bmh10 / rpms / openssh

Forked from rpms/openssh 2 days ago
Clone
Petr Šabata 81d24c
diff -up openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/get_command_line.c.psaa-compat openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/get_command_line.c
Petr Šabata 81d24c
--- openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/get_command_line.c.psaa-compat	2019-07-08 18:36:13.000000000 +0200
Petr Šabata 81d24c
+++ openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/get_command_line.c	2020-09-23 10:52:16.424001475 +0200
Petr Šabata 81d24c
@@ -27,6 +27,7 @@
Petr Šabata 81d24c
  * or implied, of Jamie Beverly.
Petr Šabata 81d24c
  */
Petr Šabata 81d24c
 
Petr Šabata 81d24c
+#include <stdlib.h>
Petr Šabata 81d24c
 #include <stdio.h>
Petr Šabata 81d24c
 #include <errno.h>
Petr Šabata 81d24c
 #include <string.h>
Petr Šabata 81d24c
@@ -66,8 +67,8 @@ proc_pid_cmdline(char *** inargv)
Petr Šabata 81d24c
                 case EOF:
Petr Šabata 81d24c
                 case '\0':
Petr Šabata 81d24c
                     if (len > 0) { 
Petr Šabata 81d24c
-                        argv = pamsshagentauth_xrealloc(argv, count + 1, sizeof(*argv));
Petr Šabata 81d24c
-                        argv[count] = pamsshagentauth_xcalloc(len + 1, sizeof(*argv[count]));
Petr Šabata 81d24c
+                        argv = xreallocarray(argv, count + 1, sizeof(*argv));
Petr Šabata 81d24c
+                        argv[count] = xcalloc(len + 1, sizeof(*argv[count]));
Petr Šabata 81d24c
                         strncpy(argv[count++], argbuf, len);
Petr Šabata 81d24c
                         memset(argbuf, '\0', MAX_LEN_PER_CMDLINE_ARG + 1);
Petr Šabata 81d24c
                         len = 0;
Petr Šabata 81d24c
@@ -106,9 +107,9 @@ pamsshagentauth_free_command_line(char *
Petr Šabata 81d24c
 {
Petr Šabata 81d24c
     size_t i;
Petr Šabata 81d24c
     for (i = 0; i < n_args; i++)
Petr Šabata 81d24c
-        pamsshagentauth_xfree(argv[i]);
Petr Šabata 81d24c
+        free(argv[i]);
Petr Šabata 81d24c
 
Petr Šabata 81d24c
-    pamsshagentauth_xfree(argv);
Petr Šabata 81d24c
+    free(argv);
Petr Šabata 81d24c
     return;
Petr Šabata 81d24c
 }
Petr Šabata 81d24c
 
Petr Šabata 81d24c
diff -up openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/identity.h.psaa-compat openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/identity.h
Petr Šabata 81d24c
--- openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/identity.h.psaa-compat	2019-07-08 18:36:13.000000000 +0200
Petr Šabata 81d24c
+++ openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/identity.h	2020-09-23 10:52:16.424001475 +0200
Petr Šabata 81d24c
@@ -30,8 +30,8 @@
Petr Šabata 81d24c
 #include "openbsd-compat/sys-queue.h"
Petr Šabata 81d24c
 #include "xmalloc.h"
Petr Šabata 81d24c
 #include "log.h"
Petr Šabata 81d24c
-#include "buffer.h"
Petr Šabata 81d24c
-#include "key.h"
Petr Šabata 81d24c
+#include "sshbuf.h"
Petr Šabata 81d24c
+#include "sshkey.h"
Petr Šabata 81d24c
 #include "authfd.h"
Petr Šabata 81d24c
 #include <stdio.h>
Petr Šabata 81d24c
 
Petr Šabata 81d24c
@@ -41,7 +41,7 @@ typedef struct idlist Idlist;
Petr Šabata 81d24c
 struct identity {
Petr Šabata 81d24c
     TAILQ_ENTRY(identity) next;
Petr Šabata 81d24c
     AuthenticationConnection *ac;   /* set if agent supports key */
Petr Šabata 81d24c
-    Key *key;           /* public/private key */
Petr Šabata 81d24c
+    struct sshkey *key;           /* public/private key */
Petr Šabata 81d24c
     char    *filename;      /* comment for agent-only keys */
Petr Šabata 81d24c
     int tried;
Petr Šabata 81d24c
     int isprivate;      /* key points to the private key */
Petr Šabata 81d24c
diff -up openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/iterate_ssh_agent_keys.c.psaa-compat openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/iterate_ssh_agent_keys.c
Petr Šabata 81d24c
--- openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/iterate_ssh_agent_keys.c.psaa-compat	2020-09-23 10:52:16.421001434 +0200
Petr Šabata 81d24c
+++ openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/iterate_ssh_agent_keys.c	2020-09-23 10:52:16.424001475 +0200
Petr Šabata 81d24c
@@ -36,8 +36,8 @@
Petr Šabata 81d24c
 #include "openbsd-compat/sys-queue.h"
Petr Šabata 81d24c
 #include "xmalloc.h"
Petr Šabata 81d24c
 #include "log.h"
Petr Šabata 81d24c
-#include "buffer.h"
Petr Šabata 81d24c
-#include "key.h"
Petr Šabata 81d24c
+#include "sshbuf.h"
Petr Šabata 81d24c
+#include "sshkey.h"
Petr Šabata 81d24c
 #include "authfd.h"
Petr Šabata 81d24c
 #include <stdio.h>
Petr Šabata 81d24c
 #include <openssl/evp.h>
Petr Šabata 81d24c
@@ -58,6 +58,8 @@
Petr Šabata 81d24c
 #include "get_command_line.h"
Petr Šabata 81d24c
 extern char **environ;
Petr Šabata 81d24c
 
Petr Šabata 81d24c
+#define PAM_SSH_AGENT_AUTH_REQUESTv1 101
Petr Šabata 81d24c
+
Petr Šabata 81d24c
 /* 
Petr Šabata 81d24c
  * Added by Jamie Beverly, ensure socket fd points to a socket owned by the user 
Petr Šabata 81d24c
  * A cursory check is done, but to avoid race conditions, it is necessary 
Petr Šabata 81d24c
@@ -77,7 +79,7 @@ log_action(char ** action, size_t count)
Petr Šabata 81d24c
     if (count == 0)
Petr Šabata 81d24c
         return NULL;
Petr Šabata 81d24c
    
Petr Šabata 81d24c
-    buf = pamsshagentauth_xcalloc((count * MAX_LEN_PER_CMDLINE_ARG) + (count * 3), sizeof(*buf));
Petr Šabata 81d24c
+    buf = xcalloc((count * MAX_LEN_PER_CMDLINE_ARG) + (count * 3), sizeof(*buf));
Petr Šabata 81d24c
     for (i = 0; i < count; i++) {
Petr Šabata 81d24c
         strcat(buf, (i > 0) ? " '" : "'");
Petr Šabata 81d24c
         strncat(buf, action[i], MAX_LEN_PER_CMDLINE_ARG);
Petr Šabata 81d24c
@@ -87,21 +89,25 @@ log_action(char ** action, size_t count)
Petr Šabata 81d24c
 }
Petr Šabata 81d24c
 
Petr Šabata 81d24c
 void
Petr Šabata 81d24c
-agent_action(Buffer *buf, char ** action, size_t count)
Petr Šabata 81d24c
+agent_action(struct sshbuf **buf, char ** action, size_t count)
Petr Šabata 81d24c
 {
Petr Šabata 81d24c
     size_t i;
Petr Šabata 81d24c
-    pamsshagentauth_buffer_init(buf);
Petr Šabata 81d24c
+    int r;
Petr Šabata 81d24c
 
Petr Šabata 81d24c
-    pamsshagentauth_buffer_put_int(buf, count);
Petr Šabata 81d24c
+    if ((*buf = sshbuf_new()) == NULL)
Petr Šabata 81d24c
+        fatal("%s: sshbuf_new failed", __func__);
Petr Šabata 81d24c
+    if ((r = sshbuf_put_u32(*buf, count)) != 0)
Petr Šabata 81d24c
+        fatal("%s: buffer error: %s", __func__, ssh_err(r));
Petr Šabata 81d24c
 
Petr Šabata 81d24c
     for (i = 0; i < count; i++) {
Petr Šabata 81d24c
-        pamsshagentauth_buffer_put_cstring(buf, action[i]);
Petr Šabata 81d24c
+        if ((r = sshbuf_put_cstring(*buf, action[i])) != 0)
Petr Šabata 81d24c
+            fatal("%s: buffer error: %s", __func__, ssh_err(r));
Petr Šabata 81d24c
     }
Petr Šabata 81d24c
 }
Petr Šabata 81d24c
 
Petr Šabata 81d24c
 
Petr Šabata 81d24c
-void
Petr Šabata 81d24c
-pamsshagentauth_session_id2_gen(Buffer * session_id2, const char * user,
Petr Šabata 81d24c
+static void
Petr Šabata 81d24c
+pamsshagentauth_session_id2_gen(struct sshbuf ** session_id2, const char * user,
Petr Šabata 81d24c
                                 const char * ruser, const char * servicename)
Petr Šabata 81d24c
 {
Petr Šabata 81d24c
     u_char *cookie = NULL;
Petr Šabata 81d24c
@@ -114,22 +120,23 @@ pamsshagentauth_session_id2_gen(Buffer *
Petr Šabata 81d24c
     char ** reported_argv = NULL;
Petr Šabata 81d24c
     size_t count = 0;
Petr Šabata 81d24c
     char * action_logbuf = NULL;
Petr Šabata 81d24c
-    Buffer action_agentbuf;
Petr Šabata 81d24c
+    struct sshbuf *action_agentbuf = NULL;
Petr Šabata 81d24c
     uint8_t free_logbuf = 0;
Petr Šabata 81d24c
     char * retc;
Petr Šabata 81d24c
     int32_t reti;
Petr Šabata 81d24c
+    int r;
Petr Šabata 81d24c
 
Petr Šabata 81d24c
-    rnd = pamsshagentauth_arc4random();
Petr Šabata 81d24c
+    rnd = arc4random();
Petr Šabata 81d24c
     cookie_len = ((uint8_t) rnd);
Petr Šabata 81d24c
     while (cookie_len < 16) { 
Petr Šabata 81d24c
         cookie_len += 16;                                          /* Add 16 bytes to the size to ensure that while the length is random, the length is always reasonable; ticket #18 */
Petr Šabata 81d24c
     }
Petr Šabata 81d24c
 
Petr Šabata 81d24c
-    cookie = pamsshagentauth_xcalloc(1,cookie_len);
Petr Šabata 81d24c
+    cookie = xcalloc(1, cookie_len);
Petr Šabata 81d24c
 
Petr Šabata 81d24c
     for (i = 0; i < cookie_len; i++) {
Petr Šabata 81d24c
         if (i % 4 == 0) {
Petr Šabata 81d24c
-            rnd = pamsshagentauth_arc4random();
Petr Šabata 81d24c
+            rnd = arc4random();
Petr Šabata 81d24c
         }
Petr Šabata 81d24c
         cookie[i] = (u_char) rnd;
Petr Šabata 81d24c
         rnd >>= 8;
Petr Šabata 81d24c
@@ -144,7 +151,8 @@ pamsshagentauth_session_id2_gen(Buffer *
Petr Šabata 81d24c
     }
Petr Šabata 81d24c
     else {
Petr Šabata 81d24c
         action_logbuf = "unknown on this platform";
Petr Šabata 81d24c
-        pamsshagentauth_buffer_init(&action_agentbuf); /* stays empty, means unavailable */
Petr Šabata 81d24c
+        if ((action_agentbuf = sshbuf_new()) == NULL) /* stays empty, means unavailable */
Petr Šabata 81d24c
+            fatal("%s: sshbuf_new failed", __func__);
Petr Šabata 81d24c
     }
Petr Šabata 81d24c
     
Petr Šabata 81d24c
     /*
Petr Šabata 81d24c
@@ -161,35 +169,39 @@ pamsshagentauth_session_id2_gen(Buffer *
Petr Šabata 81d24c
     retc = getcwd(pwd, sizeof(pwd) - 1);
Petr Šabata 81d24c
     time(&ts);
Petr Šabata 81d24c
 
Petr Šabata 81d24c
-    pamsshagentauth_buffer_init(session_id2);
Petr Šabata 81d24c
+    if ((*session_id2 = sshbuf_new()) == NULL)
Petr Šabata 81d24c
+        fatal("%s: sshbuf_new failed", __func__);
Petr Šabata 81d24c
 
Petr Šabata 81d24c
-    pamsshagentauth_buffer_put_int(session_id2, PAM_SSH_AGENT_AUTH_REQUESTv1);
Petr Šabata 81d24c
-    /* pamsshagentauth_debug3("cookie: %s", pamsshagentauth_tohex(cookie, cookie_len)); */
Petr Šabata 81d24c
-    pamsshagentauth_buffer_put_string(session_id2, cookie, cookie_len);
Petr Šabata 81d24c
-    /* pamsshagentauth_debug3("user: %s", user); */
Petr Šabata 81d24c
-    pamsshagentauth_buffer_put_cstring(session_id2, user);
Petr Šabata 81d24c
-    /* pamsshagentauth_debug3("ruser: %s", ruser); */
Petr Šabata 81d24c
-    pamsshagentauth_buffer_put_cstring(session_id2, ruser);
Petr Šabata 81d24c
-    /* pamsshagentauth_debug3("servicename: %s", servicename); */
Petr Šabata 81d24c
-    pamsshagentauth_buffer_put_cstring(session_id2, servicename);
Petr Šabata 81d24c
-    /* pamsshagentauth_debug3("pwd: %s", pwd); */
Petr Šabata 81d24c
-    if(retc)
Petr Šabata 81d24c
-        pamsshagentauth_buffer_put_cstring(session_id2, pwd);
Petr Šabata 81d24c
-    else
Petr Šabata 81d24c
-        pamsshagentauth_buffer_put_cstring(session_id2, "");
Petr Šabata 81d24c
-    /* pamsshagentauth_debug3("action: %s", action_logbuf); */
Petr Šabata 81d24c
-    pamsshagentauth_buffer_put_string(session_id2, action_agentbuf.buf + action_agentbuf.offset, action_agentbuf.end - action_agentbuf.offset);
Petr Šabata 81d24c
+    if ((r = sshbuf_put_u32(*session_id2, PAM_SSH_AGENT_AUTH_REQUESTv1)) != 0 ||
Petr Šabata 81d24c
+        (r = sshbuf_put_string(*session_id2, cookie, cookie_len)) != 0 ||
Petr Šabata 81d24c
+        (r = sshbuf_put_cstring(*session_id2, user)) != 0 ||
Petr Šabata 81d24c
+        (r = sshbuf_put_cstring(*session_id2, ruser)) != 0 ||
Petr Šabata 81d24c
+        (r = sshbuf_put_cstring(*session_id2, servicename)) != 0)
Petr Šabata 81d24c
+        fatal("%s: buffer error: %s", __func__, ssh_err(r));
Petr Šabata 81d24c
+    if (retc) {
Petr Šabata 81d24c
+        if ((r = sshbuf_put_cstring(*session_id2, pwd)) != 0)
Petr Šabata 81d24c
+            fatal("%s: buffer error: %s", __func__, ssh_err(r));
Petr Šabata 81d24c
+    } else {
Petr Šabata 81d24c
+        if ((r = sshbuf_put_cstring(*session_id2, "")) != 0)
Petr Šabata 81d24c
+            fatal("%s: buffer error: %s", __func__, ssh_err(r));
Petr Šabata 81d24c
+    }
Petr Šabata 81d24c
+    if ((r = sshbuf_put_stringb(*session_id2, action_agentbuf)) != 0)
Petr Šabata 81d24c
+        fatal("%s: buffer error: %s", __func__, ssh_err(r));
Petr Šabata 81d24c
     if (free_logbuf) { 
Petr Šabata 81d24c
-        pamsshagentauth_xfree(action_logbuf);
Petr Šabata 81d24c
-        pamsshagentauth_buffer_free(&action_agentbuf);
Petr Šabata 81d24c
+        free(action_logbuf);
Petr Šabata 81d24c
+        sshbuf_free(action_agentbuf);
Petr Šabata 81d24c
+    }
Petr Šabata 81d24c
+    /* debug3("hostname: %s", hostname); */
Petr Šabata 81d24c
+    if (reti >= 0) {
Petr Šabata 81d24c
+        if ((r = sshbuf_put_cstring(*session_id2, hostname)) != 0)
Petr Šabata 81d24c
+            fatal("%s: buffer error: %s", __func__, ssh_err(r));
Petr Šabata 81d24c
+    } else {
Petr Šabata 81d24c
+        if ((r = sshbuf_put_cstring(*session_id2, "")) != 0)
Petr Šabata 81d24c
+            fatal("%s: buffer error: %s", __func__, ssh_err(r));
Petr Šabata 81d24c
     }
Petr Šabata 81d24c
-    /* pamsshagentauth_debug3("hostname: %s", hostname); */
Petr Šabata 81d24c
-    if(reti >= 0)
Petr Šabata 81d24c
-        pamsshagentauth_buffer_put_cstring(session_id2, hostname);
Petr Šabata 81d24c
-    else
Petr Šabata 81d24c
-        pamsshagentauth_buffer_put_cstring(session_id2, "");
Petr Šabata 81d24c
-    /* pamsshagentauth_debug3("ts: %ld", ts); */
Petr Šabata 81d24c
-    pamsshagentauth_buffer_put_int64(session_id2, (uint64_t) ts);
Petr Šabata 81d24c
+    /* debug3("ts: %ld", ts); */
Petr Šabata 81d24c
+    if ((r = sshbuf_put_u64(*session_id2, (uint64_t) ts)) != 0)
Petr Šabata 81d24c
+        fatal("%s: buffer error: %s", __func__, ssh_err(r));
Petr Šabata 81d24c
 
Petr Šabata 81d24c
     free(cookie);
Petr Šabata 81d24c
     return;
Petr Šabata 81d24c
@@ -278,7 +290,8 @@ ssh_get_authentication_connection_for_ui
Petr Šabata 81d24c
 
Petr Šabata 81d24c
 	auth = xmalloc(sizeof(*auth));
Petr Šabata 81d24c
 	auth->fd = sock;
Petr Šabata 81d24c
-	buffer_init(&auth->identities);
Petr Šabata 81d24c
+	if ((auth->identities = sshbuf_new()) == NULL)
Petr Šabata 81d24c
+           fatal("%s: sshbuf_new failed", __func__);
Petr Šabata 81d24c
 	auth->howmany = 0;
Petr Šabata 81d24c
 
Petr Šabata 81d24c
 	return auth;
Petr Šabata 81d24c
@@ -287,9 +300,9 @@ ssh_get_authentication_connection_for_ui
Petr Šabata 81d24c
 int
Petr Šabata 81d24c
 pamsshagentauth_find_authorized_keys(const char * user, const char * ruser, const char * servicename)
Petr Šabata 81d24c
 {
Petr Šabata 81d24c
-    Buffer session_id2 = { 0 };
Petr Šabata 81d24c
+    struct sshbuf *session_id2 = NULL;
Petr Šabata 81d24c
     Identity *id;
Petr Šabata 81d24c
-    Key *key;
Petr Šabata 81d24c
+    struct sshkey *key;
Petr Šabata 81d24c
     AuthenticationConnection *ac;
Petr Šabata 81d24c
     char *comment;
Petr Šabata 81d24c
     uint8_t retval = 0;
Petr Šabata 81d24c
@@ -299,31 +312,30 @@ pamsshagentauth_find_authorized_keys(con
Petr Šabata 81d24c
     pamsshagentauth_session_id2_gen(&session_id2, user, ruser, servicename);
Petr Šabata 81d24c
 
Petr Šabata 81d24c
     if ((ac = ssh_get_authentication_connection_for_uid(uid))) {
Petr Šabata 81d24c
-        pamsshagentauth_verbose("Contacted ssh-agent of user %s (%u)", ruser, uid);
Petr Šabata 81d24c
+        verbose("Contacted ssh-agent of user %s (%u)", ruser, uid);
Petr Šabata 81d24c
         for (key = ssh_get_first_identity(ac, &comment, 2); key != NULL; key = ssh_get_next_identity(ac, &comment, 2)) 
Petr Šabata 81d24c
         {
Petr Šabata 81d24c
             if(key != NULL) {
Petr Šabata 81d24c
-                id = pamsshagentauth_xcalloc(1, sizeof(*id));
Petr Šabata 81d24c
+                id = xcalloc(1, sizeof(*id));
Petr Šabata 81d24c
                 id->key = key;
Petr Šabata 81d24c
                 id->filename = comment;
Petr Šabata 81d24c
                 id->ac = ac;
Petr Šabata 81d24c
-                if(userauth_pubkey_from_id(ruser, id, &session_id2)) {
Petr Šabata 81d24c
+                if(userauth_pubkey_from_id(ruser, id, session_id2)) {
Petr Šabata 81d24c
                     retval = 1;
Petr Šabata 81d24c
                 }
Petr Šabata 81d24c
-                pamsshagentauth_xfree(id->filename);
Petr Šabata 81d24c
-                pamsshagentauth_key_free(id->key);
Petr Šabata 81d24c
-                pamsshagentauth_xfree(id);
Petr Šabata 81d24c
+                free(id->filename);
Petr Šabata 81d24c
+                key_free(id->key);
Petr Šabata 81d24c
+                free(id);
Petr Šabata 81d24c
                 if(retval == 1)
Petr Šabata 81d24c
                     break;
Petr Šabata 81d24c
             }
Petr Šabata 81d24c
         }
Petr Šabata 81d24c
-        pamsshagentauth_buffer_free(&session_id2);
Petr Šabata 81d24c
+        sshbuf_free(session_id2);
Petr Šabata 81d24c
         ssh_close_authentication_connection(ac);
Petr Šabata 81d24c
     }
Petr Šabata 81d24c
     else {
Petr Šabata 81d24c
-        pamsshagentauth_verbose("No ssh-agent could be contacted");
Petr Šabata 81d24c
+        verbose("No ssh-agent could be contacted");
Petr Šabata 81d24c
     }
Petr Šabata 81d24c
-    /* pamsshagentauth_xfree(session_id2); */
Petr Šabata 81d24c
     EVP_cleanup();
Petr Šabata 81d24c
     return retval;
Petr Šabata 81d24c
 }
Petr Šabata 81d24c
diff -up openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_ssh_agent_auth.c.psaa-compat openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_ssh_agent_auth.c
Petr Šabata 81d24c
--- openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_ssh_agent_auth.c.psaa-compat	2020-09-23 10:52:16.423001461 +0200
Petr Šabata 81d24c
+++ openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_ssh_agent_auth.c	2020-09-23 10:53:10.631727657 +0200
Petr Šabata 81d24c
@@ -106,7 +106,7 @@ pam_sm_authenticate(pam_handle_t * pamh,
Petr Šabata 81d24c
  * a patch 8-)
Petr Šabata 81d24c
  */
Petr Šabata 81d24c
 #if ! HAVE___PROGNAME || HAVE_BUNDLE
Petr Šabata 81d24c
-    __progname = pamsshagentauth_xstrdup(servicename);
Petr Šabata 81d24c
+    __progname = xstrdup(servicename);
Petr Šabata 81d24c
 #endif
Petr Šabata 81d24c
 
Petr Šabata 81d24c
     for(i = argc, argv_ptr = (char **) argv; i > 0; ++argv_ptr, i--) {
Petr Šabata 81d24c
@@ -132,11 +132,11 @@ pam_sm_authenticate(pam_handle_t * pamh,
Petr Šabata 81d24c
 #endif
Petr Šabata 81d24c
     }
Petr Šabata 81d24c
 
Petr Šabata 81d24c
-    pamsshagentauth_log_init(__progname, log_lvl, facility, getenv("PAM_SSH_AGENT_AUTH_DEBUG") ? 1 : 0);
Petr Šabata 81d24c
+    log_init(__progname, log_lvl, facility, getenv("PAM_SSH_AGENT_AUTH_DEBUG") ? 1 : 0);
Petr Šabata 81d24c
     pam_get_item(pamh, PAM_USER, (void *) &user);
Petr Šabata 81d24c
     pam_get_item(pamh, PAM_RUSER, (void *) &ruser_ptr);
Petr Šabata 81d24c
 
Petr Šabata 81d24c
-    pamsshagentauth_verbose("Beginning pam_ssh_agent_auth for user %s", user);
Petr Šabata 81d24c
+    verbose("Beginning pam_ssh_agent_auth for user %s", user);
Petr Šabata 81d24c
 
Petr Šabata 81d24c
     if(ruser_ptr) {
Petr Šabata 81d24c
         strncpy(ruser, ruser_ptr, sizeof(ruser) - 1);
Petr Šabata 81d24c
@@ -151,12 +151,12 @@ pam_sm_authenticate(pam_handle_t * pamh,
Petr Šabata 81d24c
 #ifdef ENABLE_SUDO_HACK
Petr Šabata 81d24c
         if( (strlen(sudo_service_name) > 0) && strncasecmp(servicename, sudo_service_name, sizeof(sudo_service_name) - 1) == 0 && getenv("SUDO_USER") ) {
Petr Šabata 81d24c
             strncpy(ruser, getenv("SUDO_USER"), sizeof(ruser) - 1 );
Petr Šabata 81d24c
-            pamsshagentauth_verbose( "Using environment variable SUDO_USER (%s)", ruser );
Petr Šabata 81d24c
+            verbose( "Using environment variable SUDO_USER (%s)", ruser );
Petr Šabata 81d24c
         } else
Petr Šabata 81d24c
 #endif
Petr Šabata 81d24c
         {
Petr Šabata 81d24c
             if( ! getpwuid(getuid()) ) {
Petr Šabata 81d24c
-                pamsshagentauth_verbose("Unable to getpwuid(getuid())");
Petr Šabata 81d24c
+                verbose("Unable to getpwuid(getuid())");
Petr Šabata 81d24c
                 goto cleanexit;
Petr Šabata 81d24c
             }
Petr Šabata 81d24c
             strncpy(ruser, getpwuid(getuid())->pw_name, sizeof(ruser) - 1);
Petr Šabata 81d24c
@@ -165,11 +165,11 @@ pam_sm_authenticate(pam_handle_t * pamh,
Petr Šabata 81d24c
 
Petr Šabata 81d24c
     /* Might as well explicitely confirm the user exists here */
Petr Šabata 81d24c
     if(! getpwnam(ruser) ) {
Petr Šabata 81d24c
-        pamsshagentauth_verbose("getpwnam(%s) failed, bailing out", ruser);
Petr Šabata 81d24c
+        verbose("getpwnam(%s) failed, bailing out", ruser);
Petr Šabata 81d24c
         goto cleanexit;
Petr Šabata 81d24c
     }
Petr Šabata 81d24c
     if( ! getpwnam(user) ) {
Petr Šabata 81d24c
-        pamsshagentauth_verbose("getpwnam(%s) failed, bailing out", user);
Petr Šabata 81d24c
+        verbose("getpwnam(%s) failed, bailing out", user);
Petr Šabata 81d24c
         goto cleanexit;
Petr Šabata 81d24c
     }
Petr Šabata 81d24c
 
Petr Šabata 81d24c
@@ -179,8 +179,8 @@ pam_sm_authenticate(pam_handle_t * pamh,
Petr Šabata 81d24c
          */
Petr Šabata 81d24c
         parse_authorized_key_file(user, authorized_keys_file_input);
Petr Šabata 81d24c
     } else {
Petr Šabata 81d24c
-        pamsshagentauth_verbose("Using default file=/etc/security/authorized_keys");
Petr Šabata 81d24c
-        authorized_keys_file = pamsshagentauth_xstrdup("/etc/security/authorized_keys");
Petr Šabata 81d24c
+        verbose("Using default file=/etc/security/authorized_keys");
Petr Šabata 81d24c
+        authorized_keys_file = xstrdup("/etc/security/authorized_keys");
Petr Šabata 81d24c
     }
Petr Šabata 81d24c
 
Petr Šabata 81d24c
     /*
Petr Šabata 81d24c
@@ -189,7 +189,7 @@ pam_sm_authenticate(pam_handle_t * pamh,
Petr Šabata 81d24c
      */
Petr Šabata 81d24c
 
Petr Šabata 81d24c
     if(user && strlen(ruser) > 0) {
Petr Šabata 81d24c
-        pamsshagentauth_verbose("Attempting authentication: `%s' as `%s' using %s", ruser, user, authorized_keys_file);
Petr Šabata 81d24c
+        verbose("Attempting authentication: `%s' as `%s' using %s", ruser, user, authorized_keys_file);
Petr Šabata 81d24c
 
Petr Šabata 81d24c
         /*
Petr Šabata 81d24c
          * Attempt to read data from the sshd if we're being called as an auth agent.
Petr Šabata 81d24c
@@ -197,10 +197,10 @@ pam_sm_authenticate(pam_handle_t * pamh,
Petr Šabata 81d24c
         const char* ssh_user_auth = pam_getenv(pamh, "SSH_AUTH_INFO_0");
Petr Šabata 81d24c
         int sshd_service = strncasecmp(servicename, sshd_service_name, sizeof(sshd_service_name) - 1);
Petr Šabata 81d24c
         if (sshd_service == 0 && ssh_user_auth != NULL) {
Petr Šabata 81d24c
-            pamsshagentauth_verbose("Got SSH_AUTH_INFO_0: `%.20s...'", ssh_user_auth);
Petr Šabata 81d24c
+            verbose("Got SSH_AUTH_INFO_0: `%.20s...'", ssh_user_auth);
Petr Šabata 81d24c
             if (userauth_pubkey_from_pam(ruser, ssh_user_auth) > 0) {
Petr Šabata 81d24c
                 retval = PAM_SUCCESS;
Petr Šabata 81d24c
-                pamsshagentauth_logit("Authenticated (sshd): `%s' as `%s' using %s", ruser, user, authorized_keys_file);
Petr Šabata 81d24c
+                logit("Authenticated (sshd): `%s' as `%s' using %s", ruser, user, authorized_keys_file);
Petr Šabata 81d24c
                 goto cleanexit;
Petr Šabata 81d24c
             }
Petr Šabata 81d24c
         }
Petr Šabata 81d24c
@@ -208,13 +208,13 @@ pam_sm_authenticate(pam_handle_t * pamh,
Petr Šabata 81d24c
          * this pw_uid is used to validate the SSH_AUTH_SOCK, and so must be the uid of the ruser invoking the program, not the target-user
Petr Šabata 81d24c
          */
Petr Šabata 81d24c
         if(pamsshagentauth_find_authorized_keys(user, ruser, servicename)) { /* getpwnam(ruser)->pw_uid)) { */
Petr Šabata 81d24c
-            pamsshagentauth_logit("Authenticated (agent): `%s' as `%s' using %s", ruser, user, authorized_keys_file);
Petr Šabata 81d24c
+            logit("Authenticated (agent): `%s' as `%s' using %s", ruser, user, authorized_keys_file);
Petr Šabata 81d24c
             retval = PAM_SUCCESS;
Petr Šabata 81d24c
         } else {
Petr Šabata 81d24c
-            pamsshagentauth_logit("Failed Authentication: `%s' as `%s' using %s", ruser, user, authorized_keys_file);
Petr Šabata 81d24c
+            logit("Failed Authentication: `%s' as `%s' using %s", ruser, user, authorized_keys_file);
Petr Šabata 81d24c
         }
Petr Šabata 81d24c
     } else {
Petr Šabata 81d24c
-        pamsshagentauth_logit("No %s specified, cannot continue with this form of authentication", (user) ? "ruser" : "user" );
Petr Šabata 81d24c
+        logit("No %s specified, cannot continue with this form of authentication", (user) ? "ruser" : "user" );
Petr Šabata 81d24c
     }
Petr Šabata 81d24c
 
Petr Šabata 81d24c
 cleanexit:
Petr Šabata 81d24c
diff -up openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_authorized_keys.c.psaa-compat openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_authorized_keys.c
Petr Šabata 81d24c
--- openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_authorized_keys.c.psaa-compat	2019-07-08 18:36:13.000000000 +0200
Petr Šabata 81d24c
+++ openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_authorized_keys.c	2020-09-23 10:52:16.424001475 +0200
Petr Šabata 81d24c
@@ -66,8 +66,8 @@
Petr Šabata 81d24c
 #include "xmalloc.h"
Petr Šabata 81d24c
 #include "match.h"
Petr Šabata 81d24c
 #include "log.h"
Petr Šabata 81d24c
-#include "buffer.h"
Petr Šabata 81d24c
-#include "key.h"
Petr Šabata 81d24c
+#include "sshbuf.h"
Petr Šabata 81d24c
+#include "sshkey.h"
Petr Šabata 81d24c
 #include "misc.h"
Petr Šabata 81d24c
 
Petr Šabata 81d24c
 #include "xmalloc.h"
Petr Šabata 81d24c
@@ -77,7 +77,6 @@
Petr Šabata 81d24c
 #include "pathnames.h"
Petr Šabata 81d24c
 #include "secure_filename.h"
Petr Šabata 81d24c
 
Petr Šabata 81d24c
-#include "identity.h"
Petr Šabata 81d24c
 #include "pam_user_key_allowed2.h"
Petr Šabata 81d24c
 
Petr Šabata 81d24c
 extern char *authorized_keys_file;
Petr Šabata 81d24c
@@ -117,12 +116,12 @@ parse_authorized_key_file(const char *us
Petr Šabata 81d24c
         } else {
Petr Šabata 81d24c
             slash_ptr = strchr(auth_keys_file_buf, '/');
Petr Šabata 81d24c
             if(!slash_ptr)
Petr Šabata 81d24c
-                pamsshagentauth_fatal
Petr Šabata 81d24c
+                fatal
Petr Šabata 81d24c
                     ("cannot expand tilde in path without a `/'");
Petr Šabata 81d24c
 
Petr Šabata 81d24c
             owner_uname_len = slash_ptr - auth_keys_file_buf - 1;
Petr Šabata 81d24c
             if(owner_uname_len > (sizeof(owner_uname) - 1))
Petr Šabata 81d24c
-                pamsshagentauth_fatal("Username too long");
Petr Šabata 81d24c
+                fatal("Username too long");
Petr Šabata 81d24c
 
Petr Šabata 81d24c
             strncat(owner_uname, auth_keys_file_buf + 1, owner_uname_len);
Petr Šabata 81d24c
             if(!authorized_keys_file_allowed_owner_uid)
Petr Šabata 81d24c
@@ -130,11 +129,11 @@ parse_authorized_key_file(const char *us
Petr Šabata 81d24c
                     getpwnam(owner_uname)->pw_uid;
Petr Šabata 81d24c
         }
Petr Šabata 81d24c
         authorized_keys_file =
Petr Šabata 81d24c
-            pamsshagentauth_tilde_expand_filename(auth_keys_file_buf,
Petr Šabata 81d24c
+            tilde_expand_filename(auth_keys_file_buf,
Petr Šabata 81d24c
                                                   authorized_keys_file_allowed_owner_uid);
Petr Šabata 81d24c
         strncpy(auth_keys_file_buf, authorized_keys_file,
Petr Šabata 81d24c
                 sizeof(auth_keys_file_buf) - 1);
Petr Šabata 81d24c
-        pamsshagentauth_xfree(authorized_keys_file)        /* when we
Petr Šabata 81d24c
+        free(authorized_keys_file)        /* when we
Petr Šabata 81d24c
                                                               percent_expand
Petr Šabata 81d24c
                                                               later, we'd step
Petr Šabata 81d24c
                                                               on this, so free
Petr Šabata 81d24c
@@ -150,13 +149,13 @@ parse_authorized_key_file(const char *us
Petr Šabata 81d24c
     strncat(hostname, fqdn, strcspn(fqdn, "."));
Petr Šabata 81d24c
 #endif
Petr Šabata 81d24c
     authorized_keys_file =
Petr Šabata 81d24c
-        pamsshagentauth_percent_expand(auth_keys_file_buf, "h",
Petr Šabata 81d24c
+        percent_expand(auth_keys_file_buf, "h",
Petr Šabata 81d24c
                                        getpwnam(user)->pw_dir, "H", hostname,
Petr Šabata 81d24c
                                        "f", fqdn, "u", user, NULL);
Petr Šabata 81d24c
 }
Petr Šabata 81d24c
 
Petr Šabata 81d24c
 int
Petr Šabata 81d24c
-pam_user_key_allowed(const char *ruser, Key * key)
Petr Šabata 81d24c
+pam_user_key_allowed(const char *ruser, struct sshkey * key)
Petr Šabata 81d24c
 {
Petr Šabata 81d24c
     return
Petr Šabata 81d24c
         pamsshagentauth_user_key_allowed2(getpwuid(authorized_keys_file_allowed_owner_uid),
Petr Šabata 81d24c
diff -up openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_authorized_keys.h.psaa-compat openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_authorized_keys.h
Petr Šabata 81d24c
--- openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_authorized_keys.h.psaa-compat	2019-07-08 18:36:13.000000000 +0200
Petr Šabata 81d24c
+++ openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_authorized_keys.h	2020-09-23 10:52:16.424001475 +0200
Petr Šabata 81d24c
@@ -32,7 +32,7 @@
Petr Šabata 81d24c
 #define _PAM_USER_KEY_ALLOWED_H
Petr Šabata 81d24c
 
Petr Šabata 81d24c
 #include "identity.h"
Petr Šabata 81d24c
-int pam_user_key_allowed(const char *, Key *);
Petr Šabata 81d24c
+int pam_user_key_allowed(const char *, struct sshkey *);
Petr Šabata 81d24c
 void parse_authorized_key_file(const char *, const char *);
Petr Šabata 81d24c
 
Petr Šabata 81d24c
 #endif
Petr Šabata 81d24c
diff -up openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_key_allowed2.c.psaa-compat openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_key_allowed2.c
Petr Šabata 81d24c
--- openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_key_allowed2.c.psaa-compat	2019-07-08 18:36:13.000000000 +0200
Petr Šabata 81d24c
+++ openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_key_allowed2.c	2020-09-23 10:52:16.424001475 +0200
Petr Šabata 81d24c
@@ -45,44 +45,46 @@
Petr Šabata 81d24c
 #include "xmalloc.h"
Petr Šabata 81d24c
 #include "ssh.h"
Petr Šabata 81d24c
 #include "ssh2.h"
Petr Šabata 81d24c
-#include "buffer.h"
Petr Šabata 81d24c
+#include "sshbuf.h"
Petr Šabata 81d24c
 #include "log.h"
Petr Šabata 81d24c
 #include "compat.h"
Petr Šabata 81d24c
-#include "key.h"
Petr Šabata 81d24c
+#include "digest.h"
Petr Šabata 81d24c
+#include "sshkey.h"
Petr Šabata 81d24c
 #include "pathnames.h"
Petr Šabata 81d24c
 #include "misc.h"
Petr Šabata 81d24c
 #include "secure_filename.h"
Petr Šabata 81d24c
 #include "uidswap.h"
Petr Šabata 81d24c
-
Petr Šabata 81d24c
-#include "identity.h"
Petr Šabata 81d24c
+#include <unistd.h>
Petr Šabata 81d24c
 
Petr Šabata 81d24c
 /* return 1 if user allows given key */
Petr Šabata 81d24c
 /* Modified slightly from original found in auth2-pubkey.c */
Petr Šabata 81d24c
 static int
Petr Šabata 81d24c
-pamsshagentauth_check_authkeys_file(FILE * f, char *file, Key * key)
Petr Šabata 81d24c
+pamsshagentauth_check_authkeys_file(FILE * f, char *file, struct sshkey * key)
Petr Šabata 81d24c
 {
Petr Šabata 81d24c
-    char line[SSH_MAX_PUBKEY_BYTES];
Petr Šabata 81d24c
+    char *line = NULL;
Petr Šabata 81d24c
     int found_key = 0;
Petr Šabata 81d24c
     u_long linenum = 0;
Petr Šabata 81d24c
-    Key *found;
Petr Šabata 81d24c
+    struct sshkey *found;
Petr Šabata 81d24c
     char *fp;
Petr Šabata 81d24c
+    size_t linesize = 0;
Petr Šabata 81d24c
 
Petr Šabata 81d24c
     found_key = 0;
Petr Šabata 81d24c
-    found = pamsshagentauth_key_new(key->type);
Petr Šabata 81d24c
+    found = sshkey_new(key->type);
Petr Šabata 81d24c
 
Petr Šabata 81d24c
-    while(read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
Petr Šabata 81d24c
+    while ((getline(&line, &linesize, f)) != -1) {
Petr Šabata 81d24c
         char *cp = NULL; /* *key_options = NULL; */
Petr Šabata 81d24c
 
Petr Šabata 81d24c
+        linenum++;
Petr Šabata 81d24c
         /* Skip leading whitespace, empty and comment lines. */
Petr Šabata 81d24c
         for(cp = line; *cp == ' ' || *cp == '\t'; cp++);
Petr Šabata 81d24c
         if(!*cp || *cp == '\n' || *cp == '#')
Petr Šabata 81d24c
             continue;
Petr Šabata 81d24c
 
Petr Šabata 81d24c
-        if(pamsshagentauth_key_read(found, &cp) != 1) {
Petr Šabata 81d24c
+        if (sshkey_read(found, &cp) != 0) {
Petr Šabata 81d24c
             /* no key? check if there are options for this key */
Petr Šabata 81d24c
             int quoted = 0;
Petr Šabata 81d24c
 
Petr Šabata 81d24c
-            pamsshagentauth_verbose("user_key_allowed: check options: '%s'", cp);
Petr Šabata 81d24c
+            verbose("user_key_allowed: check options: '%s'", cp);
Petr Šabata 81d24c
             /* key_options = cp; */
Petr Šabata 81d24c
             for(; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
Petr Šabata 81d24c
                 if(*cp == '\\' && cp[1] == '"')
Petr Šabata 81d24c
@@ -92,26 +94,27 @@ pamsshagentauth_check_authkeys_file(FILE
Petr Šabata 81d24c
             }
Petr Šabata 81d24c
             /* Skip remaining whitespace. */
Petr Šabata 81d24c
             for(; *cp == ' ' || *cp == '\t'; cp++);
Petr Šabata 81d24c
-            if(pamsshagentauth_key_read(found, &cp) != 1) {
Petr Šabata 81d24c
-                pamsshagentauth_verbose("user_key_allowed: advance: '%s'", cp);
Petr Šabata 81d24c
+            if(sshkey_read(found, &cp) != 0) {
Petr Šabata 81d24c
+                verbose("user_key_allowed: advance: '%s'", cp);
Petr Šabata 81d24c
                 /* still no key? advance to next line */
Petr Šabata 81d24c
                 continue;
Petr Šabata 81d24c
             }
Petr Šabata 81d24c
         }
Petr Šabata 81d24c
-        if(pamsshagentauth_key_equal(found, key)) {
Petr Šabata 81d24c
+        if(sshkey_equal(found, key)) {
Petr Šabata 81d24c
             found_key = 1;
Petr Šabata 81d24c
-            pamsshagentauth_logit("matching key found: file/command %s, line %lu", file,
Petr Šabata 81d24c
+            logit("matching key found: file/command %s, line %lu", file,
Petr Šabata 81d24c
                                   linenum);
Petr Šabata 81d24c
-            fp = pamsshagentauth_key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX);
Petr Šabata 81d24c
-            pamsshagentauth_logit("Found matching %s key: %s",
Petr Šabata 81d24c
-                                  pamsshagentauth_key_type(found), fp);
Petr Šabata 81d24c
-            pamsshagentauth_xfree(fp);
Petr Šabata 81d24c
+            fp = sshkey_fingerprint(found, SSH_DIGEST_SHA256, SSH_FP_BASE64);
Petr Šabata 81d24c
+            logit("Found matching %s key: %s",
Petr Šabata 81d24c
+                                  sshkey_type(found), fp);
Petr Šabata 81d24c
+            free(fp);
Petr Šabata 81d24c
             break;
Petr Šabata 81d24c
         }
Petr Šabata 81d24c
     }
Petr Šabata 81d24c
-    pamsshagentauth_key_free(found);
Petr Šabata 81d24c
+    free(line);
Petr Šabata 81d24c
+    sshkey_free(found);
Petr Šabata 81d24c
     if(!found_key)
Petr Šabata 81d24c
-        pamsshagentauth_verbose("key not found");
Petr Šabata 81d24c
+        verbose("key not found");
Petr Šabata 81d24c
     return found_key;
Petr Šabata 81d24c
 }
Petr Šabata 81d24c
 
Petr Šabata 81d24c
@@ -120,19 +123,19 @@ pamsshagentauth_check_authkeys_file(FILE
Petr Šabata 81d24c
  * returns 1 if the key is allowed or 0 otherwise.
Petr Šabata 81d24c
  */
Petr Šabata 81d24c
 int
Petr Šabata 81d24c
-pamsshagentauth_user_key_allowed2(struct passwd *pw, Key * key, char *file)
Petr Šabata 81d24c
+pamsshagentauth_user_key_allowed2(struct passwd *pw, struct sshkey * key, char *file)
Petr Šabata 81d24c
 {
Petr Šabata 81d24c
     FILE *f;
Petr Šabata 81d24c
     int found_key = 0;
Petr Šabata 81d24c
     struct stat st;
Petr Šabata 81d24c
-    char buf[SSH_MAX_PUBKEY_BYTES];
Petr Šabata 81d24c
+    char buf[256];
Petr Šabata 81d24c
 
Petr Šabata 81d24c
     /* Temporarily use the user's uid. */
Petr Šabata 81d24c
-    pamsshagentauth_verbose("trying public key file %s", file);
Petr Šabata 81d24c
+    verbose("trying public key file %s", file);
Petr Šabata 81d24c
 
Petr Šabata 81d24c
     /* Fail not so quietly if file does not exist */
Petr Šabata 81d24c
     if(stat(file, &st) < 0) {
Petr Šabata 81d24c
-        pamsshagentauth_verbose("File not found: %s", file);
Petr Šabata 81d24c
+        verbose("File not found: %s", file);
Petr Šabata 81d24c
         return 0;
Petr Šabata 81d24c
     }
Petr Šabata 81d24c
 
Petr Šabata 81d24c
@@ -144,7 +147,7 @@ pamsshagentauth_user_key_allowed2(struct
Petr Šabata 81d24c
 
Petr Šabata 81d24c
     if(pamsshagentauth_secure_filename(f, file, pw, buf, sizeof(buf)) != 0) {
Petr Šabata 81d24c
         fclose(f);
Petr Šabata 81d24c
-        pamsshagentauth_logit("Authentication refused: %s", buf);
Petr Šabata 81d24c
+        logit("Authentication refused: %s", buf);
Petr Šabata 81d24c
         return 0;
Petr Šabata 81d24c
     }
Petr Šabata 81d24c
 
Petr Šabata 81d24c
@@ -160,7 +163,7 @@ pamsshagentauth_user_key_allowed2(struct
Petr Šabata 81d24c
 int
Petr Šabata 81d24c
 pamsshagentauth_user_key_command_allowed2(char *authorized_keys_command,
Petr Šabata 81d24c
                           char *authorized_keys_command_user,
Petr Šabata 81d24c
-                          struct passwd *user_pw, Key * key)
Petr Šabata 81d24c
+                          struct passwd *user_pw, struct sshkey * key)
Petr Šabata 81d24c
 {
Petr Šabata 81d24c
     FILE *f;
Petr Šabata 81d24c
     int ok, found_key = 0;
Petr Šabata 81d24c
@@ -187,44 +190,44 @@ pamsshagentauth_user_key_command_allowed
Petr Šabata 81d24c
     else {
Petr Šabata 81d24c
         pw = getpwnam(authorized_keys_command_user);
Petr Šabata 81d24c
         if(pw == NULL) {
Petr Šabata 81d24c
-            pamsshagentauth_logerror("authorized_keys_command_user \"%s\" not found: %s",
Petr Šabata 81d24c
+            error("authorized_keys_command_user \"%s\" not found: %s",
Petr Šabata 81d24c
                  authorized_keys_command_user, strerror(errno));
Petr Šabata 81d24c
             return 0;
Petr Šabata 81d24c
         }
Petr Šabata 81d24c
     }
Petr Šabata 81d24c
 
Petr Šabata 81d24c
-    pamsshagentauth_temporarily_use_uid(pw);
Petr Šabata 81d24c
+    temporarily_use_uid(pw);
Petr Šabata 81d24c
 
Petr Šabata 81d24c
     if(stat(authorized_keys_command, &st) < 0) {
Petr Šabata 81d24c
-        pamsshagentauth_logerror
Petr Šabata 81d24c
+        error
Petr Šabata 81d24c
             ("Could not stat AuthorizedKeysCommand \"%s\": %s",
Petr Šabata 81d24c
              authorized_keys_command, strerror(errno));
Petr Šabata 81d24c
         goto out;
Petr Šabata 81d24c
     }
Petr Šabata 81d24c
     if(pamsshagentauth_auth_secure_path
Petr Šabata 81d24c
        (authorized_keys_command, &st, NULL, 0, errmsg, sizeof(errmsg)) != 0) {
Petr Šabata 81d24c
-        pamsshagentauth_logerror("Unsafe AuthorizedKeysCommand: %s", errmsg);
Petr Šabata 81d24c
+        error("Unsafe AuthorizedKeysCommand: %s", errmsg);
Petr Šabata 81d24c
         goto out;
Petr Šabata 81d24c
     }
Petr Šabata 81d24c
 
Petr Šabata 81d24c
     /* open the pipe and read the keys */
Petr Šabata 81d24c
     if(pipe(p) != 0) {
Petr Šabata 81d24c
-        pamsshagentauth_logerror("%s: pipe: %s", __func__, strerror(errno));
Petr Šabata 81d24c
+        error("%s: pipe: %s", __func__, strerror(errno));
Petr Šabata 81d24c
         goto out;
Petr Šabata 81d24c
     }
Petr Šabata 81d24c
 
Petr Šabata 81d24c
-    pamsshagentauth_debug("Running AuthorizedKeysCommand: \"%s\" as \"%s\" with argument: \"%s\"",
Petr Šabata 81d24c
+    debug("Running AuthorizedKeysCommand: \"%s\" as \"%s\" with argument: \"%s\"",
Petr Šabata 81d24c
                           authorized_keys_command, pw->pw_name, username);
Petr Šabata 81d24c
 
Petr Šabata 81d24c
     /* 
Petr Šabata 81d24c
      * Don't want to call this in the child, where it can fatal() and
Petr Šabata 81d24c
      * run cleanup_exit() code.
Petr Šabata 81d24c
      */
Petr Šabata 81d24c
-    pamsshagentauth_restore_uid();
Petr Šabata 81d24c
+    restore_uid();
Petr Šabata 81d24c
 
Petr Šabata 81d24c
     switch ((pid = fork())) {
Petr Šabata 81d24c
     case -1:                                              /* error */
Petr Šabata 81d24c
-        pamsshagentauth_logerror("%s: fork: %s", __func__, strerror(errno));
Petr Šabata 81d24c
+        error("%s: fork: %s", __func__, strerror(errno));
Petr Šabata 81d24c
         close(p[0]);
Petr Šabata 81d24c
         close(p[1]);
Petr Šabata 81d24c
         return 0;
Petr Šabata 81d24c
@@ -234,13 +237,13 @@ pamsshagentauth_user_key_command_allowed
Petr Šabata 81d24c
 
Petr Šabata 81d24c
         /* do this before the setresuid so thta they can be logged */
Petr Šabata 81d24c
         if((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) {
Petr Šabata 81d24c
-            pamsshagentauth_logerror("%s: open %s: %s", __func__, _PATH_DEVNULL,
Petr Šabata 81d24c
+            error("%s: open %s: %s", __func__, _PATH_DEVNULL,
Petr Šabata 81d24c
                                      strerror(errno));
Petr Šabata 81d24c
             _exit(1);
Petr Šabata 81d24c
         }
Petr Šabata 81d24c
         if(dup2(devnull, STDIN_FILENO) == -1 || dup2(p[1], STDOUT_FILENO) == -1
Petr Šabata 81d24c
            || dup2(devnull, STDERR_FILENO) == -1) {
Petr Šabata 81d24c
-            pamsshagentauth_logerror("%s: dup2: %s", __func__, strerror(errno));
Petr Šabata 81d24c
+            error("%s: dup2: %s", __func__, strerror(errno));
Petr Šabata 81d24c
             _exit(1);
Petr Šabata 81d24c
         }
Petr Šabata 81d24c
 #if defined(HAVE_SETRESGID) && !defined(BROKEN_SETRESGID)
Petr Šabata 81d24c
@@ -248,7 +251,7 @@ pamsshagentauth_user_key_command_allowed
Petr Šabata 81d24c
 #else
Petr Šabata 81d24c
         if (setgid(pw->pw_gid) != 0 || setegid(pw->pw_gid) != 0) {
Petr Šabata 81d24c
 #endif
Petr Šabata 81d24c
-            pamsshagentauth_logerror("setresgid %u: %s", (u_int) pw->pw_gid,
Petr Šabata 81d24c
+            error("setresgid %u: %s", (u_int) pw->pw_gid,
Petr Šabata 81d24c
                                      strerror(errno));
Petr Šabata 81d24c
             _exit(1);
Petr Šabata 81d24c
         }
Petr Šabata 81d24c
@@ -258,7 +261,7 @@ pamsshagentauth_user_key_command_allowed
Petr Šabata 81d24c
 #else
Petr Šabata 81d24c
         if (setuid(pw->pw_uid) != 0 || seteuid(pw->pw_uid) != 0) {
Petr Šabata 81d24c
 #endif
Petr Šabata 81d24c
-            pamsshagentauth_logerror("setresuid %u: %s", (u_int) pw->pw_uid,
Petr Šabata 81d24c
+            error("setresuid %u: %s", (u_int) pw->pw_uid,
Petr Šabata 81d24c
                                      strerror(errno));
Petr Šabata 81d24c
             _exit(1);
Petr Šabata 81d24c
         }
Petr Šabata 81d24c
@@ -270,18 +273,18 @@ pamsshagentauth_user_key_command_allowed
Petr Šabata 81d24c
 
Petr Šabata 81d24c
         /* pretty sure this will barf because we are now suid, but since we
Petr Šabata 81d24c
            should't reach this anyway, I'll leave it here */
Petr Šabata 81d24c
-        pamsshagentauth_logerror("AuthorizedKeysCommand %s exec failed: %s",
Petr Šabata 81d24c
+        error("AuthorizedKeysCommand %s exec failed: %s",
Petr Šabata 81d24c
                                  authorized_keys_command, strerror(errno));
Petr Šabata 81d24c
         _exit(127);
Petr Šabata 81d24c
     default:                                              /* parent */
Petr Šabata 81d24c
         break;
Petr Šabata 81d24c
     }
Petr Šabata 81d24c
 
Petr Šabata 81d24c
-    pamsshagentauth_temporarily_use_uid(pw);
Petr Šabata 81d24c
+    temporarily_use_uid(pw);
Petr Šabata 81d24c
 
Petr Šabata 81d24c
     close(p[1]);
Petr Šabata 81d24c
     if((f = fdopen(p[0], "r")) == NULL) {
Petr Šabata 81d24c
-        pamsshagentauth_logerror("%s: fdopen: %s", __func__, strerror(errno));
Petr Šabata 81d24c
+        error("%s: fdopen: %s", __func__, strerror(errno));
Petr Šabata 81d24c
         close(p[0]);
Petr Šabata 81d24c
         /* Don't leave zombie child */
Petr Šabata 81d24c
         while(waitpid(pid, NULL, 0) == -1 && errno == EINTR);
Petr Šabata 81d24c
@@ -292,22 +295,22 @@ pamsshagentauth_user_key_command_allowed
Petr Šabata 81d24c
 
Petr Šabata 81d24c
     while(waitpid(pid, &status, 0) == -1) {
Petr Šabata 81d24c
         if(errno != EINTR) {
Petr Šabata 81d24c
-            pamsshagentauth_logerror("%s: waitpid: %s", __func__,
Petr Šabata 81d24c
+            error("%s: waitpid: %s", __func__,
Petr Šabata 81d24c
                                      strerror(errno));
Petr Šabata 81d24c
             goto out;
Petr Šabata 81d24c
         }
Petr Šabata 81d24c
     }
Petr Šabata 81d24c
     if(WIFSIGNALED(status)) {
Petr Šabata 81d24c
-        pamsshagentauth_logerror("AuthorizedKeysCommand %s exited on signal %d",
Petr Šabata 81d24c
+        error("AuthorizedKeysCommand %s exited on signal %d",
Petr Šabata 81d24c
                                  authorized_keys_command, WTERMSIG(status));
Petr Šabata 81d24c
         goto out;
Petr Šabata 81d24c
     } else if(WEXITSTATUS(status) != 0) {
Petr Šabata 81d24c
-        pamsshagentauth_logerror("AuthorizedKeysCommand %s returned status %d",
Petr Šabata 81d24c
+        error("AuthorizedKeysCommand %s returned status %d",
Petr Šabata 81d24c
                                  authorized_keys_command, WEXITSTATUS(status));
Petr Šabata 81d24c
         goto out;
Petr Šabata 81d24c
     }
Petr Šabata 81d24c
     found_key = ok;
Petr Šabata 81d24c
   out:
Petr Šabata 81d24c
-    pamsshagentauth_restore_uid();
Petr Šabata 81d24c
+    restore_uid();
Petr Šabata 81d24c
     return found_key;
Petr Šabata 81d24c
 }
Petr Šabata 81d24c
diff -up openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_key_allowed2.h.psaa-compat openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_key_allowed2.h
Petr Šabata 81d24c
--- openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_key_allowed2.h.psaa-compat	2019-07-08 18:36:13.000000000 +0200
Petr Šabata 81d24c
+++ openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_key_allowed2.h	2020-09-23 10:52:16.424001475 +0200
Petr Šabata 81d24c
@@ -32,7 +32,7 @@
Petr Šabata 81d24c
 #define _PAM_USER_KEY_ALLOWED_H
Petr Šabata 81d24c
 
Petr Šabata 81d24c
 #include "identity.h"
Petr Šabata 81d24c
-int pamsshagentauth_user_key_allowed2(struct passwd *, Key *, char *);
Petr Šabata 81d24c
-int pamsshagentauth_user_key_command_allowed2(char *, char *, struct passwd *, Key *);
Petr Šabata 81d24c
+int pamsshagentauth_user_key_allowed2(struct passwd *, struct sshkey *, char *);
Petr Šabata 81d24c
+int pamsshagentauth_user_key_command_allowed2(char *, char *, struct passwd *, struct sshkey *);
Petr Šabata 81d24c
 
Petr Šabata 81d24c
 #endif
Petr Šabata 81d24c
diff -up openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/secure_filename.c.psaa-compat openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/secure_filename.c
Petr Šabata 81d24c
--- openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/secure_filename.c.psaa-compat	2019-07-08 18:36:13.000000000 +0200
Petr Šabata 81d24c
+++ openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/secure_filename.c	2020-09-23 10:52:16.424001475 +0200
Petr Šabata 81d24c
@@ -53,8 +53,8 @@
Petr Šabata 81d24c
 #include "xmalloc.h"
Petr Šabata 81d24c
 #include "match.h"
Petr Šabata 81d24c
 #include "log.h"
Petr Šabata 81d24c
-#include "buffer.h"
Petr Šabata 81d24c
-#include "key.h"
Petr Šabata 81d24c
+#include "sshbuf.h"
Petr Šabata 81d24c
+#include "sshkey.h"
Petr Šabata 81d24c
 #include "misc.h"
Petr Šabata 81d24c
 
Petr Šabata 81d24c
 
Petr Šabata 81d24c
@@ -80,7 +80,7 @@ pamsshagentauth_auth_secure_path(const c
Petr Šabata 81d24c
 	int comparehome = 0;
Petr Šabata 81d24c
 	struct stat st;
Petr Šabata 81d24c
 
Petr Šabata 81d24c
-    pamsshagentauth_verbose("auth_secure_filename: checking for uid: %u", uid);
Petr Šabata 81d24c
+    verbose("auth_secure_filename: checking for uid: %u", uid);
Petr Šabata 81d24c
 
Petr Šabata 81d24c
 	if (realpath(name, buf) == NULL) {
Petr Šabata 81d24c
 		snprintf(err, errlen, "realpath %s failed: %s", name,
Petr Šabata 81d24c
@@ -115,9 +115,9 @@ pamsshagentauth_auth_secure_path(const c
Petr Šabata 81d24c
 			snprintf(err, errlen, "dirname() failed");
Petr Šabata 81d24c
 			return -1;
Petr Šabata 81d24c
 		}
Petr Šabata 81d24c
-		pamsshagentauth_strlcpy(buf, cp, sizeof(buf));
Petr Šabata 81d24c
+		strlcpy(buf, cp, sizeof(buf));
Petr Šabata 81d24c
 
Petr Šabata 81d24c
-		pamsshagentauth_verbose("secure_filename: checking '%s'", buf);
Petr Šabata 81d24c
+		verbose("secure_filename: checking '%s'", buf);
Petr Šabata 81d24c
 		if (stat(buf, &st) < 0 ||
Petr Šabata 81d24c
 		    (st.st_uid != 0 && st.st_uid != uid) ||
Petr Šabata 81d24c
 		    (st.st_mode & 022) != 0) {
Petr Šabata 81d24c
@@ -128,7 +128,7 @@ pamsshagentauth_auth_secure_path(const c
Petr Šabata 81d24c
 
Petr Šabata 81d24c
 		/* If are passed the homedir then we can stop */
Petr Šabata 81d24c
 		if (comparehome && strcmp(homedir, buf) == 0) {
Petr Šabata 81d24c
-			pamsshagentauth_verbose("secure_filename: terminating check at '%s'",
Petr Šabata 81d24c
+			verbose("secure_filename: terminating check at '%s'",
Petr Šabata 81d24c
 			    buf);
Petr Šabata 81d24c
 			break;
Petr Šabata 81d24c
 		}
Petr Šabata 81d24c
diff -up openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_id.c.psaa-compat openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_id.c
Petr Šabata 81d24c
--- openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_id.c.psaa-compat	2019-07-08 18:36:13.000000000 +0200
Petr Šabata 81d24c
+++ openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_id.c	2020-09-23 10:52:16.424001475 +0200
Petr Šabata 81d24c
@@ -37,10 +37,11 @@
Petr Šabata 81d24c
 #include "xmalloc.h"
Petr Šabata 81d24c
 #include "ssh.h"
Petr Šabata 81d24c
 #include "ssh2.h"
Petr Šabata 81d24c
-#include "buffer.h"
Petr Šabata 81d24c
+#include "sshbuf.h"
Petr Šabata 81d24c
 #include "log.h"
Petr Šabata 81d24c
 #include "compat.h"
Petr Šabata 81d24c
-#include "key.h"
Petr Šabata 81d24c
+#include "sshkey.h"
Petr Šabata 81d24c
+#include "ssherr.h"
Petr Šabata 81d24c
 #include "pathnames.h"
Petr Šabata 81d24c
 #include "misc.h"
Petr Šabata 81d24c
 #include "secure_filename.h"
Petr Šabata 81d24c
@@ -48,54 +49,59 @@
Petr Šabata 81d24c
 #include "identity.h"
Petr Šabata 81d24c
 #include "pam_user_authorized_keys.h"
Petr Šabata 81d24c
 
Petr Šabata 81d24c
+#define SSH2_MSG_USERAUTH_TRUST_REQUEST          54
Petr Šabata 81d24c
+
Petr Šabata 81d24c
 /* extern u_char  *session_id2;
Petr Šabata 81d24c
 extern uint8_t  session_id_len;
Petr Šabata 81d24c
  */
Petr Šabata 81d24c
 
Petr Šabata 81d24c
 int
Petr Šabata 81d24c
-userauth_pubkey_from_id(const char *ruser, Identity * id, Buffer * session_id2)
Petr Šabata 81d24c
+userauth_pubkey_from_id(const char *ruser, Identity * id, struct sshbuf * session_id2)
Petr Šabata 81d24c
 {
Petr Šabata 81d24c
-    Buffer          b = { 0 };
Petr Šabata 81d24c
+    struct sshbuf  *b = NULL;
Petr Šabata 81d24c
     char           *pkalg = NULL;
Petr Šabata 81d24c
     u_char         *pkblob = NULL, *sig = NULL;
Petr Šabata 81d24c
-    u_int           blen = 0, slen = 0;
Petr Šabata 81d24c
-    int             authenticated = 0;
Petr Šabata 81d24c
+    size_t          blen = 0, slen = 0;
Petr Šabata 81d24c
+    int             r, authenticated = 0;
Petr Šabata 81d24c
 
Petr Šabata 81d24c
-    pkalg = (char *) key_ssh_name(id->key);
Petr Šabata 81d24c
+    pkalg = (char *) sshkey_ssh_name(id->key);
Petr Šabata 81d24c
 
Petr Šabata 81d24c
     /* first test if this key is even allowed */
Petr Šabata 81d24c
     if(! pam_user_key_allowed(ruser, id->key))
Petr Šabata 81d24c
-        goto user_auth_clean_exit;
Petr Šabata 81d24c
+        goto user_auth_clean_exit_without_buffer;
Petr Šabata 81d24c
 
Petr Šabata 81d24c
-    if(pamsshagentauth_key_to_blob(id->key, &pkblob, &blen) == 0)
Petr Šabata 81d24c
-        goto user_auth_clean_exit;
Petr Šabata 81d24c
+    if(sshkey_to_blob(id->key, &pkblob, &blen) != 0)
Petr Šabata 81d24c
+        goto user_auth_clean_exit_without_buffer;
Petr Šabata 81d24c
 
Petr Šabata 81d24c
     /* construct packet to sign and test */
Petr Šabata 81d24c
-    pamsshagentauth_buffer_init(&b);
Petr Šabata 81d24c
+    if ((b = sshbuf_new()) == NULL)
Petr Šabata 81d24c
+        fatal("%s: sshbuf_new failed", __func__);
Petr Šabata 81d24c
 
Petr Šabata 81d24c
-    pamsshagentauth_buffer_put_string(&b, session_id2->buf + session_id2->offset, session_id2->end - session_id2->offset);
Petr Šabata 81d24c
-    pamsshagentauth_buffer_put_char(&b, SSH2_MSG_USERAUTH_TRUST_REQUEST); 
Petr Šabata 81d24c
-    pamsshagentauth_buffer_put_cstring(&b, ruser);
Petr Šabata 81d24c
-    pamsshagentauth_buffer_put_cstring(&b, "pam_ssh_agent_auth");
Petr Šabata 81d24c
-    pamsshagentauth_buffer_put_cstring(&b, "publickey");
Petr Šabata 81d24c
-    pamsshagentauth_buffer_put_char(&b, 1);
Petr Šabata 81d24c
-    pamsshagentauth_buffer_put_cstring(&b, pkalg);
Petr Šabata 81d24c
-    pamsshagentauth_buffer_put_string(&b, pkblob, blen);
Petr Šabata 81d24c
+    if ((r = sshbuf_put_string(b, sshbuf_ptr(session_id2), sshbuf_len(session_id2))) != 0 ||
Petr Šabata 81d24c
+        (r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_TRUST_REQUEST)) != 0 ||
Petr Šabata 81d24c
+        (r = sshbuf_put_cstring(b, ruser)) != 0 ||
Petr Šabata 81d24c
+        (r = sshbuf_put_cstring(b, "pam_ssh_agent_auth")) != 0 ||
Petr Šabata 81d24c
+        (r = sshbuf_put_cstring(b, "publickey")) != 0 ||
Petr Šabata 81d24c
+        (r = sshbuf_put_u8(b, 1)) != 0 ||
Petr Šabata 81d24c
+        (r = sshbuf_put_cstring(b, pkalg)) != 0 ||
Petr Šabata 81d24c
+        (r = sshbuf_put_string(b, pkblob, blen)) != 0)
Petr Šabata 81d24c
+        fatal("%s: buffer error: %s", __func__, ssh_err(r));
Petr Šabata 81d24c
 
Petr Šabata 81d24c
-    if(ssh_agent_sign(id->ac, id->key, &sig, &slen, pamsshagentauth_buffer_ptr(&b), pamsshagentauth_buffer_len(&b)) != 0)
Petr Šabata 81d24c
+    if (ssh_agent_sign(id->ac, id->key, &sig, &slen, sshbuf_ptr(b), sshbuf_len(b)) != 0)
Petr Šabata 81d24c
         goto user_auth_clean_exit;
Petr Šabata 81d24c
 
Petr Šabata 81d24c
     /* test for correct signature */
Petr Šabata 81d24c
-    if(pamsshagentauth_key_verify(id->key, sig, slen, pamsshagentauth_buffer_ptr(&b), pamsshagentauth_buffer_len(&b)) == 1)
Petr Šabata 81d24c
+    if (sshkey_verify(id->key, sig, slen, sshbuf_ptr(b), sshbuf_len(b), NULL, 0, NULL) == 0)
Petr Šabata 81d24c
         authenticated = 1;
Petr Šabata 81d24c
 
Petr Šabata 81d24c
   user_auth_clean_exit:
Petr Šabata 81d24c
     /* if(&b != NULL) */
Petr Šabata 81d24c
-    pamsshagentauth_buffer_free(&b);
Petr Šabata 81d24c
+    sshbuf_free(b);
Petr Šabata 81d24c
+  user_auth_clean_exit_without_buffer:
Petr Šabata 81d24c
     if(sig != NULL)
Petr Šabata 81d24c
-        pamsshagentauth_xfree(sig);
Petr Šabata 81d24c
+        free(sig);
Petr Šabata 81d24c
     if(pkblob != NULL)
Petr Šabata 81d24c
-        pamsshagentauth_xfree(pkblob);
Petr Šabata 81d24c
+        free(pkblob);
Petr Šabata 81d24c
     CRYPTO_cleanup_all_ex_data();
Petr Šabata 81d24c
     return authenticated;
Petr Šabata 81d24c
 }
Petr Šabata 81d24c
diff -up openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_id.h.psaa-compat openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_id.h
Petr Šabata 81d24c
--- openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_id.h.psaa-compat	2019-07-08 18:36:13.000000000 +0200
Petr Šabata 81d24c
+++ openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_id.h	2020-09-23 10:52:16.424001475 +0200
Petr Šabata 81d24c
@@ -31,7 +31,7 @@
Petr Šabata 81d24c
 #ifndef _USERAUTH_PUBKEY_FROM_ID_H
Petr Šabata 81d24c
 #define _USERAUTH_PUBKEY_FROM_ID_H
Petr Šabata 81d24c
 
Petr Šabata 81d24c
-#include <identity.h>
Petr Šabata 81d24c
-int userauth_pubkey_from_id(const char *, Identity *, Buffer *);
Petr Šabata 81d24c
+#include "identity.h"
Petr Šabata 81d24c
+int userauth_pubkey_from_id(const char *, Identity *, struct sshbuf *);
Petr Šabata 81d24c
 
Petr Šabata 81d24c
 #endif
Petr Šabata 81d24c
diff -up openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/uuencode.c.psaa-compat openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/uuencode.c
Petr Šabata 81d24c
--- openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/uuencode.c.psaa-compat	2019-07-08 18:36:13.000000000 +0200
Petr Šabata 81d24c
+++ openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/uuencode.c	2020-09-23 10:52:16.424001475 +0200
Petr Šabata 81d24c
@@ -56,7 +56,7 @@ pamsshagentauth_uudecode(const char *src
Petr Šabata 81d24c
 	/* and remove trailing whitespace because __b64_pton needs this */
Petr Šabata 81d24c
 	*p = '\0';
Petr Šabata 81d24c
 	len = pamsshagentauth___b64_pton(encoded, target, targsize);
Petr Šabata 81d24c
-	pamsshagentauth_xfree(encoded);
Petr Šabata 81d24c
+	xfree(encoded);
Petr Šabata 81d24c
 	return len;
Petr Šabata 81d24c
 }
Petr Šabata 81d24c
 
Petr Šabata 81d24c
@@ -70,7 +70,7 @@ pamsshagentauth_dump_base64(FILE *fp, co
Petr Šabata 81d24c
 		fprintf(fp, "dump_base64: len > 65536\n");
Petr Šabata 81d24c
 		return;
Petr Šabata 81d24c
 	}
Petr Šabata 81d24c
-	buf = pamsshagentauth_xmalloc(2*len);
Petr Šabata 81d24c
+	buf = malloc(2*len);
Petr Šabata 81d24c
 	n = pamsshagentauth_uuencode(data, len, buf, 2*len);
Petr Šabata 81d24c
 	for (i = 0; i < n; i++) {
Petr Šabata 81d24c
 		fprintf(fp, "%c", buf[i]);
Petr Šabata 81d24c
@@ -79,5 +79,5 @@ pamsshagentauth_dump_base64(FILE *fp, co
Petr Šabata 81d24c
 	}
Petr Šabata 81d24c
 	if (i % 70 != 69)
Petr Šabata 81d24c
 		fprintf(fp, "\n");
Petr Šabata 81d24c
-	pamsshagentauth_xfree(buf);
Petr Šabata 81d24c
+	free(buf);
Petr Šabata 81d24c
 }
Petr Šabata 81d24c
--- openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_pam.c.compat	2020-09-23 11:32:30.783695267 +0200
Petr Šabata 81d24c
+++ openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_pam.c	2020-09-23 11:33:21.383389036 +0200
Petr Šabata 81d24c
@@ -33,7 +33,8 @@
Petr Šabata 81d24c
 #include <string.h>
Petr Šabata 81d24c
 
Petr Šabata 81d24c
 #include "defines.h"
Petr Šabata 81d24c
-#include "key.h"
Petr Šabata 81d24c
+#include <includes.h>
Petr Šabata 81d24c
+#include "sshkey.h"
Petr Šabata 81d24c
 #include "log.h"
Petr Šabata 81d24c
 
Petr Šabata 81d24c
 #include "pam_user_authorized_keys.h"
Petr Šabata 81d24c
@@ -42,28 +42,28 @@
Petr Šabata 81d24c
     int authenticated = 0;
Petr Šabata 81d24c
     const char method[] = "publickey ";
Petr Šabata 81d24c
 
Petr Šabata 81d24c
-    char* ai = pamsshagentauth_xstrdup(ssh_auth_info);
Petr Šabata 81d24c
+    char* ai = xstrdup(ssh_auth_info);
Petr Šabata 81d24c
     char* saveptr;
Petr Šabata 81d24c
 
Petr Šabata 81d24c
     char* auth_line = strtok_r(ai, "\n", &saveptr);
Petr Šabata 81d24c
     while (auth_line != NULL) {
Petr Šabata 81d24c
         if (strncmp(auth_line, method, sizeof(method) - 1) == 0) {
Petr Šabata 81d24c
             char* key_str = auth_line + sizeof(method) - 1;
Petr Šabata 81d24c
-            Key* key = pamsshagentauth_key_new(KEY_UNSPEC);
Petr Šabata 81d24c
+            struct sshkey* key = sshkey_new(KEY_UNSPEC);
Petr Šabata 81d24c
             if (key == NULL) {
Petr Šabata 81d24c
                 continue;
Petr Šabata 81d24c
             }
Petr Šabata 81d24c
-            int r = pamsshagentauth_key_read(key, &key_str);
Petr Šabata 81d24c
+            int r = sshkey_read(key, &key_str);
Petr Šabata 81d24c
             if (r == 1) {
Petr Šabata 81d24c
                 if (pam_user_key_allowed(ruser, key)) {
Petr Šabata 81d24c
                     authenticated = 1;
Petr Šabata 81d24c
-                    pamsshagentauth_key_free(key);
Petr Šabata 81d24c
+                    sshkey_free(key);
Petr Šabata 81d24c
                     break;
Petr Šabata 81d24c
                 }
Petr Šabata 81d24c
             } else {
Petr Šabata 81d24c
-                pamsshagentauth_verbose("Failed to create key for %s: %d", auth_line, r);
Petr Šabata 81d24c
+                verbose("Failed to create key for %s: %d", auth_line, r);
Petr Šabata 81d24c
             }
Petr Šabata 81d24c
-            pamsshagentauth_key_free(key);
Petr Šabata 81d24c
+            sshkey_free(key);
Petr Šabata 81d24c
         }
Petr Šabata 81d24c
         auth_line = strtok_r(NULL, "\n", &saveptr);
Petr Šabata 81d24c
     }