Module Name:    src
Committed By:   mlelstv
Date:           Sat Jun  1 07:15:39 UTC 2019

Modified Files:
        src/lib/libpam/modules/pam_ssh: pam_ssh.c

Log Message:
Fix key loading logic and add log message when rejecting an unencrypted key.


To generate a diff of this commit:
cvs rdiff -u -r1.26 -r1.27 src/lib/libpam/modules/pam_ssh/pam_ssh.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/lib/libpam/modules/pam_ssh/pam_ssh.c
diff -u src/lib/libpam/modules/pam_ssh/pam_ssh.c:1.26 src/lib/libpam/modules/pam_ssh/pam_ssh.c:1.27
--- src/lib/libpam/modules/pam_ssh/pam_ssh.c:1.26	Sun Aug 26 08:54:03 2018
+++ src/lib/libpam/modules/pam_ssh/pam_ssh.c	Sat Jun  1 07:15:39 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: pam_ssh.c,v 1.26 2018/08/26 08:54:03 christos Exp $	*/
+/*	$NetBSD: pam_ssh.c,v 1.27 2019/06/01 07:15:39 mlelstv Exp $	*/
 
 /*-
  * Copyright (c) 2003 Networks Associates Technology, Inc.
@@ -38,7 +38,7 @@
 #ifdef __FreeBSD__
 __FBSDID("$FreeBSD: src/lib/libpam/modules/pam_ssh/pam_ssh.c,v 1.40 2004/02/10 10:13:21 des Exp $");
 #else
-__RCSID("$NetBSD: pam_ssh.c,v 1.26 2018/08/26 08:54:03 christos Exp $");
+__RCSID("$NetBSD: pam_ssh.c,v 1.27 2019/06/01 07:15:39 mlelstv Exp $");
 #endif
 
 #include <sys/param.h>
@@ -119,13 +119,14 @@ pam_ssh_load_key(const char *dir, const 
 	 * accept only an empty passphrase.
 	 */
 	r = sshkey_load_private(fn, "", &key, &comment);
-	if (r && !(*passphrase == '\0' && nullok)) {
+	if (r == 0 && !(*passphrase == '\0' && nullok)) {
+		openpam_log(PAM_LOG_DEBUG, "rejected unencrypted key from %s", fn);
 		sshkey_free(key);
 		free(comment);
 		return (NULL);
 	}
 	if (r)
-		sshkey_load_private(fn, passphrase, &key, &comment);
+		r = sshkey_load_private(fn, passphrase, &key, &comment);
 	if (r) {
 		openpam_log(PAM_LOG_DEBUG, "failed to load key from %s", fn);
 		if (comment != NULL)

Reply via email to