rcolebaugh / rpms / openssh

Forked from rpms/openssh 2 years ago
Clone

Blame SOURCES/pam_ssh_agent_auth-0.9.3-agent_structure.patch

aedd00
diff -up openssh/pam_ssh_agent_auth-0.10.3/identity.h.psaa-agent openssh/pam_ssh_agent_auth-0.10.3/identity.h
aedd00
--- openssh/pam_ssh_agent_auth-0.10.3/identity.h.psaa-agent	2016-11-13 04:24:32.000000000 +0100
aedd00
+++ openssh/pam_ssh_agent_auth-0.10.3/identity.h	2017-09-27 14:25:49.421739027 +0200
aedd00
@@ -38,6 +38,12 @@
aedd00
 typedef struct identity Identity;
aedd00
 typedef struct idlist Idlist;
aedd00
 
aedd00
+typedef struct {
aedd00
+       int     fd;
aedd00
+       struct sshbuf *identities;
aedd00
+       int     howmany;
aedd00
+}      AuthenticationConnection;
aedd00
+
aedd00
 struct identity {
aedd00
     TAILQ_ENTRY(identity) next;
aedd00
     AuthenticationConnection *ac;   /* set if agent supports key */
aedd00
diff -up openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-agent openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c
aedd00
--- openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-agent	2017-09-27 14:25:49.420739021 +0200
aedd00
+++ openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c	2017-09-27 14:25:49.421739027 +0200
aedd00
@@ -39,6 +39,7 @@
aedd00
 #include "sshbuf.h"
aedd00
 #include "sshkey.h"
aedd00
 #include "authfd.h"
aedd00
+#include "ssherr.h"
aedd00
 #include <stdio.h>
aedd00
 #include <openssl/evp.h>
aedd00
 #include "ssh2.h"
aedd00
@@ -291,36 +292,43 @@ pamsshagentauth_find_authorized_keys(con
aedd00
 {
aedd00
     struct sshbuf *session_id2 = NULL;
aedd00
     Identity *id;
aedd00
-    struct sshkey *key;
aedd00
     AuthenticationConnection *ac;
aedd00
-    char *comment;
aedd00
     uint8_t retval = 0;
aedd00
     uid_t uid = getpwnam(ruser)->pw_uid;
aedd00
+    struct ssh_identitylist *idlist;
aedd00
+    int r;
aedd00
+    unsigned int i;
aedd00
 
aedd00
     OpenSSL_add_all_digests();
aedd00
     pamsshagentauth_session_id2_gen(&session_id2, user, ruser, servicename);
aedd00
 
aedd00
     if ((ac = ssh_get_authentication_connection_for_uid(uid))) {
aedd00
         verbose("Contacted ssh-agent of user %s (%u)", ruser, uid);
aedd00
-        for (key = ssh_get_first_identity(ac, &comment, 2); key != NULL; key = ssh_get_next_identity(ac, &comment, 2)) 
aedd00
-        {
aedd00
-            if(key != NULL) {
aedd00
+        if ((r = ssh_fetch_identitylist(ac->fd, &idlist)) != 0) {
aedd00
+            if (r != SSH_ERR_AGENT_NO_IDENTITIES)
aedd00
+               fprintf(stderr, "error fetching identities for "
aedd00
+                               "protocol %d: %s\n", 2, ssh_err(r));
aedd00
+        } else {
aedd00
+            for (i = 0; i < idlist->nkeys; i++)
aedd00
+            {
aedd00
+              if (idlist->keys[i] != NULL) {
aedd00
                 id = xcalloc(1, sizeof(*id));
aedd00
-                id->key = key;
aedd00
-                id->filename = comment;
aedd00
+                id->key = idlist->keys[i];
aedd00
+                id->filename = idlist->comments[i];
aedd00
                 id->ac = ac;
aedd00
                 if(userauth_pubkey_from_id(ruser, id, session_id2)) {
aedd00
                     retval = 1;
aedd00
                 }
aedd00
-                free(id->filename);
aedd00
-                key_free(id->key);
aedd00
                 free(id);
aedd00
                 if(retval == 1)
aedd00
                     break;
aedd00
-            }
aedd00
-        }
aedd00
+              }
aedd00
+            }
aedd00
-        sshbuf_free(session_id2);
aedd00
-        ssh_close_authentication_connection(ac);
aedd00
+            sshbuf_free(session_id2);
aedd00
+            ssh_free_identitylist(idlist);
aedd00
+        }
aedd00
+        ssh_close_authentication_socket(ac->fd);
aedd00
+        free(ac);
aedd00
     }
aedd00
     else {
aedd00
         verbose("No ssh-agent could be contacted");
aedd00
diff -up openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-agent openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c
aedd00
--- openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-agent	2017-09-27 14:25:49.420739021 +0200
aedd00
+++ openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c	2017-09-27 14:25:49.422739032 +0200
aedd00
@@ -84,7 +85,7 @@ userauth_pubkey_from_id(const char *ruse
aedd00
         (r = sshbuf_put_string(b, pkblob, blen)) != 0)
aedd00
         fatal("%s: buffer error: %s", __func__, ssh_err(r));
aedd00
 
aedd00
-    if (ssh_agent_sign(id->ac, id->key, &sig, &slen, sshbuf_ptr(b), sshbuf_len(b)) != 0)
aedd00
+    if (ssh_agent_sign(id->ac->fd, id->key, &sig, &slen, sshbuf_ptr(b), sshbuf_len(b), NULL, 0) != 0)
aedd00
         goto user_auth_clean_exit;
aedd00
 
aedd00
     /* test for correct signature */