From 637556d93457a36eb9fefba6a0acbeedf1935c63 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 27 May 2015 15:08:37 +0200
Subject: [PATCH] Resolve problem with pam_ssh_agent_auth after rebase
 (#1225106)

 * authfd internals changed in upstream commit 141efe49542f7156cdbc2e4cd0a041d8b1aab622
 * Reintroduced missing structure AuthenticationConnection
 * inspired by ssh-add.c
---
 openssh.spec                                  |  4 +
 pam_ssh_agent-rmheaders                       |  1 +
 ...ssh_agent_auth-0.9.3-agent_structure.patch | 90 +++++++++++++++++++
 3 files changed, 95 insertions(+)
 create mode 100644 pam_ssh_agent_auth-0.9.3-agent_structure.patch

diff --git a/openssh.spec b/openssh.spec
index dda9063..8fa1699 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -118,6 +118,9 @@ Patch302: pam_ssh_agent_auth-0.9.2-visibility.patch
 Patch303: pam_ssh_agent_auth-0.9.3-no-xfree.patch
 # use SSH_DIGEST_* for fingerprint hashes
 Patch304: pam_ssh_agent_auth-0.9.3-fingerprint-hash.patch
+# update to current version of agent structure
+Patch305: pam_ssh_agent_auth-0.9.3-agent_structure.patch
+
 #https://bugzilla.mindrot.org/show_bug.cgi?id=1641 (WONTFIX)
 Patch400: openssh-6.6p1-role-mls.patch
 #https://bugzilla.redhat.com/show_bug.cgi?id=781634
@@ -382,6 +385,7 @@ pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
 %patch302 -p1 -b .psaa-visibility
 %patch303 -p1 -b .psaa-xfree
 %patch304 -p2 -b .psaa-fingerprint
+%patch305 -p2 -b .psaa-agent
 # Remove duplicate headers
 rm -f $(cat %{SOURCE5})
 popd
diff --git a/pam_ssh_agent-rmheaders b/pam_ssh_agent-rmheaders
index a0c1872..03ab05a 100644
--- a/pam_ssh_agent-rmheaders
+++ b/pam_ssh_agent-rmheaders
@@ -1,3 +1,4 @@
+authfd.h
 atomicio.h
 buffer.h
 cipher.h
diff --git a/pam_ssh_agent_auth-0.9.3-agent_structure.patch b/pam_ssh_agent_auth-0.9.3-agent_structure.patch
new file mode 100644
index 0000000..67ab394
--- /dev/null
+++ b/pam_ssh_agent_auth-0.9.3-agent_structure.patch
@@ -0,0 +1,90 @@
+diff --git a/pam_ssh_agent_auth-0.9.3/iterate_ssh_agent_keys.c b/pam_ssh_agent_auth-0.9.3/iterate_ssh_agent_keys.c
+index 9555e7e..c17aae6 100644
+--- a/iterate_ssh_agent_keys.c	2015-05-27 14:09:13.591407306 +0200
++++ b/iterate_ssh_agent_keys.c	2015-05-27 14:10:33.216267826 +0200
+@@ -37,6 +37,7 @@
+ #include "buffer.h"
+ #include "key.h"
+ #include "authfd.h"
++#include "ssherr.h"
+ #include "ssh.h"
+ #include <stdio.h>
+ #include <sys/types.h>
+@@ -177,22 +177,28 @@ int
+ find_authorized_keys(uid_t uid)
+ {
+     Identity *id;
+-    Key *key;
+     AuthenticationConnection *ac;
+-    char *comment;
+     uint8_t retval = 0;
++	struct ssh_identitylist *idlist;
++	int r, i;
+ 
+     OpenSSL_add_all_digests();
+     session_id2 = session_id2_gen();
+ 
+     if ((ac = ssh_get_authentication_connection_for_uid(uid))) {
+         verbose("Contacted ssh-agent of user %s (%u)", getpwuid(uid)->pw_name, uid);
+-        for (key = ssh_get_first_identity(ac, &comment, 2); key != NULL; key = ssh_get_next_identity(ac, &comment, 2)) 
++		if ((r = ssh_fetch_identitylist(ac->fd, 2,
++		    &idlist)) != 0) {
++			if (r != SSH_ERR_AGENT_NO_IDENTITIES)
++				fprintf(stderr, "error fetching identities for "
++				    "protocol %d: %s\n", 2, ssh_err(r));
++		}
++		for (i = 0; i < idlist->nkeys; i++)
+         {
+-            if(key != NULL) {
++            if(idlist->keys[i] != NULL) {
+                 id = xcalloc(1, sizeof(*id));
+-                id->key = key;
+-                id->filename = comment;
++                id->key = idlist->keys[i];
++                id->filename = idlist->comments[i];
+                 id->ac = ac;
+                 if(userauth_pubkey_from_id(id)) {
+                     retval = 1;
+@@ -204,7 +211,10 @@ find_authorized_keys(uid_t uid)
+                     break;
+             }
+         }
++		ssh_free_identitylist(idlist);
++		ssh_close_authentication_socket(ac->fd);
++		buffer_free(&ac->identities);
++		free(ac);
+-        ssh_close_authentication_connection(ac);
+     }
+     else {
+         verbose("No ssh-agent could be contacted");
+diff --git a/pam_ssh_agent_auth-0.9.3/identity.h b/pam_ssh_agent_auth-0.9.3/identity.h
+index eb21320..c00da34 100644
+--- a/pam_ssh_agent_auth-0.9.3/identity.h
++++ b/pam_ssh_agent_auth-0.9.3/identity.h
+@@ -14,6 +14,12 @@
+ typedef struct identity Identity;
+ typedef struct idlist Idlist;
+ 
++typedef struct {
++       int     fd;
++       Buffer  identities;
++       int     howmany;
++}      AuthenticationConnection;
++
+ struct identity {
+     TAILQ_ENTRY(identity) next;
+     AuthenticationConnection *ac;   /* set if agent supports key */
+diff --git a/pam_ssh_agent_auth-0.9.3/userauth_pubkey_from_id.c b/pam_ssh_agent_auth-0.9.3/userauth_pubkey_from_id.c
+index 323817a..93b928f 100644
+--- a/pam_ssh_agent_auth-0.9.3/userauth_pubkey_from_id.c
++++ b/pam_ssh_agent_auth-0.9.3/userauth_pubkey_from_id.c
+@@ -81,7 +81,7 @@ userauth_pubkey_from_id(Identity * id)
+     buffer_put_cstring(&b, pkalg);
+     buffer_put_string(&b, pkblob, blen);
+ 
+-    if(ssh_agent_sign(id->ac, id->key, &sig, &slen, buffer_ptr(&b), buffer_len(&b)) != 0)
++    if(ssh_agent_sign(id->ac->fd, id->key, &sig, &slen, buffer_ptr(&b), buffer_len(&b), 1) != 0)
+         goto user_auth_clean_exit;
+ 
+     /* test for correct signature */
+