From 5c34fceb7caf46af06e7f2424f8865432634420f Mon Sep 17 00:00:00 2001
From: Vitezslav Crhonek <vcrhonek@redhat.com>
Date: Fri, 10 Jan 2025 09:00:43 +0100
Subject: [PATCH] Add vlock option to issue prompt before invocation of pam
 stack

Resolves: RHEL-57035
---
 kbd-2.0.4-vlock-add-prompt-option.patch | 84 +++++++++++++++++++++++++
 kbd.spec                                |  9 ++-
 2 files changed, 92 insertions(+), 1 deletion(-)
 create mode 100644 kbd-2.0.4-vlock-add-prompt-option.patch

diff --git a/kbd-2.0.4-vlock-add-prompt-option.patch b/kbd-2.0.4-vlock-add-prompt-option.patch
new file mode 100644
index 0000000..64e6a64
--- /dev/null
+++ b/kbd-2.0.4-vlock-add-prompt-option.patch
@@ -0,0 +1,84 @@
+diff -up kbd-2.0.4/src/vlock/auth.c.orig kbd-2.0.4/src/vlock/auth.c
+--- kbd-2.0.4/src/vlock/auth.c.orig	2016-12-19 16:01:51.000000000 +0100
++++ kbd-2.0.4/src/vlock/auth.c	2024-03-11 12:21:29.861328176 +0100
+@@ -90,6 +90,12 @@ int get_password(pam_handle_t *pamh, con
+ 		}
+ 		fflush(stdout);
+ 
++		if (prompt) {
++			printf(_("Press ENTER to continue.\n"));
++			fflush(stdout);
++			(void )getchar();
++		}
++
+ 		/*
+ 		 * No need to request a delay on failure via pam_fail_delay(3):
+ 		 * authentication module should do it for us.
+diff -up kbd-2.0.4/src/vlock/parse.c.orig kbd-2.0.4/src/vlock/parse.c
+--- kbd-2.0.4/src/vlock/parse.c.orig	2016-12-19 16:01:51.000000000 +0100
++++ kbd-2.0.4/src/vlock/parse.c	2024-03-11 12:20:33.167302197 +0100
+@@ -38,6 +38,13 @@
+  */
+ int o_lock_all;
+ 
++/*
++ * This determines whether there will be prompt before invoking pam
++ * auth stack.
++ * 0 means no, 1 means yes.
++ */
++int prompt;
++
+ const char *
+ locked_name(void)
+ {
+@@ -63,6 +70,8 @@ show_help(void)
+ 	         "       switch to other virtual consoles.\n"
+ 	         "-a or --all: lock all virtual consoles by preventing other users\n"
+ 	         "       from switching virtual consoles.\n"
++                 "-p or --prompt: wait for keypress before invoking pam auth stack,\n"
++                 "       useful for unlocking with smartcard setup.\n"
+ 	         "-v or --version: Print the version number of vlock and exit.\n"
+ 	         "-h or --help: Print this help message and exit.\n"),
+ 	       progname, progname);
+@@ -74,13 +83,14 @@ void parse(int ac, char *const av[])
+ 	static struct option long_options[] = {
+ 		{ "current", 0, 0, 'c' },
+ 		{ "all", 0, 0, 'a' },
++		{ "prompt", 0, 0, 'p' },
+ 		{ "version", 0, 0, 'v' },
+ 		{ "help", 0, 0, 'h' },
+ 		{ 0, 0, 0, 0 },
+ 	};
+ 	int c;
+ 
+-	while ((c = getopt_long(ac, av, "acvh", long_options, 0)) != -1) {
++	while ((c = getopt_long(ac, av, "acpvh", long_options, 0)) != -1) {
+ 		switch (c) {
+ 			case 'c':
+ 				o_lock_all = 0;
+@@ -88,6 +98,9 @@ void parse(int ac, char *const av[])
+ 			case 'a':
+ 				o_lock_all = 1;
+ 				break;
++			case 'p':
++				prompt = 1;
++				break;
+ 			case 'v':
+ 				fprintf(stderr, "%s\n", VERSION);
+ 				exit(EXIT_SUCCESS);
+diff -up kbd-2.0.4/src/vlock/vlock.h.orig kbd-2.0.4/src/vlock/vlock.h
+--- kbd-2.0.4/src/vlock/vlock.h.orig	2016-12-19 16:01:55.000000000 +0100
++++ kbd-2.0.4/src/vlock/vlock.h	2024-03-11 12:21:29.861328176 +0100
+@@ -40,5 +40,12 @@ const char *locked_name(void);
+  */
+ extern int o_lock_all;
+ 
++/*
++ * This determines whether there will be prompt before invoking pam
++ * auth stack.
++ * 0 means no, 1 means yes.
++ */
++extern int prompt;
++
+ /* Copy of the VT mode when the program was started. */
+ extern int is_vt;
diff --git a/kbd.spec b/kbd.spec
index 27dbd96..70e5fda 100644
--- a/kbd.spec
+++ b/kbd.spec
@@ -5,7 +5,7 @@
 
 Name:           kbd
 Version:        2.6.4
-Release:        6%{?dist}
+Release:        7%{?dist}
 Summary:        Tools for configuring the console (keyboard, virtual terminals, etc.)
 License:        GPL-2.0-or-later
 URL:            http://www.kbd-project.org/
@@ -34,6 +34,9 @@ Patch5:         kbd-2.0.2-unicode-start-font.patch
 Patch6:         kbd-2.4.0-covscan-fixes.patch
 # Patch7: initializes variable (SAST)
 Patch7:         kbd-2.6.4-initialize-variable.patch
+# Patch8: adds vlock option to issue prompt before invocation of pam stack
+#   RHEL-RHEL-57035
+Patch8:         kbd-2.0.4-vlock-add-prompt-option.patch
 
 BuildRequires:  gcc, bison, flex, gettext, pam-devel, check-devel, automake
 BuildRequires:  console-setup, xkeyboard-config
@@ -185,6 +188,10 @@ make check
 %{kbd_datadir}/keymaps/legacy
 
 %changelog
+* Fri Jan 10 2025 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.4-7
+- Add vlock option to issue prompt before invocation of pam stack
+  Resolves: RHEL-57035
+
 * Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 2.6.4-6
 - Bump release for October 2024 mass rebuild:
   Resolves: RHEL-64018