This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours

Bug 431320

Summary: Review Request: pam_usb - Hardware authentication using ordinary USB Flash Drives
Product: [Fedora] Fedora Reporter: Guidolin Francesco <guidolinfrancesco>
Component: Package ReviewAssignee: Lubomir Rintel <lkundrak>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: rawhideCC: fedora-package-review, mtasaka, notting
Target Milestone: ---Flags: tibbs: fedora_requires_release_note-
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-08-22 17:12:30 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Bug Depends On:    
Bug Blocks: 201449    

Description Guidolin Francesco 2008-02-02 14:54:06 EST
Spec URL: http://web.tiscali.it/guidonet/pam_usb/pam_usb.spec
SRPM URL: http://web.tiscali.it/guidonet/pam_usb/pam_usb-0.4.2-1.fc8.src.rpm
Description: 

pam_usb provides hardware authentication for Linux using ordinary USB Flash Drives. 
It works with any application supporting PAM, such as su, GDM, KDM, etc. 

The pam_usb package contains a PAM module and several tools:
pamusb-agent: trigger actions, such as locking the screen, upon device authentication and removal.
pamusb-conf: configuration helper.
pamusb-check: integrate pam_usb’s authentication engine within your scripts or applications.

pam_usb-0.4.2 was completely rewritten from scratch, now it include support for HAL and DBus and a new authentication model called One Time Pads, in addition to USB serial number, model and vendor verifications.

Basically, a pad is just a bunch of random bytes stored on both the USB device and the computer. Every time you authenticate, those pads are compared. If they match, access is granted and the pads are regenerated, otherwise access is denied.

More info here:
http://www.pamusb.org/
http://scox.info/
Comment 1 Guidolin Francesco 2008-02-02 14:55:05 EST
This is my first package, and I am seeking a sponsor.
Comment 2 Guidolin Francesco 2008-02-02 14:55:58 EST
I patched the original Makefile because it install the documentation under 
$(DESTDIR)/usr/share/doc/pamusb instead of 
$(DESTDIR)/usr/share/doc/pam_usb-0.4.2.

Also I remove the flag -Wall because it's just present in $RPM_OPT_FLAGS.

Then I patched src/pad.c because with CFLAGS="$RPM_OPT_FLAGS" it give some 
warning:

src/pad.c: In function 'pusb_pad_open_system':
src/pad.c:97: warning: ignoring return value of 'chown', declared with 
attribute warn_unused_result
src/pad.c: In function 'pusb_pad_update':
src/pad.c:213: warning: ignoring return value of 'fwrite', declared with 
attribute warn_unused_result
src/pad.c:215: warning: ignoring return value of 'fwrite', declared with 
attribute warn_unused_result
src/pad.c: In function 'pusb_pad_compare':
src/pad.c:240: warning: ignoring return value of 'fread', declared with 
attribute warn_unused_result
src/pad.c:242: warning: ignoring return value of 'fread', declared with 
attribute warn_unused_result

So I make some checks to the return value of chown, fwrite and fread, and if 
they fails I log and error with log_error().
Comment 3 Jason Tibbitts 2008-02-02 18:24:12 EST
Did you know this package is already in the repository?  It has been orphaned
and is not in F8, although it is in F7.  Your package seems to differ
significantly from what is currently in the repository, and I would urge you to
investigate the difference and make sure that if your package is imported it
does not cause issues for users who are upgrading.
Comment 4 Guidolin Francesco 2008-02-03 07:03:17 EST
Spec URL: http://web.tiscali.it/guidonet/pam_usb/pam_usb.spec
SRPM URL: http://web.tiscali.it/guidonet/pam_usb/pam_usb-0.4.2-1.fc8.src.rpm

I didn't know that it was already in the repository.
Basically there's no big differences between the old 
pam_usb-0.4.0-1.fc7.src.rpm and my package, however now I merged my changes 
into the old package in the repository and I updated it.
The binaries and the libraries are replaced, and the configuration 
file /etc/pamusb.conf is backward compatible with pam_usb-0.4.0, so there 
shouldn't be problem during the upgrade.
In any case I'll make some tests with Fedora7 in the next few day, then I'll 
let you know if the upgrade works fine.
Comment 5 Guidolin Francesco 2008-02-03 14:43:59 EST
I've found that in Fedora7 is available only pam_usb-0.3.3 and this is not 
good.
The problem is that in the 0.4.x series certificates have been replaced by One 
Time Pads, so upgrading from pam_usb-0.3.3 to pam_usb-0.4.2 is impossible 
without loosing the old settings.

pam_usb-0.3.3 is really old and obsolete, the security model of pam_usb-0.4.2 
is more powerfull and a lot of bugs was fixed, so I think that the users who 
are still using pam_usb-0.3.3 should upgrade to the new version and recreate 
from scratch their settings.
Comment 6 Jason Tibbitts 2008-02-03 19:00:30 EST
Please do not do that.  You can introduce such incompatibilities in a major
Fedora release, but it is not at all proper to just break the system of someone
who does the prudent thing and lets their system update automatically.  This
goes doubly for a system that they might need to use to actually log into the
system.

Honestly I wouldn't even try to introduce this package into Fedora 8, because a
user who hasd pam_usb installed and upgraded from F7 to F8 still has 0.3.3
installed.  I would put the new package into rawhide and make sure that the
release notes indicate the procedure which pam_usb users will need to go through
to update things properly.
Comment 7 Guidolin Francesco 2008-02-04 09:34:09 EST
I've investigated deeply and I've found an interesting thing: pam_usb-0.3.3 and
pam_usb-0.4.2 store their settings in different places, so upgrading from 0.3.3
to 0.4.2 will not remove the old settings.

I've installed and configured pam_usb-0.3.3 in Fedora7 and then I upgraded it to
pam_usb-0.4.2; then I downgraded to pam_usb-0.3.3 again and the old settings was
still there and it works normally like before.

So I think we could insert the new pam_usb-0.4.2 in RawHide and then in Fedora9,
and inform the users that after the upgrade their old settings will be ignored
but won't be erased.
So the users can choose between upgrade to the new pam_usb-0.4.2 and create the
new settings from scratch or not to upgrade and still use pam_usb-0.3.3.
If they install pam_usb-0.4.2 by mistake they can downgrade to pam_usb-0.3.3 and
it will works again.

In my opinion that upgrade to pam_usb-0.4.2 in Fedora9 is the right thing,
because it's more secure and reliable, a lot of bugs was fixed, new
functionality was added, and it's more easy to configure with the new tool
pamusb-conf.
pam_usb-0.3.3 instead is more difficult to configure and is less reliable
because it's sufficient to copy the private key in the usb device to grant the
access to the account of the user.
Comment 8 Lubomir Rintel 2008-06-28 14:53:16 EDT
The spec file is very nicely written and legible.
Builds in mock (tried in el5), uses compiler flags correctly.

Just a few things, probably only 1.) being a blocker, consider the other ones
just advices:

1.) RPMlint. Please correct these:

pam_usb.i386: E: non-standard-dir-perm
/usr/share/doc/pam_usb-0.4.2/pam.d-examples 0644
A standard directory should have permission set to 0755. If you get this
message, it means that you have wrong directory permissions in some dirs
included in your package.

pam_usb.i386: E: non-standard-dir-perm /usr/share/doc/pam_usb-0.4.2 0644
A standard directory should have permission set to 0755. If you get this
message, it means that you have wrong directory permissions in some dirs
included in your package.

pam_usb.i386: E: non-standard-executable-perm /usr/bin/pamusb-conf 0754
A standard executable should have permission set to 0755. If you get this
message, it means that you have a wrong executable permissions in some files
included in your package.

2.) Use of pmount

The tool uses non-standard mechanism to escalate privileges. If the dependence
of it can not be dropped, please document the fact that this package depends on
it in %description.

3.) sed -i -e 's|/lib/security|/%{_lib}/security|' Makefile

You already patch Makefile. I suggest you move this to the patch.
Additionally, please consider renaming the patch to
<name>-<version>-<intended_use>.patch

4.) %description is too long and contains non-portable formatting

Please take into consideration, how would the description look in a gui tool,
such as pup or packagekit gui. I suggest you leave only the first paragraph sans
the last sentence of it.
Comment 9 Lubomir Rintel 2008-08-20 06:29:04 EDT
Ping on this.
Comment 10 Guidolin Francesco 2008-08-22 15:09:17 EDT
Now I don't use Linux anymore so I'm not interested on this RPM. If you want you can close this request.
Bye.