 50 | { 51 | mb->len = 0; 52 | mb->size = initiallen; 53 | mb->out_of_core = 0; 54 | mb->buf = xtrymalloc_secure (initiallen); 55 | if (!mb->buf) 56 | mb->out_of_core = errno; 57 | } 58 | 59 | 60 | void 61 | put_membuf (membuf_t *mb, const void *buf, size_t len) 62 | { 63 | if (mb->out_of_core) 64 | return; 65 | 66 | if (mb->len + len >= mb->size) 67 | { 68 | char *p; 69 | 70 | mb->size += len + 1024; 71 | p = xtryrealloc (mb->buf, mb->size); 72 | if (!p) 73 | { 74 | mb->out_of_core = errno ? errno : ENOMEM; 75 | /* Wipe out what we already accumulated. This is required 76 | in case we are storing sensitive data here. The membuf 77 | API does not provide another way to cleanup after an 78 | error. */ 79 | memset (mb->buf, 0, mb->len); 80 | return; 81 | } 82 | mb->buf = p; 83 | } 84 | memcpy (mb->buf + mb->len, buf, len); 85 | mb->len += len; 86 | } 87 | 88 | 89 | void 90 | put_membuf_str (membuf_t *mb, const char *string) 91 | { 92 | put_membuf (mb, string, strlen (string)); 93 | } 94 | 95 | 96 | void * 97 | get_membuf (membuf_t *mb, size_t *len) 98 | { 99 | char *p; 100 | 101 | if (mb->out_of_core) 102 | { 103 | xfree (mb->buf); 104 | mb->buf = NULL; 105 | errno = mb->out_of_core; 106 | return NULL; 107 | } 108 | 109 | p = mb->buf; 110 | if (len) 111 | *len = mb->len; 112 | mb->buf = NULL; 113 | mb->out_of_core = ENOMEM; /* hack to make sure it won't get reused. */ 114 | return p; 115 | } 116 | -------------------------------------------------------------------------------- /src/pam/auth-support/ctx.h: -------------------------------------------------------------------------------- 1 | /* ctx.h - Poldi context structure. 2 | Copyright (C) 2008, 2009 g10 Code GmbH 3 | 4 | This file is part of Poldi. 5 | 6 | Poldi is free software; you can redistribute it and/or modify it 7 | under the terms of the GNU General Public License as published by 8 | the Free Software Foundation; either version 3 of the License, or 9 | (at your option) any later version. 10 | 11 | Poldi is distributed in the hope that it will be useful, but 12 | WITHOUT ANY WARRANTY; without even the implied warranty of 13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 | General Public License for more details. 15 | 16 | You should have received a copy of the GNU General Public License 17 | along with this program; if not, see 18 | . */ 19 | 20 | #ifndef POLDI_CTX_H 21 | #define POLDI_CTX_H 22 | 23 | #define PAM_SM_AUTH 24 | #include 25 | 26 | #include 27 | #include 28 | 29 | #include "scd/scd.h" 30 | #include "auth-support/conv.h" 31 | 32 | /* We use a "context" object in Poldi, since a PAM Module should not 33 | contain static variables. (In theory) this allows for a 34 | multithreaded application to authenticate users concurrently. 35 | 36 | There are certain objects which are to be accessed by many 37 | functions contained in Poldi, like: debug flag, pam_handle, scd, 38 | logging stream, etc. 39 | 40 | So we have two choices: either these variables are globally visible 41 | or they are allocated in pam_sm_authenticate() and passed down to 42 | each function. For the above mentioned reasons, solution one is not 43 | applicable for a PAM module. Therefore we need go down route two. 44 | But surely we do not want to pass each and every of the useful 45 | variables down to every function, thus we encapsulate everything 46 | which might be useful to other functions in a context object. 47 | Then, this context object (allocated and dealloacted in 48 | pam_sm_authenticate) is passed down. 49 | */ 50 | 51 | struct poldi_ctx_s 52 | { 53 | /* Options. */ 54 | 55 | char *logfile; 56 | log_handle_t loghandle; /* Our handle for simplelog. */ 57 | simpleparse_handle_t parsehandle; /* Handle for simpleparse. */ 58 | int auth_method; /* The ID of the authentication method 59 | in use. */ 60 | void *cookie; /* Cookie for authentication 61 | method. */ 62 | 63 | int debug; /* Debug flag. If true, functions 64 | should emmit debugging 65 | messages. */ 66 | int modify_environment; /* Set Poldi-related variables in the 67 | PAM environment. */ 68 | int quiet; /* Be more quiet during PAM 69 | conversation with user. */ 70 | int use_agent; /* Use gpg-agent to connect scdaemon. */ 71 | 72 | /* Scdaemon. */ 73 | char *scdaemon_program; /* Path of Scdaemon program to execute. */ 74 | char *scdaemon_options; /* Path of Scdaemon configuration file. */ 75 | scd_context_t scd; /* Handle for the Scdaemon access 76 | layer. */ 77 | 78 | pam_handle_t *pam_handle; /* PAM handle. */ 79 | 80 | conv_t conv; /* Handle for the conv(ersation) 81 | subsystem. */ 82 | 83 | /* PAM username. */ 84 | const char *username; /* Username retrieved by PAM. */ 85 | 86 | struct scd_cardinfo cardinfo; /* Smartcard information 87 | structure. */ 88 | }; 89 | 90 | typedef struct poldi_ctx_s *poldi_ctx_t; 91 | 92 | #endif 93 | -------------------------------------------------------------------------------- /tests/parse-test.c: -------------------------------------------------------------------------------- 1 | /* parse-test.c - test program for simpleparse. 2 | Copyright (C) 2008, 2009 g10 Code GmbH 3 | 4 | This file is part of Poldi. 5 | 6 | Poldi is free software; you can redistribute it and/or modify it 7 | under the terms of the GNU General Public License as published by 8 | the Free Software Foundation; either version 3 of the License, or 9 | (at your option) any later version. 10 | 11 | Poldi is distributed in the hope that it will be useful, but 12 | WITHOUT ANY WARRANTY; without even the implied warranty of 13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 | General Public License for more details. 15 | 16 | You should have received a copy of the GNU General Public License 17 | along with this program; if not, see 18 | . */ 19 | 20 | /* For Poldi I wrote a minimalistic library for parsing configuration 21 | files and command-line arguments named "simpleparse". This is a 22 | test program for simpleparse. -mo */ 23 | 24 | #include 25 | #include 26 | #include 27 | 28 | #include 29 | 30 | #include 31 | #include 32 | 33 | enum opt_ids 34 | { 35 | FOO = 1, 36 | BAR, 37 | BAZ 38 | }; 39 | 40 | static simpleparse_opt_spec_t opt_specs[] = 41 | { 42 | { FOO, "foo", 'f', SIMPLEPARSE_ARG_REQUIRED, 0, "the foo switch requires an argument" }, 43 | { BAR, "bar", 'b', SIMPLEPARSE_ARG_OPTIONAL, 0, "the bar switch takes an optional argument" }, 44 | { BAZ, "baz", 0, SIMPLEPARSE_ARG_NONE, 0, "the baz switch takes no argument" }, 45 | { 0 } 46 | }; 47 | 48 | static gpg_error_t 49 | parsecb (void *cookie, simpleparse_opt_spec_t spec, const char *arg) 50 | { 51 | const char *prefix = cookie; 52 | 53 | printf ("[%s] opt: '%s', argument: '%s'\n", prefix, spec.long_opt, arg); 54 | 55 | return 0; 56 | } 57 | 58 | int 59 | main (int argc, const char **argv) 60 | { 61 | simpleparse_handle_t handle = NULL; 62 | gpg_error_t err = 0; 63 | const char **rest_args; 64 | log_handle_t loghandle = NULL; 65 | 66 | assert (argc > 0); 67 | 68 | /* Init. */ 69 | err = log_create (&loghandle); 70 | assert (!err); 71 | 72 | err = log_set_backend_stream (loghandle, stderr); 73 | assert (!err); 74 | 75 | err = simpleparse_create (&handle); 76 | assert (!err); 77 | 78 | simpleparse_set_parse_cb (handle, parsecb, "parse-test parser"); 79 | simpleparse_set_loghandle (handle, loghandle); 80 | simpleparse_set_specs (handle, opt_specs); 81 | 82 | /* Parse command-line arguments. */ 83 | err = simpleparse_parse (handle, 0, argc - 1, argv + 1, &rest_args); 84 | if (err) 85 | { 86 | fprintf (stderr, "simpleparse_parse returned error: %s\n", 87 | gpg_strerror (err)); 88 | goto out; 89 | } 90 | 91 | printf ("Rest args: "); 92 | if (rest_args) 93 | { 94 | while (*rest_args) 95 | { 96 | printf ("%s%s", *rest_args, *(rest_args + 1) ? ", " : ""); 97 | rest_args++; 98 | } 99 | } 100 | printf ("\n"); 101 | 102 | /* Parse stdin as config file. */ 103 | err = simpleparse_parse_stream (handle, 0, stdin); 104 | if (err) 105 | { 106 | fprintf (stderr, "simpleparse_parse_stream returned error: %s\n", 107 | gpg_strerror (err)); 108 | goto out; 109 | } 110 | 111 | out: 112 | 113 | simpleparse_destroy (handle); 114 | 115 | return !!err; 116 | } 117 | -------------------------------------------------------------------------------- /src/assuan/libassuan-config.in: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Copyright (C) 1999, 2002, 2003 Free Software Foundation, Inc. 3 | # 4 | # This file is free software; as a special exception the author gives 5 | # unlimited permission to copy and/or distribute it, with or without 6 | # modifications, as long as this notice is preserved. 7 | # 8 | # This file is distributed in the hope that it will be useful, but 9 | # WITHOUT ANY WARRANTY, to the extent permitted by law; without even the 10 | # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 11 | 12 | PGM=libassuan-config 13 | lib="@LIBASSUAN_CONFIG_LIB@" 14 | extralibs="@LIBASSUAN_CONFIG_EXTRA_LIBS@" 15 | cflags="@LIBASSUAN_CONFIG_CFLAGS@" 16 | api_version="@LIBASSUAN_CONFIG_API_VERSION@" 17 | all_thread_modules="@LIBASSUAN_CONFIG_THREAD_MODULES@" 18 | thread_module= 19 | prefix=@prefix@ 20 | exec_prefix=@exec_prefix@ 21 | includes="" 22 | libdirs="" 23 | exec_prefix_set=no 24 | echo_libs=no 25 | echo_cflags=no 26 | echo_prefix=no 27 | echo_exec_prefix=no 28 | 29 | if test x"$all_thread_modules" = x; then 30 | all_thread_modules="none pthread" 31 | else 32 | all_thread_modules="none pthread $all_thread_modules" 33 | fi 34 | 35 | usage() 36 | { 37 | cat <&2 52 | fi 53 | 54 | while test $# -gt 0; do 55 | case "$1" in 56 | -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;; 57 | *) optarg= ;; 58 | esac 59 | 60 | case $1 in 61 | --prefix=*) 62 | # Dummy 63 | ;; 64 | --prefix) 65 | echo_prefix=yes 66 | ;; 67 | --exec-prefix=*) 68 | # Dummy 69 | ;; 70 | --exec-prefix) 71 | echo_exec_prefix=yes 72 | ;; 73 | --version) 74 | echo "@VERSION@" 75 | exit 0 76 | ;; 77 | --api-version) 78 | echo_api_version=yes 79 | ;; 80 | --thread=*) 81 | for mod in $all_thread_modules; do 82 | if test "$mod" = "$optarg"; then 83 | thread_module="-$mod" 84 | fi 85 | done 86 | if test "x$thread_module" = "x"; then 87 | usage 1 1>&2 88 | fi 89 | if test "$thread_module" = "-none"; then 90 | thread_module="" 91 | fi 92 | if test "$thread_module" = "-pthread"; then 93 | thread_module="" 94 | fi 95 | ;; 96 | --cflags) 97 | echo_cflags=yes 98 | ;; 99 | --libs) 100 | echo_libs=yes 101 | ;; 102 | *) 103 | usage 1 1>&2 104 | ;; 105 | esac 106 | shift 107 | done 108 | 109 | if test "$echo_prefix" = "yes"; then 110 | echo $prefix 111 | fi 112 | 113 | if test "$echo_exec_prefix" = "yes"; then 114 | echo $exec_prefix 115 | fi 116 | 117 | if test "$echo_api_version" = "yes"; then 118 | echo $api_version 119 | fi 120 | 121 | 122 | if test "$echo_cflags" = "yes"; then 123 | if test "@includedir@" != "/usr/include" ; then 124 | includes="-I@includedir@" 125 | for i in $cflags ; do 126 | if test "$i" = "-I@includedir@" ; then 127 | includes="" 128 | fi 129 | done 130 | fi 131 | echo $includes $cflags 132 | fi 133 | 134 | if test "$echo_libs" = "yes"; then 135 | if test "@libdir@" != "/usr/lib" ; then 136 | libdirs="-L@libdir@" 137 | for i in $lib $extralibs ; do 138 | if test "$i" = "-L@libdir@" ; then 139 | libdirs="" 140 | fi 141 | done 142 | fi 143 | echo $libdirs $lib${thread_module} $extralibs 144 | fi 145 | -------------------------------------------------------------------------------- /src/util/support.h: -------------------------------------------------------------------------------- 1 | /* support.h - PAM authentication via OpenPGP smartcards. 2 | Copyright (C) 2004, 2005, 2007, 2008 g10 Code GmbH 3 | 4 | This file is part of Poldi. 5 | 6 | Poldi is free software; you can redistribute it and/or modify it 7 | under the terms of the GNU General Public License as published by 8 | the Free Software Foundation; either version 2 of the License, or 9 | (at your option) any later version. 10 | 11 | Poldi is distributed in the hope that it will be useful, but 12 | WITHOUT ANY WARRANTY; without even the implied warranty of 13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 | General Public License for more details. 15 | 16 | You should have received a copy of the GNU Lesser General Public 17 | License along with this program; if not, write to the Free Software 18 | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 19 | 02111-1307, USA. */ 20 | 21 | #ifndef POLDI_SUPPORT_H 22 | #define POLDI_SUPPORT_H 23 | 24 | #include 25 | #include 26 | 27 | /* This function generates a challenge; the challenge will be stored 28 | in newly allocated memory, which is to be stored in *CHALLENGE; 29 | it's length in bytes is to be stored in *CHALLENGE_N. Returns 30 | proper error code. */ 31 | gpg_error_t challenge_generate (unsigned char **challenge, size_t *challenge_n); 32 | 33 | /* Releases the challenge contained in CHALLENGE generated by 34 | challenge_generate(). */ 35 | void challenge_release (unsigned char *challenge); 36 | 37 | /* This functions verifies that the signature contained in RESPONSE of 38 | size RESPONSE_N (in bytes) is indeed the result of signing the 39 | challenge given in CHALLENGE of size CHALLENGE_N (in bytes) with 40 | the secret key belonging to the public key given as PUBLIC_KEY. 41 | Returns proper error code. */ 42 | gpg_error_t challenge_verify (gcry_sexp_t public_key, 43 | unsigned char *challenge, size_t challenge_n, 44 | unsigned char *response, size_t response_n); 45 | 46 | /* This function converts the given S-Expression SEXP into it's 47 | `ADVANCED' string representation, using newly-allocated memory, 48 | storing the resulting NUL-terminated string in *SEXP_STRING. 49 | Returns a proper error code. */ 50 | gpg_error_t sexp_to_string (gcry_sexp_t sexp, char **sexp_string); 51 | 52 | /* This function retrieves the content from the file specified by 53 | FILENAMED and writes it into a newly allocated chunk of memory, 54 | which is then stored in *STRING. Returns proper error code. */ 55 | gpg_error_t file_to_string (const char *filename, char **string); 56 | 57 | /* This function retrieves the content from the file specified by 58 | FILENAMED and writes it into a newly allocated chunk of memory, 59 | which is then stored in *DATA and *DATALEN. Returns proper error 60 | code. */ 61 | gpg_error_t file_to_binstring (const char *filename, void **data, size_t *datalen); 62 | 63 | /* This functions converts the given string-representation of an 64 | S-Expression into a new S-Expression object, which is to be stored 65 | in *SEXP. Returns proper error code. */ 66 | gpg_error_t string_to_sexp (gcry_sexp_t *sexp, char *string); 67 | 68 | gpg_error_t char_vector_dup (int len, const char **a, char ***b); 69 | 70 | void char_vector_free (char **a); 71 | 72 | int my_strlen (const char *s); 73 | 74 | int pk_algo (gcry_sexp_t sexp_key); 75 | 76 | gpg_error_t challenge_data (gcry_sexp_t *data, int algo, 77 | unsigned char *challenge, size_t challenge_n); 78 | 79 | gpg_error_t response_signature (gcry_sexp_t *sig, int algo, 80 | unsigned char *response, size_t response_n); 81 | #endif 82 | 83 | /* END */ 84 | -------------------------------------------------------------------------------- /src/util/simpleparse.h: -------------------------------------------------------------------------------- 1 | /* simpleparse.h - Minimalistic parser 2 | Copyright (C) 2008 g10 Code GmbH 3 | 4 | This file is part of Poldi. 5 | 6 | Poldi is free software; you can redistribute it and/or modify it 7 | under the terms of the GNU General Public License as published by 8 | the Free Software Foundation; either version 3 of the License, or 9 | (at your option) any later version. 10 | 11 | Poldi is distributed in the hope that it will be useful, but 12 | WITHOUT ANY WARRANTY; without even the implied warranty of 13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 | General Public License for more details. 15 | 16 | You should have received a copy of the GNU General Public License 17 | along with this program; if not, see 18 | . */ 19 | 20 | /* This is a minimalistic parser for command-line arguments and 21 | configuration files. Design goals are: 22 | 23 | - small and flexible, 24 | - no global variables, 25 | - uses callbacks. */ 26 | 27 | #ifndef SIMPLEPARSE_H 28 | #define SIMPLEPARSE_H 29 | 30 | #include 31 | 32 | #include 33 | #include 34 | 35 | #include 36 | 37 | enum simpleparse_arg 38 | { 39 | SIMPLEPARSE_ARG_NONE, 40 | SIMPLEPARSE_ARG_OPTIONAL, 41 | SIMPLEPARSE_ARG_REQUIRED 42 | }; 43 | 44 | typedef struct 45 | { 46 | int id; 47 | const char *long_opt; 48 | int short_opt; 49 | enum simpleparse_arg arg; 50 | unsigned flags; 51 | const char *description; /* optional option description */ 52 | } simpleparse_opt_spec_t; 53 | typedef struct simpleparse_handle *simpleparse_handle_t; 54 | 55 | gpg_error_t simpleparse_create (simpleparse_handle_t *handle); 56 | void simpleparse_destroy (simpleparse_handle_t handle); 57 | 58 | void simpleparse_set_loghandle (simpleparse_handle_t handle, 59 | log_handle_t loghandle); 60 | 61 | typedef gpg_error_t (*simpleparse_parse_cb_t) (void *cookie, 62 | simpleparse_opt_spec_t spec, const char *arg); 63 | 64 | void simpleparse_set_parse_cb (simpleparse_handle_t handle, 65 | simpleparse_parse_cb_t parse_cb, void *cookie); 66 | 67 | typedef const char *(*simpleparse_i18n_cb_t) (void *cookie, const char *msg); 68 | 69 | void simpleparse_set_i18n_cb (simpleparse_handle_t handle, 70 | simpleparse_i18n_cb_t i18n_cb, void *cookie); 71 | 72 | gpg_error_t simpleparse_set_specs (simpleparse_handle_t handle, simpleparse_opt_spec_t *specs); 73 | 74 | void simpleparse_set_name (simpleparse_handle_t handle, const char *program_name); 75 | void simpleparse_set_package (simpleparse_handle_t handle, const char *package_name); 76 | void simpleparse_set_copyright (simpleparse_handle_t handle, const char *copyright_info); 77 | void simpleparse_set_version (simpleparse_handle_t handle, const char *program_version); 78 | void simpleparse_set_bugaddress (simpleparse_handle_t handle, const char *bugaddress); 79 | void simpleparse_set_author (simpleparse_handle_t handle, const char *author); 80 | void simpleparse_set_license (simpleparse_handle_t handle, const char *license); 81 | void simpleparse_set_description (simpleparse_handle_t handle, const char *program_description); 82 | void simpleparse_set_syntax (simpleparse_handle_t handle, const char *syntax_description); 83 | void simpleparse_set_streams (simpleparse_handle_t handle, FILE *stream_stdout, FILE *stream_stderr); 84 | 85 | gpg_error_t simpleparse_parse (simpleparse_handle_t handle, unsigned int flags, 86 | unsigned int argc, const char **argv, const char ***rest_args); 87 | 88 | gpg_error_t simpleparse_parse_file (simpleparse_handle_t handle, unsigned int flags, 89 | const char *filename); 90 | 91 | gpg_error_t simpleparse_parse_stream (simpleparse_handle_t handle, unsigned int flags, 92 | FILE *stream); 93 | 94 | #endif 95 | -------------------------------------------------------------------------------- /src/scd/scd.h: -------------------------------------------------------------------------------- 1 | /* scd.h - Interface to Scdaemon 2 | Copyright (C) 2007, 2008, 2009 g10code GmbH. 3 | 4 | This file is part of Poldi. 5 | 6 | Poldi is free software; you can redistribute it and/or modify it 7 | under the terms of the GNU General Public License as published by 8 | the Free Software Foundation; either version 3 of the License, or 9 | (at your option) any later version. 10 | 11 | Poldi is distributed in the hope that it will be useful, but 12 | WITHOUT ANY WARRANTY; without even the implied warranty of 13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 | General Public License for more details. 15 | 16 | You should have received a copy of the GNU General Public License 17 | along with this program; if not, see 18 | . */ 19 | 20 | #ifndef POLDI_SCD_H 21 | #define POLDI_SCD_H 22 | 23 | #include 24 | 25 | #include "util/simplelog.h" 26 | 27 | struct scd_context; 28 | 29 | typedef struct scd_context *scd_context_t; 30 | 31 | struct scd_cardinfo 32 | { 33 | char *serialno; /* malloced hex string. */ 34 | char *disp_name; /* malloced. */ 35 | char *pubkey_url; /* malloced. */ 36 | char *login_data; /* malloced. */ 37 | char *disp_lang; /* malloced. */ 38 | char fpr1valid; 39 | char fpr2valid; 40 | char fpr3valid; 41 | char fpr1[20]; 42 | char fpr2[20]; 43 | char fpr3[20]; 44 | }; 45 | 46 | typedef struct scd_cardinfo scd_cardinfo_t; 47 | 48 | #define SCD_FLAG_VERBOSE (1 << 0) 49 | 50 | /* Fork it off and work by pipes. Returns proper error code or zero 51 | on success. */ 52 | gpg_error_t scd_connect (scd_context_t *scd_ctx, int use_agent, 53 | const char *scd_path, const char *scd_options, 54 | log_handle_t loghandle); 55 | 56 | /* Disconnect from SCDaemon; destroy the context SCD_CTX. */ 57 | void scd_disconnect (scd_context_t scd_ctx); 58 | 59 | typedef int (*scd_pincb_t) (void *data, const char *, char *, size_t); 60 | 61 | void scd_set_pincb (scd_context_t scd_ctx, 62 | scd_pincb_t pincb, void *cookie); 63 | 64 | /* Return the serial number of the card or an appropriate error. The 65 | serial number is returned as a hexstring. */ 66 | gpg_error_t scd_serialno (scd_context_t ctx, char **r_serialno); 67 | 68 | /* Read information from card and fill the cardinfo structure 69 | CARDINFO. Returns proper error code, zero on success. */ 70 | int scd_learn (scd_context_t ctx, 71 | struct scd_cardinfo *cardinfo); 72 | 73 | /* Simply release the cardinfo structure INFO. INFO being NULL is 74 | okay. */ 75 | void scd_release_cardinfo (struct scd_cardinfo cardinfo); 76 | 77 | /* Create a signature using the current card. CTX is the handle for 78 | the scd subsystem. KEYID identifies the key on the card to use for 79 | signing. INDATA/INDATALEN is the input for the signature function. 80 | The signature created is written into newly allocated memory in 81 | *R_BUF, *R_BUFLEN will hold the length of the signature. */ 82 | gpg_error_t scd_pksign (scd_context_t ctx, 83 | const char *keyid, 84 | const unsigned char *indata, size_t indatalen, 85 | unsigned char **r_buf, size_t *r_buflen); 86 | 87 | /* Read a key with ID and return it in an allocate buffer pointed to 88 | by r_BUF as a valid S-expression. */ 89 | int scd_readkey (scd_context_t ctx, 90 | const char *id, gcry_sexp_t *key); 91 | 92 | /* Sends a GETINFO command for WHAT to the scdaemon through CTX. The 93 | newly allocated result is stored in *RESULT. Returns proper error 94 | code, zero on success. */ 95 | int scd_getinfo (scd_context_t ctx, const char *what, char **result); 96 | 97 | /* Initializer objet for struct scd_cardinfo instances. */ 98 | extern struct scd_cardinfo scd_cardinfo_null; 99 | 100 | #endif 101 | -------------------------------------------------------------------------------- /m4/lib-ld.m4: -------------------------------------------------------------------------------- 1 | # lib-ld.m4 serial 3 (gettext-0.13) 2 | dnl Copyright (C) 1996-2003 Free Software Foundation, Inc. 3 | dnl This file is free software; the Free Software Foundation 4 | dnl gives unlimited permission to copy and/or distribute it, 5 | dnl with or without modifications, as long as this notice is preserved. 6 | 7 | dnl Subroutines of libtool.m4, 8 | dnl with replacements s/AC_/AC_LIB/ and s/lt_cv/acl_cv/ to avoid collision 9 | dnl with libtool.m4. 10 | 11 | dnl From libtool-1.4. Sets the variable with_gnu_ld to yes or no. 12 | AC_DEFUN([AC_LIB_PROG_LD_GNU], 13 | [AC_CACHE_CHECK([if the linker ($LD) is GNU ld], acl_cv_prog_gnu_ld, 14 | [# I'd rather use --version here, but apparently some GNU ld's only accept -v. 15 | case `$LD -v 2>&1 conf$$.sh 35 | echo "exit 0" >>conf$$.sh 36 | chmod +x conf$$.sh 37 | if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then 38 | PATH_SEPARATOR=';' 39 | else 40 | PATH_SEPARATOR=: 41 | fi 42 | rm -f conf$$.sh 43 | fi 44 | ac_prog=ld 45 | if test "$GCC" = yes; then 46 | # Check if gcc -print-prog-name=ld gives a path. 47 | AC_MSG_CHECKING([for ld used by GCC]) 48 | case $host in 49 | *-*-mingw*) 50 | # gcc leaves a trailing carriage return which upsets mingw 51 | ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; 52 | *) 53 | ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; 54 | esac 55 | case $ac_prog in 56 | # Accept absolute paths. 57 | [[\\/]* | [A-Za-z]:[\\/]*)] 58 | [re_direlt='/[^/][^/]*/\.\./'] 59 | # Canonicalize the path of ld 60 | ac_prog=`echo $ac_prog| sed 's%\\\\%/%g'` 61 | while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do 62 | ac_prog=`echo $ac_prog| sed "s%$re_direlt%/%"` 63 | done 64 | test -z "$LD" && LD="$ac_prog" 65 | ;; 66 | "") 67 | # If it fails, then pretend we aren't using GCC. 68 | ac_prog=ld 69 | ;; 70 | *) 71 | # If it is relative, then search for the first ld in PATH. 72 | with_gnu_ld=unknown 73 | ;; 74 | esac 75 | elif test "$with_gnu_ld" = yes; then 76 | AC_MSG_CHECKING([for GNU ld]) 77 | else 78 | AC_MSG_CHECKING([for non-GNU ld]) 79 | fi 80 | AC_CACHE_VAL(acl_cv_path_LD, 81 | [if test -z "$LD"; then 82 | IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}${PATH_SEPARATOR-:}" 83 | for ac_dir in $PATH; do 84 | test -z "$ac_dir" && ac_dir=. 85 | if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then 86 | acl_cv_path_LD="$ac_dir/$ac_prog" 87 | # Check to see if the program is GNU ld. I'd rather use --version, 88 | # but apparently some GNU ld's only accept -v. 89 | # Break only if it was the GNU/non-GNU ld that we prefer. 90 | case `"$acl_cv_path_LD" -v 2>&1 < /dev/null` in 91 | *GNU* | *'with BFD'*) 92 | test "$with_gnu_ld" != no && break ;; 93 | *) 94 | test "$with_gnu_ld" != yes && break ;; 95 | esac 96 | fi 97 | done 98 | IFS="$ac_save_ifs" 99 | else 100 | acl_cv_path_LD="$LD" # Let the user override the test with a path. 101 | fi]) 102 | LD="$acl_cv_path_LD" 103 | if test -n "$LD"; then 104 | AC_MSG_RESULT($LD) 105 | else 106 | AC_MSG_RESULT(no) 107 | fi 108 | test -z "$LD" && AC_MSG_ERROR([no acceptable ld found in \$PATH]) 109 | AC_LIB_PROG_LD_GNU 110 | ]) 111 | -------------------------------------------------------------------------------- /NEWS: -------------------------------------------------------------------------------- 1 | -*- outline -*- 2 | 3 | Changes since version 0.4.1: 4 | 5 | * poldi-ctrl is removed 6 | Please use gpg-connect-agent instead. 7 | 8 | * For backward compatibility of sudo and screen unlock 9 | In GnuPG 2.1, the environment variable GPG_AGENT_INFO is gone. And 10 | now, Poldi's default is invoking scdaemon directly. Still, there 11 | are use cases (like sudo and screen unlock) which expect connecting 12 | user's gpg-agent. For this purpose, Poldi now distinguishes a case 13 | where pam_username == username_of_process_uid. Only for such a case, 14 | Poldi tries to find scdaemon under gpg-agent. 15 | 16 | * Poldi invokes scdaemon to connect it through pipe 17 | Older Poldi has a feature of connecting to scdaemon with help of 18 | gpg-agent using the GPG_AGENT_INFO enviornment variable. In GnuPG 19 | 2.1, the environment variable GPG_AGENT_INFO is gone and scdaemon no 20 | longer keeps locking the reader after card removal, it is good to 21 | always invoke scdaemon for the authentication by default. If there 22 | is an existing scdaemon with card inserted, a failure is expected 23 | and this is safer fallback. That's because Poldi should not connect 24 | to a smartcard which is in use for other purpose and possibly 25 | already authenticated. 26 | 27 | * New option "scdaemon-options" 28 | Added a new option "scdaemon-options", which can be used to specify 29 | the scdaemon configuration file to use for newly spawned scdaemon 30 | instances. 31 | 32 | * New option "modify-environment" 33 | Added a new option "modify-environment", which causes Poldi to add 34 | certain Poldi related environment variables to the PAM environment. 35 | During the login process they can be used for whatever customization 36 | which one can think of: e.g. deriving the locale environment from 37 | the card's LANG data item or printing the signature counter on 38 | login. As of now, the following environment variables are set: 39 | 40 | PAM_POLDI_AUTHENTICATED="" 41 | PAM_POLDI_SERIALNO="" 42 | PAM_POLDI_LANG="" 43 | 44 | * New option "quiet" 45 | Added a new option "quiet", which causes Poldi to skip most of the 46 | PAM info messages during authentication. Careful: the exact 47 | semantics of this option might change. Primarily this is a 48 | workaround for programs like GDM, which collect these info messages 49 | and put them in a dialog box with an OK-button. When using e.g. GDM 50 | with the quiet option, authentication should work without any 51 | interaction. 52 | 53 | Changes since version 0.3: 54 | 55 | * Many parts have been rewritten and/or reorganized 56 | 57 | * GPLv3+ 58 | Changed License to GPL v3 or later. 59 | 60 | * SCdaemon support 61 | Poldi uses the scdaemon from now on instead of talking to the 62 | smartcard directly. 63 | 64 | * Authentication methods 65 | Implemented abstraction layer for "authentication methods". The 66 | previous authentication process is now encapsulated in an 67 | authentication method named "localdb". 68 | 69 | * X509 70 | Added another authentication method named "x509", which interacts 71 | with Dirmngr in order to provide authentication through a X509 PKI. 72 | 73 | * i18n 74 | Added support for internationalization. 75 | Added german translation. 76 | 77 | Changes since version 0.2: 78 | 79 | * Smartcard to account mapping: 80 | In the past, Poldi implemented a 1:1 mapping between smartcards and 81 | system accounts. As of now, Poldi implements a M:N mapping, meaning 82 | that one user can have multiple cards and that several users can 83 | share a card. 84 | 85 | Instead of "add-user" and "remove-user" commands we now have: 86 | - "register-card" 87 | - "unregister-card" 88 | - "list-cards" 89 | - "associate" 90 | - "disassociate". 91 | 92 | * Better support for Version 0x0101 cards: 93 | no Admin PIN necessary for public key retrival. 94 | 95 | * Work around a problem in libpam_misc, which causes the PIN prompt to 96 | appear to late. 97 | 98 | * Improved documentation. 99 | 100 | * Support for creating a skeleton configuration hierarchy. 101 | 102 | * Support for a timeout while waiting for smartcard insertion. 103 | 104 | * Removed `fake-wait-for-card'-feature. 105 | 106 | * Dropped ugly `install-pam-module' mechanism; now the PAM module gets 107 | installed automatically during `make install'. 108 | 109 | * Improved error reporting. 110 | 111 | * Code cleanup: heavily improved code documentation. 112 | -------------------------------------------------------------------------------- /src/assuan/assuan-listen.c: -------------------------------------------------------------------------------- 1 | /* assuan-listen.c - Wait for a connection (server) 2 | * Copyright (C) 2001, 2002, 2004 Free Software Foundation, Inc. 3 | * 4 | * This file is part of Assuan. 5 | * 6 | * Assuan is free software; you can redistribute it and/or modify it 7 | * under the terms of the GNU Lesser General Public License as 8 | * published by the Free Software Foundation; either version 2.1 of 9 | * the License, or (at your option) any later version. 10 | * 11 | * Assuan is distributed in the hope that it will be useful, but 12 | * WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 | * Lesser General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU Lesser General Public 17 | * License along with this program; if not, see . 18 | */ 19 | 20 | #include 21 | #include 22 | #include 23 | #include 24 | #include 25 | #include 26 | 27 | #include "assuan-defs.h" 28 | 29 | assuan_error_t 30 | assuan_set_hello_line (assuan_context_t ctx, const char *line) 31 | { 32 | if (!ctx) 33 | return _assuan_error (ASSUAN_Invalid_Value); 34 | if (!line) 35 | { 36 | xfree (ctx->hello_line); 37 | ctx->hello_line = NULL; 38 | } 39 | else 40 | { 41 | char *buf = xtrymalloc (3+strlen(line)+1); 42 | if (!buf) 43 | return _assuan_error (ASSUAN_Out_Of_Core); 44 | if (strchr (line, '\n')) 45 | strcpy (buf, line); 46 | else 47 | { 48 | strcpy (buf, "OK "); 49 | strcpy (buf+3, line); 50 | } 51 | xfree (ctx->hello_line); 52 | ctx->hello_line = buf; 53 | } 54 | return 0; 55 | } 56 | 57 | 58 | /** 59 | * assuan_accept: 60 | * @ctx: context 61 | * 62 | * Cancel any existing connection and wait for a connection from a 63 | * client. The initial handshake is performed which may include an 64 | * initial authentication or encryption negotiation. 65 | * 66 | * Return value: 0 on success or an error if the connection could for 67 | * some reason not be established. 68 | **/ 69 | assuan_error_t 70 | assuan_accept (assuan_context_t ctx) 71 | { 72 | int rc; 73 | const char *p, *pend; 74 | 75 | if (!ctx) 76 | return _assuan_error (ASSUAN_Invalid_Value); 77 | 78 | if (ctx->pipe_mode > 1) 79 | return -1; /* second invocation for pipemode -> terminate */ 80 | ctx->finish_handler (ctx); 81 | 82 | rc = ctx->accept_handler (ctx); 83 | if (rc) 84 | return rc; 85 | 86 | /* Send the hello. */ 87 | p = ctx->hello_line; 88 | if (p && (pend = strchr (p, '\n'))) 89 | { /* This is a multi line hello. Send all but the last line as 90 | comments. */ 91 | do 92 | { 93 | rc = _assuan_write_line (ctx, "# ", p, pend - p); 94 | if (rc) 95 | return rc; 96 | p = pend + 1; 97 | pend = strchr (p, '\n'); 98 | } 99 | while (pend); 100 | rc = _assuan_write_line (ctx, "OK ", p, strlen (p)); 101 | } 102 | else if (p) 103 | rc = assuan_write_line (ctx, p); 104 | else 105 | rc = assuan_write_line (ctx, "OK Pleased to meet you"); 106 | if (rc) 107 | return rc; 108 | 109 | if (ctx->pipe_mode) 110 | ctx->pipe_mode = 2; 111 | 112 | return 0; 113 | } 114 | 115 | 116 | 117 | assuan_fd_t 118 | assuan_get_input_fd (assuan_context_t ctx) 119 | { 120 | return ctx? ctx->input_fd : ASSUAN_INVALID_FD; 121 | } 122 | 123 | 124 | assuan_fd_t 125 | assuan_get_output_fd (assuan_context_t ctx) 126 | { 127 | return ctx? ctx->output_fd : ASSUAN_INVALID_FD; 128 | } 129 | 130 | 131 | /* Close the fd descriptor set by the command INPUT FD=n. We handle 132 | this fd inside assuan so that we can do some initial checks */ 133 | assuan_error_t 134 | assuan_close_input_fd (assuan_context_t ctx) 135 | { 136 | if (!ctx || ctx->input_fd == ASSUAN_INVALID_FD) 137 | return _assuan_error (ASSUAN_Invalid_Value); 138 | _assuan_close (ctx->input_fd); 139 | ctx->input_fd = ASSUAN_INVALID_FD; 140 | return 0; 141 | } 142 | 143 | /* Close the fd descriptor set by the command OUTPUT FD=n. We handle 144 | this fd inside assuan so that we can do some initial checks */ 145 | assuan_error_t 146 | assuan_close_output_fd (assuan_context_t ctx) 147 | { 148 | if (!ctx || ctx->output_fd == ASSUAN_INVALID_FD) 149 | return _assuan_error (ASSUAN_Invalid_Value); 150 | 151 | _assuan_close (ctx->output_fd); 152 | ctx->output_fd = ASSUAN_INVALID_FD; 153 | return 0; 154 | } 155 | 156 | -------------------------------------------------------------------------------- /tests/pam-test.c: -------------------------------------------------------------------------------- 1 | /* pam-test.c - simple PAM authentication test program 2 | Copyright (C) 2007, 2009 g10 Code GmbH 3 | 4 | This file is part of Poldi. 5 | 6 | Poldi is free software; you can redistribute it and/or modify it 7 | under the terms of the GNU General Public License as published by 8 | the Free Software Foundation; either version 3 of the License, or 9 | (at your option) any later version. 10 | 11 | Poldi is distributed in the hope that it will be useful, but 12 | WITHOUT ANY WARRANTY; without even the implied warranty of 13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 | General Public License for more details. 15 | 16 | You should have received a copy of the GNU General Public License 17 | along with this program; if not, see 18 | . */ 19 | 20 | #include 21 | #include 22 | #include 23 | #include 24 | #include 25 | #include 26 | #include 27 | #include 28 | #include 29 | 30 | 31 | 32 | #define PROGRAM_NAME "pam-test" 33 | #define PROGRAM_VERSION "0.2" 34 | 35 | /* Use the standard conversation function from libpam-misc. */ 36 | static struct pam_conv conv = 37 | { 38 | misc_conv, 39 | NULL 40 | }; 41 | 42 | static void 43 | print_help (void) 44 | { 45 | printf ("\ 46 | Usage: %s [options] \n\ 47 | Test PAM authentication.\n\ 48 | \n\ 49 | Options:\n\ 50 | -h, --help print help information\n\ 51 | -v, --version print version information\n\ 52 | -u, --username specify username for authentication\n\ 53 | \n\ 54 | Report bugs to .\n", PROGRAM_NAME); 55 | } 56 | 57 | static void 58 | print_version (void) 59 | { 60 | printf (PROGRAM_NAME " " PROGRAM_VERSION "\n"); 61 | } 62 | 63 | static void 64 | test_auth (const char *servicename, const char *username) 65 | { 66 | const void *user_opaque; 67 | const char *user; 68 | pam_handle_t *handle; 69 | int rc; 70 | 71 | /* Connect to PAM. */ 72 | rc = pam_start (servicename, username, &conv, &handle); 73 | if (rc != PAM_SUCCESS) 74 | { 75 | fprintf (stderr, "error: %s\n", pam_strerror (handle, rc)); 76 | goto out; 77 | } 78 | 79 | /* Try authentication. */ 80 | rc = pam_authenticate (handle, 0); 81 | if (rc != PAM_SUCCESS) 82 | { 83 | printf ("Authentication failed\n"); 84 | fprintf (stderr, "error: %s\n", pam_strerror (handle, rc)); 85 | goto out; 86 | } 87 | 88 | printf ("Authentication succeeded\n"); 89 | 90 | /* Retrieve name of authenticated identity. */ 91 | rc = pam_get_item (handle, PAM_USER, &user_opaque); 92 | if (rc != PAM_SUCCESS) 93 | { 94 | fprintf (stderr, "error: %s\n", pam_strerror (handle, rc)); 95 | goto out; 96 | } 97 | user = user_opaque; 98 | printf ("Authenticated as user `%s'\n", user); 99 | 100 | /* Disconnect from PAM. */ 101 | rc = pam_end (handle, rc); 102 | if (rc != PAM_SUCCESS) 103 | fprintf (stderr, "error: failed to release PAM handle\n"); 104 | 105 | out: 106 | 107 | return; 108 | } 109 | 110 | /* This is a simple test program for PAM authentication. */ 111 | int 112 | main (int argc, char **argv) 113 | { 114 | const char *servicename; 115 | const char *username; 116 | int c; 117 | 118 | servicename = username = NULL; 119 | 120 | while (1) 121 | { 122 | static struct option long_options[] = 123 | { 124 | { "version", no_argument, 0, 'v' }, 125 | { "help", no_argument, 0, 'h' }, 126 | { "user", required_argument, 0, 'u' }, 127 | { 0, 0, 0, 0 } 128 | }; 129 | int option_index = 0; 130 | 131 | c = getopt_long (argc, argv, "vhu:", 132 | long_options, &option_index); 133 | 134 | /* Detect the end of the options. */ 135 | if (c == -1) 136 | break; 137 | 138 | switch (c) 139 | { 140 | case 'u': 141 | username = strdup (optarg); 142 | if (!username) 143 | { 144 | fprintf (stderr, "failed to duplicate username: %s", strerror (errno)); 145 | exit (1); 146 | } 147 | break; 148 | 149 | case 'h': 150 | print_help (); 151 | exit (0); 152 | break; 153 | 154 | case 'v': 155 | print_version (); 156 | exit (0); 157 | break; 158 | 159 | case '?': 160 | /* `getopt_long' already printed an error message. */ 161 | break; 162 | 163 | default: 164 | abort (); 165 | } 166 | } 167 | 168 | if (argc - optind != 1) 169 | { 170 | print_help (); 171 | exit (1); 172 | } 173 | 174 | servicename = argv[optind]; 175 | test_auth (servicename, username); 176 | 177 | return 0; 178 | } 179 | 180 | /* end */ 181 | -------------------------------------------------------------------------------- /acinclude.m4: -------------------------------------------------------------------------------- 1 | dnl macros to configure gnupg 2 | dnl Copyright (C) 1998, 1999, 2000, 2001, 2003 Free Software Foundation, Inc. 3 | dnl 4 | dnl This file is part of GnuPG. 5 | dnl 6 | dnl GnuPG is free software; you can redistribute it and/or modify 7 | dnl it under the terms of the GNU General Public License as published by 8 | dnl the Free Software Foundation; either version 2 of the License, or 9 | dnl (at your option) any later version. 10 | dnl 11 | dnl GnuPG is distributed in the hope that it will be useful, 12 | dnl but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | dnl GNU General Public License for more details. 15 | dnl 16 | dnl You should have received a copy of the GNU General Public License 17 | dnl along with this program; if not, write to the Free Software 18 | dnl Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA 19 | 20 | 21 | dnl GNUPG_CHECK_TYPEDEF(TYPE, HAVE_NAME) 22 | dnl Check whether a typedef exists and create a #define $2 if it exists 23 | dnl 24 | AC_DEFUN([GNUPG_CHECK_TYPEDEF], 25 | [ AC_MSG_CHECKING(for $1 typedef) 26 | AC_CACHE_VAL(gnupg_cv_typedef_$1, 27 | [AC_TRY_COMPILE([#define _GNU_SOURCE 1 28 | #include 29 | #include ], [ 30 | #undef $1 31 | int a = sizeof($1); 32 | ], gnupg_cv_typedef_$1=yes, gnupg_cv_typedef_$1=no )]) 33 | AC_MSG_RESULT($gnupg_cv_typedef_$1) 34 | if test "$gnupg_cv_typedef_$1" = yes; then 35 | AC_DEFINE($2,1,[Defined if a `]$1[' is typedef'd]) 36 | fi 37 | ]) 38 | 39 | dnl GNUPG_CHECK_ENDIAN 40 | dnl define either LITTLE_ENDIAN_HOST or BIG_ENDIAN_HOST 41 | dnl 42 | define(GNUPG_CHECK_ENDIAN, 43 | [ 44 | tmp_assumed_endian=big 45 | if test "$cross_compiling" = yes; then 46 | case "$host_cpu" in 47 | i@<:@345678@:>@* ) 48 | tmp_assumed_endian=little 49 | ;; 50 | *) 51 | ;; 52 | esac 53 | AC_MSG_WARN(cross compiling; assuming $tmp_assumed_endian endianess) 54 | fi 55 | AC_MSG_CHECKING(endianess) 56 | AC_CACHE_VAL(gnupg_cv_c_endian, 57 | [ gnupg_cv_c_endian=unknown 58 | # See if sys/param.h defines the BYTE_ORDER macro. 59 | AC_TRY_COMPILE([#include 60 | #include ], [ 61 | #if !BYTE_ORDER || !BIG_ENDIAN || !LITTLE_ENDIAN 62 | bogus endian macros 63 | #endif], [# It does; now see whether it defined to BIG_ENDIAN or not. 64 | AC_TRY_COMPILE([#include 65 | #include ], [ 66 | #if BYTE_ORDER != BIG_ENDIAN 67 | not big endian 68 | #endif], gnupg_cv_c_endian=big, gnupg_cv_c_endian=little)]) 69 | if test "$gnupg_cv_c_endian" = unknown; then 70 | AC_TRY_RUN([main () { 71 | /* Are we little or big endian? From Harbison&Steele. */ 72 | union 73 | { 74 | long l; 75 | char c[sizeof (long)]; 76 | } u; 77 | u.l = 1; 78 | exit (u.c[sizeof (long) - 1] == 1); 79 | }], 80 | gnupg_cv_c_endian=little, 81 | gnupg_cv_c_endian=big, 82 | gnupg_cv_c_endian=$tmp_assumed_endian 83 | ) 84 | fi 85 | ]) 86 | AC_MSG_RESULT([$gnupg_cv_c_endian]) 87 | if test "$gnupg_cv_c_endian" = little; then 88 | AC_DEFINE(LITTLE_ENDIAN_HOST,1, 89 | [Defined if the host has little endian byte ordering]) 90 | else 91 | AC_DEFINE(BIG_ENDIAN_HOST,1, 92 | [Defined if the host has big endian byte ordering]) 93 | fi 94 | ]) 95 | 96 | # GNUPG_BUILD_PROGRAM(NAME,DEFAULT) 97 | # Add a --enable-NAME option to configure an set the 98 | # shell variable build_NAME either to "yes" or "no". DEFAULT must 99 | # either be "yes" or "no" and decided on the default value for 100 | # build_NAME and whether --enable-NAME or --disable-NAME is shown with 101 | # ./configure --help 102 | AC_DEFUN([POLDI_ENABLE_FEATURE], 103 | [$1=$2 104 | m4_if([$2],[yes],[ 105 | AC_ARG_ENABLE([$3], AS_HELP_STRING([--disable-$3], 106 | [disable $4]), 107 | $1=$enableval, $1=$2) 108 | ],[ 109 | AC_ARG_ENABLE([$3], AS_HELP_STRING([--enable-$3], 110 | [enable $4]), 111 | $1=$enableval, $1=$2) 112 | ]) 113 | case "$$1" in 114 | no|yes) 115 | ;; 116 | *) 117 | echo "$1" 118 | AC_MSG_ERROR([argument for --enable-$3 must be either yes or no]) 119 | ;; 120 | esac 121 | ]) 122 | -------------------------------------------------------------------------------- /src/assuan/assuan-util.c: -------------------------------------------------------------------------------- 1 | /* assuan-util.c - Utility functions for Assuan 2 | * Copyright (C) 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. 3 | * 4 | * This file is part of Assuan. 5 | * 6 | * Assuan is free software; you can redistribute it and/or modify it 7 | * under the terms of the GNU Lesser General Public License as 8 | * published by the Free Software Foundation; either version 2.1 of 9 | * the License, or (at your option) any later version. 10 | * 11 | * Assuan is distributed in the hope that it will be useful, but 12 | * WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 | * Lesser General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU Lesser General Public 17 | * License along with this program; if not, see . 18 | */ 19 | 20 | #include 21 | #include 22 | #include 23 | #include 24 | #include 25 | #include 26 | 27 | #include "assuan-defs.h" 28 | 29 | static void *(*alloc_func)(size_t n) = malloc; 30 | static void *(*realloc_func)(void *p, size_t n) = realloc; 31 | static void (*free_func)(void*) = free; 32 | 33 | struct assuan_io_hooks _assuan_io_hooks; 34 | 35 | 36 | 37 | void 38 | assuan_set_malloc_hooks ( void *(*new_alloc_func)(size_t n), 39 | void *(*new_realloc_func)(void *p, size_t n), 40 | void (*new_free_func)(void*) ) 41 | { 42 | alloc_func = new_alloc_func; 43 | realloc_func = new_realloc_func; 44 | free_func = new_free_func; 45 | } 46 | 47 | 48 | void 49 | assuan_set_io_hooks (assuan_io_hooks_t io_hooks) 50 | { 51 | _assuan_io_hooks.read_hook = NULL; 52 | _assuan_io_hooks.write_hook = NULL; 53 | if (io_hooks) 54 | { 55 | _assuan_io_hooks.read_hook = io_hooks->read_hook; 56 | _assuan_io_hooks.write_hook = io_hooks->write_hook; 57 | } 58 | } 59 | 60 | 61 | void * 62 | _assuan_malloc (size_t n) 63 | { 64 | return alloc_func (n); 65 | } 66 | 67 | void * 68 | _assuan_realloc (void *a, size_t n) 69 | { 70 | return realloc_func (a, n); 71 | } 72 | 73 | void * 74 | _assuan_calloc (size_t n, size_t m) 75 | { 76 | void *p; 77 | size_t nbytes; 78 | 79 | nbytes = n * m; 80 | if (m && nbytes / m != n) 81 | { 82 | errno = ENOMEM; 83 | return NULL; 84 | } 85 | 86 | p = _assuan_malloc (nbytes); 87 | if (p) 88 | memset (p, 0, nbytes); 89 | return p; 90 | } 91 | 92 | void 93 | _assuan_free (void *p) 94 | { 95 | if (p) 96 | free_func (p); 97 | } 98 | 99 | 100 | /* Store the error in the context so that the error sending function 101 | can take out a descriptive text. Inside the assuan code, use the 102 | macro set_error instead of this function. */ 103 | int 104 | assuan_set_error (assuan_context_t ctx, int err, const char *text) 105 | { 106 | ctx->err_no = err; 107 | ctx->err_str = text; 108 | return err; 109 | } 110 | 111 | void 112 | assuan_set_pointer (assuan_context_t ctx, void *pointer) 113 | { 114 | if (ctx) 115 | ctx->user_pointer = pointer; 116 | } 117 | 118 | void * 119 | assuan_get_pointer (assuan_context_t ctx) 120 | { 121 | return ctx? ctx->user_pointer : NULL; 122 | } 123 | 124 | 125 | void 126 | assuan_begin_confidential (assuan_context_t ctx) 127 | { 128 | if (ctx) 129 | { 130 | ctx->confidential = 1; 131 | } 132 | } 133 | 134 | void 135 | assuan_end_confidential (assuan_context_t ctx) 136 | { 137 | if (ctx) 138 | { 139 | ctx->confidential = 0; 140 | } 141 | } 142 | 143 | 144 | void 145 | assuan_set_io_monitor (assuan_context_t ctx, 146 | unsigned int (*monitor)(assuan_context_t ctx, 147 | int direction, 148 | const char *line, 149 | size_t linelen)) 150 | { 151 | if (ctx) 152 | { 153 | ctx->io_monitor = monitor; 154 | } 155 | } 156 | 157 | 158 | 159 | 160 | /* For context CTX, set the flag FLAG to VALUE. Values for flags 161 | are usually 1 or 0 but certain flags might allow for other values; 162 | see the description of the type assuan_flag_t for details. */ 163 | void 164 | assuan_set_flag (assuan_context_t ctx, assuan_flag_t flag, int value) 165 | { 166 | if (!ctx) 167 | return; 168 | switch (flag) 169 | { 170 | case ASSUAN_NO_WAITPID: ctx->flags.no_waitpid = value; break; 171 | case ASSUAN_CONFIDENTIAL: ctx->confidential = value; break; 172 | } 173 | } 174 | 175 | /* Return the VALUE of FLAG in context CTX. */ 176 | int 177 | assuan_get_flag (assuan_context_t ctx, assuan_flag_t flag) 178 | { 179 | if (!ctx) 180 | return 0; 181 | switch (flag) 182 | { 183 | case ASSUAN_NO_WAITPID: return ctx->flags.no_waitpid; 184 | case ASSUAN_CONFIDENTIAL: return ctx->confidential; 185 | } 186 | return 0; 187 | } 188 | 189 | -------------------------------------------------------------------------------- /autogen.sh: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | # Run this to generate all the initial makefiles, etc. 3 | # 4 | # Copyright (C) 2003, 2007 g10 Code GmbH 5 | # 6 | # This file is free software; as a special exception the author gives 7 | # unlimited permission to copy and/or distribute it, with or without 8 | # modifications, as long as this notice is preserved. 9 | # 10 | # This program is distributed in the hope that it will be useful, but 11 | # WITHOUT ANY WARRANTY, to the extent permitted by law; without even the 12 | # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 13 | 14 | configure_ac="configure.ac" 15 | 16 | cvtver () { 17 | awk 'NR==1 {split($NF,A,".");X=1000000*A[1]+1000*A[2]+A[3];print X;exit 0}' 18 | } 19 | 20 | check_version () { 21 | if [ `("$1" --version || echo "0") | cvtver` -ge "$2" ]; then 22 | return 0 23 | fi 24 | echo "**Error**: "\`$1\'" not installed or too old." >&2 25 | echo ' Version '$3' or newer is required.' >&2 26 | [ -n "$4" ] && echo ' Note that this is part of '\`$4\''.' >&2 27 | DIE="yes" 28 | return 1 29 | } 30 | 31 | DIE=no 32 | 33 | 34 | 35 | 36 | # ***** AMD64 cross build script ******* 37 | # Used to cross-compile for AMD64 (for testing) 38 | if test "$1" = "--build-amd64"; then 39 | tmp=`dirname $0` 40 | tsdir=`cd "$tmp"; pwd` 41 | shift 42 | if [ ! -f $tsdir/config.guess ]; then 43 | echo "$tsdir/config.guess not found" >&2 44 | exit 1 45 | fi 46 | build=`$tsdir/config.guess` 47 | 48 | [ -z "$amd64root" ] && amd64root="$HOME/amd64root" 49 | echo "Using $amd64root as standard install directory" >&2 50 | 51 | # Locate the cross compiler 52 | crossbindir= 53 | for host in x86_64-linux-gnu amd64-linux-gnu; do 54 | if ${host}-gcc --version >/dev/null 2>&1 ; then 55 | crossbindir=/usr/${host}/bin 56 | conf_CC="CC=${host}-gcc" 57 | break; 58 | fi 59 | done 60 | if [ -z "$crossbindir" ]; then 61 | echo "Cross compiler kit not installed" >&2 62 | echo "Stop." >&2 63 | exit 1 64 | fi 65 | 66 | if [ -f "$tsdir/config.log" ]; then 67 | if ! head $tsdir/config.log | grep "$host" >/dev/null; then 68 | echo "Please run a 'make distclean' first" >&2 69 | exit 1 70 | fi 71 | fi 72 | 73 | $tsdir/configure --enable-maintainer-mode --prefix=${amd64root} \ 74 | --host=${host} --build=${build} \ 75 | --with-gpg-error-prefix=${amd64root} 76 | 77 | rc=$? 78 | exit $rc 79 | fi 80 | # ***** end AMD64 cross build script ******* 81 | 82 | 83 | 84 | 85 | # Grep the required versions from configure.ac 86 | autoconf_vers=`sed -n '/^AC_PREREQ(/ { 87 | s/^.*(\(.*\))/\1/p 88 | q 89 | }' ${configure_ac}` 90 | autoconf_vers_num=`echo "$autoconf_vers" | cvtver` 91 | 92 | automake_vers=`sed -n '/^min_automake_version=/ { 93 | s/^.*="\(.*\)"/\1/p 94 | q 95 | }' ${configure_ac}` 96 | automake_vers_num=`echo "$automake_vers" | cvtver` 97 | 98 | #gettext_vers=`sed -n '/^AM_GNU_GETTEXT_VERSION(/ { 99 | #s/^.*(\(.*\))/\1/p 100 | #q 101 | #}' ${configure_ac}` 102 | #gettext_vers_num=`echo "$gettext_vers" | cvtver` 103 | 104 | 105 | if [ -z "$autoconf_vers" -o -z "$automake_vers" ] 106 | then 107 | echo "**Error**: version information not found in "\`${configure_ac}\'"." >&2 108 | exit 1 109 | fi 110 | 111 | # Allow to override the default tool names 112 | AUTOCONF=${AUTOCONF_PREFIX}${AUTOCONF:-autoconf}${AUTOCONF_SUFFIX} 113 | AUTOHEADER=${AUTOCONF_PREFIX}${AUTOHEADER:-autoheader}${AUTOCONF_SUFFIX} 114 | 115 | AUTOMAKE=${AUTOMAKE_PREFIX}${AUTOMAKE:-automake}${AUTOMAKE_SUFFIX} 116 | ACLOCAL=${AUTOMAKE_PREFIX}${ACLOCAL:-aclocal}${AUTOMAKE_SUFFIX} 117 | 118 | #GETTEXT=${GETTEXT_PREFIX}${GETTEXT:-gettext}${GETTEXT_SUFFIX} 119 | #MSGMERGE=${GETTEXT_PREFIX}${MSGMERGE:-msgmerge}${GETTEXT_SUFFIX} 120 | 121 | DIE=no 122 | 123 | 124 | if check_version $AUTOCONF $autoconf_vers_num $autoconf_vers ; then 125 | check_version $AUTOHEADER $autoconf_vers_num $autoconf_vers autoconf 126 | fi 127 | if check_version $AUTOMAKE $automake_vers_num $automake_vers; then 128 | check_version $ACLOCAL $automake_vers_num $autoconf_vers automake 129 | fi 130 | #if check_version $GETTEXT $gettext_vers_num $gettext_vers; then 131 | # check_version $MSGMERGE $gettext_vers_num $gettext_vers gettext 132 | #fi 133 | 134 | if test "$DIE" = "yes"; then 135 | cat < 2 | 3 | * scd.h (scd_connect): Declared new parameter: scd_options. 4 | * scd.c (scd_connect): Enlarge argv and fill it with options 5 | related arguments. 6 | 7 | 2009-05-16 Moritz 8 | 9 | * scd.h (struct scd_cardinfo): New member: disp_lang. 10 | * scd.c (learn_status_cb): Handle DISP-LANG. 11 | 12 | 2008-08-08 Moritz 13 | 14 | * scd.c (scd_serialno): Removed debugging message. 15 | 16 | 2008-08-07 Moritz 17 | 18 | * scd.c (scd_reset): Removed 19 | (restart_scd): New static function. 20 | (scd_disconnect): Call restart_scd -- it seems, GnuPG does also 21 | send a RESTART command after card access. 22 | * scd.h: Adjust declaration. 23 | Include "util/simplelog.h", instead of . 24 | Do not include "assuan.h". 25 | 26 | 2008-08-04 Moritz 27 | 28 | * scd.c: Mark strings for i18n. 29 | 30 | 2008-08-03 Moritz 31 | 32 | * scd.c (scd_pksign): Remove getpin parameter from scd_pksign. 33 | (inq_needpin): Return error code in case no pincb has been 34 | installed in ctx. 35 | (agent_connect_from_infostr): Don't forget to do error checking 36 | after call to xtrystrdup. 37 | (scd_connect): Disable code for system daemon for now. 38 | 39 | * scd.c (scd_set_pincb): New function. 40 | 41 | * scd.h (scd_pincb_t): New type; declare scd_set_pincb. 42 | Remove getpin argument from scd_pksign. 43 | 44 | * scd.c: Do not include i18n.h. 45 | (scd_disconnect): Declare void. 46 | Change return type of most functions from int to gpg_error_t. 47 | 48 | 2008-07-20 Moritz 49 | 50 | * scd.c: Include simplelog.h and poldi.h. 51 | (struct scd_context): New member: loghandle. 52 | Use xtrystrdup instead of strdup. 53 | Use xtrymalloc instead of malloc. 54 | Use xfree instead of free. 55 | Use log_msg_* functions. 56 | Pass loghandle to several functions. 57 | (struct inq_needpin_s): Replace assuan_ctx_t ctx member with 58 | scd_context_t ctx. Adjusted callers. 59 | 60 | * scd.h: Include simplelog.h and poldi.h; adjusted for new 61 | scd_connect API. 62 | 63 | * scd.c (get_serialno_cb): Do not call out_of_core(); just return 64 | errno on oom. 65 | 66 | 2008-06-14 Moritz 67 | 68 | * scd.c (agent_connect_from_infostr): Use xtrystrdup/xfree instead 69 | strdup/free. 70 | 71 | 2008-05-24 Moritz 72 | 73 | * scd.c (scd_connect): Slightly rewritten; now allows for 74 | connecting to specified scdaemon socket directly. 75 | * scd.h (scd_connect): New parameter: scdaemon_socket. 76 | 77 | 2008-05-01 Moritz 78 | 79 | * Makefile.am: Build a shared and a nonshared version. 80 | 81 | 2008-04-05 Moritz 82 | 83 | * scd.c: Include "util/support.h". 84 | (scd_pksign): Use bin2hex. 85 | (scd_pksign): Removed unused code. 86 | 87 | 2008-04-05 Moritz 88 | 89 | * scd.c, scd.h: Minor changes/cleanup. 90 | 91 | * poldi-scd.c, poldi-scd.h: Removed. 92 | 93 | 2007-12-15 Moritz Schulte 94 | 95 | * scd.c (scd_release_cardinfo): Don't forget to release 96 | PUBKEY_URL. 97 | (inq_needpin): Use xtrymalloc_secure instead of gcry_malloc_secure 98 | directly (it's more consistent this way, I think). 99 | Removed disabled getattr related code. 100 | (agent_connect_from_infostr): Use strdup/free instead of 101 | xstrdup/xfree. 102 | 103 | 2007-11-10 Moritz 104 | 105 | * scd.c (learn_status_cb): Handle PUBKEY_URL. 106 | 107 | 2007-10-27 Moritz 108 | 109 | * poldi-scd.c, poldi-scd.h: New files. Layer on top of scd.c. 110 | * Makefile.am (libscd_a_SOURCES): Added poldi-scd.c, poldi-scd.h. 111 | 112 | 2007-08-16 Moritz 113 | 114 | * scd.c (scd_serialno_internal): New function, it's basically the 115 | old scd_serialno() with a new parameter. 116 | (scd_serialno): Ripped; simply call scd_serialno_internal(). 117 | (get_scd_socket_from_agent): Call scd_serialno_internal in order 118 | to select the OpenPGP app on the card. 119 | Comments. 120 | (scd_reset): Unused variable. 121 | (scd_readkey): Likewise; initialize *KEY to NULL. 122 | * scd.h: Comments. 123 | 124 | 2007-08-16 Moritz 125 | 126 | * scd.c (agent_connect_from_infostr): New function. 127 | (agent_scd_getinfo_socket_name): New function. 128 | (scd_connect): Use above functions for connecting to the agent and 129 | receiving scdaemons socket from the agent instead of connecting to 130 | the agent directly. 131 | (scd_serialno): Allow for R_SERIALNO being NULL so that the 132 | serialno is NOT returned to the caller. 133 | 134 | 2007-08-16 Moritz 135 | 136 | * scd.c (scd_connect): Send a RESTART instead of a RESET command 137 | to scdaemon. 138 | 139 | 140 | 2007-08-10 Moritz 141 | 142 | * scd.c (scd_reset): New function. 143 | * scd.h: Declare it. 144 | 145 | 2007-06-29 Moritz 146 | 147 | * README, scd.c, scd.h: New files. 148 | -------------------------------------------------------------------------------- /src/pam/auth-support/conv.c: -------------------------------------------------------------------------------- 1 | /* conv.c - PAM conversation abstraction for Poldi. 2 | Copyright (C) 2004, 2005, 2007, 2008 g10 Code GmbH 3 | 4 | This file is part of Poldi. 5 | 6 | Poldi is free software; you can redistribute it and/or modify it 7 | under the terms of the GNU General Public License as published by 8 | the Free Software Foundation; either version 3 of the License, or 9 | (at your option) any later version. 10 | 11 | Poldi is distributed in the hope that it will be useful, but 12 | WITHOUT ANY WARRANTY; without even the implied warranty of 13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 | General Public License for more details. 15 | 16 | You should have received a copy of the GNU General Public License 17 | along with this program; if not, see 18 | . */ 19 | 20 | #include 21 | 22 | #include 23 | #include 24 | #include 25 | #include 26 | #include 27 | 28 | #include 29 | 30 | #define PAM_SM_AUTH 31 | #include 32 | 33 | #include "util/util.h" 34 | #include "conv.h" 35 | 36 | 37 | 38 | struct conv_s 39 | { 40 | const struct pam_conv *pam_conv; 41 | }; 42 | 43 | 44 | 45 | /* Create a new PAM conversation object based in PAM_CONV and store it 46 | in *CONV. Returns proper error code. */ 47 | gpg_error_t 48 | conv_create (conv_t *conv, const struct pam_conv *pam_conv) 49 | { 50 | conv_t conv_new; 51 | gpg_error_t err; 52 | 53 | err = 0; 54 | 55 | conv_new = malloc (sizeof (*conv_new)); 56 | if (!conv_new) 57 | { 58 | err = gpg_error_from_syserror (); 59 | goto out; 60 | } 61 | 62 | conv_new->pam_conv = pam_conv; 63 | *conv = conv_new; 64 | 65 | out: 66 | 67 | return err; 68 | } 69 | 70 | /* Destroy the conv object CONV. */ 71 | void 72 | conv_destroy (conv_t conv) 73 | { 74 | if (conv) 75 | free (conv); 76 | } 77 | 78 | 79 | 80 | /* This function queries the PAM user for input through the 81 | conversation function CONV; TEXT will be displayed as prompt, the 82 | user's response will be stored in *RESPONSE. Returns proper error 83 | code. */ 84 | static gpg_error_t 85 | ask_user (const struct pam_conv *conv, int secret, 86 | const char *text, char **response) 87 | { 88 | struct pam_message messages[1] = { { 0, text } }; 89 | const struct pam_message *pmessages[1] = { &messages[0] }; 90 | struct pam_response *responses = NULL; 91 | char *response_new; 92 | gpg_error_t err; 93 | int ret; 94 | 95 | if (secret) 96 | messages[0].msg_style = PAM_PROMPT_ECHO_OFF; 97 | else 98 | messages[0].msg_style = PAM_PROMPT_ECHO_ON; 99 | 100 | response_new = NULL; 101 | 102 | ret = (*conv->conv) (sizeof (messages) / (sizeof (*messages)), pmessages, 103 | &responses, conv->appdata_ptr); 104 | if (ret != PAM_SUCCESS) 105 | { 106 | err = gpg_error (GPG_ERR_INTERNAL); 107 | goto out; 108 | } 109 | 110 | if (response) 111 | { 112 | response_new = strdup (responses[0].resp); 113 | if (! response_new) 114 | { 115 | err = gpg_error_from_errno (errno); 116 | goto out; 117 | } 118 | } 119 | 120 | err = 0; 121 | if (response) 122 | *response = response_new; 123 | 124 | out: 125 | 126 | return err; 127 | } 128 | 129 | /* This function queries the PAM user for input through the 130 | conversation function CONV; TEXT will be displayed as prompt, the 131 | user's response will be stored in *RESPONSE. Returns proper error 132 | code. */ 133 | static gpg_error_t 134 | tell_user (const struct pam_conv *conv, const char *msg) 135 | { 136 | struct pam_message messages[1] = { { PAM_TEXT_INFO, NULL } }; 137 | const struct pam_message *pmessages[1] = { &messages[0] }; 138 | struct pam_response *responses = NULL; 139 | gpg_error_t err; 140 | int ret; 141 | 142 | messages[0].msg = msg; 143 | 144 | ret = (*conv->conv) (sizeof (messages) / (sizeof (*messages)), pmessages, 145 | &responses, conv->appdata_ptr); 146 | if (ret != PAM_SUCCESS) 147 | { 148 | err = gpg_error (GPG_ERR_INTERNAL); 149 | goto out; 150 | } 151 | 152 | err = 0; 153 | 154 | out: 155 | 156 | return err; 157 | } 158 | 159 | gpg_error_t 160 | conv_tell (conv_t conv, const char *fmt, ...) 161 | { 162 | gpg_error_t err = 0; 163 | char *msg = NULL; 164 | va_list ap; 165 | int ret; 166 | 167 | va_start (ap, fmt); 168 | 169 | ret = vasprintf (&msg, fmt, ap); 170 | if (ret < 0) 171 | { 172 | err = gpg_error_from_errno (errno); 173 | goto out; 174 | } 175 | 176 | err = tell_user (conv->pam_conv, msg); 177 | 178 | out: 179 | 180 | va_end (ap); 181 | free (msg); 182 | 183 | return err; 184 | } 185 | 186 | gpg_error_t 187 | conv_ask (conv_t conv, int ask_secret, 188 | char **response, const char *fmt, ...) 189 | { 190 | gpg_error_t err = 0; 191 | char *msg = NULL; 192 | va_list ap; 193 | int ret; 194 | 195 | va_start (ap, fmt); 196 | 197 | ret = vasprintf (&msg, fmt, ap); 198 | if (ret < 0) 199 | { 200 | err = gpg_error_from_errno (errno); 201 | goto out; 202 | } 203 | 204 | err = ask_user (conv->pam_conv, ask_secret, msg, response); 205 | 206 | out: 207 | 208 | va_end (ap); 209 | free (msg); 210 | 211 | return err; 212 | } 213 | 214 | /* END */ 215 | -------------------------------------------------------------------------------- /src/assuan/assuan-io-pth.c: -------------------------------------------------------------------------------- 1 | /* assuan-io-pth.c - Pth version of assua-io.c. 2 | * Copyright (C) 2002, 2004, 2006, 2007, 2008 Free Software Foundation, Inc. 3 | * 4 | * This file is part of Assuan. 5 | * 6 | * Assuan is free software; you can redistribute it and/or modify it 7 | * under the terms of the GNU Lesser General Public License as 8 | * published by the Free Software Foundation; either version 2.1 of 9 | * the License, or (at your option) any later version. 10 | * 11 | * Assuan is distributed in the hope that it will be useful, but 12 | * WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 | * Lesser General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU Lesser General Public 17 | * License along with this program; if not, see . 18 | */ 19 | 20 | #ifdef HAVE_CONFIG_H 21 | #include 22 | #endif 23 | 24 | #include 25 | #include 26 | #ifdef HAVE_SYS_SOCKET_H 27 | #include 28 | #endif 29 | #if HAVE_SYS_UIO_H 30 | # include 31 | #endif 32 | #include 33 | #include 34 | #ifdef HAVE_W32_SYSTEM 35 | # include 36 | #else 37 | # include 38 | #endif 39 | #include 40 | 41 | #include "assuan-defs.h" 42 | 43 | 44 | 45 | #ifndef HAVE_W32_SYSTEM 46 | pid_t 47 | _assuan_waitpid (pid_t pid, int *status, int options) 48 | { 49 | return pth_waitpid (pid, status, options); 50 | } 51 | #endif 52 | 53 | 54 | ssize_t 55 | _assuan_simple_read (assuan_context_t ctx, void *buffer, size_t size) 56 | { 57 | /* Fixme: For W32 we should better not cast the HANDLE type to int. 58 | However, this requires changes in w32pth too. */ 59 | ssize_t retval; 60 | 61 | if (_assuan_io_hooks.read_hook 62 | && _assuan_io_hooks.read_hook (ctx, ctx->inbound.fd, 63 | buffer, size, &retval) == 1) 64 | return retval; 65 | 66 | return _assuan_io_read (ctx->inbound.fd, buffer, size); 67 | } 68 | 69 | ssize_t 70 | _assuan_simple_write (assuan_context_t ctx, const void *buffer, size_t size) 71 | { 72 | ssize_t retval; 73 | 74 | if (_assuan_io_hooks.write_hook 75 | && _assuan_io_hooks.write_hook (ctx, ctx->outbound.fd, 76 | buffer, size, &retval) == 1) 77 | return retval; 78 | return _assuan_io_write (ctx->outbound.fd, buffer, size); 79 | } 80 | 81 | ssize_t 82 | _assuan_io_read (assuan_fd_t fd, void *buffer, size_t size) 83 | { 84 | ssize_t retval; 85 | 86 | if (_assuan_io_hooks.read_hook 87 | && _assuan_io_hooks.read_hook (NULL, fd, buffer, size, &retval) == 1) 88 | return retval; 89 | return pth_read ((int)fd, buffer, size); 90 | } 91 | 92 | ssize_t 93 | _assuan_io_write (assuan_fd_t fd, const void *buffer, size_t size) 94 | { 95 | ssize_t retval; 96 | 97 | if (_assuan_io_hooks.write_hook 98 | && _assuan_io_hooks.write_hook (NULL, fd, buffer, size, &retval) == 1) 99 | return retval; 100 | return pth_write ((int)fd, buffer, size); 101 | } 102 | 103 | 104 | #ifdef HAVE_W32_SYSTEM 105 | int 106 | _assuan_simple_sendmsg (assuan_context_t ctx, void *msg) 107 | #else 108 | ssize_t 109 | _assuan_simple_sendmsg (assuan_context_t ctx, struct msghdr *msg) 110 | #endif 111 | { 112 | #if defined(HAVE_W32_SYSTEM) 113 | return _assuan_error (ASSUAN_Not_Implemented); 114 | #else 115 | /* Pth does not provide a sendmsg function. Thus we implement it here. */ 116 | int ret; 117 | int fd = ctx->outbound.fd; 118 | int fdmode; 119 | 120 | fdmode = pth_fdmode (fd, PTH_FDMODE_POLL); 121 | if (fdmode == PTH_FDMODE_ERROR) 122 | { 123 | errno = EBADF; 124 | return -1; 125 | } 126 | if (fdmode == PTH_FDMODE_BLOCK) 127 | { 128 | fd_set fds; 129 | 130 | FD_ZERO (&fds); 131 | FD_SET (fd, &fds); 132 | while ( (ret = pth_select (fd+1, NULL, &fds, NULL, NULL)) < 0 133 | && errno == EINTR) 134 | ; 135 | if (ret < 0) 136 | return -1; 137 | } 138 | 139 | while ((ret = sendmsg (fd, msg, 0)) == -1 && errno == EINTR) 140 | ; 141 | return ret; 142 | #endif 143 | } 144 | 145 | #ifdef HAVE_W32_SYSTEM 146 | int 147 | _assuan_simple_recvmsg (assuan_context_t ctx, void *msg) 148 | #else 149 | ssize_t 150 | _assuan_simple_recvmsg (assuan_context_t ctx, struct msghdr *msg) 151 | #endif 152 | { 153 | #if defined(HAVE_W32_SYSTEM) 154 | return _assuan_error (ASSUAN_Not_Implemented); 155 | #else 156 | /* Pth does not provide a recvmsg function. Thus we implement it here. */ 157 | int ret; 158 | int fd = ctx->inbound.fd; 159 | int fdmode; 160 | 161 | fdmode = pth_fdmode (fd, PTH_FDMODE_POLL); 162 | if (fdmode == PTH_FDMODE_ERROR) 163 | { 164 | errno = EBADF; 165 | return -1; 166 | } 167 | if (fdmode == PTH_FDMODE_BLOCK) 168 | { 169 | fd_set fds; 170 | 171 | FD_ZERO (&fds); 172 | FD_SET (fd, &fds); 173 | while ( (ret = pth_select (fd+1, &fds, NULL, NULL, NULL)) < 0 174 | && errno == EINTR) 175 | ; 176 | if (ret < 0) 177 | return -1; 178 | } 179 | 180 | while ((ret = recvmsg (fd, msg, 0)) == -1 && errno == EINTR) 181 | ; 182 | return ret; 183 | #endif 184 | } 185 | 186 | 187 | void 188 | _assuan_usleep (unsigned int usec) 189 | { 190 | pth_usleep (usec); 191 | } 192 | -------------------------------------------------------------------------------- /src/assuan/assuan-pipe-server.c: -------------------------------------------------------------------------------- 1 | /* assuan-pipe-server.c - Assuan server working over a pipe 2 | * Copyright (C) 2001, 2002 Free Software Foundation, Inc. 3 | * 4 | * This file is part of Assuan. 5 | * 6 | * Assuan is free software; you can redistribute it and/or modify it 7 | * under the terms of the GNU Lesser General Public License as 8 | * published by the Free Software Foundation; either version 2.1 of 9 | * the License, or (at your option) any later version. 10 | * 11 | * Assuan is distributed in the hope that it will be useful, but 12 | * WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 | * Lesser General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU Lesser General Public 17 | * License along with this program; if not, see . 18 | */ 19 | 20 | #include 21 | #include 22 | #include 23 | #include 24 | #include 25 | #include 26 | #ifdef HAVE_W32_SYSTEM 27 | #include 28 | #include 29 | #endif 30 | 31 | #include "assuan-defs.h" 32 | 33 | 34 | static void 35 | deinit_pipe_server (assuan_context_t ctx) 36 | { 37 | /* nothing to do for this simple server */ 38 | } 39 | 40 | static int 41 | accept_connection (assuan_context_t ctx) 42 | { 43 | /* This is a NOP for a pipe server */ 44 | return 0; 45 | } 46 | 47 | static int 48 | finish_connection (assuan_context_t ctx) 49 | { 50 | /* This is a NOP for a pipe server */ 51 | return 0; 52 | } 53 | 54 | /* Create a new context. Note that the handlers are set up for a pipe 55 | server/client - this way we don't need extra dummy functions */ 56 | int 57 | _assuan_new_context (assuan_context_t *r_ctx) 58 | { 59 | static struct assuan_io io = { _assuan_simple_read, 60 | _assuan_simple_write, 61 | 0, 0 }; 62 | 63 | assuan_context_t ctx; 64 | int rc; 65 | 66 | *r_ctx = NULL; 67 | ctx = xtrycalloc (1, sizeof *ctx); 68 | if (!ctx) 69 | return _assuan_error (ASSUAN_Out_Of_Core); 70 | ctx->input_fd = ASSUAN_INVALID_FD; 71 | ctx->output_fd = ASSUAN_INVALID_FD; 72 | 73 | ctx->inbound.fd = ASSUAN_INVALID_FD; 74 | ctx->outbound.fd = ASSUAN_INVALID_FD; 75 | ctx->io = &io; 76 | 77 | ctx->listen_fd = ASSUAN_INVALID_FD; 78 | /* Use the pipe server handler as a default. */ 79 | ctx->deinit_handler = deinit_pipe_server; 80 | ctx->accept_handler = accept_connection; 81 | ctx->finish_handler = finish_connection; 82 | 83 | rc = _assuan_register_std_commands (ctx); 84 | if (rc) 85 | xfree (ctx); 86 | else 87 | *r_ctx = ctx; 88 | return rc; 89 | } 90 | 91 | 92 | /* Returns true if atoi(S) denotes a valid socket. */ 93 | #ifndef HAVE_W32_SYSTEM 94 | static int 95 | is_valid_socket (const char *s) 96 | { 97 | struct stat buf; 98 | 99 | if ( fstat (atoi (s), &buf ) ) 100 | return 0; 101 | return S_ISSOCK (buf.st_mode); 102 | } 103 | #endif /*!HAVE_W32_SYSTEM*/ 104 | 105 | 106 | int 107 | assuan_init_pipe_server (assuan_context_t *r_ctx, int filedes[2]) 108 | { 109 | int rc; 110 | 111 | rc = _assuan_new_context (r_ctx); 112 | if (!rc) 113 | { 114 | assuan_context_t ctx = *r_ctx; 115 | const char *s; 116 | unsigned long ul; 117 | 118 | ctx->is_server = 1; 119 | #ifdef HAVE_W32_SYSTEM 120 | /* MS Windows has so many different types of handle that one 121 | needs to tranlsate them at many place forth and back. Also 122 | make sure that the file descriptors are in binary mode. */ 123 | setmode (filedes[0], O_BINARY); 124 | setmode (filedes[1], O_BINARY); 125 | ctx->inbound.fd = (void*)_get_osfhandle (filedes[0]); 126 | ctx->outbound.fd = (void*)_get_osfhandle (filedes[1]); 127 | #else 128 | s = getenv ("_assuan_connection_fd"); 129 | if (s && *s && is_valid_socket (s) ) 130 | { 131 | /* Well, we are called with an bi-directional file 132 | descriptor. Prepare for using sendmsg/recvmsg. In this 133 | case we ignore the passed file descriptors. */ 134 | ctx->inbound.fd = ctx->outbound.fd = atoi (s); 135 | _assuan_init_uds_io (ctx); 136 | ctx->deinit_handler = _assuan_uds_deinit; 137 | } 138 | else if (filedes && filedes[0] != ASSUAN_INVALID_FD 139 | && filedes[1] != ASSUAN_INVALID_FD ) 140 | { 141 | /* Standard pipe server. */ 142 | ctx->inbound.fd = filedes[0]; 143 | ctx->outbound.fd = filedes[1]; 144 | } 145 | else 146 | { 147 | _assuan_release_context (*r_ctx); 148 | *r_ctx = NULL; 149 | return ASSUAN_Problem_Starting_Server; 150 | } 151 | #endif 152 | ctx->pipe_mode = 1; 153 | 154 | s = getenv ("_assuan_pipe_connect_pid"); 155 | if (s && (ul=strtoul (s, NULL, 10)) && ul) 156 | ctx->pid = (pid_t)ul; 157 | else 158 | ctx->pid = (pid_t)-1; 159 | 160 | } 161 | return rc; 162 | } 163 | 164 | 165 | void 166 | _assuan_release_context (assuan_context_t ctx) 167 | { 168 | if (ctx) 169 | { 170 | _assuan_inquire_release (ctx); 171 | xfree (ctx->hello_line); 172 | xfree (ctx->okay_line); 173 | xfree (ctx->cmdtbl); 174 | xfree (ctx); 175 | } 176 | } 177 | 178 | void 179 | assuan_deinit_server (assuan_context_t ctx) 180 | { 181 | if (ctx) 182 | { 183 | /* We use this function pointer to avoid linking other server 184 | when not needed but still allow for a generic deinit function. */ 185 | ctx->deinit_handler (ctx); 186 | ctx->deinit_handler = NULL; 187 | _assuan_release_context (ctx); 188 | } 189 | } 190 | -------------------------------------------------------------------------------- /src/assuan/assuan-socket-connect.c: -------------------------------------------------------------------------------- 1 | /* assuan-socket-connect.c - Assuan socket based client 2 | * Copyright (C) 2002, 2003, 2004 Free Software Foundation, Inc. 3 | * 4 | * This file is part of Assuan. 5 | * 6 | * Assuan is free software; you can redistribute it and/or modify it 7 | * under the terms of the GNU Lesser General Public License as 8 | * published by the Free Software Foundation; either version 2.1 of 9 | * the License, or (at your option) any later version. 10 | * 11 | * Assuan is distributed in the hope that it will be useful, but 12 | * WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 | * Lesser General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU Lesser General Public 17 | * License along with this program; if not, see . 18 | */ 19 | 20 | #include 21 | #include 22 | #include 23 | #include 24 | #include 25 | #include 26 | #include 27 | #include 28 | #ifndef HAVE_W32_SYSTEM 29 | #include 30 | #include 31 | #else 32 | #include 33 | #endif 34 | 35 | #include "assuan-defs.h" 36 | 37 | /* Hacks for Slowaris. */ 38 | #ifndef PF_LOCAL 39 | # ifdef PF_UNIX 40 | # define PF_LOCAL PF_UNIX 41 | # else 42 | # define PF_LOCAL AF_UNIX 43 | # endif 44 | #endif 45 | #ifndef AF_LOCAL 46 | # define AF_LOCAL AF_UNIX 47 | #endif 48 | 49 | #ifndef SUN_LEN 50 | # define SUN_LEN(ptr) ((size_t) (((struct sockaddr_un *) 0)->sun_path) \ 51 | + strlen ((ptr)->sun_path)) 52 | #endif 53 | 54 | 55 | static int 56 | do_finish (assuan_context_t ctx) 57 | { 58 | if (ctx->inbound.fd != ASSUAN_INVALID_FD) 59 | { 60 | _assuan_close (ctx->inbound.fd); 61 | } 62 | ctx->inbound.fd = ASSUAN_INVALID_FD; 63 | ctx->outbound.fd = ASSUAN_INVALID_FD; 64 | return 0; 65 | } 66 | 67 | static void 68 | do_deinit (assuan_context_t ctx) 69 | { 70 | do_finish (ctx); 71 | } 72 | 73 | 74 | /* Make a connection to the Unix domain socket NAME and return a new 75 | Assuan context in CTX. SERVER_PID is currently not used but may 76 | become handy in the future. */ 77 | assuan_error_t 78 | assuan_socket_connect (assuan_context_t *r_ctx, 79 | const char *name, pid_t server_pid) 80 | { 81 | return assuan_socket_connect_ext (r_ctx, name, server_pid, 0); 82 | } 83 | 84 | 85 | /* Make a connection to the Unix domain socket NAME and return a new 86 | Assuan context in CTX. SERVER_PID is currently not used but may 87 | become handy in the future. With flags set to 1 sendmsg and 88 | recvmsg are used. */ 89 | assuan_error_t 90 | assuan_socket_connect_ext (assuan_context_t *r_ctx, 91 | const char *name, pid_t server_pid, 92 | unsigned int flags) 93 | { 94 | static struct assuan_io io = { _assuan_simple_read, _assuan_simple_write, 95 | NULL, NULL }; 96 | assuan_error_t err; 97 | assuan_context_t ctx; 98 | assuan_fd_t fd; 99 | struct sockaddr_un srvr_addr; 100 | size_t len; 101 | const char *s; 102 | 103 | if (!r_ctx || !name) 104 | return _assuan_error (ASSUAN_Invalid_Value); 105 | *r_ctx = NULL; 106 | 107 | /* We require that the name starts with a slash, so that we 108 | eventually can reuse this function for other socket types. To 109 | make things easier we allow an optional driver prefix. */ 110 | s = name; 111 | if (*s && s[1] == ':') 112 | s += 2; 113 | if (*s != DIRSEP_C && *s != '/') 114 | return _assuan_error (ASSUAN_Invalid_Value); 115 | 116 | if (strlen (name)+1 >= sizeof srvr_addr.sun_path) 117 | return _assuan_error (ASSUAN_Invalid_Value); 118 | 119 | err = _assuan_new_context (&ctx); 120 | if (err) 121 | return err; 122 | ctx->deinit_handler = ((flags&1))? _assuan_uds_deinit : do_deinit; 123 | ctx->finish_handler = do_finish; 124 | 125 | fd = _assuan_sock_new (PF_LOCAL, SOCK_STREAM, 0); 126 | if (fd == ASSUAN_INVALID_FD) 127 | { 128 | _assuan_log_printf ("can't create socket: %s\n", strerror (errno)); 129 | _assuan_release_context (ctx); 130 | return _assuan_error (ASSUAN_General_Error); 131 | } 132 | 133 | memset (&srvr_addr, 0, sizeof srvr_addr); 134 | srvr_addr.sun_family = AF_LOCAL; 135 | strncpy (srvr_addr.sun_path, name, sizeof (srvr_addr.sun_path) - 1); 136 | srvr_addr.sun_path[sizeof (srvr_addr.sun_path) - 1] = 0; 137 | len = SUN_LEN (&srvr_addr); 138 | 139 | if ( _assuan_sock_connect (fd, (struct sockaddr *) &srvr_addr, len) == -1 ) 140 | { 141 | _assuan_log_printf ("can't connect to `%s': %s\n", 142 | name, strerror (errno)); 143 | _assuan_release_context (ctx); 144 | _assuan_close (fd); 145 | return _assuan_error (ASSUAN_Connect_Failed); 146 | } 147 | 148 | ctx->inbound.fd = fd; 149 | ctx->outbound.fd = fd; 150 | ctx->io = &io; 151 | if ((flags&1)) 152 | _assuan_init_uds_io (ctx); 153 | 154 | /* initial handshake */ 155 | { 156 | int okay, off; 157 | 158 | err = _assuan_read_from_server (ctx, &okay, &off); 159 | if (err) 160 | _assuan_log_printf ("can't connect to server: %s\n", 161 | assuan_strerror (err)); 162 | else if (okay != 1) 163 | { 164 | /*LOG ("can't connect to server: `");*/ 165 | _assuan_log_sanitized_string (ctx->inbound.line); 166 | fprintf (assuan_get_assuan_log_stream (), "'\n"); 167 | err = _assuan_error (ASSUAN_Connect_Failed); 168 | } 169 | } 170 | 171 | if (err) 172 | { 173 | assuan_disconnect (ctx); 174 | } 175 | else 176 | *r_ctx = ctx; 177 | return 0; 178 | } 179 | 180 | 181 | -------------------------------------------------------------------------------- /src/assuan/assuan-socket-server.c: -------------------------------------------------------------------------------- 1 | /* assuan-socket-server.c - Assuan socket based server 2 | * Copyright (C) 2002, 2007 Free Software Foundation, Inc. 3 | * 4 | * This file is part of Assuan. 5 | * 6 | * Assuan is free software; you can redistribute it and/or modify it 7 | * under the terms of the GNU Lesser General Public License as 8 | * published by the Free Software Foundation; either version 2.1 of 9 | * the License, or (at your option) any later version. 10 | * 11 | * Assuan is distributed in the hope that it will be useful, but 12 | * WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 | * Lesser General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU Lesser General Public 17 | * License along with this program; if not, see . 18 | */ 19 | 20 | #include 21 | #include 22 | #include 23 | #include 24 | #include 25 | #include 26 | #ifdef HAVE_W32_SYSTEM 27 | # include 28 | # if HAVE_SYS_SOCKET_H 29 | # include 30 | # elif HAVE_WS2TCPIP_H 31 | # include 32 | # endif 33 | #else 34 | # include 35 | # include 36 | #endif 37 | 38 | 39 | #include "assuan-defs.h" 40 | 41 | static struct assuan_io io = { _assuan_simple_read, _assuan_simple_write, 42 | NULL, NULL }; 43 | 44 | static int 45 | accept_connection_bottom (assuan_context_t ctx) 46 | { 47 | assuan_fd_t fd = ctx->connected_fd; 48 | 49 | ctx->peercred.valid = 0; 50 | #ifdef HAVE_SO_PEERCRED 51 | { 52 | struct ucred cr; 53 | socklen_t cl = sizeof cr; 54 | 55 | if ( !getsockopt (fd, SOL_SOCKET, SO_PEERCRED, &cr, &cl)) 56 | { 57 | ctx->peercred.pid = cr.pid; 58 | ctx->peercred.uid = cr.uid; 59 | ctx->peercred.gid = cr.gid; 60 | ctx->peercred.valid = 1; 61 | 62 | /* This overrides any already set PID if the function returns 63 | a valid one. */ 64 | if (cr.pid != (pid_t)-1 && cr.pid) 65 | ctx->pid = cr.pid; 66 | } 67 | } 68 | #endif 69 | 70 | ctx->inbound.fd = fd; 71 | ctx->inbound.eof = 0; 72 | ctx->inbound.linelen = 0; 73 | ctx->inbound.attic.linelen = 0; 74 | ctx->inbound.attic.pending = 0; 75 | 76 | ctx->outbound.fd = fd; 77 | ctx->outbound.data.linelen = 0; 78 | ctx->outbound.data.error = 0; 79 | 80 | ctx->confidential = 0; 81 | 82 | return 0; 83 | } 84 | 85 | 86 | static int 87 | accept_connection (assuan_context_t ctx) 88 | { 89 | assuan_fd_t fd; 90 | struct sockaddr_un clnt_addr; 91 | socklen_t len = sizeof clnt_addr; 92 | 93 | fd = SOCKET2HANDLE(accept (HANDLE2SOCKET(ctx->listen_fd), 94 | (struct sockaddr*)&clnt_addr, &len )); 95 | if (fd == ASSUAN_INVALID_FD) 96 | { 97 | ctx->os_errno = errno; 98 | return _assuan_error (ASSUAN_Accept_Failed); 99 | } 100 | if (_assuan_sock_check_nonce (fd, &ctx->listen_nonce)) 101 | { 102 | _assuan_close (fd); 103 | ctx->os_errno = EACCES; 104 | return _assuan_error (ASSUAN_Accept_Failed); 105 | } 106 | 107 | ctx->connected_fd = fd; 108 | return accept_connection_bottom (ctx); 109 | } 110 | 111 | static int 112 | finish_connection (assuan_context_t ctx) 113 | { 114 | if (ctx->inbound.fd != ASSUAN_INVALID_FD) 115 | { 116 | _assuan_close (ctx->inbound.fd); 117 | } 118 | ctx->inbound.fd = ASSUAN_INVALID_FD; 119 | ctx->outbound.fd = ASSUAN_INVALID_FD; 120 | return 0; 121 | } 122 | 123 | 124 | static void 125 | deinit_socket_server (assuan_context_t ctx) 126 | { 127 | finish_connection (ctx); 128 | } 129 | 130 | /* Initialize a server for the socket LISTEN_FD which has already be 131 | put into listen mode */ 132 | int 133 | assuan_init_socket_server (assuan_context_t *r_ctx, assuan_fd_t listen_fd) 134 | { 135 | return assuan_init_socket_server_ext (r_ctx, listen_fd, 0); 136 | } 137 | 138 | /* Initialize a server using the already accepted socket FD. This 139 | function is deprecated. */ 140 | int 141 | assuan_init_connected_socket_server (assuan_context_t *r_ctx, assuan_fd_t fd) 142 | { 143 | return assuan_init_socket_server_ext (r_ctx, fd, 2); 144 | } 145 | 146 | 147 | /* 148 | Flag bits: 0 - use sendmsg/recvmsg to allow descriptor passing 149 | 1 - FD has already been accepted. 150 | */ 151 | int 152 | assuan_init_socket_server_ext (assuan_context_t *r_ctx, assuan_fd_t fd, 153 | unsigned int flags) 154 | { 155 | assuan_context_t ctx; 156 | int rc; 157 | 158 | *r_ctx = NULL; 159 | ctx = xtrycalloc (1, sizeof *ctx); 160 | if (!ctx) 161 | return _assuan_error (ASSUAN_Out_Of_Core); 162 | ctx->is_server = 1; 163 | if ((flags & 2)) 164 | ctx->pipe_mode = 1; /* We want a second accept to indicate EOF. */ 165 | ctx->input_fd = ASSUAN_INVALID_FD; 166 | ctx->output_fd = ASSUAN_INVALID_FD; 167 | 168 | ctx->inbound.fd = ASSUAN_INVALID_FD; 169 | ctx->outbound.fd = ASSUAN_INVALID_FD; 170 | 171 | if ((flags & 2)) 172 | { 173 | ctx->listen_fd = ASSUAN_INVALID_FD; 174 | ctx->connected_fd = fd; 175 | } 176 | else 177 | { 178 | ctx->listen_fd = fd; 179 | ctx->connected_fd = ASSUAN_INVALID_FD; 180 | } 181 | ctx->deinit_handler = (flags & 1)? _assuan_uds_deinit:deinit_socket_server; 182 | ctx->accept_handler = ((flags & 2) 183 | ? accept_connection_bottom 184 | : accept_connection); 185 | ctx->finish_handler = finish_connection; 186 | 187 | ctx->io = &io; 188 | if ((flags & 1)) 189 | _assuan_init_uds_io (ctx); 190 | 191 | rc = _assuan_register_std_commands (ctx); 192 | if (rc) 193 | xfree (ctx); 194 | else 195 | *r_ctx = ctx; 196 | return rc; 197 | } 198 | 199 | 200 | /* Save a copy of NONCE in context CTX. This should be used to 201 | register the server's nonce with an context established by 202 | assuan_init_socket_server. */ 203 | void 204 | assuan_set_sock_nonce (assuan_context_t ctx, assuan_sock_nonce_t *nonce) 205 | { 206 | if (ctx && nonce) 207 | ctx->listen_nonce = *nonce; 208 | } 209 | -------------------------------------------------------------------------------- /m4/ksba.m4: -------------------------------------------------------------------------------- 1 | # ksba.m4 - autoconf macro to detect ksba 2 | # Copyright (C) 2002, 2018 g10 Code GmbH 3 | # 4 | # This file is free software; as a special exception the author gives 5 | # unlimited permission to copy and/or distribute it, with or without 6 | # modifications, as long as this notice is preserved. 7 | # 8 | # This file is distributed in the hope that it will be useful, but 9 | # WITHOUT ANY WARRANTY, to the extent permitted by law; without even the 10 | # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 11 | # 12 | # Last-changed: 2020-11-18 13 | 14 | dnl AM_PATH_KSBA([MINIMUM-VERSION, 15 | dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]]) 16 | dnl Test for libksba and define KSBA_CFLAGS and KSBA_LIBS 17 | dnl MINIMUN-VERSION is a string with the version number optionalliy prefixed 18 | dnl with the API version to also check the API compatibility. Example: 19 | dnl a MINIMUN-VERSION of 1:1.0.7 won't pass the test unless the installed 20 | dnl version of libksba is at least 1.0.7 *and* the API number is 1. Using 21 | dnl this features allows to prevent build against newer versions of libksba 22 | dnl with a changed API. 23 | dnl 24 | AC_DEFUN([AM_PATH_KSBA], 25 | [ AC_REQUIRE([AC_CANONICAL_HOST]) 26 | dnl --with-libksba-prefix=PFX is the preferred name for this option, 27 | dnl since that is consistent with how our three siblings use the directory/ 28 | dnl package name in --with-$dir_name-prefix=PFX. 29 | AC_ARG_WITH(libksba-prefix, 30 | AS_HELP_STRING([--with-libksba-prefix=PFX], 31 | [prefix where KSBA is installed (optional)]), 32 | ksba_config_prefix="$withval", ksba_config_prefix="") 33 | 34 | dnl Accept --with-ksba-prefix and make it work the same as 35 | dnl --with-libksba-prefix above, for backwards compatibility, 36 | dnl but do not document this old, inconsistently-named option. 37 | AC_ARG_WITH(ksba-prefix,, 38 | ksba_config_prefix="$withval", ksba_config_prefix="") 39 | 40 | if test x$ksba_config_prefix != x ; then 41 | if test x${KSBA_CONFIG+set} != xset ; then 42 | KSBA_CONFIG=$ksba_config_prefix/bin/ksba-config 43 | fi 44 | fi 45 | 46 | use_gpgrt_config="" 47 | if test x"$KSBA_CONFIG" = x -a x"$GPGRT_CONFIG" != x -a "$GPGRT_CONFIG" != "no"; then 48 | if $GPGRT_CONFIG ksba --exists; then 49 | KSBA_CONFIG="$GPGRT_CONFIG ksba" 50 | AC_MSG_NOTICE([Use gpgrt-config as ksba-config]) 51 | use_gpgrt_config=yes 52 | fi 53 | fi 54 | if test -z "$use_gpgrt_config"; then 55 | AC_PATH_PROG(KSBA_CONFIG, ksba-config, no) 56 | fi 57 | 58 | tmp=ifelse([$1], ,1:1.0.0,$1) 59 | if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then 60 | req_ksba_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'` 61 | min_ksba_version=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\2/'` 62 | else 63 | req_ksba_api=0 64 | min_ksba_version="$tmp" 65 | fi 66 | 67 | AC_MSG_CHECKING(for KSBA - version >= $min_ksba_version) 68 | ok=no 69 | if test "$KSBA_CONFIG" != "no" ; then 70 | req_major=`echo $min_ksba_version | \ 71 | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\1/'` 72 | req_minor=`echo $min_ksba_version | \ 73 | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\2/'` 74 | req_micro=`echo $min_ksba_version | \ 75 | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'` 76 | if test -z "$use_gpgrt_config"; then 77 | ksba_config_version=`$KSBA_CONFIG --version` 78 | else 79 | ksba_config_version=`$KSBA_CONFIG --modversion` 80 | fi 81 | major=`echo $ksba_config_version | \ 82 | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'` 83 | minor=`echo $ksba_config_version | \ 84 | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\2/'` 85 | micro=`echo $ksba_config_version | \ 86 | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\3/'` 87 | if test "$major" -gt "$req_major"; then 88 | ok=yes 89 | else 90 | if test "$major" -eq "$req_major"; then 91 | if test "$minor" -gt "$req_minor"; then 92 | ok=yes 93 | else 94 | if test "$minor" -eq "$req_minor"; then 95 | if test "$micro" -ge "$req_micro"; then 96 | ok=yes 97 | fi 98 | fi 99 | fi 100 | fi 101 | fi 102 | fi 103 | if test $ok = yes; then 104 | AC_MSG_RESULT([yes ($ksba_config_version)]) 105 | else 106 | AC_MSG_RESULT(no) 107 | fi 108 | if test $ok = yes; then 109 | # Even if we have a recent libksba, we should check that the 110 | # API is compatible. 111 | if test "$req_ksba_api" -gt 0 ; then 112 | if test -z "$use_gpgrt_config"; then 113 | tmp=`$KSBA_CONFIG --api-version 2>/dev/null || echo 0` 114 | else 115 | tmp=`$KSBA_CONFIG --variable=api_version 2>/dev/null || echo 0` 116 | fi 117 | if test "$tmp" -gt 0 ; then 118 | AC_MSG_CHECKING([KSBA API version]) 119 | if test "$req_ksba_api" -eq "$tmp" ; then 120 | AC_MSG_RESULT(okay) 121 | else 122 | ok=no 123 | AC_MSG_RESULT([does not match. want=$req_ksba_api got=$tmp.]) 124 | fi 125 | fi 126 | fi 127 | fi 128 | if test $ok = yes; then 129 | KSBA_CFLAGS=`$KSBA_CONFIG --cflags` 130 | KSBA_LIBS=`$KSBA_CONFIG --libs` 131 | ifelse([$2], , :, [$2]) 132 | if test -z "$use_gpgrt_config"; then 133 | libksba_config_host=`$KSBA_CONFIG --host 2>/dev/null || echo none` 134 | else 135 | libksba_config_host=`$KSBA_CONFIG --variable=host 2>/dev/null || echo none` 136 | fi 137 | if test x"$libksba_config_host" != xnone ; then 138 | if test x"$libksba_config_host" != x"$host" ; then 139 | AC_MSG_WARN([[ 140 | *** 141 | *** The config script "$KSBA_CONFIG" was 142 | *** built for $libksba_config_host and thus may not match the 143 | *** used host $host. 144 | *** You may want to use the configure option --with-libksba-prefix 145 | *** to specify a matching config script. 146 | ***]]) 147 | fi 148 | fi 149 | else 150 | KSBA_CFLAGS="" 151 | KSBA_LIBS="" 152 | ifelse([$3], , :, [$3]) 153 | fi 154 | AC_SUBST(KSBA_CFLAGS) 155 | AC_SUBST(KSBA_LIBS) 156 | ]) 157 | -------------------------------------------------------------------------------- /m4/libassuan.m4: -------------------------------------------------------------------------------- 1 | dnl Autoconf macros for libassuan 2 | dnl Copyright (C) 2002, 2003, 2011 Free Software Foundation, Inc. 3 | dnl 4 | dnl This file is free software; as a special exception the author gives 5 | dnl unlimited permission to copy and/or distribute it, with or without 6 | dnl modifications, as long as this notice is preserved. 7 | dnl 8 | dnl This file is distributed in the hope that it will be useful, but 9 | dnl WITHOUT ANY WARRANTY, to the extent permitted by law; without even the 10 | dnl implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 11 | dnl SPDX-License-Identifier: FSFULLR 12 | # Last-changed: 2020-11-17 13 | 14 | dnl 15 | dnl Common code used for libassuan detection [internal] 16 | dnl Returns ok set to yes or no. 17 | dnl 18 | AC_DEFUN([_AM_PATH_LIBASSUAN_COMMON], 19 | [ AC_REQUIRE([AC_CANONICAL_HOST]) 20 | AC_ARG_WITH(libassuan-prefix, 21 | AS_HELP_STRING([--with-libassuan-prefix=PFX], 22 | [prefix where LIBASSUAN is installed (optional)]), 23 | libassuan_config_prefix="$withval", libassuan_config_prefix="") 24 | if test x$libassuan_config_prefix != x ; then 25 | if test x${LIBASSUAN_CONFIG+set} != xset ; then 26 | LIBASSUAN_CONFIG=$libassuan_config_prefix/bin/libassuan-config 27 | fi 28 | fi 29 | 30 | use_gpgrt_config="" 31 | if test x"${LIBASSUAN_CONFIG}" = x -a x"$GPGRT_CONFIG" != x -a "$GPGRT_CONFIG" != "no"; then 32 | if $GPGRT_CONFIG libassuan --exists; then 33 | LIBASSUAN_CONFIG="$GPGRT_CONFIG libassuan" 34 | AC_MSG_NOTICE([Use gpgrt-config as libassuan-config]) 35 | use_gpgrt_config=yes 36 | fi 37 | fi 38 | if test -z "$use_gpgrt_config"; then 39 | AC_PATH_PROG(LIBASSUAN_CONFIG, libassuan-config, no) 40 | fi 41 | 42 | tmp=ifelse([$1], ,1:0.9.2,$1) 43 | if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then 44 | req_libassuan_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'` 45 | min_libassuan_version=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\2/'` 46 | else 47 | req_libassuan_api=0 48 | min_libassuan_version="$tmp" 49 | fi 50 | 51 | AC_MSG_CHECKING(for LIBASSUAN - version >= $min_libassuan_version) 52 | ok=no 53 | if test "$LIBASSUAN_CONFIG" != "no"; then 54 | req_major=`echo $min_libassuan_version | \ 55 | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\1/'` 56 | req_minor=`echo $min_libassuan_version | \ 57 | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\2/'` 58 | req_micro=`echo $min_libassuan_version | \ 59 | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'` 60 | 61 | if test -z "$use_gpgrt_config"; then 62 | libassuan_config_version=`$LIBASSUAN_CONFIG --version` 63 | else 64 | libassuan_config_version=`$LIBASSUAN_CONFIG --modversion` 65 | fi 66 | major=`echo $libassuan_config_version | \ 67 | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'` 68 | minor=`echo $libassuan_config_version | \ 69 | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\2/'` 70 | micro=`echo $libassuan_config_version | \ 71 | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\3/'` 72 | 73 | if test "$major" -gt "$req_major"; then 74 | ok=yes 75 | else 76 | if test "$major" -eq "$req_major"; then 77 | if test "$minor" -gt "$req_minor"; then 78 | ok=yes 79 | else 80 | if test "$minor" -eq "$req_minor"; then 81 | if test "$micro" -ge "$req_micro"; then 82 | ok=yes 83 | fi 84 | fi 85 | fi 86 | fi 87 | fi 88 | fi 89 | 90 | if test $ok = yes; then 91 | AC_MSG_RESULT([yes ($libassuan_config_version)]) 92 | else 93 | AC_MSG_RESULT(no) 94 | fi 95 | 96 | if test $ok = yes; then 97 | if test "$req_libassuan_api" -gt 0 ; then 98 | if test -z "$use_gpgrt_config"; then 99 | tmp=`$LIBASSUAN_CONFIG --api-version 2>/dev/null || echo 0` 100 | else 101 | tmp=`$LIBASSUAN_CONFIG --variable=api_version 2>/dev/null || echo 0` 102 | fi 103 | if test "$tmp" -gt 0 ; then 104 | AC_MSG_CHECKING([LIBASSUAN API version]) 105 | if test "$req_libassuan_api" -eq "$tmp" ; then 106 | AC_MSG_RESULT(okay) 107 | else 108 | ok=no 109 | AC_MSG_RESULT([does not match. want=$req_libassuan_api got=$tmp.]) 110 | fi 111 | fi 112 | fi 113 | fi 114 | 115 | if test $ok = yes; then 116 | if test x"$host" != x ; then 117 | if test -z "$use_gpgrt_config"; then 118 | libassuan_config_host=`$LIBASSUAN_CONFIG --host 2>/dev/null || echo none` 119 | else 120 | libassuan_config_host=`$LIBASSUAN_CONFIG --variable=host 2>/dev/null || echo none` 121 | fi 122 | if test x"$libassuan_config_host" != xnone ; then 123 | if test x"$libassuan_config_host" != x"$host" ; then 124 | AC_MSG_WARN([[ 125 | *** 126 | *** The config script "$LIBASSUAN_CONFIG" was 127 | *** built for $libassuan_config_host and thus may not match the 128 | *** used host $host. 129 | *** You may want to use the configure option --with-libassuan-prefix 130 | *** to specify a matching config script. 131 | ***]]) 132 | fi 133 | fi 134 | fi 135 | fi 136 | ]) 137 | 138 | dnl AM_CHECK_LIBASSUAN([MINIMUM-VERSION, 139 | dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]]) 140 | dnl Test whether libassuan has at least MINIMUM-VERSION. This is 141 | dnl used to test for features only available in newer versions. 142 | dnl 143 | AC_DEFUN([AM_CHECK_LIBASSUAN], 144 | [ _AM_PATH_LIBASSUAN_COMMON($1) 145 | if test $ok = yes; then 146 | ifelse([$2], , :, [$2]) 147 | else 148 | ifelse([$3], , :, [$3]) 149 | fi 150 | ]) 151 | 152 | 153 | 154 | 155 | dnl AM_PATH_LIBASSUAN([MINIMUM-VERSION, 156 | dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]]) 157 | dnl Test for libassuan and define LIBASSUAN_CFLAGS and LIBASSUAN_LIBS 158 | dnl 159 | AC_DEFUN([AM_PATH_LIBASSUAN], 160 | [ _AM_PATH_LIBASSUAN_COMMON($1) 161 | if test $ok = yes; then 162 | LIBASSUAN_CFLAGS=`$LIBASSUAN_CONFIG --cflags` 163 | LIBASSUAN_LIBS=`$LIBASSUAN_CONFIG --libs` 164 | ifelse([$2], , :, [$2]) 165 | else 166 | LIBASSUAN_CFLAGS="" 167 | LIBASSUAN_LIBS="" 168 | ifelse([$3], , :, [$3]) 169 | fi 170 | AC_SUBST(LIBASSUAN_CFLAGS) 171 | AC_SUBST(LIBASSUAN_LIBS) 172 | ]) 173 | -------------------------------------------------------------------------------- /doc/mdate-sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Get modification time of a file or directory and pretty-print it. 3 | 4 | scriptversion=2007-03-30.02 5 | 6 | # Copyright (C) 1995, 1996, 1997, 2003, 2004, 2005, 2007 Free Software 7 | # Foundation, Inc. 8 | # written by Ulrich Drepper , June 1995 9 | # 10 | # This program is free software; you can redistribute it and/or modify 11 | # it under the terms of the GNU General Public License as published by 12 | # the Free Software Foundation; either version 2, or (at your option) 13 | # any later version. 14 | # 15 | # This program is distributed in the hope that it will be useful, 16 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 17 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 | # GNU General Public License for more details. 19 | # 20 | # You should have received a copy of the GNU General Public License 21 | # along with this program; if not, write to the Free Software Foundation, 22 | # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 23 | 24 | # As a special exception to the GNU General Public License, if you 25 | # distribute this file as part of a program that contains a 26 | # configuration script generated by Autoconf, you may include it under 27 | # the same distribution terms that you use for the rest of that program. 28 | 29 | # This file is maintained in Automake, please report 30 | # bugs to or send patches to 31 | # . 32 | 33 | case $1 in 34 | '') 35 | echo "$0: No file. Try \`$0 --help' for more information." 1>&2 36 | exit 1; 37 | ;; 38 | -h | --h*) 39 | cat <<\EOF 40 | Usage: mdate-sh [--help] [--version] FILE 41 | 42 | Pretty-print the modification time of FILE. 43 | 44 | Report bugs to . 45 | EOF 46 | exit $? 47 | ;; 48 | -v | --v*) 49 | echo "mdate-sh $scriptversion" 50 | exit $? 51 | ;; 52 | esac 53 | 54 | # Prevent date giving response in another language. 55 | LANG=C 56 | export LANG 57 | LC_ALL=C 58 | export LC_ALL 59 | LC_TIME=C 60 | export LC_TIME 61 | 62 | # GNU ls changes its time format in response to the TIME_STYLE 63 | # variable. Since we cannot assume `unset' works, revert this 64 | # variable to its documented default. 65 | if test "${TIME_STYLE+set}" = set; then 66 | TIME_STYLE=posix-long-iso 67 | export TIME_STYLE 68 | fi 69 | 70 | save_arg1=$1 71 | 72 | # Find out how to get the extended ls output of a file or directory. 73 | if ls -L /dev/null 1>/dev/null 2>&1; then 74 | ls_command='ls -L -l -d' 75 | else 76 | ls_command='ls -l -d' 77 | fi 78 | # Avoid user/group names that might have spaces, when possible. 79 | if ls -n /dev/null 1>/dev/null 2>&1; then 80 | ls_command="$ls_command -n" 81 | fi 82 | 83 | # A `ls -l' line looks as follows on OS/2. 84 | # drwxrwx--- 0 Aug 11 2001 foo 85 | # This differs from Unix, which adds ownership information. 86 | # drwxrwx--- 2 root root 4096 Aug 11 2001 foo 87 | # 88 | # To find the date, we split the line on spaces and iterate on words 89 | # until we find a month. This cannot work with files whose owner is a 90 | # user named `Jan', or `Feb', etc. However, it's unlikely that `/' 91 | # will be owned by a user whose name is a month. So we first look at 92 | # the extended ls output of the root directory to decide how many 93 | # words should be skipped to get the date. 94 | 95 | # On HPUX /bin/sh, "set" interprets "-rw-r--r--" as options, so the "x" below. 96 | set x`$ls_command /` 97 | 98 | # Find which argument is the month. 99 | month= 100 | command= 101 | until test $month 102 | do 103 | shift 104 | # Add another shift to the command. 105 | command="$command shift;" 106 | case $1 in 107 | Jan) month=January; nummonth=1;; 108 | Feb) month=February; nummonth=2;; 109 | Mar) month=March; nummonth=3;; 110 | Apr) month=April; nummonth=4;; 111 | May) month=May; nummonth=5;; 112 | Jun) month=June; nummonth=6;; 113 | Jul) month=July; nummonth=7;; 114 | Aug) month=August; nummonth=8;; 115 | Sep) month=September; nummonth=9;; 116 | Oct) month=October; nummonth=10;; 117 | Nov) month=November; nummonth=11;; 118 | Dec) month=December; nummonth=12;; 119 | esac 120 | done 121 | 122 | # Get the extended ls output of the file or directory. 123 | set dummy x`eval "$ls_command \"\$save_arg1\""` 124 | 125 | # Remove all preceding arguments 126 | eval $command 127 | 128 | # Because of the dummy argument above, month is in $2. 129 | # 130 | # On a POSIX system, we should have 131 | # 132 | # $# = 5 133 | # $1 = file size 134 | # $2 = month 135 | # $3 = day 136 | # $4 = year or time 137 | # $5 = filename 138 | # 139 | # On Darwin 7.7.0 and 7.6.0, we have 140 | # 141 | # $# = 4 142 | # $1 = day 143 | # $2 = month 144 | # $3 = year or time 145 | # $4 = filename 146 | 147 | # Get the month. 148 | case $2 in 149 | Jan) month=January; nummonth=1;; 150 | Feb) month=February; nummonth=2;; 151 | Mar) month=March; nummonth=3;; 152 | Apr) month=April; nummonth=4;; 153 | May) month=May; nummonth=5;; 154 | Jun) month=June; nummonth=6;; 155 | Jul) month=July; nummonth=7;; 156 | Aug) month=August; nummonth=8;; 157 | Sep) month=September; nummonth=9;; 158 | Oct) month=October; nummonth=10;; 159 | Nov) month=November; nummonth=11;; 160 | Dec) month=December; nummonth=12;; 161 | esac 162 | 163 | case $3 in 164 | ???*) day=$1;; 165 | *) day=$3; shift;; 166 | esac 167 | 168 | # Here we have to deal with the problem that the ls output gives either 169 | # the time of day or the year. 170 | case $3 in 171 | *:*) set `date`; eval year=\$$# 172 | case $2 in 173 | Jan) nummonthtod=1;; 174 | Feb) nummonthtod=2;; 175 | Mar) nummonthtod=3;; 176 | Apr) nummonthtod=4;; 177 | May) nummonthtod=5;; 178 | Jun) nummonthtod=6;; 179 | Jul) nummonthtod=7;; 180 | Aug) nummonthtod=8;; 181 | Sep) nummonthtod=9;; 182 | Oct) nummonthtod=10;; 183 | Nov) nummonthtod=11;; 184 | Dec) nummonthtod=12;; 185 | esac 186 | # For the first six month of the year the time notation can also 187 | # be used for files modified in the last year. 188 | if (expr $nummonth \> $nummonthtod) > /dev/null; 189 | then 190 | year=`expr $year - 1` 191 | fi;; 192 | *) year=$3;; 193 | esac 194 | 195 | # The result. 196 | echo $day $month $year 197 | 198 | # Local Variables: 199 | # mode: shell-script 200 | # sh-indentation: 2 201 | # eval: (add-hook 'write-file-hooks 'time-stamp) 202 | # time-stamp-start: "scriptversion=" 203 | # time-stamp-format: "%:y-%02m-%02d.%02H" 204 | # time-stamp-end: "$" 205 | # End: 206 | --------------------------------------------------------------------------------