pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/security/CoolKey Provides driver support for the CoolK...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/c5ef67196cec
branches:  trunk
changeset: 539363:c5ef67196cec
user:      shannonjr <shannonjr%pkgsrc.org@localhost>
date:      Tue Mar 04 11:33:02 2008 +0000

description:
Provides driver support for the CoolKey and Common Access Card (CAC)
smart card used in a Public Key Infrastructure (PKI). The libpkcs11
module allows use of Smart Cards in applications that use mozilla
Network Security Services (NSS).

diffstat:

 security/CoolKey/DESCR            |    4 +
 security/CoolKey/Makefile         |   40 ++++++++
 security/CoolKey/PLIST            |   12 ++
 security/CoolKey/distinfo         |    8 +
 security/CoolKey/patches/patch-aa |   30 ++++++
 security/CoolKey/patches/patch-ab |  183 ++++++++++++++++++++++++++++++++++++++
 security/CoolKey/patches/patch-ac |   14 ++
 7 files changed, 291 insertions(+), 0 deletions(-)

diffs (truncated from 319 to 300 lines):

diff -r f7aced72ed6a -r c5ef67196cec security/CoolKey/DESCR
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/CoolKey/DESCR    Tue Mar 04 11:33:02 2008 +0000
@@ -0,0 +1,4 @@
+Provides driver support for the CoolKey and Common Access Card (CAC)
+smart card used in a Public Key Infrastructure (PKI). The libpkcs11
+module allows use of Smart Cards in applications that use mozilla
+Network Security Services (NSS).
diff -r f7aced72ed6a -r c5ef67196cec security/CoolKey/Makefile
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/CoolKey/Makefile Tue Mar 04 11:33:02 2008 +0000
@@ -0,0 +1,40 @@
+# $NetBSD: Makefile,v 1.1.1.1 2008/03/04 11:33:02 shannonjr Exp $
+#
+
+DISTNAME=      coolkey-1.1.0
+CATEGORIES=    security
+MASTER_SITES=  http://directory.fedora.redhat.com/download/coolkey/
+
+MAINTAINER=    shannonjr%NetBSD.org@localhost
+HOMEPAGE=      http://directory.fedora.redhat.com/wiki/CoolKey
+COMMENT=       Driver support for the CoolKey and CAC products
+
+# Only for NetBSD>=4.99.0
+NOT_FOR_PLATFORM=      NetBSD-[0-3].*-* NetBSD-4.[0-9].*-*
+NOT_FOR_PLATFORM+=     NetBSD-4.[0-8]*.*-* NetBSD-4.9[0-8].*-*
+
+GNU_CONFIGURE= yes
+USE_LIBTOOL=   yes
+USE_TOOLS+=    pkg-config
+USE_TOOLS+=    autoconf
+USE_TOOLS+=    gmake
+USE_TOOLS+=    grep
+USE_TOOLS+=    gsed
+USE_LANGUAGES= c c++
+AUTOCONF_REQD= 2.59
+
+CONFIGURE_ARGS+=        --sharedstatedir=${VARBASE:Q}
+CONFIGURE_ARGS+=        --localstatedir=${VARBASE:Q}
+CONFIGURE_ARGS+=        --sysconfdir=${PKG_SYSCONFDIR:Q}
+CONFIGURE_ARGS+=       --disable-dependency-tracking
+
+PKGCONFIG_OVERRIDE+=   src/libckyapplet/libckyapplet.pc.in
+
+pre-configure:
+       cd ${WRKSRC} && autoconf
+
+.include "../../security/pcsc-lite/buildlink3.mk"
+.include "../../security/ccid/buildlink3.mk"
+.include "../../mk/pthread.buildlink3.mk"
+.include "../../devel/zlib/buildlink3.mk"
+.include "../../mk/bsd.pkg.mk"
diff -r f7aced72ed6a -r c5ef67196cec security/CoolKey/PLIST
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/CoolKey/PLIST    Tue Mar 04 11:33:02 2008 +0000
@@ -0,0 +1,12 @@
+@comment $NetBSD: PLIST,v 1.1.1.1 2008/03/04 11:33:02 shannonjr Exp $
+include/cky_applet.h
+include/cky_base.h
+include/cky_card.h
+include/cky_factory.h
+include/cky_list.h
+lib/libckyapplet.so
+lib/libckyapplet.so.1
+lib/libckyapplet.so.1.0.0
+lib/pkcs11/libcoolkeypk11.so
+lib/pkgconfig/libckyapplet.pc
+@dirrm lib/pkcs11
diff -r f7aced72ed6a -r c5ef67196cec security/CoolKey/distinfo
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/CoolKey/distinfo Tue Mar 04 11:33:02 2008 +0000
@@ -0,0 +1,8 @@
+$NetBSD: distinfo,v 1.1.1.1 2008/03/04 11:33:02 shannonjr Exp $
+
+SHA1 (coolkey-1.1.0.tar.gz) = 54136decf9dfd091c8b231cb77dac97db95e1866
+RMD160 (coolkey-1.1.0.tar.gz) = 1873e85aecb30c5311444c76fd85ba79633dce23
+Size (coolkey-1.1.0.tar.gz) = 432808 bytes
+SHA1 (patch-aa) = f91d804c54540f45e7791b3ca9a1fb987bde0a72
+SHA1 (patch-ab) = 6a597a0b6b0400fee83264ee73c9755819ada630
+SHA1 (patch-ac) = 8b7604ea677471a7ee5c1d7c9f4f6f4c03468350
diff -r f7aced72ed6a -r c5ef67196cec security/CoolKey/patches/patch-aa
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/CoolKey/patches/patch-aa Tue Mar 04 11:33:02 2008 +0000
@@ -0,0 +1,30 @@
+$NetBSD: patch-aa,v 1.1.1.1 2008/03/04 11:33:02 shannonjr Exp $
+
+--- configure.in.orig  2007-02-16 12:50:50.000000000 -0700
++++ configure.in
+@@ -101,7 +101,8 @@ AC_PROG_LN_S
+ # Checks for libraries.
+ if test $WINDOWS -ne 1; then
+ AC_CHECK_LIB(z, uncompress, , AC_MSG_ERROR(could not locate libz compression library))
+-AC_CHECK_LIB(dl, dlopen, , AC_MSG_ERROR(could not locate dynamic library services library))
++# NetBSD: dlopen is not in a library.  It is included in every dynamically linked program automatically.
++#AC_CHECK_LIB(dl, dlopen, , AC_MSG_ERROR(could not locate dynamic library services library))
+ fi
+ 
+ # add our compiled static libraries
+@@ -121,12 +122,13 @@ AC_ARG_ENABLE(pk11install, 
+   [  --enable-pk11install          build an installer for legacy user apps(default=no)])
+ if test "$enable_pk11install" = "yes" -o "$enable_pk11install" = "true"
+ then
++/*  Bugzilla Bug 250738: build patches for coolkey */
+ if test $WINDOWS -ne 1; then
+   PKG_CHECK_MODULES(NSS, nss, true, [ AC_MSG_ERROR(could not find NSS Crypto libraries) ])
+ fi
+-  enable_pk11install = "yes"
++  enable_pk11install="yes"
+ else
+-  enable_pk11install = "no"
++  enable_pk11install="no"
+   AC_MSG_WARN([skipping pk11install])
+ fi
+ 
diff -r f7aced72ed6a -r c5ef67196cec security/CoolKey/patches/patch-ab
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/CoolKey/patches/patch-ab Tue Mar 04 11:33:02 2008 +0000
@@ -0,0 +1,183 @@
+$NetBSD: patch-ab,v 1.1.1.1 2008/03/04 11:33:02 shannonjr Exp $
+
+--- src/coolkey/machdep.cpp.orig       2007-02-13 17:46:28.000000000 -0700
++++ src/coolkey/machdep.cpp
+@@ -17,6 +17,8 @@
+  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+  * ***** END COPYRIGHT BLOCK *****/
+ 
++/* Patch from RedHAT coolkey-1.1.0-5.el5.src.rpm */
++
+ #include "machdep.h"
+ #include "mypkcs11.h"
+ #include "PKCS11Exception.h"
+@@ -185,12 +187,20 @@ void OSSleep(int time) 
+ #define MAP_INHERIT 0
+ #endif
+ 
++#ifndef BASEPATH
++#ifdef MAC
++#define BASEPATH "/var"
++#else
++#define BASEPATH "/var/cache"
++#endif
++#endif
++
+ #ifdef FULL_CLEANUP
+ #define RESERVED_OFFSET 256
+-#define MEMSEGPATH "/tmp/.pk11ipc"
++#define MEMSEGPATH BASEPATH"/coolkey-lock"
+ #else 
+ #define RESERVED_OFFSET 0
+-#define MEMSEGPATH "/tmp/.pk11ipc1"
++#define MEMSEGPATH BASEPATH"/coolkey"
+ #endif
+ 
+ struct SHMemData {
+@@ -208,11 +218,6 @@ SHMemData::~SHMemData() { 
+ #ifdef FULL_CLEANUP
+       flock(fd,LOCK_EX);
+       unsigned long ref = --(*(unsigned long *)addr); 
+-#ifdef notdef
+-      if (ref == 0) {
+-          unlink(path);
+-      }
+-#endif
+       flock(fd, LOCK_UN);
+ #endif
+       munmap(addr,size+RESERVED_OFFSET);
+@@ -225,6 +230,73 @@ SHMemData::~SHMemData() { 
+     }
+ }
+ 
++/*
++ * The cache directory is shared and accessible by anyone, make
++ * sure the cache file we are opening is really a valid cache file.
++ */
++int safe_open(char *path, int flags, int mode, int size)
++{
++    struct stat buf;
++    int fd, ret;
++
++    fd = open (path, flags|O_NOFOLLOW, mode);
++
++    if (fd < 0) {
++      return fd;
++    }
++
++    ret = fstat(fd, &buf);
++    if (ret < 0) {
++      close (fd);
++      return ret;
++    }
++
++    /* our cache files are pretty specific, make sure we are looking
++     * at the correct one */
++
++    /* first, we should own the file ourselves, don't open a file
++     * that someone else wanted us to see. */
++    if (buf.st_uid != getuid()) {
++      close(fd);
++      errno = EACCES;
++      return -1;
++    }
++
++    /* next, there should only be one link in this file. Don't
++     * use this code to trash another file */
++    if (buf.st_nlink != 1) {
++      close(fd);
++      errno = EMLINK;
++      return -1;
++    }
++
++    /* next, This better be a regular file */
++    if (!S_ISREG(buf.st_mode)) {
++      close(fd);
++      errno = EACCES;
++      return -1;
++    }
++
++    /* if the permissions don't match, something is wrong */
++    if ((buf.st_mode & 03777) != mode) {
++      close(fd);
++      errno = EACCES;
++      return -1;
++    }
++
++    /* finally the file should be the correct size. This 
++     * check isn't so much to protect from an attack, as it is to
++     * detect a corrupted cache file */
++    if (buf.st_size != size) {
++      close(fd);
++      errno = EACCES;
++      return -1;
++    }
++
++    /* OK, the file checked out, ok to continue */
++    return fd;
++}
++
+ SHMem::SHMem(): shmemData(0) {}
+ 
+ SHMem *
+@@ -248,7 +320,7 @@ SHMem::initSegment(const char *name, int
+       return NULL;
+     }
+     int mask = umask(0);
+-    int ret = mkdir (MEMSEGPATH, 0777);
++    int ret = mkdir (MEMSEGPATH, 01777);
+     umask(mask);
+     if ((ret == -1) && (errno != EEXIST)) {
+       delete shmemData;
+@@ -264,21 +336,16 @@ SHMem::initSegment(const char *name, int
+     shmemData->path[sizeof(MEMSEGPATH)-1] = '/';
+     strcpy(&shmemData->path[sizeof(MEMSEGPATH)],name);
+ 
+-    int mode = 0777;
+-    if (strcmp(name,"token_names") != 0) {
+-      /* each user gets his own uid array */
+-      sprintf(uid_str, "-%u",getuid());
+-      strcat(shmemData->path,uid_str);
+-      mode = 0700;
+-    } 
++    sprintf(uid_str, "-%u",getuid());
++    strcat(shmemData->path,uid_str);
++    int mode = 0600;
++
+     shmemData->fd = open(shmemData->path, 
+               O_CREAT|O_RDWR|O_EXCL|O_APPEND|O_EXLOCK, mode);
+-    if (shmemData->fd  < 0) {
+-      needInit = false;
+-      shmemData->fd = open(shmemData->path,O_RDWR|O_EXLOCK, mode);
+-    }  else {
++    if (shmemData->fd >= 0) {
+       char *buf;
+       int len = size+RESERVED_OFFSET;
++      int ret;
+ 
+       buf = (char *)calloc(1,len);
+       if (!buf) {
+@@ -289,8 +356,22 @@ SHMem::initSegment(const char *name, int
+           delete shmemData;
+           return NULL;
+       }
+-      write(shmemData->fd,buf,len);
++      ret = write(shmemData->fd,buf,len);
++      if (ret != len) {
++          unlink(shmemData->path);
++#ifdef FULL_CLEANUP
++          flock(shmemData->fd, LOCK_UN);
++#endif
++          delete shmemData;
++          return NULL;
++      }
++      
+       free(buf);
++    } else if (errno == EEXIST) {
++      needInit = false;
++
++      shmemData->fd = safe_open(shmemData->path,O_RDWR|O_EXLOCK, mode,
++                                size+RESERVED_OFFSET);
+     }
+     if (shmemData->fd < 0) {



Home | Main Index | Thread Index | Old Index