91 lines
3.2 KiB
Diff
91 lines
3.2 KiB
Diff
|
diff --git a/pam_ssh_agent_auth-0.9.3/iterate_ssh_agent_keys.c b/pam_ssh_agent_auth-0.9.3/iterate_ssh_agent_keys.c
|
||
|
|
index 9555e7e..c17aae6 100644
|
||
|
|
--- a/iterate_ssh_agent_keys.c 2015-05-27 14:09:13.591407306 +0200
|
||
|
|
+++ b/iterate_ssh_agent_keys.c 2015-05-27 14:10:33.216267826 +0200
|
||
|
|
@@ -37,6 +37,7 @@
|
||
|
|
#include "buffer.h"
|
||
|
|
#include "key.h"
|
||
|
|
#include "authfd.h"
|
||
|
|
+#include "ssherr.h"
|
||
|
|
#include "ssh.h"
|
||
|
|
#include <stdio.h>
|
||
|
|
#include <sys/types.h>
|
||
|
|
@@ -177,22 +177,28 @@ int
|
||
|
|
find_authorized_keys(uid_t uid)
|
||
|
|
{
|
||
|
|
Identity *id;
|
||
|
|
- Key *key;
|
||
|
|
AuthenticationConnection *ac;
|
||
|
|
- char *comment;
|
||
|
|
uint8_t retval = 0;
|
||
|
|
+ struct ssh_identitylist *idlist;
|
||
|
|
+ int r, i;
|
||
|
|
|
||
|
|
OpenSSL_add_all_digests();
|
||
|
|
session_id2 = session_id2_gen();
|
||
|
|
|
||
|
|
if ((ac = ssh_get_authentication_connection_for_uid(uid))) {
|
||
|
|
verbose("Contacted ssh-agent of user %s (%u)", getpwuid(uid)->pw_name, uid);
|
||
|
|
- for (key = ssh_get_first_identity(ac, &comment, 2); key != NULL; key = ssh_get_next_identity(ac, &comment, 2))
|
||
|
|
+ if ((r = ssh_fetch_identitylist(ac->fd, 2,
|
||
|
|
+ &idlist)) != 0) {
|
||
|
|
+ if (r != SSH_ERR_AGENT_NO_IDENTITIES)
|
||
|
|
+ fprintf(stderr, "error fetching identities for "
|
||
|
|
+ "protocol %d: %s\n", 2, ssh_err(r));
|
||
|
|
+ }
|
||
|
|
+ for (i = 0; i < idlist->nkeys; i++)
|
||
|
|
{
|
||
|
|
- if(key != NULL) {
|
||
|
|
+ if(idlist->keys[i] != NULL) {
|
||
|
|
id = xcalloc(1, sizeof(*id));
|
||
|
|
- id->key = key;
|
||
|
|
- id->filename = comment;
|
||
|
|
+ id->key = idlist->keys[i];
|
||
|
|
+ id->filename = idlist->comments[i];
|
||
|
|
id->ac = ac;
|
||
|
|
if(userauth_pubkey_from_id(id)) {
|
||
|
|
retval = 1;
|
||
|
|
@@ -204,7 +211,10 @@ find_authorized_keys(uid_t uid)
|
||
|
|
break;
|
||
|
|
}
|
||
|
|
}
|
||
|
|
+ ssh_free_identitylist(idlist);
|
||
|
|
+ ssh_close_authentication_socket(ac->fd);
|
||
|
|
+ buffer_free(&ac->identities);
|
||
|
|
+ free(ac);
|
||
|
|
- ssh_close_authentication_connection(ac);
|
||
|
|
}
|
||
|
|
else {
|
||
|
|
verbose("No ssh-agent could be contacted");
|
||
|
|
diff --git a/pam_ssh_agent_auth-0.9.3/identity.h b/pam_ssh_agent_auth-0.9.3/identity.h
|
||
|
|
index eb21320..c00da34 100644
|
||
|
|
--- a/pam_ssh_agent_auth-0.9.3/identity.h
|
||
|
|
+++ b/pam_ssh_agent_auth-0.9.3/identity.h
|
||
|
|
@@ -14,6 +14,12 @@
|
||
|
|
typedef struct identity Identity;
|
||
|
|
typedef struct idlist Idlist;
|
||
|
|
|
||
|
|
+typedef struct {
|
||
|
|
+ int fd;
|
||
|
|
+ Buffer identities;
|
||
|
|
+ int howmany;
|
||
|
|
+} AuthenticationConnection;
|
||
|
|
+
|
||
|
|
struct identity {
|
||
|
|
TAILQ_ENTRY(identity) next;
|
||
|
|
AuthenticationConnection *ac; /* set if agent supports key */
|
||
|
|
diff --git a/pam_ssh_agent_auth-0.9.3/userauth_pubkey_from_id.c b/pam_ssh_agent_auth-0.9.3/userauth_pubkey_from_id.c
|
||
|
|
index 323817a..93b928f 100644
|
||
|
|
--- a/pam_ssh_agent_auth-0.9.3/userauth_pubkey_from_id.c
|
||
|
|
+++ b/pam_ssh_agent_auth-0.9.3/userauth_pubkey_from_id.c
|
||
|
|
@@ -81,7 +81,7 @@ userauth_pubkey_from_id(Identity * id)
|
||
|
|
buffer_put_cstring(&b, pkalg);
|
||
|
|
buffer_put_string(&b, pkblob, blen);
|
||
|
|
|
||
|
|
- if(ssh_agent_sign(id->ac, id->key, &sig, &slen, buffer_ptr(&b), buffer_len(&b)) != 0)
|
||
|
|
+ if(ssh_agent_sign(id->ac->fd, id->key, &sig, &slen, buffer_ptr(&b), buffer_len(&b), 1) != 0)
|
||
|
|
goto user_auth_clean_exit;
|
||
|
|
|
||
|
|
/* test for correct signature */
|
||
|
|
|