Add vlock option to issue prompt before invokation of pam stack

Resolves: RHEL-57034
2025-01-09 08:46:00 +01:00 · 2025-01-09 08:46:00 +01:00 · ca558dac72
commit ca558dac72
parent e03d66fdc0
3 changed files with 104 additions and 12 deletions
--- a/kbd-2.4.0-11.el9.src.rpm
+++ b/kbd-2.4.0-11.el9.src.rpm
--- a/kbd-2.4.0-vlock-add-prompt-option.patch
+++ b/kbd-2.4.0-vlock-add-prompt-option.patch
@ -0,0 +1,84 @@
+diff -up kbd-2.4.0/src/vlock/auth.c.orig kbd-2.4.0/src/vlock/auth.c
+--- kbd-2.4.0/src/vlock/auth.c.orig	2018-06-08 12:20:10.000000000 +0200
+++ kbd-2.4.0/src/vlock/auth.c	2024-09-09 11:28:02.001003452 +0200
+@@ -91,6 +91,12 @@ int get_password(pam_handle_t *pamh, con
+ 		}
+ 		fflush(stdout);
+ 
+		if (prompt) {
+			printf(_("Press ENTER to continue.\n"));
+			fflush(stdout);
+			(void )getchar();
+		}
+
+ 		/*
+ 		 * No need to request a delay on failure via pam_fail_delay(3):
+ 		 * authentication module should do it for us.
+diff -up kbd-2.4.0/src/vlock/parse.c.orig kbd-2.4.0/src/vlock/parse.c
+--- kbd-2.4.0/src/vlock/parse.c.orig	2019-06-25 11:41:55.000000000 +0200
+++ kbd-2.4.0/src/vlock/parse.c	2024-09-09 11:28:02.001003452 +0200
+@@ -39,6 +39,13 @@
+  */
+ int o_lock_all;
+ 
+/*
+ * This determines whether there will be prompt before invoking pam
+ * auth stack.
+ * 0 means no, 1 means yes.
+ */
+int prompt;
+
+ const char *
+ locked_name(void)
+ {
+@@ -65,6 +72,8 @@ show_help(void)
+ 	         "       switch to other virtual consoles.\n"
+ 	         "-a or --all: lock all virtual consoles by preventing other users\n"
+ 	         "       from switching virtual consoles.\n"
+                 "-p or --prompt: wait for keypress before invoking pam auth stack,\n"
+                 "       useful for unlocking with smartcard setup.\n"
+ 	         "-v or --version: Print the version number of vlock and exit.\n"
+ 	         "-h or --help: Print this help message and exit.\n"),
+ 	       progname, progname);
+@@ -76,13 +85,14 @@ void parse(int ac, char *const av[])
+ 	static struct option long_options[] = {
+ 		{ "current", 0, 0, 'c' },
+ 		{ "all", 0, 0, 'a' },
+		{ "prompt", 0, 0, 'p' },
+ 		{ "version", 0, 0, 'v' },
+ 		{ "help", 0, 0, 'h' },
+ 		{ 0, 0, 0, 0 },
+ 	};
+ 	int c;
+ 
+-	while ((c = getopt_long(ac, av, "acvh", long_options, 0)) != -1) {
+	while ((c = getopt_long(ac, av, "acpvh", long_options, 0)) != -1) {
+ 		switch (c) {
+ 			case 'c':
+ 				o_lock_all = 0;
+@@ -90,6 +100,9 @@ void parse(int ac, char *const av[])
+ 			case 'a':
+ 				o_lock_all = 1;
+ 				break;
+			case 'p':
+				prompt = 1;
+				break;
+ 			case 'v':
+ 				fprintf(stderr, "%s\n", VERSION);
+ 				exit(EXIT_SUCCESS);
+diff -up kbd-2.4.0/src/vlock/vlock.h.orig kbd-2.4.0/src/vlock/vlock.h
+--- kbd-2.4.0/src/vlock/vlock.h.orig	2017-01-12 22:23:16.000000000 +0100
+++ kbd-2.4.0/src/vlock/vlock.h	2024-09-09 11:28:02.001003452 +0200
+@@ -40,5 +40,12 @@ const char *locked_name(void);
+  */
+ extern int o_lock_all;
+ 
+/*
+ * This determines whether there will be prompt before invoking pam
+ * auth stack.
+ * 0 means no, 1 means yes.
+ */
+extern int prompt;
+
+ /* Copy of the VT mode when the program was started. */
+ extern int is_vt;
--- a/kbd.spec
+++ b/kbd.spec
@ -5,7 +5,7 @@

 Name:           kbd
 Version:        2.4.0
-Release:        10%{?dist}
+Release:        11%{?dist}
 Summary:        Tools for configuring the console (keyboard, virtual terminals, etc.)
 License:        GPLv2+
 URL:            http://www.kbd-project.org/
@ -40,6 +40,9 @@ Patch8:         kbd-2.4.0-covscan-fixes.patch
 Patch9:         kbd-2.4.0-setfont-exit-code.patch
 # Patch10: initializes variable (SAST)
 Patch10:        kbd-2.4.0-initialize-variable.patch
+# Patch11: adds vlock option to issue prompt before invokation of pam stack,
+#   RHEL-57034
+Patch11:         kbd-2.4.0-vlock-add-prompt-option.patch

 BuildRequires:  gcc, bison, flex, gettext, pam-devel, check-devel, automake
 BuildRequires:  console-setup, xkeyboard-config
@ -77,17 +80,18 @@ Please note that %{name}-legacy is not helpful without kbd.
 %setup -q -a 1 -a 2
 cp -fp %{SOURCE3} .
 cp -fp %{SOURCE6} .
-%patch0 -p1 -b .keycodes-man
-%patch1 -p1 -b .sparc
-%patch2 -p1 -b .unicode_start
-%patch3 -p1 -b .dumpkeys-man
-%patch4 -p1 -b .sg-decimal-separator
-%patch5 -p1 -b .loadkeys-search-path
-%patch6 -p1 -b .unicode-start-font
-%patch7 -p1 -b .covscan-fixes
-%patch8 -p1 -b .covscan-fixes-pt2
-%patch9 -p1 -b .setfont-exit-code
-%patch10 -p1 -b .initialize-variable
+%patch -P 0 -p1 -b .keycodes-man
+%patch -P 1 -p1 -b .sparc
+%patch -P 2 -p1 -b .unicode_start
+%patch -P 3 -p1 -b .dumpkeys-man
+%patch -P 4 -p1 -b .sg-decimal-separator
+%patch -P 5 -p1 -b .loadkeys-search-path
+%patch -P 6 -p1 -b .unicode-start-font
+%patch -P 7 -p1 -b .covscan-fixes
+%patch -P 8 -p1 -b .covscan-fixes-pt2
+%patch -P 9 -p1 -b .setfont-exit-code
+%patch -P 10 -p1 -b .initialize-variable
+%patch -P 11 -p1 -b .vlock-add-prompt-option
 aclocal
 autoconf

@ -200,6 +204,10 @@ make check
 %{kbd_datadir}/keymaps/legacy

 %changelog
+* Thu Jan 09 2025 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.4.0-11
+- Add vlock option to issue prompt before invokation of pam stack
+  Resolves: RHEL-57034
+
 * Tue May 21 2024 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.4.0-10
 - Initialize variable to avoid possible uninitialized use
  Resolves: RHEL-31795