Module Name: src Committed By: mlelstv Date: Sat Jun 1 07:15:39 UTC 2019
Modified Files: src/lib/libpam/modules/pam_ssh: pam_ssh.c Log Message: Fix key loading logic and add log message when rejecting an unencrypted key. To generate a diff of this commit: cvs rdiff -u -r1.26 -r1.27 src/lib/libpam/modules/pam_ssh/pam_ssh.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/lib/libpam/modules/pam_ssh/pam_ssh.c diff -u src/lib/libpam/modules/pam_ssh/pam_ssh.c:1.26 src/lib/libpam/modules/pam_ssh/pam_ssh.c:1.27 --- src/lib/libpam/modules/pam_ssh/pam_ssh.c:1.26 Sun Aug 26 08:54:03 2018 +++ src/lib/libpam/modules/pam_ssh/pam_ssh.c Sat Jun 1 07:15:39 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: pam_ssh.c,v 1.26 2018/08/26 08:54:03 christos Exp $ */ +/* $NetBSD: pam_ssh.c,v 1.27 2019/06/01 07:15:39 mlelstv Exp $ */ /*- * Copyright (c) 2003 Networks Associates Technology, Inc. @@ -38,7 +38,7 @@ #ifdef __FreeBSD__ __FBSDID("$FreeBSD: src/lib/libpam/modules/pam_ssh/pam_ssh.c,v 1.40 2004/02/10 10:13:21 des Exp $"); #else -__RCSID("$NetBSD: pam_ssh.c,v 1.26 2018/08/26 08:54:03 christos Exp $"); +__RCSID("$NetBSD: pam_ssh.c,v 1.27 2019/06/01 07:15:39 mlelstv Exp $"); #endif #include <sys/param.h> @@ -119,13 +119,14 @@ pam_ssh_load_key(const char *dir, const * accept only an empty passphrase. */ r = sshkey_load_private(fn, "", &key, &comment); - if (r && !(*passphrase == '\0' && nullok)) { + if (r == 0 && !(*passphrase == '\0' && nullok)) { + openpam_log(PAM_LOG_DEBUG, "rejected unencrypted key from %s", fn); sshkey_free(key); free(comment); return (NULL); } if (r) - sshkey_load_private(fn, passphrase, &key, &comment); + r = sshkey_load_private(fn, passphrase, &key, &comment); if (r) { openpam_log(PAM_LOG_DEBUG, "failed to load key from %s", fn); if (comment != NULL)