Hello Ludovic,
here my next patch (this time a big one).
It adds displaying error messages to the user via pam_prompt. Because in
GDM the messages disappear so quick, I've added a new option
"err_display_time". After
a message is shown with pam_prompt, a "sleep(err_display_time)" is called. This
gives the user
a chance to read the message. Also I prepend every message with an error
number, because
this number is easier to remember, if a user reports a problem.
The messages can be disabled via the "quiet" option.
I've never worked with gettext before. I hope I've done it right.
There's one more patch here addressing a problem with "card_only": I get asked
for a
username if no smartcard is present. Even if "card_only" is true. I've
(somewhat brutal)
changed this. I need some time to make it nice and include it in the trunk
version.
Kind regards,
Dominik Fischer
(I'm not sure if the mailing list accepts attachments. So I add it inline
again.
---8<------8<---
Index: AUTHORS
===================================================================
--- AUTHORS (Revision 490)
+++ AUTHORS (Arbeitskopie)
@@ -19,6 +19,7 @@
Dominik Fischer <dom_fisc...@web.de>
LDAP Mapper
+ Some improvements
Ville Skyttä <vsky...@gmail.com>
Original pam_pkcs11.spec file
Index: src/pam_pkcs11/pam_pkcs11.c
===================================================================
--- src/pam_pkcs11/pam_pkcs11.c (Revision 490)
+++ src/pam_pkcs11/pam_pkcs11.c (Arbeitskopie)
@@ -33,6 +33,7 @@
#include <ctype.h>
#include <string.h>
#include <errno.h>
+#include <unistd.h>
#include "../scconf/scconf.h"
#include "../common/debug.h"
#include "../common/error.h"
@@ -193,6 +194,9 @@
char **issuer, **serial;
const char *login_token_name = NULL;
+ snprintf(password_prompt, sizeof(password_prompt), _("Smartcard
authentification starts"));
+ pam_prompt(pamh, PAM_TEXT_INFO , NULL, password_prompt);
+
/* first of all check whether debugging should be enabled */
for (i = 0; i < argc; i++)
if (strcmp("debug", argv[i]) == 0) {
@@ -314,9 +318,13 @@
if (rv != 0) {
ERR2("load_pkcs11_module() failed loading %s: %s",
configuration->pkcs11_modulepath, get_error());
- if (!configuration->quiet)
- pam_syslog(pamh, LOG_ERR, "load_pkcs11_module() failed loading %s: %s",
- configuration->pkcs11_modulepath, get_error());
+ if (!configuration->quiet) {
+ pam_syslog(pamh, LOG_ERR, "load_pkcs11_module() failed loading
%s: %s",
+ configuration->pkcs11_modulepath, get_error());
+ snprintf(password_prompt, sizeof(password_prompt), _("Error
2302: PKCS#11 module failed loading"));
+ pam_prompt(pamh, PAM_ERROR_MSG , NULL, password_prompt);
+ sleep(configuration->err_display_time);
+ }
return PAM_AUTHINFO_UNAVAIL;
}
@@ -326,8 +334,12 @@
if (rv != 0) {
release_pkcs11_module(ph);
ERR1("init_pkcs11_module() failed: %s", get_error());
- if (!configuration->quiet)
- pam_syslog(pamh, LOG_ERR, "init_pkcs11_module() failed: %s",
get_error());
+ if (!configuration->quiet) {
+ pam_syslog(pamh, LOG_ERR, "init_pkcs11_module() failed: %s",
get_error());
+ snprintf(password_prompt, sizeof(password_prompt), _("Error
2304: PKCS#11 module could not be initialized"));
+ pam_prompt(pamh, PAM_ERROR_MSG , NULL, password_prompt);
+ sleep(configuration->err_display_time);
+ }
return PAM_AUTHINFO_UNAVAIL;
}
@@ -342,8 +354,12 @@
if (rv != 0) {
ERR("no suitable token available");
- if (!configuration->quiet)
- pam_syslog(pamh, LOG_ERR, "no suitable token available");
+ if (!configuration->quiet) {
+ pam_syslog(pamh, LOG_ERR, "no suitable token available");
+ snprintf(password_prompt, sizeof(password_prompt), _("Error
2306: No suitable token available"));
+ pam_prompt(pamh, PAM_ERROR_MSG , NULL, password_prompt);
+ sleep(configuration->err_display_time);
+ }
if (!configuration->card_only) {
release_pkcs11_module(ph);
@@ -376,6 +392,13 @@
return pkcs11_pam_fail;
}
} else if (user) {
+
+ if (!configuration->quiet) {
+ snprintf(password_prompt, sizeof(password_prompt),
_("Error 2308: No smartcard found"));
+ pam_prompt(pamh, PAM_ERROR_MSG , NULL, password_prompt);
+ sleep(configuration->err_display_time);
+ }
+
/* we have a user and no smart card, go to the next pam module */
release_pkcs11_module(ph);
return PAM_AUTHINFO_UNAVAIL;
@@ -399,6 +422,12 @@
if (rv != 0) {
/* user gave us a user id and no smart card go to next module */
+ if (!configuration->quiet) {
+ snprintf(password_prompt, sizeof(password_prompt),
_("Error 2310: No smartcard found"));
+ pam_prompt(pamh, PAM_ERROR_MSG , NULL, password_prompt);
+ sleep(configuration->err_display_time);
+ }
+
release_pkcs11_module(ph);
return PAM_AUTHINFO_UNAVAIL;
}
@@ -410,19 +439,27 @@
}
rv = open_pkcs11_session(ph, slot_num);
if (rv != 0) {
+ ERR1("open_pkcs11_session() failed: %s", get_error());
+ if (!configuration->quiet) {
+ pam_syslog(pamh, LOG_ERR, "open_pkcs11_session() failed: %s",
get_error());
+ snprintf(password_prompt, sizeof(password_prompt), _("Error
2312: open PKCS#11 session failed"));
+ pam_prompt(pamh, PAM_ERROR_MSG , NULL, password_prompt);
+ sleep(configuration->err_display_time);
+ }
release_pkcs11_module(ph);
- ERR1("open_pkcs11_session() failed: %s", get_error());
- if (!configuration->quiet)
- pam_syslog(pamh, LOG_ERR, "open_pkcs11_session() failed: %s",
get_error());
return pkcs11_pam_fail;
}
rv = get_slot_login_required(ph);
if (rv == -1) {
+ ERR1("get_slot_login_required() failed: %s", get_error());
+ if (!configuration->quiet) {
+ pam_syslog(pamh, LOG_ERR, "get_slot_login_required() failed:
%s", get_error());
+ snprintf(password_prompt, sizeof(password_prompt), _("Error
2314: Slot login failed"));
+ pam_prompt(pamh, PAM_ERROR_MSG , NULL, password_prompt);
+ sleep(configuration->err_display_time);
+ }
release_pkcs11_module(ph);
- ERR1("get_slot_login_required() failed: %s", get_error());
- if (!configuration->quiet)
- pam_syslog(pamh, LOG_ERR, "get_slot_login_required() failed: %s",
get_error());
return pkcs11_pam_fail;
} else if (rv) {
/* get password */
@@ -434,7 +471,7 @@
rv = get_slot_protected_authentication_path(ph);
if ((-1 == rv) || (0 == rv))
{
- sprintf(password_prompt, _("%s PIN: "),
_(configuration->token_type));
+ snprintf(password_prompt, sizeof(password_prompt), _("%s PIN:
"), _(configuration->token_type));
if (configuration->use_first_pass) {
rv = pam_get_pwd(pamh, &password, NULL, PAM_AUTHTOK, 0);
} else if (configuration->try_first_pass) {
@@ -444,6 +481,11 @@
rv = pam_get_pwd(pamh, &password, password_prompt, 0,
PAM_AUTHTOK);
}
if (rv != PAM_SUCCESS) {
+ if (!configuration->quiet) {
+ snprintf(password_prompt,
sizeof(password_prompt), _("Error 2316: password could not be read"));
+ pam_prompt(pamh, PAM_ERROR_MSG , NULL,
password_prompt);
+ sleep(configuration->err_display_time);
+ }
release_pkcs11_module(ph);
pam_syslog(pamh, LOG_ERR,
"pam_get_pwd() failed: %s",
pam_strerror(pamh, rv));
@@ -460,6 +502,11 @@
free(password);
pam_syslog(pamh, LOG_ERR,
"password length is zero but the
'nullok' argument was not defined.");
+ if (!configuration->quiet) {
+ snprintf(password_prompt,
sizeof(password_prompt), _("Error 2318: Empty smartcard PIN not allowed."));
+ pam_prompt(pamh, PAM_ERROR_MSG , NULL,
password_prompt);
+ sleep(configuration->err_display_time);
+ }
return PAM_AUTH_ERR;
}
}
@@ -484,8 +531,12 @@
}
if (rv != 0) {
ERR1("open_pkcs11_login() failed: %s", get_error());
- if (!configuration->quiet)
- pam_syslog(pamh, LOG_ERR, "open_pkcs11_login() failed: %s",
get_error());
+ if (!configuration->quiet) {
+ pam_syslog(pamh, LOG_ERR, "open_pkcs11_login() failed: %s",
get_error());
+ snprintf(password_prompt, sizeof(password_prompt),
_("Error 2320: Wrong smartcard PIN"));
+ pam_prompt(pamh, PAM_ERROR_MSG , NULL, password_prompt);
+ sleep(configuration->err_display_time);
+ }
goto auth_failed_nopw;
}
}
@@ -493,8 +544,12 @@
cert_list = get_certificate_list(ph, &ncert);
if (rv<0) {
ERR1("get_certificate_list() failed: %s", get_error());
- if (!configuration->quiet)
- pam_syslog(pamh, LOG_ERR, "get_certificate_list() failed: %s",
get_error());
+ if (!configuration->quiet) {
+ pam_syslog(pamh, LOG_ERR, "get_certificate_list() failed: %s",
get_error());
+ snprintf(password_prompt, sizeof(password_prompt), _("Error
2322: No certificate found"));
+ pam_prompt(pamh, PAM_ERROR_MSG , NULL, password_prompt);
+ sleep(configuration->err_display_time);
+ }
goto auth_failed_nopw;
}
@@ -506,14 +561,35 @@
X509 *x509 = (X509 *)get_X509_certificate(cert_list[i]);
if (!x509 ) continue; /* sanity check */
DBG1("verifing the certificate #%d", i + 1);
+ if (!configuration->quiet) {
+ snprintf(password_prompt, sizeof(password_prompt), _("verifying
certificate"));
+ pam_prompt(pamh, PAM_TEXT_INFO, NULL, password_prompt);
+ }
/* verify certificate (date, signature, CRL, ...) */
rv = verify_certificate(x509,&configuration->policy);
if (rv < 0) {
ERR1("verify_certificate() failed: %s", get_error());
- if (!configuration->quiet)
+ if (!configuration->quiet) {
pam_syslog(pamh, LOG_ERR,
"verify_certificate() failed: %s", get_error());
+ switch (rv) {
+ case -2: // X509_V_ERR_CERT_HAS_EXPIRED:
+ snprintf(password_prompt,
sizeof(password_prompt), _("Error 2324: Certificate has expired"));
+ break;
+ case -3: // X509_V_ERR_CERT_NOT_YET_VALID:
+ snprintf(password_prompt,
sizeof(password_prompt), _("Error 2326: Certificate not yet valid"));
+ break;
+ case -4: //
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
+ snprintf(password_prompt,
sizeof(password_prompt), _("Error 2328: Certificate signature invalid"));
+ break;
+ default:
+ snprintf(password_prompt,
sizeof(password_prompt), _("Error 2330: Certificate invalid"));
+ break;
+ }
+ pam_prompt(pamh, PAM_ERROR_MSG , NULL, password_prompt);
+ sleep(configuration->err_display_time);
+ }
goto auth_failed_nopw;
} else if (rv != 1) {
ERR1("verify_certificate() failed: %s", get_error());
@@ -541,9 +617,13 @@
rv = pam_set_item(pamh, PAM_USER,(const void *)user);
if (rv != PAM_SUCCESS) {
ERR1("pam_set_item() failed %s", pam_strerror(pamh, rv));
- if (!configuration->quiet)
- pam_syslog(pamh, LOG_ERR,
+ if (!configuration->quiet) {
+ pam_syslog(pamh, LOG_ERR,
"pam_set_item() failed %s", pam_strerror(pamh, rv));
+ snprintf(password_prompt,
sizeof(password_prompt), _("Error 2332: setting PAM userentry failed"));
+ pam_prompt(pamh, PAM_ERROR_MSG , NULL,
password_prompt);
+ sleep(configuration->err_display_time);
+ }
goto auth_failed_nopw;
}
chosen_cert = cert_list[i];
@@ -555,8 +635,12 @@
rv = match_user(x509, user);
if (rv < 0) { /* match error; abort and return */
ERR1("match_user() failed: %s", get_error());
- if (!configuration->quiet)
- pam_syslog(pamh, LOG_ERR, "match_user() failed: %s", get_error());
+ if (!configuration->quiet) {
+ pam_syslog(pamh, LOG_ERR, "match_user() failed:
%s", get_error());
+ snprintf(password_prompt,
sizeof(password_prompt), _("Error 2334: No matching user"));
+ pam_prompt(pamh, PAM_ERROR_MSG , NULL,
password_prompt);
+ sleep(configuration->err_display_time);
+ }
goto auth_failed_nopw;
} else if (rv == 0) { /* match didn't success */
DBG("certificate is valid but does not match the user");
@@ -572,16 +656,23 @@
/* now myCert points to our found certificate or null if no user found */
if (!chosen_cert) {
ERR("no valid certificate which meets all requirements found");
- if (!configuration->quiet)
- pam_syslog(pamh, LOG_ERR,
- "no valid certificate which meets all requirements found");
+ if (!configuration->quiet) {
+ pam_syslog(pamh, LOG_ERR,
+ "no valid certificate which meets all
requirements found");
+ snprintf(password_prompt, sizeof(password_prompt), _("Error
2336: No matching certificate found"));
+ pam_prompt(pamh, PAM_ERROR_MSG , NULL, password_prompt);
+ sleep(configuration->err_display_time);
+ }
goto auth_failed_nopw;
}
/* if signature check is enforced, generate random data, sign and verify */
if (configuration->policy.signature_policy) {
+ snprintf(password_prompt, sizeof(password_prompt), _("Checking
signature"));
+ pam_prompt(pamh, PAM_TEXT_INFO, NULL, password_prompt);
+
#ifdef notdef
rv = get_private_key(ph);
if (rv != 0) {
@@ -597,8 +688,12 @@
rv = get_random_value(random_value, sizeof(random_value));
if (rv != 0) {
ERR1("get_random_value() failed: %s", get_error());
- if (!configuration->quiet)
- pam_syslog(pamh, LOG_ERR, "get_random_value() failed: %s",
get_error());
+ if (!configuration->quiet){
+ pam_syslog(pamh, LOG_ERR, "get_random_value() failed:
%s", get_error());
+ snprintf(password_prompt, sizeof(password_prompt),
_("Error 2338: Getting random value failed"));
+ pam_prompt(pamh, PAM_ERROR_MSG , NULL, password_prompt);
+ sleep(configuration->err_display_time);
+ }
goto auth_failed_nopw;
}
@@ -608,8 +703,12 @@
&signature, &signature_length);
if (rv != 0) {
ERR1("sign_value() failed: %s", get_error());
- if (!configuration->quiet)
- pam_syslog(pamh, LOG_ERR, "sign_value() failed: %s", get_error());
+ if (!configuration->quiet) {
+ pam_syslog(pamh, LOG_ERR, "sign_value() failed: %s",
get_error());
+ snprintf(password_prompt, sizeof(password_prompt),
_("Error 2340: Signing failed"));
+ pam_prompt(pamh, PAM_ERROR_MSG , NULL, password_prompt);
+ sleep(configuration->err_display_time);
+ }
goto auth_failed_nopw;
}
@@ -624,8 +723,12 @@
close_pkcs11_session(ph);
release_pkcs11_module(ph);
ERR1("verify_signature() failed: %s", get_error());
- if (!configuration->quiet)
- pam_syslog(pamh, LOG_ERR, "verify_signature() failed: %s",
get_error());
+ if (!configuration->quiet) {
+ pam_syslog(pamh, LOG_ERR, "verify_signature() failed:
%s", get_error());
+ snprintf(password_prompt, sizeof(password_prompt),
_("Error 2342: Verifying signature failed"));
+ pam_prompt(pamh, PAM_ERROR_MSG , NULL, password_prompt);
+ sleep(configuration->err_display_time);
+ }
return PAM_AUTH_ERR;
}
@@ -702,8 +805,12 @@
if (rv != 0) {
release_pkcs11_module(ph);
ERR1("close_pkcs11_session() failed: %s", get_error());
- if (!configuration->quiet)
- pam_syslog(pamh, LOG_ERR, "close_pkcs11_module() failed: %s",
get_error());
+ if (!configuration->quiet) {
+ pam_syslog(pamh, LOG_ERR, "close_pkcs11_module()
failed: %s", get_error());
+ snprintf(password_prompt, sizeof(password_prompt),
_("Error 2344: Closing PKCS#11 session failed"));
+ pam_prompt(pamh, PAM_ERROR_MSG , NULL, password_prompt);
+ sleep(configuration->err_display_time);
+ }
return pkcs11_pam_fail;
}
Index: src/pam_pkcs11/pam_config.c
===================================================================
--- src/pam_pkcs11/pam_config.c (Revision 490)
+++ src/pam_pkcs11/pam_config.c (Arbeitskopie)
@@ -64,7 +64,8 @@
},
N_("Smart card"), /* token_type */
NULL, /* char *username */
- 0 /* int quiet */
+ 0, /* int quiet */
+ 0 /* err_display_time */
};
#ifdef DEBUG_CONFIG
@@ -88,6 +89,7 @@
DBG1("crl_policy %d",configuration.policy.crl_policy);
DBG1("signature_policy %d",configuration.policy.signature_policy);
DBG1("ocsp_policy %d",configuration.policy.ocsp_policy);
+ DBG1("err_display_time %d", configuration.err_display_time);
}
#endif
@@ -118,6 +120,8 @@
DBG1("pam_pkcs11 block not found in config:
%s",configuration.config_file);
return;
}
+ configuration.err_display_time =
+
scconf_get_int(root,"err_display_time",configuration.err_display_time);
configuration.nullok =
scconf_get_bool(root,"nullok",configuration.nullok);
configuration.quiet = scconf_get_bool(root,"quiet",configuration.quiet);
Index: src/pam_pkcs11/pam_config.h
===================================================================
--- src/pam_pkcs11/pam_config.h (Revision 490)
+++ src/pam_pkcs11/pam_config.h (Arbeitskopie)
@@ -45,6 +45,7 @@
const char *token_type;
const char *username; /* provided user name */
int quiet;
+ int err_display_time;
};
struct configuration_st *pk_configure( int argc, const char **argv );
Index: src/common/cert_vfy.c
===================================================================
--- src/common/cert_vfy.c (Revision 490)
+++ src/common/cert_vfy.c (Arbeitskopie)
@@ -431,7 +431,21 @@
X509_STORE_CTX_free(ctx);
X509_STORE_free(store);
set_error("certificate is invalid: %s",
X509_verify_cert_error_string(ctx->error));
- return 0;
+ switch (ctx->error) {
+ case X509_V_ERR_CERT_HAS_EXPIRED:
+ rv = -2;
+ break;
+ case X509_V_ERR_CERT_NOT_YET_VALID:
+ rv = -3;
+ break;
+ case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
+ rv = -4;
+ break;
+ default:
+ rv = 0;
+ break;
+ }
+ return rv;
} else {
DBG("certificate is valid");
}
Index: doc/pam_pkcs11.xml
===================================================================
--- doc/pam_pkcs11.xml (Revision 490)
+++ doc/pam_pkcs11.xml (Arbeitskopie)
@@ -506,6 +506,11 @@
</varlistentry>
<varlistentry>
+<term><token>err_display_time</token></term>
+<listitem>Seconds to wait after error message is shown to give users a chance
to read the message.</listitem>
+</varlistentry>
+
+<varlistentry>
<term><token>config_file</token></term>
<listitem>To specify up configuration file (default
<filename>/etc/pam_pkcs11/pam_pkcs11.conf</filename>)
Index: po/pam_pkcs11.pot
===================================================================
--- po/pam_pkcs11.pot (Revision 490)
+++ po/pam_pkcs11.pot (Arbeitskopie)
@@ -1,13 +1,14 @@
# SOME DESCRIPTIVE TITLE.
-# This file is put in the public domain.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
#
#, fuzzy
msgid ""
msgstr ""
-"Project-Id-Version: pam_pkcs11 0.6.4\n"
+"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2010-10-19 09:39+0200\n"
+"POT-Creation-Date: 2011-03-20 17:35+0100\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <l...@li.org>\n"
@@ -17,43 +18,169 @@
"Content-Transfer-Encoding: 8bit\n"
#: src/pam_pkcs11/pam_pkcs11.c:289 src/pam_pkcs11/pam_pkcs11.c:386
+#: src/pam_pkcs11/pam_pkcs11.c:293 src/pam_pkcs11/pam_pkcs11.c:409
#, c-format
msgid "Please insert your %s or enter your username."
msgstr ""
-#: src/pam_pkcs11/pam_pkcs11.c:358
+#: src/pam_pkcs11/pam_pkcs11.c:358 src/pam_pkcs11/pam_pkcs11.c:374
#, c-format
msgid "Please insert your smart card called \"%.32s\"."
msgstr ""
-#: src/pam_pkcs11/pam_pkcs11.c:363
+#: src/pam_pkcs11/pam_pkcs11.c:363 src/pam_pkcs11/pam_pkcs11.c:379
msgid "Please insert your smart card."
msgstr ""
-#: src/pam_pkcs11/pam_pkcs11.c:408
+#: src/pam_pkcs11/pam_pkcs11.c:408 src/pam_pkcs11/pam_pkcs11.c:437
#, c-format
msgid "%s found."
msgstr ""
-#: src/pam_pkcs11/pam_pkcs11.c:430
+#: src/pam_pkcs11/pam_pkcs11.c:430 src/pam_pkcs11/pam_pkcs11.c:467
#, c-format
msgid "Welcome %.32s!"
msgstr ""
-#: src/pam_pkcs11/pam_pkcs11.c:437
+#: src/pam_pkcs11/pam_pkcs11.c:437 src/pam_pkcs11/pam_pkcs11.c:474
#, c-format
msgid "%s PIN: "
msgstr ""
-#: src/pam_pkcs11/pam_pkcs11.c:469
+#: src/pam_pkcs11/pam_pkcs11.c:469 src/pam_pkcs11/pam_pkcs11.c:516
#, c-format
msgid "Enter your %s PIN on the pinpad"
msgstr ""
-#: src/pam_pkcs11/pam_pkcs11.c:767
+#: src/pam_pkcs11/pam_pkcs11.c:767 src/pam_pkcs11/pam_pkcs11.c:877
msgid "Cannot change the password on your smart card."
msgstr ""
#: src/pam_pkcs11/pam_config.c:65
msgid "Smart card"
msgstr ""
+
+#: src/pam_pkcs11/pam_pkcs11.c:197
+#, c-format
+msgid "Smartcard authentification starts"
+msgstr ""
+
+#: src/pam_pkcs11/pam_pkcs11.c:324
+#, c-format
+msgid "Error 2302: PKCS#11 module failed loading"
+msgstr ""
+
+#: src/pam_pkcs11/pam_pkcs11.c:339
+#, c-format
+msgid "Error 2304: PKCS#11 module could not be initialized"
+msgstr ""
+
+#: src/pam_pkcs11/pam_pkcs11.c:359
+#, c-format
+msgid "Error 2306: No suitable token available"
+msgstr ""
+
+#: src/pam_pkcs11/pam_pkcs11.c:397
+#, c-format
+msgid "Error 2308: No smartcard found"
+msgstr ""
+
+#: src/pam_pkcs11/pam_pkcs11.c:426
+#, c-format
+msgid "Error 2310: No smartcard found"
+msgstr ""
+
+#: src/pam_pkcs11/pam_pkcs11.c:445
+#, c-format
+msgid "Error 2312: open PKCS#11 session failed"
+msgstr ""
+
+#: src/pam_pkcs11/pam_pkcs11.c:458
+#, c-format
+msgid "Error 2314: Slot login failed"
+msgstr ""
+
+#: src/pam_pkcs11/pam_pkcs11.c:485
+#, c-format
+msgid "Error 2316: password could not be read"
+msgstr ""
+
+#: src/pam_pkcs11/pam_pkcs11.c:506
+#, c-format
+msgid "Error 2318: Empty smartcard PIN not allowed."
+msgstr ""
+
+#: src/pam_pkcs11/pam_pkcs11.c:536
+#, c-format
+msgid "Error 2320: Wrong smartcard PIN"
+msgstr ""
+
+#: src/pam_pkcs11/pam_pkcs11.c:549
+#, c-format
+msgid "Error 2322: No certificate found"
+msgstr ""
+
+#: src/pam_pkcs11/pam_pkcs11.c:565
+#, c-format
+msgid "verifying certificate"
+msgstr ""
+
+#: src/pam_pkcs11/pam_pkcs11.c:578
+#, c-format
+msgid "Error 2324: Certificate has expired"
+msgstr ""
+
+#: src/pam_pkcs11/pam_pkcs11.c:581
+#, c-format
+msgid "Error 2326: Certificate not yet valid"
+msgstr ""
+
+#: src/pam_pkcs11/pam_pkcs11.c:584
+#, c-format
+msgid "Error 2328: Certificate signature invalid"
+msgstr ""
+
+#: src/pam_pkcs11/pam_pkcs11.c:587
+#, c-format
+msgid "Error 2330: Certificate invalid"
+msgstr ""
+
+#: src/pam_pkcs11/pam_pkcs11.c:623
+#, c-format
+msgid "Error 2332: setting PAM userentry failed"
+msgstr ""
+
+#: src/pam_pkcs11/pam_pkcs11.c:640
+#, c-format
+msgid "Error 2334: No matching user"
+msgstr ""
+
+#: src/pam_pkcs11/pam_pkcs11.c:662
+#, c-format
+msgid "Error 2336: No matching certificate found"
+msgstr ""
+
+#: src/pam_pkcs11/pam_pkcs11.c:672
+#, c-format
+msgid "Checking signature"
+msgstr ""
+
+#: src/pam_pkcs11/pam_pkcs11.c:693
+#, c-format
+msgid "Error 2338: Getting random value failed"
+msgstr ""
+
+#: src/pam_pkcs11/pam_pkcs11.c:708
+#, c-format
+msgid "Error 2340: Signing failed"
+msgstr ""
+
+#: src/pam_pkcs11/pam_pkcs11.c:728
+#, c-format
+msgid "Error 2342: Verifying signature failed"
+msgstr ""
+
+#: src/pam_pkcs11/pam_pkcs11.c:810
+#, c-format
+msgid "Error 2344: Closing PKCS#11 session failed"
+msgstr ""
Index: po/de.po
===================================================================
--- po/de.po (Revision 490)
+++ po/de.po (Arbeitskopie)
@@ -1,55 +1,66 @@
# SOME DESCRIPTIVE TITLE.
-# This file is put in the public domain.
-# FIRST AUTHOR <winte...@informatik.uni-freiburg.de>, 2007.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
#
msgid ""
msgstr ""
-"Project-Id-Version: pam_pkcs11 0.6.3\n"
+"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2010-10-19 09:39+0200\n"
-"PO-Revision-Date: 2007-09-11 14:08+0100\n"
-"Last-Translator: Peter Winterer <winte...@informatik.uni-freiburg.de>\n"
-"Language-Team: German\n"
-"Language: de\n"
+"POT-Creation-Date: 2011-03-20 16:55+0100\n"
+"PO-Revision-Date: 2011-03-20 17:04+0100\n"
+"Last-Translator: Dominik Fischer <dom_fisc...@web.de>\n"
+"Language-Team: LANGUAGE <l...@li.org>\n"
+"Language: \n"
"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=utf-8\n"
+"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-#: src/pam_pkcs11/pam_pkcs11.c:289 src/pam_pkcs11/pam_pkcs11.c:386
+#: src/pam_pkcs11/pam_pkcs11.c:289
+#: src/pam_pkcs11/pam_pkcs11.c:386
+#: src/pam_pkcs11/pam_pkcs11.c:293
+#: src/pam_pkcs11/pam_pkcs11.c:409
#, c-format
msgid "Please insert your %s or enter your username."
msgstr "Bitte %s einstecken oder Benutzername eingeben."
#: src/pam_pkcs11/pam_pkcs11.c:358
+#: src/pam_pkcs11/pam_pkcs11.c:374
#, c-format
msgid "Please insert your smart card called \"%.32s\"."
msgstr "Bitte stecken Sie Ihre Smart Card mit der Bezeichnung \"%.32s\" ein"
#: src/pam_pkcs11/pam_pkcs11.c:363
+#: src/pam_pkcs11/pam_pkcs11.c:379
msgid "Please insert your smart card."
msgstr "Bitte stecken Sie Ihre Smart Card ein."
#: src/pam_pkcs11/pam_pkcs11.c:408
+#: src/pam_pkcs11/pam_pkcs11.c:437
#, c-format
msgid "%s found."
-msgstr ""
+msgstr "%s gefunden."
#: src/pam_pkcs11/pam_pkcs11.c:430
+#: src/pam_pkcs11/pam_pkcs11.c:467
#, c-format
msgid "Welcome %.32s!"
msgstr "Willkommen %.32s!"
#: src/pam_pkcs11/pam_pkcs11.c:437
+#: src/pam_pkcs11/pam_pkcs11.c:474
#, c-format
msgid "%s PIN: "
msgstr ""
#: src/pam_pkcs11/pam_pkcs11.c:469
+#: src/pam_pkcs11/pam_pkcs11.c:516
#, c-format
msgid "Enter your %s PIN on the pinpad"
-msgstr ""
+msgstr "Bitte geben Sie Ihre %s PIN auf dem Pinpad ein"
#: src/pam_pkcs11/pam_pkcs11.c:767
+#: src/pam_pkcs11/pam_pkcs11.c:877
msgid "Cannot change the password on your smart card."
msgstr "Das Kennwort Ihrer Smart Card kann nicht geändert werden."
@@ -57,5 +68,128 @@
msgid "Smart card"
msgstr "Smart Card"
-#~ msgid "Smart card password: "
-#~ msgstr "Smart Card Kennwort:"
+#: src/pam_pkcs11/pam_pkcs11.c:197
+#, c-format
+msgid "Smartcard authentification starts"
+msgstr "Smartcardauthentifizierung startet"
+
+#: src/pam_pkcs11/pam_pkcs11.c:324
+#, c-format
+msgid "Error 2302: PKCS#11 module failed loading"
+msgstr "Fehler 2302: PKCS11-Modul konnte nicht geladen werden."
+
+#: src/pam_pkcs11/pam_pkcs11.c:339
+#, c-format
+msgid "Error 2304: PKCS#11 module could not be initialized"
+msgstr "Fehler 2304: PKCS11-Modul konnte nicht initialisiert werden."
+
+#: src/pam_pkcs11/pam_pkcs11.c:359
+#, c-format
+msgid "Error 2306: No suitable token available"
+msgstr "Fehler 2306: Es wurde keine Smartcard gefunden."
+
+#: src/pam_pkcs11/pam_pkcs11.c:397
+#, c-format
+msgid "Error 2308: No smartcard found"
+msgstr "Fehler 2308: Es wurde keine Smartcard gefunden."
+
+#: src/pam_pkcs11/pam_pkcs11.c:426
+#, c-format
+msgid "Error 2310: No smartcard found"
+msgstr "Fehler 2310: Es wurde keine Smartcard gefunden."
+
+#: src/pam_pkcs11/pam_pkcs11.c:445
+#, c-format
+msgid "Error 2312: open PKCS#11 session failed"
+msgstr "Fehler 2312: PKCS11-Session konnte nicht geoeffnet werden."
+
+#: src/pam_pkcs11/pam_pkcs11.c:458
+#, c-format
+msgid "Error 2314: Slot login failed"
+msgstr "Fehler 2314: Slot Login fehlgeschlagen."
+
+#: src/pam_pkcs11/pam_pkcs11.c:485
+#, c-format
+msgid "Error 2316: password could not be read"
+msgstr "Fehler 2316: Passwort konnte nicht eingelesen werden."
+
+#: src/pam_pkcs11/pam_pkcs11.c:506
+#, c-format
+msgid "Error 2318: Empty smartcard PIN not allowed."
+msgstr "Fehler 2318: Smartcard PIN darf nicht leer sein."
+
+#: src/pam_pkcs11/pam_pkcs11.c:536
+#, c-format
+msgid "Error 2320: Wrong smartcard PIN"
+msgstr "Fehler 2320: Die eingegebene Smartcard PIN ist falsch."
+
+#: src/pam_pkcs11/pam_pkcs11.c:549
+#, c-format
+msgid "Error 2322: No certificate found"
+msgstr "Fehler 2322: Es wurde kein Zertifikat gefunden."
+
+#: src/pam_pkcs11/pam_pkcs11.c:565
+#, c-format
+msgid "verifying certificate"
+msgstr "Zertifikat wird geprueft."
+
+#: src/pam_pkcs11/pam_pkcs11.c:578
+#, c-format
+msgid "Error 2324: Certificate has expired"
+msgstr "Fehler 2324: Zertifikat abgelaufen."
+
+#: src/pam_pkcs11/pam_pkcs11.c:581
+#, c-format
+msgid "Error 2326: Certificate not yet valid"
+msgstr "Fehler 2326: Zertifikat noch nicht gueltig."
+
+#: src/pam_pkcs11/pam_pkcs11.c:584
+#, c-format
+msgid "Error 2328: Certificate signature invalid"
+msgstr "Fehler 2328: Zertifikatsunterschrift ungueltig."
+
+#: src/pam_pkcs11/pam_pkcs11.c:587
+#, c-format
+msgid "Error 2330: Certificate invalid"
+msgstr "Fehler 2330: Ungueltiges Zertifikat gefunden."
+
+#: src/pam_pkcs11/pam_pkcs11.c:623
+#, c-format
+msgid "Error 2332: setting PAM userentry failed"
+msgstr "Fehler 2332: PAM Usereintrag konnte nicht gesetzt werden."
+
+#: src/pam_pkcs11/pam_pkcs11.c:640
+#, c-format
+msgid "Error 2334: No matching user"
+msgstr "Fehler 2334: Pruefung des Usereintrags fehlgeschlagen."
+
+#: src/pam_pkcs11/pam_pkcs11.c:662
+#, c-format
+msgid "Error 2336: No matching certificate found"
+msgstr "Fehler 2336: Kein passendes Zertifikat gefunden."
+
+#: src/pam_pkcs11/pam_pkcs11.c:672
+#, c-format
+msgid "Checking signature"
+msgstr "Signieren wird geprueft."
+
+#: src/pam_pkcs11/pam_pkcs11.c:693
+#, c-format
+msgid "Error 2338: Getting random value failed"
+msgstr "Fehler 2338: Holen der Zufallszahl zum Signieren fehlgeschlagen."
+
+#: src/pam_pkcs11/pam_pkcs11.c:708
+#, c-format
+msgid "Error 2340: Signing failed"
+msgstr "Fehler 2340: Signieren fehlgeschlagen."
+
+#: src/pam_pkcs11/pam_pkcs11.c:728
+#, c-format
+msgid "Error 2342: Verifying signature failed"
+msgstr "Fehler 2342: Verifizierung der Signatur fehlgeschlagen."
+
+#: src/pam_pkcs11/pam_pkcs11.c:810
+#, c-format
+msgid "Error 2344: Closing PKCS#11 session failed"
+msgstr "Fehler 2344: PKCS11 Session konnte nicht geschlossen werden."
+
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
