debian/0000755000000000000000000000000011714512403007164 5ustar debian/compat0000644000000000000000000000000211713477530010374 0ustar 9 debian/patches/0000755000000000000000000000000011713500300010603 5ustar debian/patches/0003-nonlinux_archs.patch0000644000000000000000000000140411713477530015257 0ustar Description: Don't include linux-specific headers. Author: Alessio Treglia Forwarded: no --- src/conf.h | 2 ++ src/volume.c | 2 ++ 2 files changed, 4 insertions(+) --- libpam-usb.orig/src/conf.h +++ libpam-usb/src/conf.h @@ -23,7 +23,9 @@ # define CONF_SERVICE_XPATH "//configuration/services/service[@id='%s']/%s" # define CONF_USER_MAXLEN 32 # include +#ifdef __linux__ # include +#endif # include # ifndef PATH_MAX # define PATH_MAX 4096 --- libpam-usb.orig/src/volume.c +++ libpam-usb/src/volume.c @@ -21,7 +21,9 @@ #include #include #include +#ifndef __GNU__ #include +#endif #include "mem.h" #include "conf.h" #include "log.h" debian/patches/series0000644000000000000000000000014511713500270012026 0ustar 0001-buildsystem.patch 0002-spelling_mistakes.patch 0003-nonlinux_archs.patch 0004-pad_entropy.patch debian/patches/0004-pad_entropy.patch0000644000000000000000000000275111714301521014543 0ustar Description: Increase entropy of generated pad files Seeding the random number generator from PID and current time provides very little entropy, as these can be guessed quite closely by an attacker, so use the kernel's random number generator instead. Author: Toby Speight Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658700 Forwarded: no --- src/pad.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) --- libpam-usb.orig/src/pad.c +++ libpam-usb/src/pad.c @@ -22,6 +22,7 @@ #include #include #include +#include #include #include #include "conf.h" @@ -181,6 +182,8 @@ static void pusb_pad_update(t_pusb_optio FILE *f_system = NULL; char magic[1024]; int i; + unsigned int seed; + int devrandom; if (!pusb_pad_should_update(opts, user)) return ; @@ -201,7 +204,14 @@ static void pusb_pad_update(t_pusb_optio pusb_pad_protect(user, fileno(f_system)); log_debug("Generating %d bytes unique pad...\n", sizeof(magic)); - srand(getpid() * time(NULL)); + devrandom = open("/dev/random", O_RDONLY); + if (devrandom < 0 || read(devrandom, &seed, sizeof seed) != sizeof seed) { + log_debug("/dev/random seeding failed...\n"); + seed = getpid() * time(NULL); /* low-entropy fallback */ + } + if (devrandom > 0) + close(devrandom); + srand(seed); for (i = 0; i < sizeof(magic); ++i) magic[i] = (char)rand(); log_debug("Writing pad to the device...\n"); debian/patches/0001-buildsystem.patch0000644000000000000000000000271211713477530014572 0ustar Description: Handle LIBDIR as library installation path. Set default for PREFIX,LIBDIR if unset. Author: Alessio Treglia Forwarded: --- Makefile | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) --- libpam-usb-0.5.0.orig/Makefile +++ libpam-usb-0.5.0/Makefile @@ -1,6 +1,9 @@ # Set to 'yes' to include debugging informations, e.g. DEBUG=yes make -e DEBUG := no +PREFIX ?= usr +LIBDIR ?= lib + # compiler/linker options CC := gcc CFLAGS := $(CFLAGS) -Wall -fPIC `pkg-config --cflags libxml-2.0` \ @@ -25,7 +28,7 @@ PAM_USB_SRCS := src/pam.c PAM_USB_OBJS := $(PAM_USB_SRCS:.c=.o) PAM_USB := pam_usb.so PAM_USB_LDFLAGS := -shared -PAM_USB_DEST := $(DESTDIR)/lib/security +PAM_USB_DEST := $(DESTDIR)/$(LIBDIR)/security # pamusb-check PAMUSB_CHECK_SRCS := src/pamusb-check.c @@ -35,7 +38,7 @@ PAMUSB_CHECK := pamusb-check # Tools PAMUSB_CONF := pamusb-conf PAMUSB_AGENT := pamusb-agent -TOOLS_DEST := $(DESTDIR)/usr/bin +TOOLS_DEST := $(DESTDIR)/$(PREFIX)/bin TOOLS_SRC := tools # Conf @@ -44,11 +47,11 @@ CONFS_DEST := $(DESTDIR)/etc # Doc DOCS := doc/QUICKSTART doc/CONFIGURATION doc/UPGRADING doc/FAQ -DOCS_DEST := $(DESTDIR)/usr/share/doc/pamusb +DOCS_DEST := $(DESTDIR)/$(PREFIX)/share/doc/pamusb # Man MANS := doc/pamusb-conf.1.gz doc/pamusb-agent.1.gz doc/pamusb-check.1.gz -MANS_DEST := $(DESTDIR)/usr/share/man/man1 +MANS_DEST := $(DESTDIR)/$(PREFIX)/share/man/man1 # Binaries RM := rm debian/patches/0002-spelling_mistakes.patch0000644000000000000000000000217311713477530015745 0ustar Description: Fix small misspellings. Author: Alessio Treglia Forwarded: --- Makefile | 2 +- src/pad.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) --- libpam-usb-0.5.0.orig/Makefile +++ libpam-usb-0.5.0/Makefile @@ -1,4 +1,4 @@ -# Set to 'yes' to include debugging informations, e.g. DEBUG=yes make -e +# Set to 'yes' to include debugging information, e.g. DEBUG=yes make -e DEBUG := no PREFIX ?= usr --- libpam-usb-0.5.0.orig/src/pad.c +++ libpam-usb-0.5.0/src/pad.c @@ -73,7 +73,7 @@ static FILE *pusb_pad_open_system(t_pusb if (!(user_ent = getpwnam(user)) || !(user_ent->pw_dir)) { - log_error("Unable to retrieve informations for user \"%s\": %s\n", + log_error("Unable to retrieve information for user \"%s\": %s\n", strerror(errno)); return (0); } @@ -111,7 +111,7 @@ static int pusb_pad_protect(const char * log_debug("Protecting pad file...\n"); if (!(user_ent = getpwnam(user))) { - log_error("Unable to retrieve informations for user \"%s\": %s\n", + log_error("Unable to retrieve information for user \"%s\": %s\n", strerror(errno)); return (0); } debian/pamusb-common.install0000644000000000000000000000003611714453130013331 0ustar doc/pamusb.conf etc usr/bin/* debian/rules0000755000000000000000000000073711714455176010270 0ustar #!/usr/bin/make -f DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) export LIBDIR=lib/$(DEB_HOST_MULTIARCH) %: dh $@ -Smakefile override_dh_auto_build: dh_auto_build for manpage in `ls doc/*.1.gz`; do \ dmanpage=debian/`basename $$manpage | sed -e 's/\.gz//'`;\ gunzip -c $$manpage > $$dmanpage;\ done; sed -i 's/^\."/\.\\"/' debian/*.1 sed -i 's/\\fBpamusb-check/\\fBpamusb-check \\fP- simulates pam_usb authentication/' debian/pamusb-check.1 debian/control0000644000000000000000000000331311714456341010577 0ustar Source: libpam-usb Section: admin Priority: extra Maintainer: Alessio Treglia Build-Depends: debhelper (>= 8.1.3~), libdbus-1-dev, libpam0g-dev, libxml2-dev, pkg-config Standards-Version: 3.9.2 Homepage: http://www.pamusb.org/ Vcs-Git: git://anonscm.debian.org/collab-maint/libpam-usb.git Vcs-Browser: http://anonscm.debian.org/gitweb/?p=collab-maint/libpam-usb.git Package: libpam-usb Architecture: any Multi-Arch: same Pre-Depends: libpam-runtime (>= 1.0.1-6~), ${misc:Pre-Depends} Depends: pamusb-common, pmount, udisks [linux-any], ${misc:Depends}, ${shlibs:Depends} Description: PAM module for authentication with removable USB block devices pam_usb provides hardware authentication for Linux using ordinary USB Flash Drives. It works with any application supporting PAM, such as su, any login manager (GDM, KDM), etc. Package: pamusb-common Architecture: any Multi-Arch: foreign Breaks: libpam-usb (<< 0.5.0), pamusb-tools (<< 0.5.0) Replaces: libpam-usb (<< 0.5.0), pamusb-tools (<< 0.5.0) Depends: dbus, python (>= 2.5), python-dbus, python-gobject, ${misc:Depends}, ${shlibs:Depends} Recommends: libpam-usb (>> 0.5.0) Description: helper tools for the pam-usb module This package contains several tools related to the libpam-usb module including pamusb-agent, pamusb-conf and pamusb-check, which help users to manage the XML-based configuration file and to test their settings. Package: pamusb-tools Section: oldlibs Architecture: all Depends: pamusb-common, ${misc:Depends} Description: dummy transitional package for pamusb-common This dummy package is provided for a smooth transition from pamsub-tools to pamusb-common. . It may be safely removed after installation. debian/libpam-usb.postinst0000644000000000000000000000010211714456374013033 0ustar #!/bin/sh set -e pam-auth-update --package #DEBHELPER# exit 0 debian/pam-auth-update/0000755000000000000000000000000011714455142012166 5ustar debian/pam-auth-update/usb0000644000000000000000000000015411714451547012707 0ustar Name: USB authentication Default: yes Priority: 257 Auth-Type: Primary Auth: sufficient pam_usb.so debian/pamusb-common.docs0000644000000000000000000000006711713477530012630 0ustar doc/CONFIGURATION doc/FAQ doc/UPGRADING doc/QUICKSTART debian/changelog0000644000000000000000000000763211714511547011056 0ustar libpam-usb (0.5.0-4) unstable; urgency=low * Attempt to fix FTBFS on hurd. * Make this depending on udisks on linux-any only. * Increase entropy of generated pad files (Closes: #658700); thanks to Toby Speight for the patch. * Add config file for pam-auth-update (Closes: #658967); thanks to Petter Reinholdtsen for the report. - Add libpam-runtime (>= 1.0.1-6~) on Pre-Depends due to the use of the pam-auth-update tool in the maintainer scripts. * Add NEWS file to inform users about the need for rewriting their config files after the upgrade to the latest upstream release 0.5.0; thanks to Toby Speight for having pointed this out. (Closes: #658013) -- Alessio Treglia Wed, 08 Feb 2012 16:23:16 +0100 libpam-usb (0.5.0-3) unstable; urgency=low * Move tools back to /usr/bin, they don't actually need superuser privileges to work; pamusb-conf needs to run as root whe used to update the system-wide configuration file. * Small improvements to the buildsystem. -- Alessio Treglia Mon, 30 Jan 2012 19:12:27 +0100 libpam-usb (0.5.0-2) unstable; urgency=low * Attempt to fix FTBFS on non-Linux architectures. -- Alessio Treglia Mon, 30 Jan 2012 12:20:12 +0100 libpam-usb (0.5.0-1) unstable; urgency=low * Re-introduce this in Debian (Closes: #657742) * New upstream release: - Migrated the code base to UDisks. pam_usb doesn't depend on HAL anymore. - Added deny_remote option (defaults to true). If false, local login check will be disabled. - Fixed a bug in the device recognition (--add-device) * Build with MultiArch. * Add VCS tags * Bump Standards. * Switch to DH 7. * Set package format to 3.0 (quilt). * Update debian/copyright. * Fix small spelling mistakes. * Install tools into /usr/sbin * Rename pamusb-tools to pamusb-common and install all tools into pamusb-common. -- Alessio Treglia Sat, 28 Jan 2012 19:13:17 +0100 libpam-usb (0.4.2-1.1) unstable; urgency=low * Non-maintainer upload, to drop Python 2.4; thanks to Luca Falavigna for the report and to Jakub Wilk for the patch; Closes: #562454 - debian/control + bump Depends on python >= 2.5 and drop python-celementtree -- Sandro Tosi Tue, 12 Jan 2010 01:10:31 +0100 libpam-usb (0.4.2-1) unstable; urgency=low * New upstream version 0.4.2: - Fixed the ElementTree import statement of pamusb-agent to work with Python 2.5. - Improved the device detection to work with any removable storage device. - Added a workaround for a DBUS bug that prevented pam_usb to work with su. - Disable log outputting if the application doesn't have any tty attached (fixes gksudo and other software). * Missing dependency: pmount (Closes: #442449) * debian/watch fails to report upstream's version (Closes: #450005) * Package description could be improved (Closes: #459315) * Updated Standards-Version, no changes needed. * Changing maintainer email. -- Jose Parrella Sat, 21 Jun 2008 10:15:51 -0430 libpam-usb (0.4.1-1) unstable; urgency=low * New upstream version 0.4.1: - Fixed a security issue related to OpenSSH authentication - Fixed the quiet option (now it is really quiet) - Support for devices without vendor/model information * Upgraded to Standards-Version: 3.7.2.2 * Adding dbus, hal and libpam-usb as dependencies for pamusb-tools. -- Jose Parrella Wed, 15 Aug 2007 10:43:43 -0400 libpam-usb (0.4.0-2) unstable; urgency=low * Adding python-dbus as a dependency for pamusb-tools (Closes: #423540) -- Jose Parrella Sun, 17 Jun 2007 22:03:46 +0100 libpam-usb (0.4.0-1) unstable; urgency=low * Initial release (Closes: #420199) -- Jose Parrella Sat, 21 Apr 2007 10:31:27 -0400 debian/libpam-usb.NEWS0000644000000000000000000000101611714506656011730 0ustar libpam-usb (0.5.0-4) unstable; urgency=low Information about devices' vendor and serial have been stripped off from the "device" field of the configuration files supported by the 0.5.0 release. Please keep that in mind while upgrading from 0.4.2 to 0.5.0 since old configuration files stored in /etc/pamusb.conf may likely need to be either fixed by hand or regenerated by the support tool /usr/bin/pamusb-conf provided by pamusb-common. -- Alessio Treglia Wed, 08 Feb 2012 15:41:04 +0100 debian/README.Debian0000644000000000000000000000050411713477530011236 0ustar The original upstream configuration file disables one time pads and enables debugging. Debian defaults for this package are to enable one time pads (in order to improve randomness and security) and to disable debugging in order to prevent floods to the logfiles. -- José Miguel Parrella Romero debian/gbp.conf0000644000000000000000000000003611713477530010614 0ustar [DEFAULT] pristine-tar = True debian/copyright0000644000000000000000000000222411713477530011131 0ustar Format: http://svn.debian.org/wsvn/dep/web/deps/dep5.mdwn?op=file&rev=200 Upstream-Name: pam_usb Upstream-Contact: Andrea Luzzardi Source: http://sf.net/pamusb/files/ Files: * Copyright: 2003-2007 Andrea Luzzardi License: GPL-2 Files: debian/* Copyright: 2012 Alessio Treglia 2007, Jose Parrella License: GPL-2 License: GPL-2 This package is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 2 as published by the Free Software Foundation. . This package is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. Comment: On Debian systems, the complete text of the GNU General Public License can be found in `/usr/share/common-licenses/GPL-2'. . You should have received a copy of the GNU General Public License along with this package; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA debian/libpam-usb.install0000644000000000000000000000011111714456360012611 0ustar debian/pam-auth-update/* usr/share/pam-configs lib/*/security/pam_usb.so debian/libpam-usb.prerm0000644000000000000000000000011711714456402012273 0ustar #!/bin/sh set -e pam-auth-update --package --remove usb #DEBHELPER# exit 0 debian/source/0000755000000000000000000000000011713477530010476 5ustar debian/source/format0000644000000000000000000000001411713477530011704 0ustar 3.0 (quilt) debian/watch0000644000000000000000000000006511713477530010230 0ustar version=3 http://sf.net/pamusb/pam_usb-(.*)\.tar\.gz debian/pamusb-common.manpages0000644000000000000000000000010111713477530013460 0ustar debian/pamusb-agent.1 debian/pamusb-check.1 debian/pamusb-conf.1 debian/clean0000644000000000000000000000001311713477530010175 0ustar debian/*.8