pax_global_header00006660000000000000000000000064112604013170014505gustar00rootroot0000000000000052 comment=01083941ef8aa0a1c81c7a99343dd716f0756f24 alterator-pkcs11-0.1/000075500000000000000000000000001126040131700144405ustar00rootroot00000000000000alterator-pkcs11-0.1/.gear/000075500000000000000000000000001126040131700154345ustar00rootroot00000000000000alterator-pkcs11-0.1/.gear/rules000064400000000000000000000000071126040131700165060ustar00rootroot00000000000000tar: . alterator-pkcs11-0.1/Makefile000064400000000000000000000002031126040131700160730ustar00rootroot00000000000000NAME=pkcs11 INSTALL=/usr/bin/install all: clean: clean-po install: install-module include /usr/share/alterator/build/module.mak alterator-pkcs11-0.1/alterator-pkcs11.spec000064400000000000000000000014571126040131700204200ustar00rootroot00000000000000# vim: set ft=spec: -*- rpm-spec -*- Name: alterator-pkcs11 Version: 0.1 Release: alt2 Summary: PKCS#11 user certificate manager Group: System/Configuration/Other License: GPL BuildArch: noarch Source: %name-%version.tar Requires: alterator >= 4.6-alt3 Requires: alterator-l10n >= 2.7-alt11 Conflicts: alterator-fbi < 5.7-alt4 BuildPreReq: alterator >= 4.6-alt3 %description PKCS#11 user certificate management module. %prep %setup %build %make_build %install %makeinstall %files %_datadir/alterator/applications/* %_datadir/alterator/ui/* %_alterator_backend3dir/* %changelog * Tue Sep 29 2009 Alexey I. Froloff 0.1-alt2 - Fixed description (closes: #21771) - Added translations via alterator-l10n * Sun Sep 27 2009 Alexey I. Froloff 0.1-alt1 - Initial build alterator-pkcs11-0.1/applications/000075500000000000000000000000001126040131700171265ustar00rootroot00000000000000alterator-pkcs11-0.1/applications/pkcs11.desktop000064400000000000000000000003411126040131700216210ustar00rootroot00000000000000[Desktop Entry] Type=Application Categories=X-Alterator-Users Terminal=false Name=PKCS#11 Certificates Icon=pkcs11 X-Alterator-URI=/pkcs11 X-Alterator-Weight=20 X-Alterator-Help=pkcs11 Name[ru]=Сертификаты PKCS#11 alterator-pkcs11-0.1/backend3/000075500000000000000000000000001126040131700161125ustar00rootroot00000000000000alterator-pkcs11-0.1/backend3/pkcs11000075500000000000000000000111501126040131700171400ustar00rootroot00000000000000#!/bin/sh po_domain="alterator-pkcs11" alterator_api_version=1 . alterator-sh-functions . shell-signal . shell-quote cleanup_function() { [ -z "$tmpdir" ] || rm -rf -- "$tmpdir" } tmpdir="$(mktemp -dt "${0##*/}.XXXXXXXX")" set_cleanup_handler cleanup_function mount_dir="/mnt/${0##*/}" cert_dir="/etc/security/pam_pkcs11/cacerts" ### physical device setup __read_var() { local line="$1";shift local name="$1";shift local v="${line#* $name=\"}" echo "${v%%\"*}" } __read_priority() { local dev_name="$1";shift if [ -d "/sys/class/block/$dev_name/md" ];then echo "2" elif [ -d "/sys/devices/virtual/block/$dev_name" ];then echo "1" else echo "0" fi } __list_partitions() { local line= fs_uuid= fs_type= local dev_major_minor= dev_name= dev_priority= blkid -c /dev/null| while read line; do dev_name="${line%%:*}" dev_name="$(udevadm info --query name --name "$dev_name")" dev_major_minor="$(cat /sys/class/block/$dev_name/dev)" fs_uuid="$(__read_var "$line" UUID)" fs_type="$(__read_var "$line" TYPE)" case "$fs_type" in ext2|ext3|ext4|xfs|ntfs|vfat) ;; *) continue ;; esac dev_priority="$(__read_priority "$dev_name")" printf '%s\t%s\t%s\t%s\t%s\n' \ "$dev_major_minor" \ "$fs_uuid" "$dev_name" "$dev_priority" \ "$fs_type" done| sort -k1,1 } __read_major_minor() { local data="$(stat -L -c '%t:%T' "$1")" local major="${data%:*}" local minor="${data#*:}" printf '%s:%s' "$((0x$major))" "$((0x$minor))" } __list_mpoints() { local device= mpoint= line= uuid= tags= while read device mpoint line; do [ -b "$device" ] || continue printf '%s\t%s\n' "$(__read_major_minor "$device")" "$mpoint" done "$tempfile" __list_partitions| join -a1 -j1 - "$tempfile"| awk ' { id=$2; dv=$3; pr=$4; fs=$5; mp=$6; if (mp) pr+=4; if (pr >= pr_list[id]) { pr_list[id]=pr; mp_list[id]=mp; fs_list[id]=fs; dv_list[id]=dv } } END { for (i in dv_list) { printf "%s\t%s\t%s\t%s\n",i,dv_list[i],fs_list[i],mp_list[i]; } } ' rm -f -- "$tempfile" } cert_cn() { local file="$1" local subj cn subj="$(openssl x509 -in "$file" -noout -subject)" [ -n "$subj" -a -z "${subj##*/CN=*}" ] || return cn="${subj##*/CN=}" cn="${cn%%/*}" printf '%s' "$cn" } __fetch_certs() { local dev="$1" dir="$2" local file cn find -L "$dir" -maxdepth 1 -mindepth 1 -type f -name '*.pem' -printf '%P\n' | while read file; do [ -f "$dir/$file" ] || continue openssl verify -CAfile "$dir/$file" "$dir/$file" >&2 || continue cn="$(cert_cn "$dir/$file"| tr -cs 'A-Za-z0-9_-' _)" [ -n "$cn" ] || continue cat "$dir/$file" > "$tmpdir/$dev-$file" done } update_cert_cache() { local uuid dev fs mp need_umount find "$tmpdir" -type f -delete __device_list| while read uuid dev fs mp; do need_umount= if [ -z "$mp" ]; then mp="$mount_dir" mkdir -p -- "$mp" [ "$fs" != "ntfs" ] || fs="ntfs-3g" mount -t "$fs" -r "/dev/$dev" "$mp" >&2 || continue need_umount=1 fi __fetch_certs "$dev" "$mp" [ -z "$need_umount" ] || umount "$mp" done } update_cert_cache >/dev/null c_rehash "$cert_dir" >/dev/null on_message() { local cn subj tmp_passwd username dir file line set | grep '^in_' case "$in_action" in list) dir= case "$in__objects" in avail_certs) dir="$tmpdir" ;; certs) dir="$cert_dir" ;; esac [ -n "$dir" ] || return find -L "$dir" -maxdepth 1 -mindepth 1 -type f -name '*.pem' -printf '%P\n' | while read file; do cn="$(cert_cn "$dir/$file")" subj="$(openssl x509 -in "$dir/$file" -noout -subject 2>/dev/null | cut -d= -f 2- | sed 's,\(^[[:blank:]]\+\|[[:blank:]]\+$\),,g')" tmp_passwd="$(mktemp -t)" getent passwd > "$tmp_passwd" username= while read line; do case "$line" in *:*:*:*:"$cn":*:*) username="${line%%:*}" break ;; esac done <"$tmp_passwd" rm -f -- "$tmp_passwd" write_table_item \ name "$file" \ subject "$subj" \ user "$username" done ;; read) ;; write) case "$in__objects" in avail_certs) if [ -n "$in_refresh" ]; then update_cert_cache elif [ -n "$in_add" -a -n "$in_cert" ]; then cn="$(cert_cn "$tmpdir/$in_cert"| tr -cs 'A-Za-z0-9_-' _)" cat "$tmpdir/$in_cert" > "$cert_dir/$cn.pem" c_rehash "$cert_dir" fi ;; certs) if [ -n "$in_delete" -a -n "$in_cert" ]; then rm -f "$cert_dir/$in_cert" c_rehash "$cert_dir" fi ;; esac ;; esac } message_loop # vim: set ts=4: alterator-pkcs11-0.1/ui/000075500000000000000000000000001126040131700150555ustar00rootroot00000000000000alterator-pkcs11-0.1/ui/pkcs11/000075500000000000000000000000001126040131700161575ustar00rootroot00000000000000alterator-pkcs11-0.1/ui/pkcs11/add/000075500000000000000000000000001126040131700167075ustar00rootroot00000000000000alterator-pkcs11-0.1/ui/pkcs11/add/index.scm000064400000000000000000000016341126040131700205260ustar00rootroot00000000000000(document:surround "/std/frame") (define (ui-update-certs) (woo-write "/pkcs11/avail_certs" 'refresh #t) (form-update-enum "certs" (woo-list "/pkcs11/avail_certs"))) (define (on-add) (woo-catch/message (lambda () (woo-write "/pkcs11/avail_certs" 'add #t 'cert (form-value "certs")) (ui-update-certs)))) (define (on-done) (document:end)) ;margin 5 width 600 height 250 (gridbox columns "90;10" (label text (_ "Available certificates:")) (spacer) (listbox columns 3 name "certs" row '#((name . "") (subject . "") (user . "")) header (vector (_ "File") (_ "Subject") (_ "User"))) (gridbox columns "100" align "top" (button text (_ "Refresh") (when clicked (ui-update-certs))) (button text (_ "Add") (when clicked (on-add))) (button text (_ "Done") (when clicked (on-done)))) (spacer)) (document:root (when loaded (ui-update-certs))) alterator-pkcs11-0.1/ui/pkcs11/index.scm000064400000000000000000000015611126040131700177750ustar00rootroot00000000000000(document:surround "/std/frame") (define (ui-update-certs) (form-update-enum "certs" (woo-list "/pkcs11/certs"))) (define (on-delete) (woo-catch/message (lambda () (woo-write "/pkcs11/certs" 'delete #t 'cert (form-value "certs")) (ui-update-certs)))) (define (on-add) (form-popup "/pkcs11/add") (ui-update-certs)) margin 20 (gridbox columns "90;10" (label text (_ "Installed certificates:")) (spacer) (listbox columns 3 name "certs" row '#((name . "") (subject . "") (user . "")) header (vector (_ "File") (_ "Subject") (_ "User"))) (gridbox columns "100" align "top" (button text (_ "Refresh") (when clicked (ui-update-certs))) (button text (_ "Delete") (when clicked (on-delete))) (button text (_ "Add...") (when clicked (on-add)))) (spacer)) (document:root (when loaded (ui-update-certs)))