diff options
4 files changed, 77 insertions, 2 deletions
diff --git a/security/pam_bsdbioapi/Makefile b/security/pam_bsdbioapi/Makefile index a0d9e17306c..c46bf4a90bf 100644 --- a/security/pam_bsdbioapi/Makefile +++ b/security/pam_bsdbioapi/Makefile @@ -7,6 +7,7 @@ PORTNAME= pam_bsdbioapi PORTVERSION= 1.5 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= http://shapeshifter.se/pub/pam_bsdbioapi/ @@ -15,7 +16,7 @@ COMMENT= PAM module for BioAPI LIB_DEPENDS= bioapi100.0:${PORTSDIR}/security/bioapi -INSTALLS_SHLIB= yes +USE_LDCONFIG= yes SUB_FILES= pkg-message MAN8= pam_bsdbioapi.8 MAN3= libbirdb.3 diff --git a/security/pam_bsdbioapi/files/patch-src_pam_bsdbioapi_pam_bsdbioapi.8 b/security/pam_bsdbioapi/files/patch-src_pam_bsdbioapi_pam_bsdbioapi.8 new file mode 100644 index 00000000000..0e7d99d87b3 --- /dev/null +++ b/security/pam_bsdbioapi/files/patch-src_pam_bsdbioapi_pam_bsdbioapi.8 @@ -0,0 +1,23 @@ +--- src/pam_bsdbioapi/pam_bsdbioapi.8 Thu Feb 23 06:15:13 2006 ++++ src/pam_bsdbioapi/pam_bsdbioapi.8.orig Sun Dec 10 06:36:31 2006 +@@ -36,6 +36,7 @@ + .Ar pam_bsdbioapi + .Ar bsp-uuid + .Ar backend ++.Op -s + .Op -f birdb-path + .Op -m message-file + .Sh DESCRIPTION +@@ -69,6 +70,12 @@ + This option is required. + .Pp + .Bl -tag -width ".Fl m Ar message-file" ++.It Fl s ++Fail without prompting the user to swipe finger if the user has not enrolled ++yet. ++This is useful if only a handful of users has enrolled, but leaks whether the ++given user has enrolled, to whomever tries to authenticate as the user (e.g. ++an attacker outside). + .It Fl f Ar birdb-path + Specify an alternative path to the birdb.conf file for backend configuration. + The default is /usr/local/etc/birdb.conf diff --git a/security/pam_bsdbioapi/files/patch-src_pam_bsdbioapi_pam_bsdbioapi.c b/security/pam_bsdbioapi/files/patch-src_pam_bsdbioapi_pam_bsdbioapi.c new file mode 100644 index 00000000000..9e125ce4eaf --- /dev/null +++ b/security/pam_bsdbioapi/files/patch-src_pam_bsdbioapi_pam_bsdbioapi.c @@ -0,0 +1,51 @@ +--- src/pam_bsdbioapi/pam_bsdbioapi.c Thu Feb 23 06:15:13 2006 ++++ src/pam_bsdbioapi/pam_bsdbioapi.c.orig Sun Dec 10 06:26:57 2006 +@@ -215,7 +215,7 @@ + int argc, const char *argv[]) + { + const char *user, *bsp_id, *dbid, *conf, *msgfile; +- int error, pam_retval = PAM_AUTH_ERR; ++ int error, pam_retval = PAM_AUTH_ERR, skip_unenrolled; + BioAPI_HANDLE *handle; + struct birdb_rec keyrec, **recs; + struct birdb_mod *bm; +@@ -241,9 +241,10 @@ + + conf = DEFCONFPATH; + msgfile = NULL; ++ skip_unenrolled = 0; + + optind = 2; +- while ((opt = getopt(argc, (char **)argv, "m:f:")) != -1) { ++ while ((opt = getopt(argc, (char **)argv, "m:f:s")) != -1) { + switch (opt) { + case 'm': + msgfile = argv[optind - 1]; +@@ -253,6 +254,9 @@ + conf = argv[optind - 1]; + PAM_LOG("Got birdb configuration file: %s", conf); + break; ++ case 's': ++ skip_unenrolled = 1; ++ break; + } + } + +@@ -271,7 +275,6 @@ + PAM_LOG("Got user: %s", user); + + setuid(euid); +- pam_info(pamh, "Initiating biometric authentication..."); + + error = bioapi_init(); + if (error) +@@ -312,7 +315,8 @@ + + keyrec.br_key = (char *)user; + recs = birdb_backend_get(bm, bmh, &keyrec); +- if (recs != NULL) { ++ if (recs != NULL && (!skip_unenrolled || recs[0] != NULL)) { ++ pam_info(pamh, "Initiating biometric authentication..."); + handle = bioapi_attach_bsp(bsp_id); + if (handle == NULL) { + PAM_VERBOSE_ERROR("Failed to attach the selected BSP"); diff --git a/security/pam_bsdbioapi/pkg-plist b/security/pam_bsdbioapi/pkg-plist index b3b41b90076..b7db4a128f0 100644 --- a/security/pam_bsdbioapi/pkg-plist +++ b/security/pam_bsdbioapi/pkg-plist @@ -5,5 +5,5 @@ lib/libbirdb.a lib/libbirdb.so lib/pam_bsdbioapi.so @dirrm share/birdb -share/pam_bsdbioapi/upek_touchchip.cmsg +%%DATADIR%%/upek_touchchip.cmsg @dirrm share/pam_bsdbioapi |