forked from rpms/openssh
new pam_ssh_agent_auth-0.10.3 release
This commit is contained in:
parent
26cec0607f
commit
bdb932c46a
1
.gitignore
vendored
1
.gitignore
vendored
@ -24,3 +24,4 @@ pam_ssh_agent_auth-0.9.2.tar.bz2
|
||||
/openssh-7.2p2.tar.gz
|
||||
/openssh-7.3p1.tar.gz
|
||||
/openssh-7.4p1.tar.gz
|
||||
/pam_ssh_agent_auth-0.10.3.tar.bz2
|
||||
|
@ -333,9 +333,9 @@ diff -up openssh-7.4p1/myproposal.h.fips openssh-7.4p1/myproposal.h
|
||||
#else /* WITH_OPENSSL */
|
||||
|
||||
#define KEX_SERVER_KEX \
|
||||
diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c.fips openssh-7.4p1/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c
|
||||
--- openssh-7.4p1/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c.fips 2016-12-23 16:37:49.185741531 +0100
|
||||
+++ openssh-7.4p1/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c 2016-12-23 16:37:49.300741586 +0100
|
||||
diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.fips openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c
|
||||
--- openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.fips 2016-12-23 16:37:49.185741531 +0100
|
||||
+++ openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c 2016-12-23 16:37:49.300741586 +0100
|
||||
@@ -55,6 +55,7 @@
|
||||
#include "secure_filename.h"
|
||||
#include "uidswap.h"
|
||||
|
@ -1689,9 +1689,9 @@ diff -up openssh-7.4p1/openbsd-compat/openssl-compat.c.openssl openssh-7.4p1/ope
|
||||
}
|
||||
#endif
|
||||
|
||||
diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.2/configure.ac.openssl openssh-7.4p1/pam_ssh_agent_auth-0.10.2/configure.ac
|
||||
--- openssh-7.4p1/pam_ssh_agent_auth-0.10.2/configure.ac.openssl 2014-03-31 19:35:17.000000000 +0200
|
||||
+++ openssh-7.4p1/pam_ssh_agent_auth-0.10.2/configure.ac 2016-12-23 17:47:36.433817753 +0100
|
||||
diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/configure.ac.openssl openssh-7.4p1/pam_ssh_agent_auth-0.10.3/configure.ac
|
||||
--- openssh-7.4p1/pam_ssh_agent_auth-0.10.3/configure.ac.openssl 2014-03-31 19:35:17.000000000 +0200
|
||||
+++ openssh-7.4p1/pam_ssh_agent_auth-0.10.3/configure.ac 2016-12-23 17:47:36.433817753 +0100
|
||||
@@ -1829,6 +1829,7 @@ AC_RUN_IFELSE(
|
||||
[AC_LANG_SOURCE([[
|
||||
#include <string.h>
|
||||
|
@ -66,9 +66,9 @@
|
||||
|
||||
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
||||
%global openssh_ver 7.4p1
|
||||
%global openssh_rel 2
|
||||
%global pam_ssh_agent_ver 0.10.2
|
||||
%global pam_ssh_agent_rel 5
|
||||
%global openssh_rel 3
|
||||
%global pam_ssh_agent_ver 0.10.3
|
||||
%global pam_ssh_agent_rel 1
|
||||
|
||||
Summary: An open source implementation of SSH protocol versions 1 and 2
|
||||
Name: openssh
|
||||
|
@ -1,7 +1,33 @@
|
||||
diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/iterate_ssh_agent_keys.c.old openssh-7.1p2/pam_ssh_agent_auth-0.10.2/iterate_ssh_agent_keys.c
|
||||
--- openssh-7.1p2/pam_ssh_agent_auth-0.10.2/iterate_ssh_agent_keys.c.old 2016-01-22 16:27:56.867903172 +0100
|
||||
+++ openssh-7.1p2/pam_ssh_agent_auth-0.10.2/iterate_ssh_agent_keys.c 2016-01-22 16:56:48.114868014 +0100
|
||||
@@ -59,6 +59,8 @@
|
||||
diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/get_command_line.c.psaa-compat openssh-7.4p1/pam_ssh_agent_auth-0.10.3/get_command_line.c
|
||||
--- openssh-7.4p1/pam_ssh_agent_auth-0.10.3/get_command_line.c.psaa-compat 2016-11-13 04:24:32.000000000 +0100
|
||||
+++ openssh-7.4p1/pam_ssh_agent_auth-0.10.3/get_command_line.c 2017-02-07 14:41:20.483509205 +0100
|
||||
@@ -65,8 +65,8 @@ proc_pid_cmdline(char *** inargv)
|
||||
case EOF:
|
||||
case '\0':
|
||||
if (len > 0) {
|
||||
- argv = pamsshagentauth_xrealloc(argv, count + 1, sizeof(*argv));
|
||||
- argv[count] = pamsshagentauth_xcalloc(len + 1, sizeof(*argv[count]));
|
||||
+ argv = xreallocarray(argv, count + 1, sizeof(*argv));
|
||||
+ argv[count] = xcalloc(len + 1, sizeof(*argv[count]));
|
||||
strncpy(argv[count++], argbuf, len);
|
||||
memset(argbuf, '\0', MAX_LEN_PER_CMDLINE_ARG + 1);
|
||||
len = 0;
|
||||
@@ -105,9 +105,9 @@ pamsshagentauth_free_command_line(char *
|
||||
{
|
||||
size_t i;
|
||||
for (i = 0; i < n_args; i++)
|
||||
- pamsshagentauth_xfree(argv[i]);
|
||||
+ free(argv[i]);
|
||||
|
||||
- pamsshagentauth_xfree(argv);
|
||||
+ free(argv);
|
||||
return;
|
||||
}
|
||||
|
||||
diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-compat openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c
|
||||
--- openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-compat 2017-02-07 14:41:20.479509208 +0100
|
||||
+++ openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c 2017-02-07 14:41:20.481509206 +0100
|
||||
@@ -58,6 +58,8 @@
|
||||
#include "get_command_line.h"
|
||||
extern char **environ;
|
||||
|
||||
@ -10,7 +36,7 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/iterate_ssh_agent_keys.c.old op
|
||||
/*
|
||||
* Added by Jamie Beverly, ensure socket fd points to a socket owned by the user
|
||||
* A cursory check is done, but to avoid race conditions, it is necessary
|
||||
@@ -77,7 +77,7 @@ log_action(char ** action, size_t count)
|
||||
@@ -77,7 +79,7 @@ log_action(char ** action, size_t count)
|
||||
if (count == 0)
|
||||
return NULL;
|
||||
|
||||
@ -19,7 +45,7 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/iterate_ssh_agent_keys.c.old op
|
||||
for (i = 0; i < count; i++) {
|
||||
strcat(buf, (i > 0) ? " '" : "'");
|
||||
strncat(buf, action[i], MAX_LEN_PER_CMDLINE_ARG);
|
||||
@@ -71,12 +90,12 @@ void
|
||||
@@ -90,12 +92,12 @@ void
|
||||
agent_action(Buffer *buf, char ** action, size_t count)
|
||||
{
|
||||
size_t i;
|
||||
@ -35,7 +61,7 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/iterate_ssh_agent_keys.c.old op
|
||||
}
|
||||
}
|
||||
|
||||
@@ -100,7 +119,7 @@ pamsshagentauth_session_id2_gen(Buffer *
|
||||
@@ -119,17 +121,17 @@ pamsshagentauth_session_id2_gen(Buffer *
|
||||
char * retc;
|
||||
int32_t reti;
|
||||
|
||||
@ -44,17 +70,11 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/iterate_ssh_agent_keys.c.old op
|
||||
cookie_len = ((uint8_t) rnd);
|
||||
while (cookie_len < 16) {
|
||||
cookie_len += 16; /* Add 16 bytes to the size to ensure that while the length is random, the length is always reasonable; ticket #18 */
|
||||
@@ -126,7 +128,7 @@ pamsshagentauth_session_id2_gen(Buffer *
|
||||
cookie_len += 16; /* Add 16 bytes to the size to ensure that while the length is random, the length is always reasonable; ticket #18 */
|
||||
}
|
||||
|
||||
- cookie = pamsshagentauth_xcalloc(1,cookie_len);
|
||||
+ cookie = xcalloc(1,cookie_len);
|
||||
|
||||
for (i = 0; i < cookie_len; i++) {
|
||||
if (i % 4 == 0) {
|
||||
@@ -110,7 +129,7 @@ pamsshagentauth_session_id2_gen(Buffer *
|
||||
|
||||
for (i = 0; i < cookie_len; i++) {
|
||||
if (i % 4 == 0) {
|
||||
- rnd = pamsshagentauth_arc4random();
|
||||
@ -62,7 +82,7 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/iterate_ssh_agent_keys.c.old op
|
||||
}
|
||||
cookie[i] = (u_char) rnd;
|
||||
rnd >>= 8;
|
||||
@@ -125,7 +144,7 @@ pamsshagentauth_session_id2_gen(Buffer *
|
||||
@@ -144,7 +146,7 @@ pamsshagentauth_session_id2_gen(Buffer *
|
||||
}
|
||||
else {
|
||||
action_logbuf = "unknown on this platform";
|
||||
@ -71,7 +91,7 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/iterate_ssh_agent_keys.c.old op
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -142,35 +161,35 @@ pamsshagentauth_session_id2_gen(Buffer *
|
||||
@@ -161,35 +163,35 @@ pamsshagentauth_session_id2_gen(Buffer *
|
||||
retc = getcwd(pwd, sizeof(pwd) - 1);
|
||||
time(&ts);
|
||||
|
||||
@ -129,7 +149,7 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/iterate_ssh_agent_keys.c.old op
|
||||
|
||||
free(cookie);
|
||||
return;
|
||||
@@ -190,11 +289,11 @@ pamsshagentauth_find_authorized_keys(con
|
||||
@@ -295,29 +297,29 @@ pamsshagentauth_find_authorized_keys(con
|
||||
pamsshagentauth_session_id2_gen(&session_id2, user, ruser, servicename);
|
||||
|
||||
if ((ac = ssh_get_authentication_connection_for_uid(uid))) {
|
||||
@ -143,7 +163,6 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/iterate_ssh_agent_keys.c.old op
|
||||
id->key = key;
|
||||
id->filename = comment;
|
||||
id->ac = ac;
|
||||
@@ -203,18 +302,18 @@ pamsshagentauth_find_authorized_keys(con
|
||||
if(userauth_pubkey_from_id(ruser, id, &session_id2)) {
|
||||
retval = 1;
|
||||
}
|
||||
@ -167,9 +186,9 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/iterate_ssh_agent_keys.c.old op
|
||||
}
|
||||
/* pamsshagentauth_xfree(session_id2); */
|
||||
EVP_cleanup();
|
||||
diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_ssh_agent_auth.c.old openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_ssh_agent_auth.c
|
||||
--- openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_ssh_agent_auth.c.old 2016-01-22 17:03:42.746602825 +0100
|
||||
+++ openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_ssh_agent_auth.c 2016-01-22 17:06:07.841485483 +0100
|
||||
diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c.psaa-compat openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c
|
||||
--- openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c.psaa-compat 2017-02-07 14:41:20.480509207 +0100
|
||||
+++ openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c 2017-02-07 14:44:20.549369019 +0100
|
||||
@@ -104,7 +104,7 @@ pam_sm_authenticate(pam_handle_t * pamh,
|
||||
* a patch 8-)
|
||||
*/
|
||||
@ -183,8 +202,8 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_ssh_agent_auth.c.old openss
|
||||
#endif
|
||||
}
|
||||
|
||||
- pamsshagentauth_log_init(__progname, log_lvl, facility, 0);
|
||||
+ log_init(__progname, log_lvl, facility, 0);
|
||||
- pamsshagentauth_log_init(__progname, log_lvl, facility, getenv("PAM_SSH_AGENT_AUTH_DEBUG") ? 1 : 0);
|
||||
+ log_init(__progname, log_lvl, facility, getenv("PAM_SSH_AGENT_AUTH_DEBUG") ? 1 : 0);
|
||||
pam_get_item(pamh, PAM_USER, (void *) &user);
|
||||
pam_get_item(pamh, PAM_RUSER, (void *) &ruser_ptr);
|
||||
|
||||
@ -257,132 +276,51 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_ssh_agent_auth.c.old openss
|
||||
}
|
||||
|
||||
cleanexit:
|
||||
diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/userauth_pubkey_from_id.c.old openssh-7.1p2/pam_ssh_agent_auth-0.10.2/userauth_pubkey_from_id.c
|
||||
--- openssh-7.1p2/pam_ssh_agent_auth-0.10.2/userauth_pubkey_from_id.c.old 2016-01-22 16:57:15.210850825 +0100
|
||||
+++ openssh-7.1p2/pam_ssh_agent_auth-0.10.2/userauth_pubkey_from_id.c 2016-01-22 17:03:13.913623276 +0100
|
||||
@@ -48,6 +48,8 @@
|
||||
#include "identity.h"
|
||||
#include "pam_user_authorized_keys.h"
|
||||
diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.c.psaa-compat openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.c
|
||||
--- openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.c.psaa-compat 2016-11-13 04:24:32.000000000 +0100
|
||||
+++ openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.c 2017-02-07 14:41:20.484509204 +0100
|
||||
@@ -117,12 +117,12 @@ parse_authorized_key_file(const char *us
|
||||
} else {
|
||||
slash_ptr = strchr(auth_keys_file_buf, '/');
|
||||
if(!slash_ptr)
|
||||
- pamsshagentauth_fatal
|
||||
+ fatal
|
||||
("cannot expand tilde in path without a `/'");
|
||||
|
||||
+#define SSH2_MSG_USERAUTH_TRUST_REQUEST 54
|
||||
+
|
||||
/* extern u_char *session_id2;
|
||||
extern uint8_t session_id_len;
|
||||
*/
|
||||
@@ -67,35 +67,35 @@ userauth_pubkey_from_id(const char *ruse
|
||||
if(! pam_user_key_allowed(ruser, id->key))
|
||||
goto user_auth_clean_exit;
|
||||
owner_uname_len = slash_ptr - auth_keys_file_buf - 1;
|
||||
if(owner_uname_len > (sizeof(owner_uname) - 1))
|
||||
- pamsshagentauth_fatal("Username too long");
|
||||
+ fatal("Username too long");
|
||||
|
||||
- if(pamsshagentauth_key_to_blob(id->key, &pkblob, &blen) == 0)
|
||||
+ if(key_to_blob(id->key, &pkblob, &blen) == 0)
|
||||
goto user_auth_clean_exit;
|
||||
|
||||
/* construct packet to sign and test */
|
||||
- pamsshagentauth_buffer_init(&b);
|
||||
+ buffer_init(&b);
|
||||
|
||||
- pamsshagentauth_buffer_put_string(&b, session_id2->buf + session_id2->offset, session_id2->end - session_id2->offset);
|
||||
- pamsshagentauth_buffer_put_char(&b, SSH2_MSG_USERAUTH_TRUST_REQUEST);
|
||||
- pamsshagentauth_buffer_put_cstring(&b, ruser);
|
||||
- pamsshagentauth_buffer_put_cstring(&b, "pam_ssh_agent_auth");
|
||||
- pamsshagentauth_buffer_put_cstring(&b, "publickey");
|
||||
- pamsshagentauth_buffer_put_char(&b, 1);
|
||||
- pamsshagentauth_buffer_put_cstring(&b, pkalg);
|
||||
- pamsshagentauth_buffer_put_string(&b, pkblob, blen);
|
||||
+ buffer_put_string(&b, sshbuf_ptr(session_id2), sshbuf_len(session_id2));
|
||||
+ buffer_put_char(&b, SSH2_MSG_USERAUTH_TRUST_REQUEST);
|
||||
+ buffer_put_cstring(&b, ruser);
|
||||
+ buffer_put_cstring(&b, "pam_ssh_agent_auth");
|
||||
+ buffer_put_cstring(&b, "publickey");
|
||||
+ buffer_put_char(&b, 1);
|
||||
+ buffer_put_cstring(&b, pkalg);
|
||||
+ buffer_put_string(&b, pkblob, blen);
|
||||
|
||||
- if(ssh_agent_sign(id->ac, id->key, &sig, &slen, pamsshagentauth_buffer_ptr(&b), pamsshagentauth_buffer_len(&b)) != 0)
|
||||
+ if(ssh_agent_sign(id->ac, id->key, &sig, &slen, buffer_ptr(&b), buffer_len(&b)) != 0)
|
||||
goto user_auth_clean_exit;
|
||||
|
||||
/* test for correct signature */
|
||||
- if(pamsshagentauth_key_verify(id->key, sig, slen, pamsshagentauth_buffer_ptr(&b), pamsshagentauth_buffer_len(&b)) == 1)
|
||||
+ if(key_verify(id->key, sig, slen, buffer_ptr(&b), buffer_len(&b)) == 1)
|
||||
authenticated = 1;
|
||||
|
||||
user_auth_clean_exit:
|
||||
/* if(&b != NULL) */
|
||||
- pamsshagentauth_buffer_free(&b);
|
||||
+ buffer_free(&b);
|
||||
if(sig != NULL)
|
||||
- pamsshagentauth_xfree(sig);
|
||||
+ free(sig);
|
||||
if(pkblob != NULL)
|
||||
- pamsshagentauth_xfree(pkblob);
|
||||
+ free(pkblob);
|
||||
CRYPTO_cleanup_all_ex_data();
|
||||
return authenticated;
|
||||
strncat(owner_uname, auth_keys_file_buf + 1, owner_uname_len);
|
||||
if(!authorized_keys_file_allowed_owner_uid)
|
||||
@@ -130,11 +130,11 @@ parse_authorized_key_file(const char *us
|
||||
getpwnam(owner_uname)->pw_uid;
|
||||
}
|
||||
diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/secure_filename.c.old openssh-7.1p2/pam_ssh_agent_auth-0.10.2/secure_filename.c
|
||||
--- openssh-7.1p2/pam_ssh_agent_auth-0.10.2/secure_filename.c.old 2016-01-22 17:12:03.026198234 +0100
|
||||
+++ openssh-7.1p2/pam_ssh_agent_auth-0.10.2/secure_filename.c 2016-01-22 17:12:31.817174950 +0100
|
||||
@@ -80,7 +80,7 @@ pamsshagentauth_auth_secure_path(const c
|
||||
int comparehome = 0;
|
||||
struct stat st;
|
||||
|
||||
- pamsshagentauth_verbose("auth_secure_filename: checking for uid: %u", uid);
|
||||
+ verbose("auth_secure_filename: checking for uid: %u", uid);
|
||||
|
||||
if (realpath(name, buf) == NULL) {
|
||||
snprintf(err, errlen, "realpath %s failed: %s", name,
|
||||
@@ -115,9 +115,9 @@ pamsshagentauth_auth_secure_path(const c
|
||||
snprintf(err, errlen, "dirname() failed");
|
||||
return -1;
|
||||
authorized_keys_file =
|
||||
- pamsshagentauth_tilde_expand_filename(auth_keys_file_buf,
|
||||
+ tilde_expand_filename(auth_keys_file_buf,
|
||||
authorized_keys_file_allowed_owner_uid);
|
||||
strncpy(auth_keys_file_buf, authorized_keys_file,
|
||||
sizeof(auth_keys_file_buf) - 1);
|
||||
- pamsshagentauth_xfree(authorized_keys_file) /* when we
|
||||
+ free(authorized_keys_file) /* when we
|
||||
percent_expand
|
||||
later, we'd step
|
||||
on this, so free
|
||||
@@ -150,7 +150,7 @@ parse_authorized_key_file(const char *us
|
||||
strncat(hostname, fqdn, strcspn(fqdn, "."));
|
||||
#endif
|
||||
authorized_keys_file =
|
||||
- pamsshagentauth_percent_expand(auth_keys_file_buf, "h",
|
||||
+ percent_expand(auth_keys_file_buf, "h",
|
||||
getpwnam(user)->pw_dir, "H", hostname,
|
||||
"f", fqdn, "u", user, NULL);
|
||||
}
|
||||
- pamsshagentauth_strlcpy(buf, cp, sizeof(buf));
|
||||
+ strlcpy(buf, cp, sizeof(buf));
|
||||
|
||||
- pamsshagentauth_verbose("secure_filename: checking '%s'", buf);
|
||||
+ verbose("secure_filename: checking '%s'", buf);
|
||||
if (stat(buf, &st) < 0 ||
|
||||
(st.st_uid != 0 && st.st_uid != uid) ||
|
||||
(st.st_mode & 022) != 0) {
|
||||
@@ -128,7 +128,7 @@ pamsshagentauth_auth_secure_path(const c
|
||||
|
||||
/* If are passed the homedir then we can stop */
|
||||
if (comparehome && strcmp(homedir, buf) == 0) {
|
||||
- pamsshagentauth_verbose("secure_filename: terminating check at '%s'",
|
||||
+ verbose("secure_filename: terminating check at '%s'",
|
||||
buf);
|
||||
break;
|
||||
}
|
||||
diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/get_command_line.c.old openssh-7.1p2/pam_ssh_agent_auth-0.10.2/get_command_line.c
|
||||
--- openssh-7.1p2/pam_ssh_agent_auth-0.10.2/get_command_line.c.old 2016-01-22 17:13:18.226137418 +0100
|
||||
+++ openssh-7.1p2/pam_ssh_agent_auth-0.10.2/get_command_line.c 2016-01-22 17:14:27.753081189 +0100
|
||||
@@ -65,8 +65,8 @@ proc_pid_cmdline(char *** inargv)
|
||||
case EOF:
|
||||
case '\0':
|
||||
if (len > 0) {
|
||||
- argv = pamsshagentauth_xrealloc(argv, count + 1, sizeof(*argv));
|
||||
- argv[count] = pamsshagentauth_xcalloc(len + 1, sizeof(*argv[count]));
|
||||
+ argv = xreallocarray(argv, count + 1, sizeof(*argv));
|
||||
+ argv[count] = xcalloc(len + 1, sizeof(*argv[count]));
|
||||
strncpy(argv[count++], argbuf, len);
|
||||
memset(argbuf, '\0', MAX_LEN_PER_CMDLINE_ARG + 1);
|
||||
len = 0;
|
||||
@@ -105,9 +105,9 @@ pamsshagentauth_free_command_line(char *
|
||||
{
|
||||
size_t i;
|
||||
for (i = 0; i < n_args; i++)
|
||||
- pamsshagentauth_xfree(argv[i]);
|
||||
+ free(argv[i]);
|
||||
|
||||
- pamsshagentauth_xfree(argv);
|
||||
+ free(argv);
|
||||
return;
|
||||
}
|
||||
|
||||
diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c.old openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c
|
||||
--- openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c.old 2016-01-22 17:15:57.547008570 +0100
|
||||
+++ openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c 2016-01-22 17:16:18.297991788 +0100
|
||||
@@ -48,6 +48,7 @@
|
||||
diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-compat openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c
|
||||
--- openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-compat 2016-11-13 04:24:32.000000000 +0100
|
||||
+++ openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c 2017-02-07 14:41:20.484509204 +0100
|
||||
@@ -48,11 +48,13 @@
|
||||
#include "buffer.h"
|
||||
#include "log.h"
|
||||
#include "compat.h"
|
||||
@ -390,15 +328,13 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c.old ope
|
||||
#include "key.h"
|
||||
#include "pathnames.h"
|
||||
#include "misc.h"
|
||||
@@ -54,6 +54,7 @@
|
||||
#include "misc.h"
|
||||
#include "secure_filename.h"
|
||||
#include "uidswap.h"
|
||||
+#include <unistd.h>
|
||||
|
||||
#include "identity.h"
|
||||
|
||||
@@ -68,7 +68,7 @@ pamsshagentauth_check_authkeys_file(FILE
|
||||
@@ -68,7 +70,7 @@ pamsshagentauth_check_authkeys_file(FILE
|
||||
char *fp;
|
||||
|
||||
found_key = 0;
|
||||
@ -407,7 +343,7 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c.old ope
|
||||
|
||||
while(read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
|
||||
char *cp = NULL; /* *key_options = NULL; */
|
||||
@@ -78,11 +78,11 @@ pamsshagentauth_check_authkeys_file(FILE
|
||||
@@ -78,11 +80,11 @@ pamsshagentauth_check_authkeys_file(FILE
|
||||
if(!*cp || *cp == '\n' || *cp == '#')
|
||||
continue;
|
||||
|
||||
@ -421,7 +357,7 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c.old ope
|
||||
/* key_options = cp; */
|
||||
for(; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
|
||||
if(*cp == '\\' && cp[1] == '"')
|
||||
@@ -92,26 +92,26 @@ pamsshagentauth_check_authkeys_file(FILE
|
||||
@@ -92,26 +94,26 @@ pamsshagentauth_check_authkeys_file(FILE
|
||||
}
|
||||
/* Skip remaining whitespace. */
|
||||
for(; *cp == ' ' || *cp == '\t'; cp++);
|
||||
@ -458,7 +394,7 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c.old ope
|
||||
return found_key;
|
||||
}
|
||||
|
||||
@@ -128,11 +128,11 @@ pamsshagentauth_user_key_allowed2(struct
|
||||
@@ -128,11 +130,11 @@ pamsshagentauth_user_key_allowed2(struct
|
||||
char buf[SSH_MAX_PUBKEY_BYTES];
|
||||
|
||||
/* Temporarily use the user's uid. */
|
||||
@ -472,7 +408,7 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c.old ope
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -144,7 +144,7 @@ pamsshagentauth_user_key_allowed2(struct
|
||||
@@ -144,7 +146,7 @@ pamsshagentauth_user_key_allowed2(struct
|
||||
|
||||
if(pamsshagentauth_secure_filename(f, file, pw, buf, sizeof(buf)) != 0) {
|
||||
fclose(f);
|
||||
@ -481,7 +417,7 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c.old ope
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -187,44 +187,44 @@ pamsshagentauth_user_key_command_allowed
|
||||
@@ -187,44 +189,44 @@ pamsshagentauth_user_key_command_allowed
|
||||
else {
|
||||
pw = getpwnam(authorized_keys_command_user);
|
||||
if(pw == NULL) {
|
||||
@ -534,7 +470,7 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c.old ope
|
||||
close(p[0]);
|
||||
close(p[1]);
|
||||
return 0;
|
||||
@@ -234,13 +234,13 @@ pamsshagentauth_user_key_command_allowed
|
||||
@@ -234,13 +236,13 @@ pamsshagentauth_user_key_command_allowed
|
||||
|
||||
/* do this before the setresuid so thta they can be logged */
|
||||
if((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) {
|
||||
@ -550,7 +486,7 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c.old ope
|
||||
_exit(1);
|
||||
}
|
||||
#if defined(HAVE_SETRESGID) && !defined(BROKEN_SETRESGID)
|
||||
@@ -248,7 +248,7 @@ pamsshagentauth_user_key_command_allowed
|
||||
@@ -248,7 +250,7 @@ pamsshagentauth_user_key_command_allowed
|
||||
#else
|
||||
if (setgid(pw->pw_gid) != 0 || setegid(pw->pw_gid) != 0) {
|
||||
#endif
|
||||
@ -559,7 +495,7 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c.old ope
|
||||
strerror(errno));
|
||||
_exit(1);
|
||||
}
|
||||
@@ -258,7 +258,7 @@ pamsshagentauth_user_key_command_allowed
|
||||
@@ -258,7 +260,7 @@ pamsshagentauth_user_key_command_allowed
|
||||
#else
|
||||
if (setuid(pw->pw_uid) != 0 || seteuid(pw->pw_uid) != 0) {
|
||||
#endif
|
||||
@ -568,7 +504,7 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c.old ope
|
||||
strerror(errno));
|
||||
_exit(1);
|
||||
}
|
||||
@@ -270,18 +270,18 @@ pamsshagentauth_user_key_command_allowed
|
||||
@@ -270,18 +272,18 @@ pamsshagentauth_user_key_command_allowed
|
||||
|
||||
/* pretty sure this will barf because we are now suid, but since we
|
||||
should't reach this anyway, I'll leave it here */
|
||||
@ -590,7 +526,7 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c.old ope
|
||||
close(p[0]);
|
||||
/* Don't leave zombie child */
|
||||
while(waitpid(pid, NULL, 0) == -1 && errno == EINTR);
|
||||
@@ -292,22 +292,22 @@ pamsshagentauth_user_key_command_allowed
|
||||
@@ -292,22 +294,22 @@ pamsshagentauth_user_key_command_allowed
|
||||
|
||||
while(waitpid(pid, &status, 0) == -1) {
|
||||
if(errno != EINTR) {
|
||||
@ -617,50 +553,110 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c.old ope
|
||||
+ restore_uid();
|
||||
return found_key;
|
||||
}
|
||||
diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_user_authorized_keys.c.psaa-xfree openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_user_authorized_keys.c
|
||||
--- openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_user_authorized_keys.c.psaa-xfree 2016-01-22 15:30:26.300302721 +0100
|
||||
+++ openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_user_authorized_keys.c 2016-01-22 15:33:57.567226875 +0100
|
||||
@@ -117,12 +117,12 @@ parse_authorized_key_file(const char *us
|
||||
} else {
|
||||
slash_ptr = strchr(auth_keys_file_buf, '/');
|
||||
if(!slash_ptr)
|
||||
- pamsshagentauth_fatal
|
||||
+ fatal
|
||||
("cannot expand tilde in path without a `/'");
|
||||
diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/secure_filename.c.psaa-compat openssh-7.4p1/pam_ssh_agent_auth-0.10.3/secure_filename.c
|
||||
--- openssh-7.4p1/pam_ssh_agent_auth-0.10.3/secure_filename.c.psaa-compat 2016-11-13 04:24:32.000000000 +0100
|
||||
+++ openssh-7.4p1/pam_ssh_agent_auth-0.10.3/secure_filename.c 2017-02-07 14:41:20.481509206 +0100
|
||||
@@ -80,7 +80,7 @@ pamsshagentauth_auth_secure_path(const c
|
||||
int comparehome = 0;
|
||||
struct stat st;
|
||||
|
||||
owner_uname_len = slash_ptr - auth_keys_file_buf - 1;
|
||||
if(owner_uname_len > (sizeof(owner_uname) - 1))
|
||||
- pamsshagentauth_fatal("Username too long");
|
||||
+ fatal("Username too long");
|
||||
- pamsshagentauth_verbose("auth_secure_filename: checking for uid: %u", uid);
|
||||
+ verbose("auth_secure_filename: checking for uid: %u", uid);
|
||||
|
||||
strncat(owner_uname, auth_keys_file_buf + 1, owner_uname_len);
|
||||
if(!authorized_keys_file_allowed_owner_uid)
|
||||
@@ -130,11 +130,11 @@ parse_authorized_key_file(const char *us
|
||||
getpwnam(owner_uname)->pw_uid;
|
||||
if (realpath(name, buf) == NULL) {
|
||||
snprintf(err, errlen, "realpath %s failed: %s", name,
|
||||
@@ -115,9 +115,9 @@ pamsshagentauth_auth_secure_path(const c
|
||||
snprintf(err, errlen, "dirname() failed");
|
||||
return -1;
|
||||
}
|
||||
authorized_keys_file =
|
||||
- pamsshagentauth_tilde_expand_filename(auth_keys_file_buf,
|
||||
+ tilde_expand_filename(auth_keys_file_buf,
|
||||
authorized_keys_file_allowed_owner_uid);
|
||||
strncpy(auth_keys_file_buf, authorized_keys_file,
|
||||
sizeof(auth_keys_file_buf) - 1);
|
||||
- pamsshagentauth_xfree(authorized_keys_file) /* when we
|
||||
+ free(authorized_keys_file) /* when we
|
||||
percent_expand
|
||||
later, we'd step
|
||||
on this, so free
|
||||
@@ -150,7 +150,7 @@ parse_authorized_key_file(const char *us
|
||||
strncat(hostname, fqdn, strcspn(fqdn, "."));
|
||||
#endif
|
||||
authorized_keys_file =
|
||||
- pamsshagentauth_percent_expand(auth_keys_file_buf, "h",
|
||||
+ percent_expand(auth_keys_file_buf, "h",
|
||||
getpwnam(user)->pw_dir, "H", hostname,
|
||||
"f", fqdn, "u", user, NULL);
|
||||
- pamsshagentauth_strlcpy(buf, cp, sizeof(buf));
|
||||
+ strlcpy(buf, cp, sizeof(buf));
|
||||
|
||||
- pamsshagentauth_verbose("secure_filename: checking '%s'", buf);
|
||||
+ verbose("secure_filename: checking '%s'", buf);
|
||||
if (stat(buf, &st) < 0 ||
|
||||
(st.st_uid != 0 && st.st_uid != uid) ||
|
||||
(st.st_mode & 022) != 0) {
|
||||
@@ -128,7 +128,7 @@ pamsshagentauth_auth_secure_path(const c
|
||||
|
||||
/* If are passed the homedir then we can stop */
|
||||
if (comparehome && strcmp(homedir, buf) == 0) {
|
||||
- pamsshagentauth_verbose("secure_filename: terminating check at '%s'",
|
||||
+ verbose("secure_filename: terminating check at '%s'",
|
||||
buf);
|
||||
break;
|
||||
}
|
||||
diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/uuencode.c.psaa-xfree openssh-7.1p2/pam_ssh_agent_auth-0.10.2/uuencode.c
|
||||
--- openssh-7.1p2/pam_ssh_agent_auth-0.10.2/uuencode.c.psaa-xfree 2014-03-23 23:52:21.000000000 +0100
|
||||
+++ openssh-7.1p2/pam_ssh_agent_auth-0.10.2/uuencode.c 2016-01-22 15:39:26.210104334 +0100
|
||||
diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-compat openssh-7.4p1/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c
|
||||
--- openssh-7.4p1/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-compat 2016-11-13 04:24:32.000000000 +0100
|
||||
+++ openssh-7.4p1/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c 2017-02-07 14:41:20.484509204 +0100
|
||||
@@ -48,6 +48,8 @@
|
||||
#include "identity.h"
|
||||
#include "pam_user_authorized_keys.h"
|
||||
|
||||
+#define SSH2_MSG_USERAUTH_TRUST_REQUEST 54
|
||||
+
|
||||
/* extern u_char *session_id2;
|
||||
extern uint8_t session_id_len;
|
||||
*/
|
||||
@@ -65,37 +67,38 @@ userauth_pubkey_from_id(const char *ruse
|
||||
|
||||
/* first test if this key is even allowed */
|
||||
if(! pam_user_key_allowed(ruser, id->key))
|
||||
- goto user_auth_clean_exit;
|
||||
+ goto user_auth_clean_exit_without_buffer;
|
||||
|
||||
- if(pamsshagentauth_key_to_blob(id->key, &pkblob, &blen) == 0)
|
||||
- goto user_auth_clean_exit;
|
||||
+ if(key_to_blob(id->key, &pkblob, &blen) == 0)
|
||||
+ goto user_auth_clean_exit_without_buffer;
|
||||
|
||||
/* construct packet to sign and test */
|
||||
- pamsshagentauth_buffer_init(&b);
|
||||
+ buffer_init(&b);
|
||||
|
||||
- pamsshagentauth_buffer_put_string(&b, session_id2->buf + session_id2->offset, session_id2->end - session_id2->offset);
|
||||
- pamsshagentauth_buffer_put_char(&b, SSH2_MSG_USERAUTH_TRUST_REQUEST);
|
||||
- pamsshagentauth_buffer_put_cstring(&b, ruser);
|
||||
- pamsshagentauth_buffer_put_cstring(&b, "pam_ssh_agent_auth");
|
||||
- pamsshagentauth_buffer_put_cstring(&b, "publickey");
|
||||
- pamsshagentauth_buffer_put_char(&b, 1);
|
||||
- pamsshagentauth_buffer_put_cstring(&b, pkalg);
|
||||
- pamsshagentauth_buffer_put_string(&b, pkblob, blen);
|
||||
+ buffer_put_string(&b, sshbuf_ptr(session_id2), sshbuf_len(session_id2));
|
||||
+ buffer_put_char(&b, SSH2_MSG_USERAUTH_TRUST_REQUEST);
|
||||
+ buffer_put_cstring(&b, ruser);
|
||||
+ buffer_put_cstring(&b, "pam_ssh_agent_auth");
|
||||
+ buffer_put_cstring(&b, "publickey");
|
||||
+ buffer_put_char(&b, 1);
|
||||
+ buffer_put_cstring(&b, pkalg);
|
||||
+ buffer_put_string(&b, pkblob, blen);
|
||||
|
||||
- if(ssh_agent_sign(id->ac, id->key, &sig, &slen, pamsshagentauth_buffer_ptr(&b), pamsshagentauth_buffer_len(&b)) != 0)
|
||||
+ if(ssh_agent_sign(id->ac, id->key, &sig, &slen, buffer_ptr(&b), buffer_len(&b)) != 0)
|
||||
goto user_auth_clean_exit;
|
||||
|
||||
/* test for correct signature */
|
||||
- if(pamsshagentauth_key_verify(id->key, sig, slen, pamsshagentauth_buffer_ptr(&b), pamsshagentauth_buffer_len(&b)) == 1)
|
||||
+ if(key_verify(id->key, sig, slen, buffer_ptr(&b), buffer_len(&b)) == 1)
|
||||
authenticated = 1;
|
||||
|
||||
user_auth_clean_exit:
|
||||
/* if(&b != NULL) */
|
||||
- pamsshagentauth_buffer_free(&b);
|
||||
+ buffer_free(&b);
|
||||
+ user_auth_clean_exit_without_buffer:
|
||||
if(sig != NULL)
|
||||
- pamsshagentauth_xfree(sig);
|
||||
+ free(sig);
|
||||
if(pkblob != NULL)
|
||||
- pamsshagentauth_xfree(pkblob);
|
||||
+ free(pkblob);
|
||||
CRYPTO_cleanup_all_ex_data();
|
||||
return authenticated;
|
||||
}
|
||||
diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/uuencode.c.psaa-compat openssh-7.4p1/pam_ssh_agent_auth-0.10.3/uuencode.c
|
||||
--- openssh-7.4p1/pam_ssh_agent_auth-0.10.3/uuencode.c.psaa-compat 2016-11-13 04:24:32.000000000 +0100
|
||||
+++ openssh-7.4p1/pam_ssh_agent_auth-0.10.3/uuencode.c 2017-02-07 14:41:20.484509204 +0100
|
||||
@@ -56,7 +56,7 @@ pamsshagentauth_uudecode(const char *src
|
||||
/* and remove trailing whitespace because __b64_pton needs this */
|
||||
*p = '\0';
|
||||
@ -670,7 +666,7 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/uuencode.c.psaa-xfree openssh-7
|
||||
return len;
|
||||
}
|
||||
|
||||
@@ -70,7 +70,7 @@ pamsshagentauth_dump_base64(FILE *fp, u_
|
||||
@@ -70,7 +70,7 @@ pamsshagentauth_dump_base64(FILE *fp, co
|
||||
fprintf(fp, "dump_base64: len > 65536\n");
|
||||
return;
|
||||
}
|
||||
@ -679,35 +675,10 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/uuencode.c.psaa-xfree openssh-7
|
||||
n = pamsshagentauth_uuencode(data, len, buf, 2*len);
|
||||
for (i = 0; i < n; i++) {
|
||||
fprintf(fp, "%c", buf[i]);
|
||||
@@ -79,5 +79,5 @@ pamsshagentauth_dump_base64(FILE *fp, u_
|
||||
@@ -79,5 +79,5 @@ pamsshagentauth_dump_base64(FILE *fp, co
|
||||
}
|
||||
if (i % 70 != 69)
|
||||
fprintf(fp, "\n");
|
||||
- pamsshagentauth_xfree(buf);
|
||||
+ free(buf);
|
||||
}
|
||||
diff --git a/pam_ssh_agent_auth-0.10.2/userauth_pubkey_from_id.c b/pam_ssh_agent_auth-0.10.2/userauth_pubkey_from_id.c
|
||||
index d5a574f..9e866c1 100644
|
||||
--- a/pam_ssh_agent_auth-0.10.2/userauth_pubkey_from_id.c
|
||||
+++ b/pam_ssh_agent_auth-0.10.2/userauth_pubkey_from_id.c
|
||||
@@ -68,10 +68,10 @@ userauth_pubkey_from_id(const char *ruser, Identity * id, Buffer * session_id2)
|
||||
|
||||
/* first test if this key is even allowed */
|
||||
if(! pam_user_key_allowed(ruser, id->key))
|
||||
- goto user_auth_clean_exit;
|
||||
+ goto user_auth_clean_exit_without_buffer;
|
||||
|
||||
if(key_to_blob(id->key, &pkblob, &blen) == 0)
|
||||
- goto user_auth_clean_exit;
|
||||
+ goto user_auth_clean_exit_without_buffer;
|
||||
|
||||
/* construct packet to sign and test */
|
||||
buffer_init(&b);
|
||||
@@ -95,6 +95,7 @@ userauth_pubkey_from_id(const char *ruser, Identity * id, Buffer * session_id2)
|
||||
user_auth_clean_exit:
|
||||
/* if(&b != NULL) */
|
||||
buffer_free(&b);
|
||||
+ user_auth_clean_exit_without_buffer:
|
||||
if(sig != NULL)
|
||||
free(sig);
|
||||
if(pkblob != NULL)
|
||||
|
@ -1,6 +1,6 @@
|
||||
diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/iterate_ssh_agent_keys.c.psaa-build openssh-7.1p2/pam_ssh_agent_auth-0.10.2/iterate_ssh_agent_keys.c
|
||||
--- openssh-7.1p2/pam_ssh_agent_auth-0.10.2/iterate_ssh_agent_keys.c.psaa-build 2016-01-22 14:59:18.943919791 +0100
|
||||
+++ openssh-7.1p2/pam_ssh_agent_auth-0.10.2/iterate_ssh_agent_keys.c 2016-01-22 15:16:12.534599318 +0100
|
||||
diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-build openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c
|
||||
--- openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-build 2016-11-13 04:24:32.000000000 +0100
|
||||
+++ openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c 2017-02-07 14:29:41.626116675 +0100
|
||||
@@ -43,12 +43,31 @@
|
||||
#include <openssl/evp.h>
|
||||
#include "ssh2.h"
|
||||
@ -42,7 +42,7 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/iterate_ssh_agent_keys.c.psaa-b
|
||||
uint8_t i = 0;
|
||||
uint32_t rnd = 0;
|
||||
uint8_t cookie_len;
|
||||
@@ -110,7 +129,7 @@ pamsshagentauth_session_id2_gen(Buffer *
|
||||
@@ -112,7 +131,7 @@ pamsshagentauth_session_id2_gen(Buffer *
|
||||
if (i % 4 == 0) {
|
||||
rnd = pamsshagentauth_arc4random();
|
||||
}
|
||||
@ -51,7 +51,7 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/iterate_ssh_agent_keys.c.psaa-b
|
||||
rnd >>= 8;
|
||||
}
|
||||
|
||||
@@ -142,6 +161,86 @@ pamsshagentauth_session_id2_gen(Buffer *
|
||||
@@ -177,6 +196,86 @@ pamsshagentauth_session_id2_gen(Buffer *
|
||||
}
|
||||
|
||||
int
|
||||
@ -147,9 +147,9 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/iterate_ssh_agent_keys.c.psaa-b
|
||||
pamsshagentauth_verbose("Contacted ssh-agent of user %s (%u)", ruser, uid);
|
||||
for (key = ssh_get_first_identity(ac, &comment, 2); key != NULL; key = ssh_get_next_identity(ac, &comment, 2))
|
||||
{
|
||||
diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/Makefile.in.psaa-build openssh-7.1p2/pam_ssh_agent_auth-0.10.2/Makefile.in
|
||||
--- openssh-7.1p2/pam_ssh_agent_auth-0.10.2/Makefile.in.psaa-build 2014-03-31 19:35:17.000000000 +0200
|
||||
+++ openssh-7.1p2/pam_ssh_agent_auth-0.10.2/Makefile.in 2016-01-22 15:20:16.479521651 +0100
|
||||
diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/Makefile.in.psaa-build openssh-7.4p1/pam_ssh_agent_auth-0.10.3/Makefile.in
|
||||
--- openssh-7.4p1/pam_ssh_agent_auth-0.10.3/Makefile.in.psaa-build 2016-11-13 04:24:32.000000000 +0100
|
||||
+++ openssh-7.4p1/pam_ssh_agent_auth-0.10.3/Makefile.in 2017-02-07 14:40:14.407566921 +0100
|
||||
@@ -52,7 +52,7 @@ PATHS=
|
||||
CC=@CC@
|
||||
LD=@LD@
|
||||
@ -168,18 +168,18 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/Makefile.in.psaa-build openssh-
|
||||
LDFLAGS_SHARED = @LDFLAGS_SHARED@
|
||||
EXEEXT=@EXEEXT@
|
||||
|
||||
@@ -72,7 +72,7 @@ PAM_MODULES=pam_ssh_agent_auth.so
|
||||
@@ -74,7 +74,7 @@ SSHOBJS=xmalloc.o atomicio.o authfd.o bu
|
||||
|
||||
SSHOBJS=xmalloc.o atomicio.o authfd.o bufaux.o bufbn.o buffer.o cleanup.o entropy.o fatal.o key.o log.o misc.o secure_filename.o ssh-dss.o ssh-rsa.o uuencode.o compat.o uidswap.o
|
||||
ED25519OBJS=ed25519-donna/ed25519.o
|
||||
|
||||
-PAM_SSH_AGENT_AUTH_OBJS=pam_user_key_allowed2.o iterate_ssh_agent_keys.o userauth_pubkey_from_id.o pam_user_authorized_keys.o get_command_line.o
|
||||
+PAM_SSH_AGENT_AUTH_OBJS=pam_user_key_allowed2.o iterate_ssh_agent_keys.o userauth_pubkey_from_id.o pam_user_authorized_keys.o get_command_line.o secure_filename.o
|
||||
|
||||
|
||||
MANPAGES_IN = pam_ssh_agent_auth.pod
|
||||
@@ -91,13 +91,13 @@ $(PAM_MODULES): Makefile.in config.h
|
||||
@@ -94,13 +94,13 @@ $(PAM_MODULES): Makefile.in config.h
|
||||
.c.o:
|
||||
$(CC) $(CFLAGS) $(CPPFLAGS) -c $<
|
||||
$(CC) $(CFLAGS) $(CPPFLAGS) -c $< -o $@
|
||||
|
||||
-LIBCOMPAT=openbsd-compat/libopenbsd-compat.a
|
||||
+LIBCOMPAT=../openbsd-compat/libopenbsd-compat.a
|
||||
@ -187,10 +187,10 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/Makefile.in.psaa-build openssh-
|
||||
(cd openbsd-compat && $(MAKE))
|
||||
always:
|
||||
|
||||
-pam_ssh_agent_auth.so: $(LIBCOMPAT) $(SSHOBJS) $(PAM_SSH_AGENT_AUTH_OBJS) pam_ssh_agent_auth.o
|
||||
- $(LD) $(LDFLAGS_SHARED) -o $@ $(SSHOBJS) $(PAM_SSH_AGENT_AUTH_OBJS) $(LDFLAGS) -lopenbsd-compat pam_ssh_agent_auth.o $(LIBS) -lpam
|
||||
-pam_ssh_agent_auth.so: $(LIBCOMPAT) $(SSHOBJS) $(ED25519OBJS) $(PAM_SSH_AGENT_AUTH_OBJS) pam_ssh_agent_auth.o
|
||||
- $(LD) $(LDFLAGS_SHARED) -o $@ $(SSHOBJS) $(ED25519OBJS) $(PAM_SSH_AGENT_AUTH_OBJS) $(LDFLAGS) -lopenbsd-compat pam_ssh_agent_auth.o $(LIBS) -lpam
|
||||
+pam_ssh_agent_auth.so: $(PAM_SSH_AGENT_AUTH_OBJS) pam_ssh_agent_auth.o
|
||||
+ $(LD) $(LDFLAGS_SHARED) -o $@ $(PAM_SSH_AGENT_AUTH_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat pam_ssh_agent_auth.o $(LIBS) -lpam -lnss3
|
||||
|
||||
$(MANPAGES): $(MANPAGES_IN)
|
||||
pod2man --section=8 --release=v0.10.2 --name=pam_ssh_agent_auth --official --center "PAM" pam_ssh_agent_auth.pod > pam_ssh_agent_auth.8
|
||||
pod2man --section=8 --release=v0.10.3 --name=pam_ssh_agent_auth --official --center "PAM" pam_ssh_agent_auth.pod > pam_ssh_agent_auth.8
|
||||
|
2
sources
2
sources
@ -1,2 +1,2 @@
|
||||
SHA512 (pam_ssh_agent_auth-0.10.3.tar.bz2) = d75062c4e46b0b011f46aed9704a99049995fea8b5115ff7ee26dad7e93cbcf54a8af7efc6b521109d77dc03c6f5284574d2e1b84c6829cec25610f24fb4bd66
|
||||
SHA512 (openssh-7.4p1.tar.gz) = 4f3256f461f01366c5d5e0e45285eec65016e2643b3284b407f48f53d81087bf2c1caf7d5f7530d307a15c91c64de91446e1cba948e8fc68f82098290fe3b292
|
||||
SHA512 (pam_ssh_agent_auth-0.10.2.tar.bz2) = b4b9bc4486d873f236f7c54874c996e24f344f889dfda3beadb12b97cbb89078028a103a4a7175cd919fb0a12fd5bcefef50420510ae5eff9252e494e0124b38
|
||||
|
Loading…
Reference in New Issue
Block a user