Module Name: src
Committed By: mlelstv
Date: Sat Jun 1 07:15:39 UTC 2019
Modified Files:
src/lib/libpam/modules/pam_ssh: pam_ssh.c
Log Message:
Fix key loading logic and add log message when rejecting an unencrypted key.
To generate a diff of this commit:
cvs rdiff -u -r1.26 -r1.27 src/lib/libpam/modules/pam_ssh/pam_ssh.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/lib/libpam/modules/pam_ssh/pam_ssh.c
diff -u src/lib/libpam/modules/pam_ssh/pam_ssh.c:1.26 src/lib/libpam/modules/pam_ssh/pam_ssh.c:1.27
--- src/lib/libpam/modules/pam_ssh/pam_ssh.c:1.26 Sun Aug 26 08:54:03 2018
+++ src/lib/libpam/modules/pam_ssh/pam_ssh.c Sat Jun 1 07:15:39 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: pam_ssh.c,v 1.26 2018/08/26 08:54:03 christos Exp $ */
+/* $NetBSD: pam_ssh.c,v 1.27 2019/06/01 07:15:39 mlelstv Exp $ */
/*-
* Copyright (c) 2003 Networks Associates Technology, Inc.
@@ -38,7 +38,7 @@
#ifdef __FreeBSD__
__FBSDID("$FreeBSD: src/lib/libpam/modules/pam_ssh/pam_ssh.c,v 1.40 2004/02/10 10:13:21 des Exp $");
#else
-__RCSID("$NetBSD: pam_ssh.c,v 1.26 2018/08/26 08:54:03 christos Exp $");
+__RCSID("$NetBSD: pam_ssh.c,v 1.27 2019/06/01 07:15:39 mlelstv Exp $");
#endif
#include <sys/param.h>
@@ -119,13 +119,14 @@ pam_ssh_load_key(const char *dir, const
* accept only an empty passphrase.
*/
r = sshkey_load_private(fn, "", &key, &comment);
- if (r && !(*passphrase == '\0' && nullok)) {
+ if (r == 0 && !(*passphrase == '\0' && nullok)) {
+ openpam_log(PAM_LOG_DEBUG, "rejected unencrypted key from %s", fn);
sshkey_free(key);
free(comment);
return (NULL);
}
if (r)
- sshkey_load_private(fn, passphrase, &key, &comment);
+ r = sshkey_load_private(fn, passphrase, &key, &comment);
if (r) {
openpam_log(PAM_LOG_DEBUG, "failed to load key from %s", fn);
if (comment != NULL)
