f2c3d6e19a
Reference:https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-4.3p2-askpass-grab-info.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-5.1p1-askpass-progress.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-5.8p2-sigpipe.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-5.9p1-ipv6man.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-6.3p1-ctr-evp-fast.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-6.4p1-fromto-remote.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-6.6.1p1-log-in-chroot.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-6.6.1p1-scp-non-existing-directory.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-6.6.1p1-selinux-contexts.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-6.6p1-allow-ip-opts.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-6.6p1-force_krb.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-6.6p1-GSSAPIEnablek5users.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-6.6p1-keycat.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-6.6p1-keyperm.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-6.6p1-kuserok.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-6.6p1-privsep-selinux.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-6.7p1-coverity.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-6.7p1-sftp-force-permission.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-6.8p1-sshdT-output.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-7.1p2-audit-race-condition.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-7.2p2-k5login_directory.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-7.2p2-s390-closefrom.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-7.2p2-x11.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-7.3p1-x11-max-displays.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-7.4p1-systemd.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-7.5p1-sandbox.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-7.6p1-audit.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-7.6p1-cleanup-selinux.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-7.7p1-fips.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-7.7p1-gssapi-new-unique.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-7.7p1.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-7.8p1-role-mls.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-7.8p1-scp-ipv6.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-7.8p1-UsePAM-warning.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-8.0p1-crypto-policies.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-8.0p1-gssapi-keyex.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-8.0p1-keygen-strip-doseol.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-8.0p1-openssl-evp.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-8.0p1-openssl-kdf.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-8.0p1-pkcs11-uri.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-8.0p1-preserve-pam-errors.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-8.2p1-visibility.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-8.2p1-x11-without-ipv6.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-8.7p1-scp-kill-switch.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/pam_ssh_agent_auth-0.10.2-compat.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/pam_ssh_agent_auth-0.10.2-dereference.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/pam_ssh_agent_auth-0.10.3-seteuid.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/pam_ssh_agent_auth-0.9.2-visibility.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/pam_ssh_agent_auth-0.9.3-agent_structure.patch https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/pam_ssh_agent_auth-0.9.3-build.patch
100 lines
4.3 KiB
Diff
100 lines
4.3 KiB
Diff
diff -up openssh/pam_ssh_agent_auth-0.10.3/identity.h.psaa-agent openssh/pam_ssh_agent_auth-0.10.3/identity.h
|
|
--- openssh/pam_ssh_agent_auth-0.10.3/identity.h.psaa-agent 2016-11-13 04:24:32.000000000 +0100
|
|
+++ openssh/pam_ssh_agent_auth-0.10.3/identity.h 2017-09-27 14:25:49.421739027 +0200
|
|
Reference:https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/backport-pam_ssh_agent_auth-0.9.3-agent_structure.patch
|
|
@@ -38,6 +38,12 @@
|
|
typedef struct identity Identity;
|
|
typedef struct idlist Idlist;
|
|
|
|
+typedef struct {
|
|
+ int fd;
|
|
+ struct sshbuf *identities;
|
|
+ int howmany;
|
|
+} AuthenticationConnection;
|
|
+
|
|
struct identity {
|
|
TAILQ_ENTRY(identity) next;
|
|
AuthenticationConnection *ac; /* set if agent supports key */
|
|
diff -up openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-agent openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c
|
|
--- openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-agent 2017-09-27 14:25:49.420739021 +0200
|
|
+++ openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c 2017-09-27 14:25:49.421739027 +0200
|
|
Reference:https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/backport-pam_ssh_agent_auth-0.9.3-agent_structure.patch
|
|
@@ -39,6 +39,7 @@
|
|
#include "sshbuf.h"
|
|
#include "sshkey.h"
|
|
#include "authfd.h"
|
|
+#include "ssherr.h"
|
|
#include <stdio.h>
|
|
#include <openssl/evp.h>
|
|
#include "ssh2.h"
|
|
@@ -291,36 +292,43 @@ pamsshagentauth_find_authorized_keys(con
|
|
{
|
|
struct sshbuf *session_id2 = NULL;
|
|
Identity *id;
|
|
- struct sshkey *key;
|
|
AuthenticationConnection *ac;
|
|
- char *comment;
|
|
uint8_t retval = 0;
|
|
uid_t uid = getpwnam(ruser)->pw_uid;
|
|
+ struct ssh_identitylist *idlist;
|
|
+ int r;
|
|
+ unsigned int i;
|
|
|
|
OpenSSL_add_all_digests();
|
|
pamsshagentauth_session_id2_gen(&session_id2, user, ruser, servicename);
|
|
|
|
if ((ac = ssh_get_authentication_connection_for_uid(uid))) {
|
|
verbose("Contacted ssh-agent of user %s (%u)", ruser, uid);
|
|
- for (key = ssh_get_first_identity(ac, &comment, 2); key != NULL; key = ssh_get_next_identity(ac, &comment, 2))
|
|
- {
|
|
- if(key != NULL) {
|
|
+ if ((r = ssh_fetch_identitylist(ac->fd, &idlist)) != 0) {
|
|
+ if (r != SSH_ERR_AGENT_NO_IDENTITIES)
|
|
+ fprintf(stderr, "error fetching identities for "
|
|
+ "protocol %d: %s\n", 2, ssh_err(r));
|
|
+ } else {
|
|
+ for (i = 0; i < idlist->nkeys; i++)
|
|
+ {
|
|
+ if (idlist->keys[i] != NULL) {
|
|
id = xcalloc(1, sizeof(*id));
|
|
- id->key = key;
|
|
- id->filename = comment;
|
|
+ id->key = idlist->keys[i];
|
|
+ id->filename = idlist->comments[i];
|
|
id->ac = ac;
|
|
if(userauth_pubkey_from_id(ruser, id, session_id2)) {
|
|
retval = 1;
|
|
}
|
|
- free(id->filename);
|
|
- key_free(id->key);
|
|
free(id);
|
|
if(retval == 1)
|
|
break;
|
|
- }
|
|
- }
|
|
+ }
|
|
+ }
|
|
- sshbuf_free(session_id2);
|
|
- ssh_close_authentication_connection(ac);
|
|
+ sshbuf_free(session_id2);
|
|
+ ssh_free_identitylist(idlist);
|
|
+ }
|
|
+ ssh_close_authentication_socket(ac->fd);
|
|
+ free(ac);
|
|
}
|
|
else {
|
|
verbose("No ssh-agent could be contacted");
|
|
diff -up openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-agent openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c
|
|
--- openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-agent 2017-09-27 14:25:49.420739021 +0200
|
|
+++ openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c 2017-09-27 14:25:49.422739032 +0200
|
|
Reference:https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/backport-pam_ssh_agent_auth-0.9.3-agent_structure.patch
|
|
@@ -84,7 +85,7 @@ userauth_pubkey_from_id(const char *ruse
|
|
(r = sshbuf_put_string(b, pkblob, blen)) != 0)
|
|
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
|
|
|
- if (ssh_agent_sign(id->ac, id->key, &sig, &slen, sshbuf_ptr(b), sshbuf_len(b)) != 0)
|
|
+ if (ssh_agent_sign(id->ac->fd, id->key, &sig, &slen, sshbuf_ptr(b), sshbuf_len(b), NULL, 0) != 0)
|
|
goto user_auth_clean_exit;
|
|
|
|
/* test for correct signature */
|