4 files changed, 77 insertions, 2 deletions

diff --git a/security/pam_bsdbioapi/Makefile b/security/pam_bsdbioapi/Makefile
index a0d9e17306cd..c46bf4a90bfa 100644
--- a/security/pam_bsdbioapi/Makefile
+++ b/security/pam_bsdbioapi/Makefile
@@ -7,6 +7,7 @@
 
 PORTNAME=	pam_bsdbioapi
 PORTVERSION=	1.5
+PORTREVISION=	1
 CATEGORIES=	security
 MASTER_SITES=	http://shapeshifter.se/pub/pam_bsdbioapi/
 
@@ -15,7 +16,7 @@ COMMENT=	PAM module for BioAPI
 
 LIB_DEPENDS=	bioapi100.0:${PORTSDIR}/security/bioapi
 
-INSTALLS_SHLIB=	yes
+USE_LDCONFIG=	yes
 SUB_FILES=	pkg-message
 MAN8=		pam_bsdbioapi.8
 MAN3=		libbirdb.3
diff --git a/security/pam_bsdbioapi/files/patch-src_pam_bsdbioapi_pam_bsdbioapi.8 b/security/pam_bsdbioapi/files/patch-src_pam_bsdbioapi_pam_bsdbioapi.8
new file mode 100644
index 000000000000..0e7d99d87b32
--- /dev/null
+++ b/security/pam_bsdbioapi/files/patch-src_pam_bsdbioapi_pam_bsdbioapi.8
@@ -0,0 +1,23 @@
+--- src/pam_bsdbioapi/pam_bsdbioapi.8	Thu Feb 23 06:15:13 2006
++++ src/pam_bsdbioapi/pam_bsdbioapi.8.orig	Sun Dec 10 06:36:31 2006
+@@ -36,6 +36,7 @@
+ .Ar pam_bsdbioapi
+ .Ar bsp-uuid 
+ .Ar backend
++.Op -s
+ .Op -f birdb-path
+ .Op -m message-file
+ .Sh DESCRIPTION
+@@ -69,6 +70,12 @@
+ This option is required.
+ .Pp
+ .Bl -tag -width ".Fl m Ar message-file"
++.It Fl s
++Fail without prompting the user to swipe finger if the user has not enrolled
++yet.
++This is useful if only a handful of users has enrolled, but leaks whether the
++given user has enrolled, to whomever tries to authenticate as the user (e.g.
++an attacker outside).
+ .It Fl f Ar birdb-path
+ Specify an alternative path to the birdb.conf file for backend configuration.
+ The default is /usr/local/etc/birdb.conf
diff --git a/security/pam_bsdbioapi/files/patch-src_pam_bsdbioapi_pam_bsdbioapi.c b/security/pam_bsdbioapi/files/patch-src_pam_bsdbioapi_pam_bsdbioapi.c
new file mode 100644
index 000000000000..9e125ce4eafc
--- /dev/null
+++ b/security/pam_bsdbioapi/files/patch-src_pam_bsdbioapi_pam_bsdbioapi.c
@@ -0,0 +1,51 @@
+--- src/pam_bsdbioapi/pam_bsdbioapi.c	Thu Feb 23 06:15:13 2006
++++ src/pam_bsdbioapi/pam_bsdbioapi.c.orig	Sun Dec 10 06:26:57 2006
+@@ -215,7 +215,7 @@
+     int argc, const char *argv[])
+ {
+ 	const char *user, *bsp_id, *dbid, *conf, *msgfile;
+-	int error, pam_retval = PAM_AUTH_ERR;
++	int error, pam_retval = PAM_AUTH_ERR, skip_unenrolled;
+ 	BioAPI_HANDLE *handle;
+ 	struct birdb_rec keyrec, **recs;
+ 	struct birdb_mod *bm;
+@@ -241,9 +241,10 @@
+ 
+ 	conf = DEFCONFPATH; 
+ 	msgfile = NULL;
++	skip_unenrolled = 0;
+ 
+ 	optind = 2;
+-	while ((opt = getopt(argc, (char **)argv, "m:f:")) != -1) {
++	while ((opt = getopt(argc, (char **)argv, "m:f:s")) != -1) {
+ 		switch (opt) {
+ 		case 'm':
+ 			msgfile = argv[optind - 1];
+@@ -253,6 +254,9 @@
+ 			conf = argv[optind - 1];
+ 			PAM_LOG("Got birdb configuration file: %s", conf);
+ 			break;
++		case 's':
++			skip_unenrolled = 1;
++			break;
+ 		}
+ 	}
+ 
+@@ -271,7 +275,6 @@
+ 	PAM_LOG("Got user: %s", user);
+ 
+ 	setuid(euid);
+-	pam_info(pamh, "Initiating biometric authentication..."); 
+ 
+ 	error = bioapi_init();
+ 	if (error)
+@@ -312,7 +315,8 @@
+ 
+ 	keyrec.br_key = (char *)user;
+ 	recs = birdb_backend_get(bm, bmh, &keyrec);
+-	if (recs != NULL) {
++	if (recs != NULL && (!skip_unenrolled || recs[0] != NULL)) {
++		pam_info(pamh, "Initiating biometric authentication..."); 
+ 		handle = bioapi_attach_bsp(bsp_id);
+ 		if (handle == NULL) {
+ 			PAM_VERBOSE_ERROR("Failed to attach the selected BSP");
diff --git a/security/pam_bsdbioapi/pkg-plist b/security/pam_bsdbioapi/pkg-plist
index b3b41b90076b..b7db4a128f04 100644
--- a/security/pam_bsdbioapi/pkg-plist
+++ b/security/pam_bsdbioapi/pkg-plist
@@ -5,5 +5,5 @@ lib/libbirdb.a
 lib/libbirdb.so
 lib/pam_bsdbioapi.so
 @dirrm share/birdb
-share/pam_bsdbioapi/upek_touchchip.cmsg
+%%DATADIR%%/upek_touchchip.cmsg
 @dirrm share/pam_bsdbioapi