Module Name: src
Committed By: drochner
Date: Fri Dec 16 17:30:12 UTC 2011
Modified Files:
src/lib/libpam/modules/pam_ssh: pam_ssh.c
Log Message:
-remove remainders of the misguided changes in revs 1.5-1.9
-iron out more unnecessary differences to FreeBSD
To generate a diff of this commit:
cvs rdiff -u -r1.17 -r1.18 src/lib/libpam/modules/pam_ssh/pam_ssh.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/lib/libpam/modules/pam_ssh/pam_ssh.c
diff -u src/lib/libpam/modules/pam_ssh/pam_ssh.c:1.17 src/lib/libpam/modules/pam_ssh/pam_ssh.c:1.18
--- src/lib/libpam/modules/pam_ssh/pam_ssh.c:1.17 Fri May 6 17:22:09 2011
+++ src/lib/libpam/modules/pam_ssh/pam_ssh.c Fri Dec 16 17:30:12 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: pam_ssh.c,v 1.17 2011/05/06 17:22:09 drochner Exp $ */
+/* $NetBSD: pam_ssh.c,v 1.18 2011/12/16 17:30:12 drochner Exp $ */
/*-
* Copyright (c) 2003 Networks Associates Technology, Inc.
@@ -38,7 +38,7 @@
#ifdef __FreeBSD__
__FBSDID("$FreeBSD: src/lib/libpam/modules/pam_ssh/pam_ssh.c,v 1.40 2004/02/10 10:13:21 des Exp $");
#else
-__RCSID("$NetBSD: pam_ssh.c,v 1.17 2011/05/06 17:22:09 drochner Exp $");
+__RCSID("$NetBSD: pam_ssh.c,v 1.18 2011/12/16 17:30:12 drochner Exp $");
#endif
#include <sys/param.h>
@@ -67,6 +67,9 @@ __RCSID("$NetBSD: pam_ssh.c,v 1.17 2011/
#include "authfd.h"
#include "authfile.h"
+#define ssh_add_identity(auth, key, comment) \
+ ssh_add_identity_constrained(auth, key, comment, 0, 0)
+
extern char **environ;
struct pam_ssh_key {
@@ -85,8 +88,8 @@ static const char *pam_ssh_keyfiles[] =
};
static const char *pam_ssh_agent = "/usr/bin/ssh-agent";
-static const char *pam_ssh_agent_argv[] = { "ssh_agent", "-s", NULL };
-static const char *pam_ssh_agent_envp[] = { NULL };
+static const char *const pam_ssh_agent_argv[] = { "ssh_agent", "-s", NULL };
+static const char *const pam_ssh_agent_envp[] = { NULL };
/*
* Attempts to load a private key from the specified file in the specified
@@ -94,15 +97,14 @@ static const char *pam_ssh_agent_envp[]
* struct pam_ssh_key containing the key and its comment.
*/
static struct pam_ssh_key *
-pam_ssh_load_key(struct passwd *pwd, const char *kfn, const char *passphrase)
+pam_ssh_load_key(const char *dir, const char *kfn, const char *passphrase)
{
struct pam_ssh_key *psk;
char fn[PATH_MAX];
char *comment;
Key *key;
- if (snprintf(fn, sizeof(fn), "%s/%s", pwd->pw_dir, kfn) >
- (int)sizeof(fn))
+ if (snprintf(fn, sizeof(fn), "%s/%s", dir, kfn) > (int)sizeof(fn))
return (NULL);
comment = NULL;
key = key_load_private(fn, passphrase, &comment);
@@ -144,6 +146,7 @@ pam_sm_authenticate(pam_handle_t *pamh,
int argc __unused, const char *argv[] __unused)
{
const char **kfn, *passphrase, *user;
+ const void *item;
struct passwd *pwd, pwres;
struct pam_ssh_key *psk;
int nkeys, pam_err, pass;
@@ -167,22 +170,8 @@ pam_sm_authenticate(pam_handle_t *pamh,
if (pam_err != PAM_SUCCESS)
return (pam_err);
-#ifdef notyet
- for (kfn = pam_ssh_keyfiles; *kfn != NULL; ++kfn) {
- char path[MAXPATHLEN];
- (void)snprintf(path, sizeof(path), "%s/%s", pwd->pw_dir, *kfn);
- if (access(path, R_OK) == 0)
- break;
- }
-
- if (*kfn == NULL) {
- openpam_restore_cred(pamh);
- return (PAM_AUTH_ERR);
- }
-#endif
-
- pass = (pam_get_item(pamh, PAM_AUTHTOK,
- (const void **)__UNCONST(&passphrase)) == PAM_SUCCESS);
+ pass = (pam_get_item(pamh, PAM_AUTHTOK, &item) == PAM_SUCCESS &&
+ item != NULL);
load_keys:
/* get passphrase */
pam_err = pam_get_authtok(pamh, PAM_AUTHTOK,
@@ -195,7 +184,7 @@ pam_sm_authenticate(pam_handle_t *pamh,
/* try to load keys from all keyfiles we know of */
nkeys = 0;
for (kfn = pam_ssh_keyfiles; *kfn != NULL; ++kfn) {
- psk = pam_ssh_load_key(pwd, *kfn, passphrase);
+ psk = pam_ssh_load_key(pwd->pw_dir, *kfn, passphrase);
if (psk != NULL) {
pam_set_data(pamh, *kfn, psk, pam_ssh_free_key);
++nkeys;
@@ -376,7 +365,7 @@ pam_ssh_add_keys_to_agent(pam_handle_t *
pam_err = pam_get_data(pamh, *kfn, &vp);
psk = vp;
if (pam_err == PAM_SUCCESS && psk != NULL) {
- if (ssh_add_identity_constrained(ac, psk->key, psk->comment, 0, 0))
+ if (ssh_add_identity(ac, psk->key, psk->comment))
openpam_log(PAM_LOG_DEBUG,
"added %s to ssh agent", psk->comment);
else
