Hello community, here is the log from the commit of package pam_kwallet for openSUSE:Factory checked in at 2019-06-12 13:30:09 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/pam_kwallet (Old) and /work/SRC/openSUSE:Factory/.pam_kwallet.new.4811 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pam_kwallet" Wed Jun 12 13:30:09 2019 rev:49 rq:708316 version:5.16.0 Changes: -------- --- /work/SRC/openSUSE:Factory/pam_kwallet/pam_kwallet.changes 2019-05-08 15:17:05.113071285 +0200 +++ /work/SRC/openSUSE:Factory/.pam_kwallet.new.4811/pam_kwallet.changes 2019-06-12 13:30:13.968239874 +0200 @@ -1,0 +2,21 @@ +Thu Jun 6 14:07:09 UTC 2019 - fab...@ritter-vogt.de + +- Update to 5.16.0 + * New bugfix release + * For more details please see: + * https://www.kde.org/announcements/plasma-5.16.0.php +- No code changes since 5.15.90 + +------------------------------------------------------------------- +Thu May 16 16:56:38 UTC 2019 - fab...@ritter-vogt.de + +- Update to 5.15.90 + * New feature release + * For more details please see: + * https://www.kde.org/announcements/plasma-5.15.90.php +- Changes since 5.15.5: + * Don't hardcode default kwallet path + * Remove kwallet4 support + * Add readme explaining how kwallet-pam works + +------------------------------------------------------------------- Old: ---- kwallet-pam-5.15.5.tar.xz kwallet-pam-5.15.5.tar.xz.sig New: ---- kwallet-pam-5.16.0.tar.xz kwallet-pam-5.16.0.tar.xz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pam_kwallet.spec ++++++ --- /var/tmp/diff_new_pack.QzVb0c/_old 2019-06-12 13:30:14.424239635 +0200 +++ /var/tmp/diff_new_pack.QzVb0c/_new 2019-06-12 13:30:14.428239633 +0200 @@ -16,17 +16,16 @@ # -%bcond_without lang Name: pam_kwallet -Version: 5.15.5 +Version: 5.16.0 Release: 0 Summary: A PAM Module for KWallet signing License: LGPL-2.1-only AND GPL-2.0-or-later AND GPL-3.0-only Group: System/GUI/KDE Url: http://www.kde.org/ -Source: https://download.kde.org/stable/plasma/%{version}/kwallet-pam-%{version}.tar.xz +Source: kwallet-pam-%{version}.tar.xz %if %{with lang} -Source1: https://download.kde.org/stable/plasma/%{version}/kwallet-pam-%{version}.tar.xz.sig +Source1: http://download.kde.org/unstable/plasma/%{version}/kwallet-pam-%{version}.tar.xz.sig Source2: plasma.keyring %endif Source3: baselibs.conf @@ -36,6 +35,7 @@ BuildRequires: pam-devel BuildRequires: socat BuildRequires: xz +BuildRequires: cmake(KF5Wallet) >= 5.58.0 Requires: %{name}-common = %{version} %if 0%{?suse_version} >= 1330 Requires(post): coreutils pam pam-config ++++++ kwallet-pam-5.15.5.tar.xz -> kwallet-pam-5.16.0.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-pam-5.15.5/CMakeLists.txt new/kwallet-pam-5.16.0/CMakeLists.txt --- old/kwallet-pam-5.15.5/CMakeLists.txt 2019-05-07 11:54:32.000000000 +0200 +++ new/kwallet-pam-5.16.0/CMakeLists.txt 2019-06-06 14:59:44.000000000 +0200 @@ -1,7 +1,7 @@ project(pam_kwallet) cmake_minimum_required(VERSION 2.8.12) -set(KF5_MIN_VERSION "5.54.0") -set(PROJECT_VERSION "5.15.5") +set(KF5_MIN_VERSION "5.58.0") +set(PROJECT_VERSION "5.16.0") set(PROJECT_VERSION_MAJOR 5) find_package (ECM ${KF5_MIN_VERSION} REQUIRED NO_MODULE) @@ -28,18 +28,19 @@ ${LIBGCRYPT_INCLUDE_DIR} ) -add_definitions(-DKWALLET5) set(library_name "pam_kwallet5") -if ("${KWALLET4}" STREQUAL "1") - remove_definitions(-DKWALLET5) - set(library_name "pam_kwallet") -endif() - set(pam_kwallet_SRCS pam_kwallet.c ) +set(KF5_MIN_VERSION "5.58.0") +find_package(KF5 ${KF5_MIN_VERSION} REQUIRED COMPONENTS + Wallet +) + +add_definitions(-DKWALLETD_BIN_PATH="${KWALLETD_BIN_PATH}") + if (APPLE) LIST(APPEND pam_kwallet_SRCS pam_darwin.c diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-pam-5.15.5/README.txt new/kwallet-pam-5.16.0/README.txt --- old/kwallet-pam-5.15.5/README.txt 1970-01-01 01:00:00.000000000 +0100 +++ new/kwallet-pam-5.16.0/README.txt 2019-06-06 14:59:44.000000000 +0200 @@ -0,0 +1,16 @@ +How kwallet-pam works: + +During the pam "auth" (pam_authenticate) stage the module gets the password in plain text. +It hashes it against a random salt previously generated by kwallet of random data and keeps it in memory. + +When we get to the "session" (pam_open_session) stage the pam module forks and launches kwalletd as the user with file descriptor AND a socket. +We send the salted password over the file descriptor after forking and write the socket address to an env variable. + +KWalletd recieves the pre-hashed key and then sits there doing nothing. (before the QApplication constructor) + +Later after session startup (autostart apps phase 0) a small script passes the newly set environment from the user session to kwalletd over the socket. + +kwalletd receives this, sets the environment variables and continues into the normal bootup. + +The session env is needed as if we launch pre session various important env vars are not set and kwalletd is a graphical app. + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-pam-5.15.5/pam_kwallet.c new/kwallet-pam-5.16.0/pam_kwallet.c --- old/kwallet-pam-5.15.5/pam_kwallet.c 2019-05-07 11:54:32.000000000 +0200 +++ new/kwallet-pam-5.16.0/pam_kwallet.c 2019-06-06 14:59:44.000000000 +0200 @@ -76,11 +76,7 @@ const static char *logPrefix = NULL; static int force_run = 0; -#ifdef KWALLET5 const static char *envVar = "PAM_KWALLET5_LOGIN"; -#else -const static char *envVar = "PAM_KWALLET_LOGIN"; -#endif static int argumentsParsed = -1; @@ -105,12 +101,11 @@ force_run = 1; } } -#ifdef KWALLET5 if (kdehome == NULL) { kdehome = ".local/share"; } if (kwalletd == NULL) { - kwalletd = "/usr/bin/kwalletd5"; + kwalletd = KWALLETD_BIN_PATH; } if (kwalletPamDataKey == NULL) { kwalletPamDataKey = "kwallet5_key"; @@ -118,20 +113,6 @@ if (logPrefix == NULL) { logPrefix = "pam_kwallet5"; } -#else - if (kdehome == NULL) { - kdehome = ".kde"; - } - if (kwalletd == NULL) { - kwalletd = "/usr/bin/kwalletd"; - } - if (kwalletPamDataKey == NULL) { - kwalletPamDataKey = "kwallet_key"; - } - if (logPrefix == NULL) { - logPrefix = "pam_kwallet"; - } -#endif } static const char* get_env(pam_handle_t *ph, const char *name) @@ -452,12 +433,7 @@ char sockIn[4]; sprintf(sockIn, "%d", envSocket); -#ifdef KWALLET5 - char* extraArg = NULL; -#else - char* extraArg = "--nofork"; -#endif - char *args[] = {strdup(kwalletd), "--pam-login", pipeInt, sockIn, extraArg, NULL}; + char *args[] = {strdup(kwalletd), "--pam-login", pipeInt, sockIn, NULL, NULL}; execve(args[0], args, pam_getenvlist(pamh)); syslog(LOG_ERR, "%s: could not execute kwalletd from %s", logPrefix, kwalletd); @@ -495,11 +471,7 @@ pam_syslog(pamh, LOG_ERR, "%s: Couldn't create pipes", logPrefix); } -#ifdef KWALLET5 const char *socketPrefix = "kwallet5"; -#else - const char *socketPrefix = "kwallet"; -#endif char *fullSocket = NULL; if (socketPath) { @@ -814,11 +786,7 @@ return 1; } -#ifdef KWALLET5 const char *fixpath = "kwalletd/kdewallet.salt"; -#else - const char *fixpath = "share/apps/kwallet/kdewallet.salt"; -#endif size_t pathSize = strlen(userInfo->pw_dir) + strlen(kdehome) + strlen(fixpath) + 3;//3 == /, / and \0 char *path = (char*) malloc(pathSize); sprintf(path, "%s/%s/%s", userInfo->pw_dir, kdehome, fixpath); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kwallet-pam-5.15.5/pam_kwallet_init new/kwallet-pam-5.16.0/pam_kwallet_init --- old/kwallet-pam-5.15.5/pam_kwallet_init 2019-05-07 11:54:32.000000000 +0200 +++ new/kwallet-pam-5.16.0/pam_kwallet_init 2019-06-06 14:59:44.000000000 +0200 @@ -1,9 +1,5 @@ #!/bin/sh -if test -n "$PAM_KWALLET_LOGIN" ; then - env | socat STDIN UNIX-CONNECT:$PAM_KWALLET_LOGIN -fi - if test -n "$PAM_KWALLET5_LOGIN" ; then env | socat STDIN UNIX-CONNECT:$PAM_KWALLET5_LOGIN fi