vishalmishra434 / rpms / openssh

Forked from rpms/openssh a month ago
Clone
Blob Blame History Raw
diff -up openssh/pam_ssh_agent_auth-0.10.3/identity.h.psaa-agent openssh/pam_ssh_agent_auth-0.10.3/identity.h
--- openssh/pam_ssh_agent_auth-0.10.3/identity.h.psaa-agent	2016-11-13 04:24:32.000000000 +0100
+++ openssh/pam_ssh_agent_auth-0.10.3/identity.h	2017-09-27 14:25:49.421739027 +0200
@@ -38,6 +38,12 @@
 typedef struct identity Identity;
 typedef struct idlist Idlist;
 
+typedef struct {
+       int     fd;
+       Buffer  identities;
+       int     howmany;
+}      AuthenticationConnection;
+
 struct identity {
     TAILQ_ENTRY(identity) next;
     AuthenticationConnection *ac;   /* set if agent supports key */
diff -up openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-agent openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c
--- openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-agent	2017-09-27 14:25:49.420739021 +0200
+++ openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c	2017-09-27 14:25:49.421739027 +0200
@@ -39,6 +39,7 @@
 #include "buffer.h"
 #include "key.h"
 #include "authfd.h"
+#include "ssherr.h"
 #include <stdio.h>
 #include <openssl/evp.h>
 #include "ssh2.h"
@@ -291,36 +292,43 @@ pamsshagentauth_find_authorized_keys(con
 {
     Buffer session_id2 = { 0 };
     Identity *id;
-    Key *key;
     AuthenticationConnection *ac;
-    char *comment;
     uint8_t retval = 0;
     uid_t uid = getpwnam(ruser)->pw_uid;
+    struct ssh_identitylist *idlist;
+    int r;
+    unsigned int i;
 
     OpenSSL_add_all_digests();
     pamsshagentauth_session_id2_gen(&session_id2, user, ruser, servicename);
 
     if ((ac = ssh_get_authentication_connection_for_uid(uid))) {
         verbose("Contacted ssh-agent of user %s (%u)", ruser, uid);
-        for (key = ssh_get_first_identity(ac, &comment, 2); key != NULL; key = ssh_get_next_identity(ac, &comment, 2)) 
+		if ((r = ssh_fetch_identitylist(ac->fd, &idlist)) != 0) {
+			if (r != SSH_ERR_AGENT_NO_IDENTITIES)
+				fprintf(stderr, "error fetching identities for "
+				    "protocol %d: %s\n", 2, ssh_err(r));
+		} else {
+		for (i = 0; i < idlist->nkeys; i++)
         {
-            if(key != NULL) {
+            if(idlist->keys[i] != NULL) {
                 id = xcalloc(1, sizeof(*id));
-                id->key = key;
-                id->filename = comment;
+                id->key = idlist->keys[i];
+                id->filename = idlist->comments[i];
                 id->ac = ac;
                 if(userauth_pubkey_from_id(ruser, id, &session_id2)) {
                     retval = 1;
                 }
-                free(id->filename);
-                key_free(id->key);
                 free(id);
                 if(retval == 1)
                     break;
             }
         }
         buffer_free(&session_id2);
-        ssh_close_authentication_connection(ac);
+        ssh_free_identitylist(idlist);
+        ssh_close_authentication_socket(ac->fd);
+        free(ac);
+        }
     }
     else {
         verbose("No ssh-agent could be contacted");
diff -up openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-agent openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c
--- openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-agent	2017-09-27 14:26:04.277820716 +0200
+++ openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c	2017-09-27 14:26:34.426986497 +0200
@@ -70,7 +70,7 @@ pamsshagentauth_check_authkeys_file(FILE
     char *fp;
 
     found_key = 0;
-    found = key_new(key->type);
+    found = sshkey_new(key->type);
 
     while(read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
         char *cp = NULL; /* *key_options = NULL; */
@@ -80,7 +80,7 @@ pamsshagentauth_check_authkeys_file(FILE
         if(!*cp || *cp == '\n' || *cp == '#')
             continue;
 
-        if(key_read(found, &cp) != 1) {
+        if(sshkey_read(found, &cp) != 0) {
             /* no key? check if there are options for this key */
             int quoted = 0;
 
@@ -94,24 +94,24 @@ pamsshagentauth_check_authkeys_file(FILE
             }
             /* Skip remaining whitespace. */
             for(; *cp == ' ' || *cp == '\t'; cp++);
-            if(key_read(found, &cp) != 1) {
+            if(sshkey_read(found, &cp) != 0) {
                 verbose("user_key_allowed: advance: '%s'", cp);
                 /* still no key? advance to next line */
                 continue;
             }
         }
-        if(key_equal(found, key)) {
+        if(sshkey_equal(found, key)) {
             found_key = 1;
             logit("matching key found: file/command %s, line %lu", file,
                                   linenum);
             fp = sshkey_fingerprint(found, SSH_DIGEST_MD5, SSH_FP_HEX);
             logit("Found matching %s key: %s",
-                                  key_type(found), fp);
+                                  sshkey_type(found), fp);
             free(fp);
             break;
         }
     }
-    key_free(found);
+    sshkey_free(found);
     if(!found_key)
         verbose("key not found");
     return found_key;
diff -up openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-agent openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c
--- openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-agent	2017-09-27 14:25:49.420739021 +0200
+++ openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c	2017-09-27 14:25:49.422739032 +0200
@@ -57,10 +57,11 @@ extern uint8_t  session_id_len;
 int
 userauth_pubkey_from_id(const char *ruser, Identity * id, Buffer * session_id2)
 {
-    Buffer          b = { 0 };
+    Buffer          b;
     char           *pkalg = NULL;
     u_char         *pkblob = NULL, *sig = NULL;
-    u_int           blen = 0, slen = 0;
+    u_int           blen = 0;
+    size_t          slen = 0;
     int             authenticated = 0;
 
     pkalg = (char *) key_ssh_name(id->key);
@@ -84,7 +85,7 @@ userauth_pubkey_from_id(const char *ruse
     buffer_put_cstring(&b, pkalg);
     buffer_put_string(&b, pkblob, blen);
 
-    if(ssh_agent_sign(id->ac, id->key, &sig, &slen, buffer_ptr(&b), buffer_len(&b)) != 0)
+    if(ssh_agent_sign(id->ac->fd, id->key, &sig, &slen, buffer_ptr(&b), buffer_len(&b), NULL, 0) != 0)
         goto user_auth_clean_exit;
 
     /* test for correct signature */
diff -up openssh-7.7p1/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-sshkey openssh-7.7p1/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c
--- openssh-7.7p1/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-sshkey	2018-04-04 13:55:02.383899631 +0200
+++ openssh-7.7p1/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c	2018-04-04 13:58:36.759339845 +0200
@@ -89,7 +89,7 @@ userauth_pubkey_from_id(const char *ruse
         goto user_auth_clean_exit;
 
     /* test for correct signature */
-    if(key_verify(id->key, sig, slen, buffer_ptr(&b), buffer_len(&b)) == 1)
+    if(sshkey_verify(id->key, sig, slen, buffer_ptr(&b), buffer_len(&b), NULL, 0) == 0)
         authenticated = 1;
 
   user_auth_clean_exit: