rpms/openssh
7
0
Fork 1
Code Issues Pull Requests Releases Activity

Resolve problem with pam_ssh_agent_auth after rebase (#1225106)

Browse Source 
* authfd internals changed in upstream commit 141efe49542f7156cdbc2e4cd0a041d8b1aab622
 * Reintroduced missing structure AuthenticationConnection
 * inspired by ssh-add.c
This commit is contained in:
Jakub Jelen 2015-05-27 15:08:37 +02:00
parent 3e3570ad64
commit 637556d934
3 changed files with 95 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
openssh.spec
View File

@ -118,6 +118,9 @@ Patch302: pam_ssh_agent_auth-0.9.2-visibility.patch
Patch303: pam_ssh_agent_auth-0.9.3-no-xfree.patch Patch303: pam_ssh_agent_auth-0.9.3-no-xfree.patch
# use SSH_DIGEST_* for fingerprint hashes # use SSH_DIGEST_* for fingerprint hashes
Patch304: pam_ssh_agent_auth-0.9.3-fingerprint-hash.patch Patch304: pam_ssh_agent_auth-0.9.3-fingerprint-hash.patch
# update to current version of agent structure
Patch305: pam_ssh_agent_auth-0.9.3-agent_structure.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1641 (WONTFIX) #https://bugzilla.mindrot.org/show_bug.cgi?id=1641 (WONTFIX)
Patch400: openssh-6.6p1-role-mls.patch Patch400: openssh-6.6p1-role-mls.patch
#https://bugzilla.redhat.com/show_bug.cgi?id=781634 #https://bugzilla.redhat.com/show_bug.cgi?id=781634
@ -382,6 +385,7 @@ pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
%patch302 -p1 -b .psaa-visibility %patch302 -p1 -b .psaa-visibility
%patch303 -p1 -b .psaa-xfree %patch303 -p1 -b .psaa-xfree
%patch304 -p2 -b .psaa-fingerprint %patch304 -p2 -b .psaa-fingerprint
%patch305 -p2 -b .psaa-agent
# Remove duplicate headers # Remove duplicate headers
rm -f $(cat %{SOURCE5}) rm -f $(cat %{SOURCE5})
popd popd

1
pam_ssh_agent-rmheaders
View File

@ -1,3 +1,4 @@
authfd.h
atomicio.h atomicio.h
buffer.h buffer.h
cipher.h cipher.h

90
pam_ssh_agent_auth-0.9.3-agent_structure.patch Normal file
View File

@ -0,0 +1,90 @@
diff --git a/pam_ssh_agent_auth-0.9.3/iterate_ssh_agent_keys.c b/pam_ssh_agent_auth-0.9.3/iterate_ssh_agent_keys.c
index 9555e7e..c17aae6 100644
--- a/iterate_ssh_agent_keys.c 2015-05-27 14:09:13.591407306 +0200
+++ b/iterate_ssh_agent_keys.c 2015-05-27 14:10:33.216267826 +0200
@@ -37,6 +37,7 @@
#include "buffer.h"
#include "key.h"
#include "authfd.h"
+#include "ssherr.h"
#include "ssh.h"
#include <stdio.h>
#include <sys/types.h>
@@ -177,22 +177,28 @@ int
find_authorized_keys(uid_t uid)
{
Identity *id;
- Key *key;
AuthenticationConnection *ac;
- char *comment;
uint8_t retval = 0;
+ struct ssh_identitylist *idlist;
+ int r, i;
OpenSSL_add_all_digests();
session_id2 = session_id2_gen();
if ((ac = ssh_get_authentication_connection_for_uid(uid))) {
verbose("Contacted ssh-agent of user %s (%u)", getpwuid(uid)->pw_name, uid);
- for (key = ssh_get_first_identity(ac, &comment, 2); key != NULL; key = ssh_get_next_identity(ac, &comment, 2))
+ if ((r = ssh_fetch_identitylist(ac->fd, 2,
+ &idlist)) != 0) {
+ if (r != SSH_ERR_AGENT_NO_IDENTITIES)
+ fprintf(stderr, "error fetching identities for "
+ "protocol %d: %s\n", 2, ssh_err(r));
+ }
+ for (i = 0; i < idlist->nkeys; i++)
{
- if(key != NULL) {
+ if(idlist->keys[i] != NULL) {
id = xcalloc(1, sizeof(*id));
- id->key = key;
- id->filename = comment;
+ id->key = idlist->keys[i];
+ id->filename = idlist->comments[i];
id->ac = ac;
if(userauth_pubkey_from_id(id)) {
retval = 1;
@@ -204,7 +211,10 @@ find_authorized_keys(uid_t uid)
break;
}
}
+ ssh_free_identitylist(idlist);
+ ssh_close_authentication_socket(ac->fd);
+ buffer_free(&ac->identities);
+ free(ac);
- ssh_close_authentication_connection(ac);
}
else {
verbose("No ssh-agent could be contacted");
diff --git a/pam_ssh_agent_auth-0.9.3/identity.h b/pam_ssh_agent_auth-0.9.3/identity.h
index eb21320..c00da34 100644
--- a/pam_ssh_agent_auth-0.9.3/identity.h
+++ b/pam_ssh_agent_auth-0.9.3/identity.h
@@ -14,6 +14,12 @@
typedef struct identity Identity;
typedef struct idlist Idlist;
+typedef struct {
+ int fd;
+ Buffer identities;
+ int howmany;
+} AuthenticationConnection;
+
struct identity {
TAILQ_ENTRY(identity) next;
AuthenticationConnection *ac; /* set if agent supports key */
diff --git a/pam_ssh_agent_auth-0.9.3/userauth_pubkey_from_id.c b/pam_ssh_agent_auth-0.9.3/userauth_pubkey_from_id.c
index 323817a..93b928f 100644
--- a/pam_ssh_agent_auth-0.9.3/userauth_pubkey_from_id.c
+++ b/pam_ssh_agent_auth-0.9.3/userauth_pubkey_from_id.c
@@ -81,7 +81,7 @@ userauth_pubkey_from_id(Identity * id)
buffer_put_cstring(&b, pkalg);
buffer_put_string(&b, pkblob, blen);
- if(ssh_agent_sign(id->ac, id->key, &sig, &slen, buffer_ptr(&b), buffer_len(&b)) != 0)
+ if(ssh_agent_sign(id->ac->fd, id->key, &sig, &slen, buffer_ptr(&b), buffer_len(&b), 1) != 0)
goto user_auth_clean_exit;
/* test for correct signature */