vishalmishra434 / rpms / openssh

Forked from rpms/openssh a month ago
Clone
Source Code
GIT

Blame openssh-5.8p1-keycat.patch

c10s-sig-hyperscale c10s-sig-hyperscale-2 c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   0d4fd5772986e5d73d2ecf23826c49cc1c91f6b0
  2.   openssh-5.8p1-keycat.patch
Blob History Raw
Jan F 825921 
diff -up openssh-5.8p1/auth2-pubkey.c.keycat openssh-5.8p1/auth2-pubkey.c
Jan F ffd063 
--- openssh-5.8p1/auth2-pubkey.c.keycat	2011-03-09 09:03:37.000000000 +0100
Jan F ffd063 
+++ openssh-5.8p1/auth2-pubkey.c	2011-03-09 09:03:40.000000000 +0100
Jan F 825921 
@@ -579,6 +579,14 @@ user_key_via_command_allowed2(struct pas
Jan F 825921 
 			close(i);
Jan F 825921 
 		}
Jan F 825921
Jan F 825921 
+#ifdef WITH_SELINUX
Jan F 825921 
+		if (ssh_selinux_setup_env_variables() < 0) {
Jan F 825921 
+			error ("failed to copy environment:  %s",
Jan F 825921 
+			    strerror(errno));
Jan F 825921 
+			_exit(127);
Jan F 825921 
+		}
Jan F 825921 
+#endif
Jan F 825921 
+
Jan F 825921 
 		execl(options.authorized_keys_command, options.authorized_keys_command, pw->pw_name, NULL);
Jan F 825921
Jan F 825921 
 		/* if we got here, it didn't work */
Jan F 825921 
diff -up openssh-5.8p1/HOWTO.ssh-keycat.keycat openssh-5.8p1/HOWTO.ssh-keycat
Jan F ffd063 
--- openssh-5.8p1/HOWTO.ssh-keycat.keycat	2011-03-09 09:03:40.000000000 +0100
Jan F ffd063 
+++ openssh-5.8p1/HOWTO.ssh-keycat	2011-03-08 12:19:07.000000000 +0100
Jan F 3388c0 
@@ -0,0 +1,12 @@
Jan F ffd063 
+The ssh-keycat retrieves the content of the ~/.ssh/authorized_keys
Jan F ffd063 
+of an user in any environment. This includes environments with
Jan F ffd063 
+polyinstantiation of home directories and SELinux MLS policy enabled.
Jan F 825921 
+
Jan F ffd063 
+To use ssh-keycat, set these options in /etc/ssh/sshd_config file:
Jan F 91d3b3 
+        AuthorizedKeysCommand /usr/libexec/openssh/ssh-keycat
Jan F ffd063 
+        AuthorizedKeysCommandRunAs root
Jan F 825921 
+
Jan F ffd063 
+Do not forget to enable public key authentication:
Jan F ffd063 
+        PubkeyAuthentication yes
Jan F 825921 
+
Jan F 825921 
+
Jan F 04fc86 
diff -up openssh-5.8p1/Makefile.in.keycat openssh-5.8p1/Makefile.in
Jan F ffd063 
--- openssh-5.8p1/Makefile.in.keycat	2011-03-09 09:03:39.000000000 +0100
Jan F ffd063 
+++ openssh-5.8p1/Makefile.in	2011-03-09 09:03:40.000000000 +0100
Jan F 04fc86 
@@ -28,6 +28,7 @@ SSH_KEYSIGN=$(libexecdir)/ssh-keysign
Jan F 04fc86 
 SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
Jan F 04fc86 
 SSH_LDAP_HELPER=$(libexecdir)/ssh-ldap-helper
Jan F 04fc86 
 SSH_LDAP_WRAPPER=$(libexecdir)/ssh-ldap-wrapper
Jan F 04fc86 
+SSH_KEYCAT=$(libexecdir)/ssh-keycat
Jan F 04fc86 
 RAND_HELPER=$(libexecdir)/ssh-rand-helper
Jan F 04fc86 
 PRIVSEP_PATH=@PRIVSEP_PATH@
Jan F 04fc86 
 SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
Jan F 04fc86 
@@ -67,7 +68,7 @@ INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_
Jan F 04fc86 
 INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@
Jan F 04fc86 
 INSTALL_SSH_LDAP_HELPER=@INSTALL_SSH_LDAP_HELPER@
Jan F 04fc86
Jan F 04fc86 
-TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT)
Jan F 04fc86 
+TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT) ssh-keycat$(EXEEXT)
Jan F 04fc86
Jan F 04fc86 
 LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \
Jan F 04fc86 
 	canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \
Jan F 825921 
@@ -172,6 +173,9 @@ ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT)
Jan F 04fc86 
 ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o
Jan F 04fc86 
 	$(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
Jan F 04fc86
Jan F 04fc86 
+ssh-keycat$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keycat.o
Jan F 04fc86 
+	$(LD) -o $@ ssh-keycat.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(SSHDLIBS)
Jan F 04fc86 
+
Jan F 04fc86 
 ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o
Jan F 04fc86 
 	$(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(LIBS)
Jan F 04fc86
Jan F 825921 
@@ -280,6 +284,7 @@ install-files:
Jan F 04fc86 
 		$(INSTALL) -m 0700 $(STRIP_OPT) ssh-ldap-helper $(DESTDIR)$(SSH_LDAP_HELPER) ; \
Jan F 04fc86 
 		$(INSTALL) -m 0700 ssh-ldap-wrapper $(DESTDIR)$(SSH_LDAP_WRAPPER) ; \
Jan F 04fc86 
 	fi
Jan F 04fc86 
+	$(INSTALL) -m 0755 $(STRIP_OPT) ssh-keycat$(EXEEXT) $(DESTDIR)$(libexecdir)/ssh-keycat$(EXEEXT)
Jan F 04fc86 
 	$(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
Jan F 04fc86 
 	$(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
Jan F 04fc86 
 	$(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
Jan F 825921 
diff -up openssh-5.8p1/openbsd-compat/port-linux.c.keycat openssh-5.8p1/openbsd-compat/port-linux.c
Jan F ffd063 
--- openssh-5.8p1/openbsd-compat/port-linux.c.keycat	2011-03-09 09:03:38.000000000 +0100
Jan F ffd063 
+++ openssh-5.8p1/openbsd-compat/port-linux.c	2011-03-09 09:03:40.000000000 +0100
Jan F 825921 
@@ -309,7 +309,7 @@ ssh_selinux_getctxbyname(char *pwname,
Jan F 825921
Jan F 825921 
 /* Setup environment variables for pam_selinux */
Jan F 825921 
 static int
Jan F 825921 
-ssh_selinux_setup_pam_variables(void)
Jan F 825921 
+ssh_selinux_setup_variables(int(*set_it)(const char *, const char *))
Jan F 825921 
 {
Jan F 825921 
 	const char *reqlvl;
Jan F 825921 
 	char *role;
Jan F 825921 
@@ -320,16 +320,16 @@ ssh_selinux_setup_pam_variables(void)
Jan F 825921
Jan F 825921 
 	ssh_selinux_get_role_level(&role, &reqlvl);
Jan F 825921
Jan F 825921 
-	rv = do_pam_putenv("SELINUX_ROLE_REQUESTED", role ? role : "");
Jan F 825921 
+	rv = set_it("SELINUX_ROLE_REQUESTED", role ? role : "");
Jan F 825921
Jan F 825921 
 	if (inetd_flag && !rexeced_flag) {
Jan F 825921 
 		use_current = "1";
Jan F 825921 
 	} else {
Jan F 825921 
 		use_current = "";
Jan F 825921 
-		rv = rv || do_pam_putenv("SELINUX_LEVEL_REQUESTED", reqlvl ? reqlvl: "");
Jan F 825921 
+		rv = rv || set_it("SELINUX_LEVEL_REQUESTED", reqlvl ? reqlvl: "");
Jan F 825921 
 	}
Jan F 825921
Jan F 825921 
-	rv = rv || do_pam_putenv("SELINUX_USE_CURRENT_RANGE", use_current);
Jan F 825921 
+	rv = rv || set_it("SELINUX_USE_CURRENT_RANGE", use_current);
Jan F 825921
Jan F 825921 
 	if (role != NULL)
Jan F 825921 
 		xfree(role);
Jan F 825921 
@@ -337,6 +337,24 @@ ssh_selinux_setup_pam_variables(void)
Jan F 825921 
 	return rv;
Jan F 825921 
 }
Jan F 825921
Jan F 825921 
+static int
Jan F 825921 
+ssh_selinux_setup_pam_variables(void)
Jan F 825921 
+{
Jan F 825921 
+	return ssh_selinux_setup_variables(do_pam_putenv);
Jan F 825921 
+}
Jan F 825921 
+
Jan F 825921 
+static int
Jan F 825921 
+do_setenv(char *name, char *value)
Jan F 825921 
+{
Jan F 825921 
+	return setenv(name, value, 1);
Jan F 825921 
+}
Jan F 825921 
+
Jan F 825921 
+int
Jan F 825921 
+ssh_selinux_setup_env_variables(void)
Jan F 825921 
+{
Jan F 825921 
+	return ssh_selinux_setup_variables(do_setenv);
Jan F 825921 
+}
Jan F 825921 
+
Jan F 825921 
 /* Set the execution context to the default for the specified user */
Jan F 825921 
 void
Jan F 825921 
 ssh_selinux_setup_exec_context(char *pwname)
Jan F 04fc86 
diff -up openssh-5.8p1/ssh-keycat.c.keycat openssh-5.8p1/ssh-keycat.c
Jan F ffd063 
--- openssh-5.8p1/ssh-keycat.c.keycat	2011-03-09 09:03:40.000000000 +0100
Jan F ffd063 
+++ openssh-5.8p1/ssh-keycat.c	2011-03-09 09:03:40.000000000 +0100
Jan F 825921 
@@ -0,0 +1,238 @@
Jan F 04fc86 
+/*
Jan F 04fc86 
+ * Redistribution and use in source and binary forms, with or without
Jan F 04fc86 
+ * modification, are permitted provided that the following conditions
Jan F 04fc86 
+ * are met:
Jan F 04fc86 
+ * 1. Redistributions of source code must retain the above copyright
Jan F 04fc86 
+ *    notice, and the entire permission notice in its entirety,
Jan F 04fc86 
+ *    including the disclaimer of warranties.
Jan F 04fc86 
+ * 2. Redistributions in binary form must reproduce the above copyright
Jan F 04fc86 
+ *    notice, this list of conditions and the following disclaimer in the
Jan F 04fc86 
+ *    documentation and/or other materials provided with the distribution.
Jan F 04fc86 
+ * 3. The name of the author may not be used to endorse or promote
Jan F 04fc86 
+ *    products derived from this software without specific prior
Jan F 04fc86 
+ *    written permission.
Jan F 04fc86 
+ *
Jan F 04fc86 
+ * ALTERNATIVELY, this product may be distributed under the terms of
Jan F 04fc86 
+ * the GNU Public License, in which case the provisions of the GPL are
Jan F 04fc86 
+ * required INSTEAD OF the above restrictions.  (This clause is
Jan F 04fc86 
+ * necessary due to a potential bad interaction between the GPL and
Jan F 04fc86 
+ * the restrictions contained in a BSD-style copyright.)
Jan F 04fc86 
+ *
Jan F 04fc86 
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
Jan F 04fc86 
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
Jan F 04fc86 
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
Jan F 04fc86 
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
Jan F 04fc86 
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
Jan F 04fc86 
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
Jan F 04fc86 
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
Jan F 04fc86 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
Jan F 04fc86 
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
Jan F 04fc86 
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
Jan F 04fc86 
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
Jan F 04fc86 
+ */
Jan F 04fc86 
+
Jan F 04fc86 
+/*
Jan F 04fc86 
+ * Copyright (c) 2011 Red Hat, Inc.
Jan F 04fc86 
+ * Written by Tomas Mraz <tmraz@redhat.com>
Jan F 04fc86 
+*/
Jan F 04fc86 
+
Jan F 04fc86 
+#define _GNU_SOURCE
Jan F 04fc86 
+
Jan F 04fc86 
+#include "config.h"
Jan F 04fc86 
+#include <stdio.h>
Jan F 04fc86 
+#include <stdlib.h>
Jan F 04fc86 
+#include <string.h>
Jan F 04fc86 
+#include <sys/types.h>
Jan F 04fc86 
+#include <sys/stat.h>
Jan F 04fc86 
+#include <pwd.h>
Jan F 04fc86 
+#include <fcntl.h>
Jan F 04fc86 
+#include <unistd.h>
Jan F 04fc86 
+
Jan F 04fc86 
+#include <security/pam_appl.h>
Jan F 04fc86 
+
Jan F 04fc86 
+#include "uidswap.h"
Jan F 04fc86 
+#include "misc.h"
Jan F 04fc86 
+
Jan F 04fc86 
+#define ERR_USAGE 1
Jan F 04fc86 
+#define ERR_PAM_START 2
Jan F 04fc86 
+#define ERR_OPEN_SESSION 3
Jan F 04fc86 
+#define ERR_CLOSE_SESSION 4
Jan F 04fc86 
+#define ERR_PAM_END 5
Jan F 04fc86 
+#define ERR_GETPWNAM 6
Jan F 04fc86 
+#define ERR_MEMORY 7
Jan F 04fc86 
+#define ERR_OPEN 8
Jan F 04fc86 
+#define ERR_FILE_MODE 9
Jan F 04fc86 
+#define ERR_FDOPEN 10
Jan F 04fc86 
+#define ERR_STAT 11
Jan F 04fc86 
+#define ERR_WRITE 12
Jan F 825921 
+#define ERR_PAM_PUTENV 13
Jan F 04fc86 
+#define BUFLEN 4096
Jan F 04fc86 
+
Jan F 04fc86 
+/* Just ignore the messages in the conversation function */
Jan F 04fc86 
+static int
Jan F 04fc86 
+dummy_conv(int num_msg, const struct pam_message **msgm,
Jan F 04fc86 
+	   struct pam_response **response, void *appdata_ptr)
Jan F 04fc86 
+{
Jan F 04fc86 
+	struct pam_response *rsp;
Jan F 04fc86 
+
Jan F 04fc86 
+	(void)msgm;
Jan F 04fc86 
+	(void)appdata_ptr;
Jan F 04fc86 
+
Jan F 04fc86 
+	if (num_msg <= 0)
Jan F 04fc86 
+		return PAM_CONV_ERR;
Jan F 04fc86 
+
Jan F 04fc86 
+	/* Just allocate the array as empty responses */
Jan F 04fc86 
+	rsp = calloc (num_msg, sizeof (struct pam_response));
Jan F 04fc86 
+	if (rsp == NULL)
Jan F 04fc86 
+		return PAM_CONV_ERR;
Jan F 04fc86 
+
Jan F 04fc86 
+	*response = rsp;
Jan F 04fc86 
+	return PAM_SUCCESS;
Jan F 04fc86 
+}
Jan F 04fc86 
+
Jan F 04fc86 
+static struct pam_conv conv = {
Jan F 04fc86 
+	dummy_conv,
Jan F 04fc86 
+	NULL
Jan F 04fc86 
+};
Jan F 04fc86 
+
Jan F 04fc86 
+char *
Jan F 04fc86 
+make_auth_keys_name(const struct passwd *pwd)
Jan F 04fc86 
+{
Jan F 04fc86 
+	char *fname;
Jan F 04fc86 
+
Jan F 04fc86 
+	if (asprintf(&fname, "%s/.ssh/authorized_keys", pwd->pw_dir) < 0)
Jan F 04fc86 
+		return NULL;
Jan F 04fc86 
+
Jan F 04fc86 
+	return fname;
Jan F 04fc86 
+}
Jan F 04fc86 
+
Jan F 04fc86 
+int
Jan F 04fc86 
+dump_keys(const char *user)
Jan F 04fc86 
+{
Jan F 04fc86 
+	struct passwd *pwd;
Jan F 04fc86 
+	int fd = -1;
Jan F 04fc86 
+	FILE *f = NULL;
Jan F 04fc86 
+	char *fname = NULL;
Jan F 04fc86 
+	int rv = 0;
Jan F 04fc86 
+	char buf[BUFLEN];
Jan F 04fc86 
+	size_t len;
Jan F 04fc86 
+	struct stat st;
Jan F 04fc86 
+
Jan F 04fc86 
+	if ((pwd = getpwnam(user)) == NULL) {
Jan F 04fc86 
+		return ERR_GETPWNAM;
Jan F 04fc86 
+	}
Jan F 04fc86 
+
Jan F 04fc86 
+	if ((fname = make_auth_keys_name(pwd)) == NULL) {
Jan F 04fc86 
+		return ERR_MEMORY;
Jan F 04fc86 
+	}
Jan F 04fc86 
+
Jan F 04fc86 
+	temporarily_use_uid(pwd);
Jan F 04fc86 
+
Jan F 04fc86 
+	if ((fd = open(fname, O_RDONLY|O_NONBLOCK|O_NOFOLLOW, 0)) < 0) {
Jan F 04fc86 
+		rv = ERR_OPEN;
Jan F 04fc86 
+		goto fail;
Jan F 04fc86 
+	}
Jan F 04fc86 
+
Jan F 04fc86 
+	if (fstat(fd, &st) < 0) {
Jan F 04fc86 
+		rv = ERR_STAT;
Jan F 04fc86 
+		goto fail;
Jan F 04fc86 
+	}
Jan F 04fc86 
+
Jan F 04fc86 
+	if (!S_ISREG(st.st_mode) ||
Jan F 04fc86 
+		(st.st_uid != pwd->pw_uid && st.st_uid != 0)) {
Jan F 04fc86 
+		rv = ERR_FILE_MODE;
Jan F 04fc86 
+		goto fail;
Jan F 04fc86 
+	}
Jan F 04fc86 
+
Jan F 04fc86 
+	unset_nonblock(fd);
Jan F 04fc86 
+
Jan F 04fc86 
+	if ((f = fdopen(fd, "r")) == NULL) {
Jan F 04fc86 
+		rv = ERR_FDOPEN;
Jan F 04fc86 
+		goto fail;
Jan F 04fc86 
+	}
Jan F 04fc86 
+
Jan F 04fc86 
+	fd = -1;
Jan F 04fc86 
+
Jan F 04fc86 
+	while ((len = fread(buf, 1, sizeof(buf), f)) > 0) {
Jan F 04fc86 
+		rv = fwrite(buf, 1, len, stdout) != len ? ERR_WRITE : 0;
Jan F 04fc86 
+	}
Jan F 04fc86 
+
Jan F 04fc86 
+fail:
Jan F 04fc86 
+	if (fd != -1)
Jan F 04fc86 
+		close(fd);
Jan F 04fc86 
+	if (f != NULL)
Jan F 04fc86 
+		fclose(f);
Jan F 04fc86 
+	free(fname);
Jan F 04fc86 
+	restore_uid();
Jan F 04fc86 
+	return rv;
Jan F 04fc86 
+}
Jan F 04fc86 
+
Jan F 825921 
+static const char *env_names[] = { "SELINUX_ROLE_REQUESTED",
Jan F 825921 
+	"SELINUX_LEVEL_REQUESTED",
Jan F 825921 
+	"SELINUX_USE_CURRENT_RANGE"
Jan F 825921 
+};
Jan F 825921 
+
Jan F 825921 
+extern char **environ;
Jan F 825921 
+
Jan F 825921 
+int
Jan F 825921 
+set_pam_environment(pam_handle_t *pamh)
Jan F 825921 
+{
Jan F 825921 
+	int i;
Jan F 825921 
+	size_t j;
Jan F 825921 
+
Jan F 825921 
+	for (j = 0; j < sizeof(env_names)/sizeof(env_names[0]); ++j) {
Jan F 825921 
+		int len = strlen(env_names[j]);
Jan F 825921 
+
Jan F 825921 
+		for (i = 0; environ[i] != NULL; ++i) {
Jan F 825921 
+			if (strncmp(env_names[j], environ[i], len) == 0 &&
Jan F 825921 
+			    environ[i][len] == '=') {
Jan F 825921 
+				if (pam_putenv(pamh, environ[i]) != PAM_SUCCESS)
Jan F 825921 
+					return ERR_PAM_PUTENV;
Jan F 825921 
+			}
Jan F 825921 
+		}
Jan F 825921 
+	}
Jan F 825921 
+
Jan F 825921 
+	return 0;
Jan F 825921 
+}
Jan F 825921 
+
Jan F 04fc86 
+int
Jan F 04fc86 
+main(int argc, char *argv[])
Jan F 04fc86 
+{
Jan F 04fc86 
+	pam_handle_t *pamh = NULL;
Jan F 04fc86 
+	int retval;
Jan F 04fc86 
+	int ev = 0;
Jan F 04fc86 
+
Jan F 04fc86 
+	if (argc != 2) {
Jan F 04fc86 
+		fprintf(stderr, "Usage: %s <user-name>\n", argv[0]);
Jan F 04fc86 
+		return ERR_USAGE;
Jan F 04fc86 
+	}
Jan F 04fc86 
+
Jan F 04fc86 
+	retval = pam_start("ssh-keycat", argv[1], &conv, &pamh);
Jan F 04fc86 
+	if (retval != PAM_SUCCESS) {
Jan F 04fc86 
+		return ERR_PAM_START;
Jan F 04fc86 
+	}
Jan F 04fc86 
+
Jan F 825921 
+	ev = set_pam_environment(pamh);
Jan F 825921 
+	if (ev != 0)
Jan F 825921 
+		goto finish;
Jan F 825921 
+
Jan F 04fc86 
+	retval = pam_open_session(pamh, PAM_SILENT);
Jan F 04fc86 
+	if (retval != PAM_SUCCESS) {
Jan F 04fc86 
+		ev = ERR_OPEN_SESSION;
Jan F 04fc86 
+		goto finish;
Jan F 04fc86 
+	}
Jan F 04fc86 
+
Jan F 04fc86 
+	ev = dump_keys(argv[1]);
Jan F 04fc86 
+
Jan F 04fc86 
+	retval = pam_close_session(pamh, PAM_SILENT);
Jan F 04fc86 
+	if (retval != PAM_SUCCESS) {
Jan F 04fc86 
+		ev = ERR_CLOSE_SESSION;
Jan F 04fc86 
+	}
Jan F 04fc86 
+
Jan F 04fc86 
+finish:
Jan F 04fc86 
+	retval = pam_end (pamh,retval);
Jan F 04fc86 
+	if (retval != PAM_SUCCESS) {
Jan F 04fc86 
+		ev = ERR_PAM_END;
Jan F 04fc86 
+	}
Jan F 04fc86 
+	return ev;
Jan F 04fc86 
+}

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation