From 3783a5da4306e42bd7b27c4420d8cc89464f062d Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Sep 29 2020 12:53:14 +0000 Subject: Rebase pam_ssh_agent_auth to 0.10.4 --- diff --git a/openssh.spec b/openssh.spec index e6fb8be..79ba7af 100644 --- a/openssh.spec +++ b/openssh.spec @@ -52,20 +52,20 @@ # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 %global openssh_ver 8.3p1 %global openssh_rel 4 -%global pam_ssh_agent_ver 0.10.3 -%global pam_ssh_agent_rel 10 +%global pam_ssh_agent_ver 0.10.4 +%global pam_ssh_agent_rel 1 Summary: An open source implementation of SSH protocol version 2 Name: openssh Version: %{openssh_ver} Release: %{openssh_rel}%{?dist} URL: http://www.openssh.com/portable.html -#URL1: http://pamsshagentauth.sourceforge.net +#URL1: https://github.com/jbeverly/pam_ssh_agent_auth/ Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc Source2: sshd.pam Source3: DJM-GPG-KEY.gpg -Source4: http://prdownloads.sourceforge.net/pamsshagentauth/pam_ssh_agent_auth/pam_ssh_agent_auth-%{pam_ssh_agent_ver}.tar.bz2 +Source4: https://github.com/jbeverly/pam_ssh_agent_auth/archive/pam_ssh_agent_auth-%{pam_ssh_agent_ver}.tar.gz Source5: pam_ssh_agent-rmheaders Source6: ssh-keycat.pam Source7: sshd.sysconfig @@ -326,7 +326,7 @@ gpgv2 --quiet --keyring %{SOURCE3} %{SOURCE1} %{SOURCE0} %setup -q -a 4 %if %{pam_ssh_agent} -pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver} +pushd pam_ssh_agent_auth-pam_ssh_agent_auth-%{pam_ssh_agent_ver} %patch300 -p2 -b .psaa-build %patch301 -p2 -b .psaa-seteuid %patch302 -p2 -b .psaa-visibility @@ -391,7 +391,7 @@ popd %patch100 -p1 -b .coverity autoreconf -pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver} +pushd pam_ssh_agent_auth-pam_ssh_agent_auth-%{pam_ssh_agent_ver} autoreconf popd @@ -489,7 +489,7 @@ popd %endif %if %{pam_ssh_agent} -pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver} +pushd pam_ssh_agent_auth-pam_ssh_agent_auth-%{pam_ssh_agent_ver} LDFLAGS="$SAVE_LDFLAGS" %configure --with-selinux \ --libexecdir=/%{_libdir}/security \ @@ -551,7 +551,7 @@ rm -f $RPM_BUILD_ROOT/etc/profile.d/gnome-ssh-askpass.* perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_mandir}/man*/* %if %{pam_ssh_agent} -pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver} +pushd pam_ssh_agent_auth-pam_ssh_agent_auth-%{pam_ssh_agent_ver} %make_install popd %endif @@ -659,7 +659,7 @@ test -f %{sysconfig_anaconda} && \ %if %{pam_ssh_agent} %files -n pam_ssh_agent_auth -%license pam_ssh_agent_auth-%{pam_ssh_agent_ver}/OPENSSH_LICENSE +%license pam_ssh_agent_auth-pam_ssh_agent_auth-%{pam_ssh_agent_ver}/OPENSSH_LICENSE %attr(0755,root,root) %{_libdir}/security/pam_ssh_agent_auth.so %attr(0644,root,root) %{_mandir}/man8/pam_ssh_agent_auth.8* %endif diff --git a/pam_ssh_agent-rmheaders b/pam_ssh_agent-rmheaders index 06d899d..ab5899f 100644 --- a/pam_ssh_agent-rmheaders +++ b/pam_ssh_agent-rmheaders @@ -9,7 +9,6 @@ buffer.c cleanup.c cipher.h compat.h -defines.h entropy.c entropy.h fatal.c diff --git a/pam_ssh_agent_auth-0.10.2-compat.patch b/pam_ssh_agent_auth-0.10.2-compat.patch index d1d4f59..0822b61 100644 --- a/pam_ssh_agent_auth-0.10.2-compat.patch +++ b/pam_ssh_agent_auth-0.10.2-compat.patch @@ -1,6 +1,6 @@ -diff -up openssh/pam_ssh_agent_auth-0.10.3/get_command_line.c.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/get_command_line.c ---- openssh/pam_ssh_agent_auth-0.10.3/get_command_line.c.psaa-compat 2016-11-13 04:24:32.000000000 +0100 -+++ openssh/pam_ssh_agent_auth-0.10.3/get_command_line.c 2020-02-07 10:43:05.011757956 +0100 +diff -up openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/get_command_line.c.psaa-compat openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/get_command_line.c +--- openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/get_command_line.c.psaa-compat 2019-07-08 18:36:13.000000000 +0200 ++++ openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/get_command_line.c 2020-09-23 10:52:16.424001475 +0200 @@ -27,6 +27,7 @@ * or implied, of Jamie Beverly. */ @@ -9,7 +9,7 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/get_command_line.c.psaa-compat openss #include #include #include -@@ -65,8 +66,8 @@ proc_pid_cmdline(char *** inargv) +@@ -66,8 +67,8 @@ proc_pid_cmdline(char *** inargv) case EOF: case '\0': if (len > 0) { @@ -20,7 +20,7 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/get_command_line.c.psaa-compat openss strncpy(argv[count++], argbuf, len); memset(argbuf, '\0', MAX_LEN_PER_CMDLINE_ARG + 1); len = 0; -@@ -105,9 +106,9 @@ pamsshagentauth_free_command_line(char * +@@ -106,9 +107,9 @@ pamsshagentauth_free_command_line(char * { size_t i; for (i = 0; i < n_args; i++) @@ -32,9 +32,9 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/get_command_line.c.psaa-compat openss return; } -diff -up openssh/pam_ssh_agent_auth-0.10.3/identity.h.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/identity.h ---- openssh/pam_ssh_agent_auth-0.10.3/identity.h.psaa-compat 2016-11-13 04:24:32.000000000 +0100 -+++ openssh/pam_ssh_agent_auth-0.10.3/identity.h 2020-02-07 10:43:05.011757956 +0100 +diff -up openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/identity.h.psaa-compat openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/identity.h +--- openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/identity.h.psaa-compat 2019-07-08 18:36:13.000000000 +0200 ++++ openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/identity.h 2020-09-23 10:52:16.424001475 +0200 @@ -30,8 +30,8 @@ #include "openbsd-compat/sys-queue.h" #include "xmalloc.h" @@ -55,9 +55,9 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/identity.h.psaa-compat openssh/pam_ss char *filename; /* comment for agent-only keys */ int tried; int isprivate; /* key points to the private key */ -diff -up openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c ---- openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-compat 2020-02-07 10:43:05.009757925 +0100 -+++ openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c 2020-02-07 10:43:05.012757972 +0100 +diff -up openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/iterate_ssh_agent_keys.c.psaa-compat openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/iterate_ssh_agent_keys.c +--- openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/iterate_ssh_agent_keys.c.psaa-compat 2020-09-23 10:52:16.421001434 +0200 ++++ openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/iterate_ssh_agent_keys.c 2020-09-23 10:52:16.424001475 +0200 @@ -36,8 +36,8 @@ #include "openbsd-compat/sys-queue.h" #include "xmalloc.h" @@ -285,10 +285,10 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-compat EVP_cleanup(); return retval; } -diff -up openssh/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c ---- openssh/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c.psaa-compat 2020-02-07 10:43:05.010757940 +0100 -+++ openssh/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c 2020-02-07 10:43:05.012757972 +0100 -@@ -104,7 +104,7 @@ pam_sm_authenticate(pam_handle_t * pamh, +diff -up openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_ssh_agent_auth.c.psaa-compat openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_ssh_agent_auth.c +--- openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_ssh_agent_auth.c.psaa-compat 2020-09-23 10:52:16.423001461 +0200 ++++ openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_ssh_agent_auth.c 2020-09-23 10:53:10.631727657 +0200 +@@ -106,7 +106,7 @@ pam_sm_authenticate(pam_handle_t * pamh, * a patch 8-) */ #if ! HAVE___PROGNAME || HAVE_BUNDLE @@ -297,7 +297,7 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c.psaa-compat open #endif for(i = argc, argv_ptr = (char **) argv; i > 0; ++argv_ptr, i--) { -@@ -130,11 +130,11 @@ pam_sm_authenticate(pam_handle_t * pamh, +@@ -132,11 +132,11 @@ pam_sm_authenticate(pam_handle_t * pamh, #endif } @@ -311,7 +311,7 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c.psaa-compat open if(ruser_ptr) { strncpy(ruser, ruser_ptr, sizeof(ruser) - 1); -@@ -149,12 +149,12 @@ pam_sm_authenticate(pam_handle_t * pamh, +@@ -151,12 +151,12 @@ pam_sm_authenticate(pam_handle_t * pamh, #ifdef ENABLE_SUDO_HACK if( (strlen(sudo_service_name) > 0) && strncasecmp(servicename, sudo_service_name, sizeof(sudo_service_name) - 1) == 0 && getenv("SUDO_USER") ) { strncpy(ruser, getenv("SUDO_USER"), sizeof(ruser) - 1 ); @@ -326,7 +326,7 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c.psaa-compat open goto cleanexit; } strncpy(ruser, getpwuid(getuid())->pw_name, sizeof(ruser) - 1); -@@ -163,11 +163,11 @@ pam_sm_authenticate(pam_handle_t * pamh, +@@ -165,11 +165,11 @@ pam_sm_authenticate(pam_handle_t * pamh, /* Might as well explicitely confirm the user exists here */ if(! getpwnam(ruser) ) { @@ -340,7 +340,7 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c.psaa-compat open goto cleanexit; } -@@ -177,8 +177,8 @@ pam_sm_authenticate(pam_handle_t * pamh, +@@ -179,8 +179,8 @@ pam_sm_authenticate(pam_handle_t * pamh, */ parse_authorized_key_file(user, authorized_keys_file_input); } else { @@ -351,7 +351,7 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c.psaa-compat open } /* -@@ -187,19 +187,19 @@ pam_sm_authenticate(pam_handle_t * pamh, +@@ -189,7 +189,7 @@ pam_sm_authenticate(pam_handle_t * pamh, */ if(user && strlen(ruser) > 0) { @@ -359,11 +359,26 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c.psaa-compat open + verbose("Attempting authentication: `%s' as `%s' using %s", ruser, user, authorized_keys_file); /* + * Attempt to read data from the sshd if we're being called as an auth agent. +@@ -197,10 +197,10 @@ pam_sm_authenticate(pam_handle_t * pamh, + const char* ssh_user_auth = pam_getenv(pamh, "SSH_AUTH_INFO_0"); + int sshd_service = strncasecmp(servicename, sshd_service_name, sizeof(sshd_service_name) - 1); + if (sshd_service == 0 && ssh_user_auth != NULL) { +- pamsshagentauth_verbose("Got SSH_AUTH_INFO_0: `%.20s...'", ssh_user_auth); ++ verbose("Got SSH_AUTH_INFO_0: `%.20s...'", ssh_user_auth); + if (userauth_pubkey_from_pam(ruser, ssh_user_auth) > 0) { + retval = PAM_SUCCESS; +- pamsshagentauth_logit("Authenticated (sshd): `%s' as `%s' using %s", ruser, user, authorized_keys_file); ++ logit("Authenticated (sshd): `%s' as `%s' using %s", ruser, user, authorized_keys_file); + goto cleanexit; + } + } +@@ -208,13 +208,13 @@ pam_sm_authenticate(pam_handle_t * pamh, * this pw_uid is used to validate the SSH_AUTH_SOCK, and so must be the uid of the ruser invoking the program, not the target-user */ if(pamsshagentauth_find_authorized_keys(user, ruser, servicename)) { /* getpwnam(ruser)->pw_uid)) { */ -- pamsshagentauth_logit("Authenticated: `%s' as `%s' using %s", ruser, user, authorized_keys_file); -+ logit("Authenticated: `%s' as `%s' using %s", ruser, user, authorized_keys_file); +- pamsshagentauth_logit("Authenticated (agent): `%s' as `%s' using %s", ruser, user, authorized_keys_file); ++ logit("Authenticated (agent): `%s' as `%s' using %s", ruser, user, authorized_keys_file); retval = PAM_SUCCESS; } else { - pamsshagentauth_logit("Failed Authentication: `%s' as `%s' using %s", ruser, user, authorized_keys_file); @@ -375,9 +390,9 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c.psaa-compat open } cleanexit: -diff -up openssh/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.c.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.c ---- openssh/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.c.psaa-compat 2016-11-13 04:24:32.000000000 +0100 -+++ openssh/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.c 2020-02-07 10:43:05.012757972 +0100 +diff -up openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_authorized_keys.c.psaa-compat openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_authorized_keys.c +--- openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_authorized_keys.c.psaa-compat 2019-07-08 18:36:13.000000000 +0200 ++++ openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_authorized_keys.c 2020-09-23 10:52:16.424001475 +0200 @@ -66,8 +66,8 @@ #include "xmalloc.h" #include "match.h" @@ -442,9 +457,9 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.c.psaa-compa { return pamsshagentauth_user_key_allowed2(getpwuid(authorized_keys_file_allowed_owner_uid), -diff -up openssh/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.h.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.h ---- openssh/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.h.psaa-compat 2016-11-13 04:24:32.000000000 +0100 -+++ openssh/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.h 2020-02-07 10:43:05.012757972 +0100 +diff -up openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_authorized_keys.h.psaa-compat openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_authorized_keys.h +--- openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_authorized_keys.h.psaa-compat 2019-07-08 18:36:13.000000000 +0200 ++++ openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_authorized_keys.h 2020-09-23 10:52:16.424001475 +0200 @@ -32,7 +32,7 @@ #define _PAM_USER_KEY_ALLOWED_H @@ -454,9 +469,9 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.h.psaa-compa void parse_authorized_key_file(const char *, const char *); #endif -diff -up openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c ---- openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-compat 2016-11-13 04:24:32.000000000 +0100 -+++ openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c 2020-02-07 10:43:05.012757972 +0100 +diff -up openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_key_allowed2.c.psaa-compat openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_key_allowed2.c +--- openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_key_allowed2.c.psaa-compat 2019-07-08 18:36:13.000000000 +0200 ++++ openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_key_allowed2.c 2020-09-23 10:52:16.424001475 +0200 @@ -45,44 +45,46 @@ #include "xmalloc.h" #include "ssh.h" @@ -731,9 +746,9 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-compat o + restore_uid(); return found_key; } -diff -up openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.h.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.h ---- openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.h.psaa-compat 2016-11-13 04:24:32.000000000 +0100 -+++ openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.h 2020-02-07 10:43:05.012757972 +0100 +diff -up openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_key_allowed2.h.psaa-compat openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_key_allowed2.h +--- openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_key_allowed2.h.psaa-compat 2019-07-08 18:36:13.000000000 +0200 ++++ openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/pam_user_key_allowed2.h 2020-09-23 10:52:16.424001475 +0200 @@ -32,7 +32,7 @@ #define _PAM_USER_KEY_ALLOWED_H @@ -744,9 +759,9 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.h.psaa-compat o +int pamsshagentauth_user_key_command_allowed2(char *, char *, struct passwd *, struct sshkey *); #endif -diff -up openssh/pam_ssh_agent_auth-0.10.3/secure_filename.c.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/secure_filename.c ---- openssh/pam_ssh_agent_auth-0.10.3/secure_filename.c.psaa-compat 2016-11-13 04:24:32.000000000 +0100 -+++ openssh/pam_ssh_agent_auth-0.10.3/secure_filename.c 2020-02-07 10:43:05.012757972 +0100 +diff -up openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/secure_filename.c.psaa-compat openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/secure_filename.c +--- openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/secure_filename.c.psaa-compat 2019-07-08 18:36:13.000000000 +0200 ++++ openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/secure_filename.c 2020-09-23 10:52:16.424001475 +0200 @@ -53,8 +53,8 @@ #include "xmalloc.h" #include "match.h" @@ -788,9 +803,9 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/secure_filename.c.psaa-compat openssh buf); break; } -diff -up openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c ---- openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-compat 2016-11-13 04:24:32.000000000 +0100 -+++ openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c 2020-02-07 10:43:23.520048960 +0100 +diff -up openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_id.c.psaa-compat openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_id.c +--- openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_id.c.psaa-compat 2019-07-08 18:36:13.000000000 +0200 ++++ openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_id.c 2020-09-23 10:52:16.424001475 +0200 @@ -37,10 +37,11 @@ #include "xmalloc.h" #include "ssh.h" @@ -887,9 +902,9 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-compat CRYPTO_cleanup_all_ex_data(); return authenticated; } -diff -up openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.h.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.h ---- openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.h.psaa-compat 2016-11-13 04:24:32.000000000 +0100 -+++ openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.h 2020-02-07 10:43:05.013757988 +0100 +diff -up openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_id.h.psaa-compat openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_id.h +--- openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_id.h.psaa-compat 2019-07-08 18:36:13.000000000 +0200 ++++ openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_id.h 2020-09-23 10:52:16.424001475 +0200 @@ -31,7 +31,7 @@ #ifndef _USERAUTH_PUBKEY_FROM_ID_H #define _USERAUTH_PUBKEY_FROM_ID_H @@ -900,9 +915,9 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.h.psaa-compat +int userauth_pubkey_from_id(const char *, Identity *, struct sshbuf *); #endif -diff -up openssh/pam_ssh_agent_auth-0.10.3/uuencode.c.psaa-compat openssh/pam_ssh_agent_auth-0.10.3/uuencode.c ---- openssh/pam_ssh_agent_auth-0.10.3/uuencode.c.psaa-compat 2016-11-13 04:24:32.000000000 +0100 -+++ openssh/pam_ssh_agent_auth-0.10.3/uuencode.c 2020-02-07 10:43:05.013757988 +0100 +diff -up openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/uuencode.c.psaa-compat openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/uuencode.c +--- openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/uuencode.c.psaa-compat 2019-07-08 18:36:13.000000000 +0200 ++++ openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/uuencode.c 2020-09-23 10:52:16.424001475 +0200 @@ -56,7 +56,7 @@ pamsshagentauth_uudecode(const char *src /* and remove trailing whitespace because __b64_pton needs this */ *p = '\0'; @@ -928,3 +943,50 @@ diff -up openssh/pam_ssh_agent_auth-0.10.3/uuencode.c.psaa-compat openssh/pam_ss - pamsshagentauth_xfree(buf); + free(buf); } +--- openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_pam.c.compat 2020-09-23 11:32:30.783695267 +0200 ++++ openssh/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_pam.c 2020-09-23 11:33:21.383389036 +0200 +@@ -33,7 +33,8 @@ + #include + + #include "defines.h" +-#include "key.h" ++#include ++#include "sshkey.h" + #include "log.h" + + #include "pam_user_authorized_keys.h" +@@ -42,28 +42,28 @@ + int authenticated = 0; + const char method[] = "publickey "; + +- char* ai = pamsshagentauth_xstrdup(ssh_auth_info); ++ char* ai = xstrdup(ssh_auth_info); + char* saveptr; + + char* auth_line = strtok_r(ai, "\n", &saveptr); + while (auth_line != NULL) { + if (strncmp(auth_line, method, sizeof(method) - 1) == 0) { + char* key_str = auth_line + sizeof(method) - 1; +- Key* key = pamsshagentauth_key_new(KEY_UNSPEC); ++ struct sshkey* key = sshkey_new(KEY_UNSPEC); + if (key == NULL) { + continue; + } +- int r = pamsshagentauth_key_read(key, &key_str); ++ int r = sshkey_read(key, &key_str); + if (r == 1) { + if (pam_user_key_allowed(ruser, key)) { + authenticated = 1; +- pamsshagentauth_key_free(key); ++ sshkey_free(key); + break; + } + } else { +- pamsshagentauth_verbose("Failed to create key for %s: %d", auth_line, r); ++ verbose("Failed to create key for %s: %d", auth_line, r); + } +- pamsshagentauth_key_free(key); ++ sshkey_free(key); + } + auth_line = strtok_r(NULL, "\n", &saveptr); + } diff --git a/pam_ssh_agent_auth-0.9.3-build.patch b/pam_ssh_agent_auth-0.9.3-build.patch index bb9a94d..4018c4d 100644 --- a/pam_ssh_agent_auth-0.9.3-build.patch +++ b/pam_ssh_agent_auth-0.9.3-build.patch @@ -174,8 +174,8 @@ diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/Makefile.in.psaa-build openssh- ED25519OBJS=ed25519-donna/ed25519.o --PAM_SSH_AGENT_AUTH_OBJS=pam_user_key_allowed2.o iterate_ssh_agent_keys.o userauth_pubkey_from_id.o pam_user_authorized_keys.o get_command_line.o -+PAM_SSH_AGENT_AUTH_OBJS=pam_user_key_allowed2.o iterate_ssh_agent_keys.o userauth_pubkey_from_id.o pam_user_authorized_keys.o get_command_line.o secure_filename.o +-PAM_SSH_AGENT_AUTH_OBJS=pam_user_key_allowed2.o iterate_ssh_agent_keys.o userauth_pubkey_from_id.o pam_user_authorized_keys.o get_command_line.o userauth_pubkey_from_pam.o ++PAM_SSH_AGENT_AUTH_OBJS=pam_user_key_allowed2.o iterate_ssh_agent_keys.o userauth_pubkey_from_id.o pam_user_authorized_keys.o get_command_line.o userauth_pubkey_from_pam.o secure_filename.o MANPAGES_IN = pam_ssh_agent_auth.pod