kentpeacock / rpms / openssh

Forked from rpms/openssh 2 years ago
Clone
Dmitry Belyavskiy 9591af
diff -up openssh-8.7p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_id.c.rsasha2 openssh-8.7p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_id.c
Dmitry Belyavskiy 9591af
--- openssh-8.7p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_id.c.rsasha2	2022-07-15 15:08:12.865585410 +0200
Dmitry Belyavskiy 9591af
+++ openssh-8.7p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_id.c	2022-07-15 15:16:25.164282372 +0200
Dmitry Belyavskiy 9591af
@@ -87,8 +87,13 @@ userauth_pubkey_from_id(const char *ruse
Dmitry Belyavskiy 9591af
         (r = sshbuf_put_string(b, pkblob, blen)) != 0)
Dmitry Belyavskiy 9591af
         fatal("%s: buffer error: %s", __func__, ssh_err(r));
Dmitry Belyavskiy 9591af
 
Dmitry Belyavskiy 9591af
-    if (ssh_agent_sign(id->ac->fd, id->key, &sig, &slen, sshbuf_ptr(b), sshbuf_len(b), NULL, 0) != 0)
Dmitry Belyavskiy 9591af
-        goto user_auth_clean_exit;
Dmitry Belyavskiy 9591af
+    if (sshkey_type_plain(id->key->type) == KEY_RSA
Dmitry Belyavskiy 9591af
+	&& ssh_agent_sign(id->ac->fd, id->key, &sig, &slen, sshbuf_ptr(b), sshbuf_len(b), "rsa-sha2-256", 0) == 0) {
Dmitry Belyavskiy 9591af
+	/* Do nothing */
Dmitry Belyavskiy 9591af
+    } else {
Dmitry Belyavskiy 9591af
+        if (ssh_agent_sign(id->ac->fd, id->key, &sig, &slen, sshbuf_ptr(b), sshbuf_len(b), NULL, 0) != 0)
Dmitry Belyavskiy 9591af
+            goto user_auth_clean_exit;
Dmitry Belyavskiy 9591af
+    }
Dmitry Belyavskiy 9591af
 
Dmitry Belyavskiy 9591af
     /* test for correct signature */
Dmitry Belyavskiy 9591af
     if (sshkey_verify(id->key, sig, slen, sshbuf_ptr(b), sshbuf_len(b), NULL, 0, NULL) == 0)