diff options
author | Diego Elio Pettenò <flameeyes@gentoo.org> | 2006-04-21 11:41:25 +0000 |
---|---|---|
committer | Diego Elio Pettenò <flameeyes@gentoo.org> | 2006-04-21 11:41:25 +0000 |
commit | c7db1a68464888824c53f23880dc2a2237f77860 (patch) | |
tree | 266f3cb30c75a49ab806a107fed210c90ed9970a /sys-auth/pam_ssh | |
parent | Tweak dependencies a bit. (diff) | |
download | gentoo-2-c7db1a68464888824c53f23880dc2a2237f77860.tar.gz gentoo-2-c7db1a68464888824c53f23880dc2a2237f77860.tar.bz2 gentoo-2-c7db1a68464888824c53f23880dc2a2237f77860.zip |
Add patch from debian to fix removal of stale files. Thanks to Jan Kundrát in bug #105546. Add patch to build with glibc 2.4. Restrict from confcache.
(Portage version: 2.1_pre7-r5)
Diffstat (limited to 'sys-auth/pam_ssh')
-rw-r--r-- | sys-auth/pam_ssh/ChangeLog | 12 | ||||
-rw-r--r-- | sys-auth/pam_ssh/Manifest | 29 | ||||
-rw-r--r-- | sys-auth/pam_ssh/files/digest-pam_ssh-1.91-r2 | 3 | ||||
-rw-r--r-- | sys-auth/pam_ssh/files/pam_ssh-1.91-debian.patch | 487 | ||||
-rw-r--r-- | sys-auth/pam_ssh/files/pam_ssh-1.91-syslog.patch | 12 | ||||
-rw-r--r-- | sys-auth/pam_ssh/pam_ssh-1.91-r2.ebuild | 48 |
6 files changed, 589 insertions, 2 deletions
diff --git a/sys-auth/pam_ssh/ChangeLog b/sys-auth/pam_ssh/ChangeLog index aebac9d24a4b..0408fe9bb9f2 100644 --- a/sys-auth/pam_ssh/ChangeLog +++ b/sys-auth/pam_ssh/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for sys-auth/pam_ssh -# Copyright 2000-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-auth/pam_ssh/ChangeLog,v 1.2 2005/10/09 23:18:09 flameeyes Exp $ +# Copyright 2000-2006 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/sys-auth/pam_ssh/ChangeLog,v 1.3 2006/04/21 11:41:25 flameeyes Exp $ + +*pam_ssh-1.91-r2 (21 Apr 2006) + + 21 Apr 2006; Diego Pettenò <flameeyes@gentoo.org> + +files/pam_ssh-1.91-debian.patch, +files/pam_ssh-1.91-syslog.patch, + +pam_ssh-1.91-r2.ebuild: + Add patch from debian to fix removal of stale files. Thanks to Jan Kundrát + in bug #105546. Add patch to build with glibc 2.4. Restrict from confcache. 09 Oct 2005; Diego Pettenò <flameeyes@gentoo.org> metadata.xml: Add pam-bugs email address as maintainer. diff --git a/sys-auth/pam_ssh/Manifest b/sys-auth/pam_ssh/Manifest index 41580bdaf258..704392b00bcb 100644 --- a/sys-auth/pam_ssh/Manifest +++ b/sys-auth/pam_ssh/Manifest @@ -1,10 +1,39 @@ MD5 3dcbd40067be2d5ae9ec4171a2966426 ChangeLog 1338 +RMD160 262007d5bfee3395cc8d1f74dcd0386a5d3ea3bc ChangeLog 1338 +SHA256 a441ae86a9ff9d9b11e7478dadc09b9d2a2e32f050974aa924dccc01aa4ccf15 ChangeLog 1338 MD5 5cd5460fb7b7377b0e576eac476bc830 files/1.9-standard-prompt.patch 378 +RMD160 f2687cfccf3d8d636dd36fb32b7d181c7116845a files/1.9-standard-prompt.patch 378 +SHA256 525c87beab1dd329cee9f3036e33e18c7278d90b63f14a893864cb74344ef990 files/1.9-standard-prompt.patch 378 MD5 2da9f0064c9caa03f6d298f3f3f6a169 files/digest-pam_ssh-1.9 64 +RMD160 b9abcd680a094c19b856999cacaa1169ea2bebd0 files/digest-pam_ssh-1.9 64 +SHA256 6244ff0d5072ea191a36560328cd6253e668c45292b98250fa85205aa160f828 files/digest-pam_ssh-1.9 64 MD5 d42a0e20bf5fa8783aa3a7c6de9a935e files/digest-pam_ssh-1.91 65 +RMD160 584e864a0d687e007990d5898f0f2bd0826d8832 files/digest-pam_ssh-1.91 65 +SHA256 68ea650542431df8243ce2a5524719dbbb42c2a52eec13e6cf87b02e6672bba2 files/digest-pam_ssh-1.91 65 MD5 d42a0e20bf5fa8783aa3a7c6de9a935e files/digest-pam_ssh-1.91-r1 65 +RMD160 584e864a0d687e007990d5898f0f2bd0826d8832 files/digest-pam_ssh-1.91-r1 65 +SHA256 68ea650542431df8243ce2a5524719dbbb42c2a52eec13e6cf87b02e6672bba2 files/digest-pam_ssh-1.91-r1 65 +MD5 70cacb21c3e0f6b4340ad071c3c35d44 files/digest-pam_ssh-1.91-r2 241 +RMD160 8e452c34304c53c30b23af6794d078a4f3d1a9fd files/digest-pam_ssh-1.91-r2 241 +SHA256 23b39e3fd624a55dff632be9852ac954561213c4bcf5289283a4551611ff52ac files/digest-pam_ssh-1.91-r2 241 +MD5 837bc88d6356de6f0bcc6d8a1033f47f files/pam_ssh-1.91-debian.patch 13855 +RMD160 35cea4b64425351e94f8e5ec4689f17cb97332e7 files/pam_ssh-1.91-debian.patch 13855 +SHA256 a64647467fb05b71a08fe718d371e62356ad8bbf7b7f5a7bc4827b08ca5c91cf files/pam_ssh-1.91-debian.patch 13855 MD5 4d93b0a0bbf019434f9c7a6da68c5e9f files/system-auth.example 612 +RMD160 ffbcbc7535cd654c5a9e8ce2d3584b841aea6e53 files/system-auth.example 612 +SHA256 3699db4595de56f31448c85a83c34277d1bebb5c805871b1c449446a49fb1989 files/system-auth.example 612 MD5 393d06cf4b76671f8e6ce72ac71bdad8 metadata.xml 218 +RMD160 1955c7446d4ceb77506ba7b58ee35913c576a72c metadata.xml 218 +SHA256 e0bb49cab71cc84d8bdad26876197164073722b378d27a5bf55bbfd2afdbd19c metadata.xml 218 MD5 e0412d38c87c68a94db0f947b09dd260 pam_ssh-1.9.ebuild 854 +RMD160 8ffc9574d17deacadfed706ce6fc6e0d763411a4 pam_ssh-1.9.ebuild 854 +SHA256 a85f03646f82c21bba8cabb8dd9cdd9b1e184bb8784ee3a41cfd6e683a424cc6 pam_ssh-1.9.ebuild 854 MD5 c6a80814e16dbf637777dae90dca00c7 pam_ssh-1.91-r1.ebuild 971 +RMD160 fb55fc91e78a10b6d6044f20acb21b5bd17f1d24 pam_ssh-1.91-r1.ebuild 971 +SHA256 533f76e403c5d3fc46baf8815b98c717c5468e3a7721cd7ba423f232ad342156 pam_ssh-1.91-r1.ebuild 971 +MD5 af36dd2aad3d7e39ddb8d92c0db3a51c pam_ssh-1.91-r2.ebuild 1064 +RMD160 27657fa5ebdd3793fa87dbd19fc290538cb3c475 pam_ssh-1.91-r2.ebuild 1064 +SHA256 30e14774b9e883096a3def9bb6110a5e429830d2e2dc78fb9935df35de965224 pam_ssh-1.91-r2.ebuild 1064 MD5 62f8e13a5948e373d0046ffa544e339a pam_ssh-1.91.ebuild 825 +RMD160 df21bd8e04b1f30c43deff87f3db6933ea9c654d pam_ssh-1.91.ebuild 825 +SHA256 4b4b221104b6ae2fca442b7edbf31698ca5d02b62e4cbb0f9b2204f30db1a51d pam_ssh-1.91.ebuild 825 diff --git a/sys-auth/pam_ssh/files/digest-pam_ssh-1.91-r2 b/sys-auth/pam_ssh/files/digest-pam_ssh-1.91-r2 new file mode 100644 index 000000000000..73184ea4beef --- /dev/null +++ b/sys-auth/pam_ssh/files/digest-pam_ssh-1.91-r2 @@ -0,0 +1,3 @@ +MD5 57a3aa476394efa219a8a99f527d4e4b pam_ssh-1.91.tar.bz2 193705 +RMD160 59be70cd4ef4f33ae9d78593e331e5eb3ed84669 pam_ssh-1.91.tar.bz2 193705 +SHA256 dde623585c2942fc079657e061ca47f3380850da5ac2dca708e98f8dd1ea18d0 pam_ssh-1.91.tar.bz2 193705 diff --git a/sys-auth/pam_ssh/files/pam_ssh-1.91-debian.patch b/sys-auth/pam_ssh/files/pam_ssh-1.91-debian.patch new file mode 100644 index 000000000000..b1e49e23f4b8 --- /dev/null +++ b/sys-auth/pam_ssh/files/pam_ssh-1.91-debian.patch @@ -0,0 +1,487 @@ +--- libpam-ssh-1.91.0.orig/pam_ssh.c 2004-04-12 08:55:08.000000000 -0500 ++++ libpam-ssh-1.91.0/pam_ssh.c 2005-04-03 21:18:58.140936716 -0500 +@@ -279,9 +279,8 @@ + */ + + static int +-add_keys(pam_handle_t *pamh, char *socket) ++add_keys(pam_handle_t *pamh, AuthenticationConnection *ac) + { +- AuthenticationConnection *ac; /* connection to ssh-agent */ + char *comment; /* private key comment */ + char *data_name; /* PAM state */ + int final; /* final return value */ +@@ -289,13 +288,6 @@ + Key *key; /* user's private key */ + int retval; /* from calls */ + +- /* connect to the agent */ +- +- if (!(ac = ssh_get_authentication_connection(socket))) { +- pam_ssh_log(LOG_ERR, "%s: %m", socket); +- return PAM_SESSION_ERR; +- } +- + /* hand off each private key to the agent */ + + final = 0; +@@ -324,11 +316,177 @@ + if (!final) + final = retval; + } +- ssh_close_authentication_connection(ac); + + return final ? PAM_SUCCESS : PAM_SESSION_ERR; + } + ++static int ++start_ssh_agent(pam_handle_t *pamh, uid_t uid, FILE **env_read) ++{ ++ pid_t child_pid; /* child process that spawns agent */ ++ int child_pipe[2]; /* pipe to child process */ ++ int child_status; /* child process status */ ++ char *arg[3], *env[1]; /* to pass to execve() */ ++ ++ if (pipe(child_pipe) < 0) { ++ pam_ssh_log(LOG_ERR, "pipe: %m"); ++ return PAM_SERVICE_ERR; ++ } ++ switch (child_pid = fork()) { ++ case -1: /* error */ ++ pam_ssh_log(LOG_ERR, "fork: %m"); ++ close(child_pipe[0]); ++ close(child_pipe[1]); ++ return PAM_SERVICE_ERR; ++ /* NOTREACHED */ ++ case 0: /* child */ ++ ++ /* Permanently drop privileges using setuid() ++ before executing ssh-agent so that root ++ privileges can't possibly be regained (some ++ ssh-agents insist that euid == ruid ++ anyway). System V won't let us use ++ setuid() unless euid == 0, so we ++ temporarily regain root privileges first ++ with openpam_restore_cred() (which calls ++ seteuid()). */ ++ ++ switch (openpam_restore_cred(pamh)) { ++ case PAM_SYSTEM_ERR: ++ pam_ssh_log(LOG_ERR, ++ "can't restore privileges: %m"); ++ _exit(EX_OSERR); ++ /* NOTREACHED */ ++ case PAM_SUCCESS: ++ if (setuid(uid) == -1) { ++ pam_ssh_log(LOG_ERR, ++ "can't drop privileges: %m", ++ uid); ++ _exit(EX_NOPERM); ++ } ++ break; ++ } ++ ++ if (close(child_pipe[0]) == -1) { ++ pam_ssh_log(LOG_ERR, "close: %m"); ++ _exit(EX_OSERR); ++ } ++ if (child_pipe[1] != STDOUT_FILENO) { ++ if (dup2(child_pipe[1], STDOUT_FILENO) == -1) { ++ pam_ssh_log(LOG_ERR, "dup: %m"); ++ _exit(EX_OSERR); ++ } ++ if (close(child_pipe[1]) == -1) { ++ pam_ssh_log(LOG_ERR, "close: %m"); ++ _exit(EX_OSERR); ++ } ++ } ++ arg[0] = "ssh-agent"; ++ arg[1] = "-s"; ++ arg[2] = NULL; ++ env[0] = NULL; ++ execve(PATH_SSH_AGENT, arg, env); ++ pam_ssh_log(LOG_ERR, "%s: %m", PATH_SSH_AGENT); ++ _exit(127); ++ /* NOTREACHED */ ++ } ++ if (close(child_pipe[1]) == -1) { ++ pam_ssh_log(LOG_ERR, "close: %m"); ++ return PAM_SESSION_ERR; ++ } ++ if (!(*env_read = fdopen(child_pipe[0], "r"))) { ++ pam_ssh_log(LOG_ERR, "%s: %m", PATH_SSH_AGENT); ++ return PAM_SESSION_ERR; ++ } ++ ++ child_status = 0; ++ if (waitpid_intr(child_pid, &child_status, 0) == -1 && ++ errno != ECHILD) { ++ pam_ssh_log(LOG_ERR, "%s: %m", PATH_SSH_AGENT); ++ return PAM_SESSION_ERR; ++ } ++ ++ if (child_status != 0) { ++ if (WIFSIGNALED(child_status)) ++ pam_ssh_log(LOG_ERR, "%s exited on signal %d", ++ PATH_SSH_AGENT, WTERMSIG(child_status)); ++ else ++ if (WEXITSTATUS(child_status) == 127) ++ pam_ssh_log(LOG_ERR, ++ "cannot execute %s", ++ PATH_SSH_AGENT); ++ else ++ pam_ssh_log(LOG_ERR, ++ "%s exited with status %d", ++ PATH_SSH_AGENT, ++ WEXITSTATUS(child_status)); ++ return PAM_SESSION_ERR; ++ } ++ ++ return PAM_SUCCESS; ++} ++ ++static int ++read_write_agent_env(pam_handle_t *pamh, ++ FILE *env_read, ++ int env_write, ++ char **agent_socket) ++{ ++ char *agent_pid; /* copy of agent PID */ ++ char *env_end; /* end of env */ ++ char env_string[BUFSIZ]; /* environment string */ ++ char *env_value; /* envariable value */ ++ int retval; /* from calls */ ++ ++ while (fgets(env_string, sizeof env_string, env_read)) { ++ ++ /* parse environment definitions */ ++ ++ if (env_write >= 0) ++ write(env_write, env_string, strlen(env_string)); ++ if (!(env_value = strchr(env_string, '=')) || ++ !(env_end = strchr(env_value, ';'))) ++ continue; ++ *env_end = '\0'; ++ ++ /* pass to the application */ ++ ++ if ((retval = pam_putenv(pamh, env_string)) != PAM_SUCCESS) ++ return retval; ++ ++ *env_value++ = '\0'; ++ ++ /* save the agent socket so we can connect to it and add ++ the keys as well as the PID so we can kill the agent on ++ session close. */ ++ ++ agent_pid = NULL; ++ if (strcmp(&env_string[strlen(env_string) - ++ strlen(ENV_SOCKET_SUFFIX)], ENV_SOCKET_SUFFIX) == 0 && ++ !(*agent_socket = strdup(env_value))) { ++ pam_ssh_log(LOG_CRIT, "out of memory"); ++ return PAM_SERVICE_ERR; ++ } else if (strcmp(&env_string[strlen(env_string) - ++ strlen(ENV_PID_SUFFIX)], ENV_PID_SUFFIX) == 0 && ++ (!(agent_pid = strdup(env_value)) || ++ (retval = pam_set_data(pamh, "ssh_agent_pid", ++ agent_pid, ssh_cleanup)) != PAM_SUCCESS)) { ++ if (agent_pid) ++ free(agent_pid); ++ else { ++ pam_ssh_log(LOG_CRIT, "out of memory"); ++ return PAM_SERVICE_ERR; ++ } ++ if (agent_socket) ++ free(agent_socket); ++ return retval; ++ } ++ ++ } ++ ++ return PAM_SUCCESS; ++} ++ + + PAM_EXTERN int + pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, int argc, +@@ -494,17 +652,10 @@ + pam_sm_open_session(pam_handle_t *pamh, int flags __unused, + int argc __unused, const char **argv __unused) + { +- char *agent_pid; /* copy of agent PID */ ++ AuthenticationConnection *ac; /* connection to ssh-agent */ + char *agent_socket; /* agent socket */ +- char *arg[3], *env[1]; /* to pass to execve() */ +- pid_t child_pid; /* child process that spawns agent */ +- int child_pipe[2]; /* pipe to child process */ +- int child_status; /* child process status */ + char *cp; /* scratch */ +- char *env_end; /* end of env */ + FILE *env_read; /* env data source */ +- char env_string[BUFSIZ]; /* environment string */ +- char *env_value; /* envariable value */ + int env_write; /* env file descriptor */ + char hname[MAXHOSTNAMELEN]; /* local hostname */ + int no_link; /* link per-agent file? */ +@@ -515,6 +666,7 @@ + int start_agent; /* start agent? */ + const char *tty_raw; /* raw tty or display name */ + char *tty_nodir; /* tty without / chars */ ++ int attempt; /* No. of attempt to contact agent */ + + log_init(MODULE_NAME, SYSLOG_LEVEL_ERROR, SYSLOG_FACILITY_AUTHPRIV, 0); + +@@ -568,215 +720,70 @@ + per-session filename later. Start the agent if we can't open + the file for reading. */ + +- env_write = child_pid = no_link = start_agent = 0; +- env_read = NULL; +- if ((env_write = open(per_agent, O_CREAT | O_EXCL | O_WRONLY, S_IRUSR)) +- < 0 && !(env_read = fopen(per_agent, "r"))) +- no_link = 1; +- if (!env_read) { +- start_agent = 1; +- if (pipe(child_pipe) < 0) { +- pam_ssh_log(LOG_ERR, "pipe: %m"); +- close(env_write); +- openpam_restore_cred(pamh); +- return PAM_SERVICE_ERR; +- } +- switch (child_pid = fork()) { +- case -1: /* error */ +- pam_ssh_log(LOG_ERR, "fork: %m"); +- close(child_pipe[0]); +- close(child_pipe[1]); +- close(env_write); +- openpam_restore_cred(pamh); +- return PAM_SERVICE_ERR; +- /* NOTREACHED */ +- case 0: /* child */ +- +- /* Permanently drop privileges using setuid() +- before executing ssh-agent so that root +- privileges can't possibly be regained (some +- ssh-agents insist that euid == ruid +- anyway). System V won't let us use +- setuid() unless euid == 0, so we +- temporarily regain root privileges first +- with openpam_restore_cred() (which calls +- seteuid()). */ +- +- switch (openpam_restore_cred(pamh)) { +- case PAM_SYSTEM_ERR: +- pam_ssh_log(LOG_ERR, +- "can't restore privileges: %m"); +- _exit(EX_OSERR); +- /* NOTREACHED */ +- case PAM_SUCCESS: +- if (setuid(pwent->pw_uid) == -1) { +- pam_ssh_log(LOG_ERR, +- "can't drop privileges: %m", +- pwent->pw_uid); +- _exit(EX_NOPERM); +- } +- break; +- } +- +- if (close(child_pipe[0]) == -1) { +- pam_ssh_log(LOG_ERR, "close: %m"); +- _exit(EX_OSERR); +- } +- if (child_pipe[1] != STDOUT_FILENO) { +- if (dup2(child_pipe[1], STDOUT_FILENO) == -1) { +- pam_ssh_log(LOG_ERR, "dup: %m"); +- _exit(EX_OSERR); +- } +- if (close(child_pipe[1]) == -1) { +- pam_ssh_log(LOG_ERR, "close: %m"); +- _exit(EX_OSERR); +- } ++ for ( attempt = 0; attempt < 2; ++attempt ) { ++ env_write = no_link = start_agent = 0; ++ env_read = NULL; ++ if ((env_write = open(per_agent, O_CREAT | O_EXCL | O_WRONLY, S_IRUSR)) ++ < 0 && !(env_read = fopen(per_agent, "r"))) ++ no_link = 1; ++ if (!env_read) { ++ start_agent = 1; ++ if ((retval = start_ssh_agent(pamh, pwent->pw_uid, &env_read)) ++ != PAM_SUCCESS) { ++ close(env_write); ++ openpam_restore_cred(pamh); ++ return retval; + } +- arg[0] = "ssh-agent"; +- arg[1] = "-s"; +- arg[2] = NULL; +- env[0] = NULL; +- execve(PATH_SSH_AGENT, arg, env); +- pam_ssh_log(LOG_ERR, "%s: %m", PATH_SSH_AGENT); +- _exit(127); +- /* NOTREACHED */ +- } +- if (close(child_pipe[1]) == -1) { +- pam_ssh_log(LOG_ERR, "close: %m"); +- openpam_restore_cred(pamh); +- return PAM_SESSION_ERR; +- } +- if (!(env_read = fdopen(child_pipe[0], "r"))) { +- pam_ssh_log(LOG_ERR, "%s: %m", PATH_SSH_AGENT); +- close(env_write); +- openpam_restore_cred(pamh); +- return PAM_SESSION_ERR; +- } +- } +- +- /* save environment for application with pam_putenv() */ +- +- agent_socket = NULL; +- while (fgets(env_string, sizeof env_string, env_read)) { +- +- /* parse environment definitions */ +- +- if (env_write >= 0) +- write(env_write, env_string, strlen(env_string)); +- if (!(env_value = strchr(env_string, '=')) || +- !(env_end = strchr(env_value, ';'))) +- continue; +- *env_end = '\0'; +- +- /* pass to the application */ +- +- if ((retval = pam_putenv(pamh, env_string)) != PAM_SUCCESS) { +- fclose(env_read); +- if (start_agent) +- waitpid_intr(child_pid, &child_status, 0); +- close(env_write); +- if (agent_socket) +- free(agent_socket); +- openpam_restore_cred(pamh); +- return retval; + } + +- *env_value++ = '\0'; +- +- /* save the agent socket so we can connect to it and add +- the keys as well as the PID so we can kill the agent on +- session close. */ +- +- agent_pid = NULL; +- if (strcmp(&env_string[strlen(env_string) - +- strlen(ENV_SOCKET_SUFFIX)], ENV_SOCKET_SUFFIX) == 0 && +- !(agent_socket = strdup(env_value))) { +- pam_ssh_log(LOG_CRIT, "out of memory"); +- fclose(env_read); +- if (start_agent) +- waitpid_intr(child_pid, &child_status, 0); +- close(env_write); ++ agent_socket = NULL; ++ retval = read_write_agent_env(pamh, env_read, env_write, &agent_socket); ++ close(env_write); ++ if (retval != PAM_SUCCESS) { + if (agent_socket) + free(agent_socket); +- openpam_restore_cred(pamh); +- return PAM_SERVICE_ERR; +- } else if (strcmp(&env_string[strlen(env_string) - +- strlen(ENV_PID_SUFFIX)], ENV_PID_SUFFIX) == 0 && +- (!(agent_pid = strdup(env_value)) || +- (retval = pam_set_data(pamh, "ssh_agent_pid", +- agent_pid, ssh_cleanup)) != PAM_SUCCESS)) { + fclose(env_read); +- if (start_agent) +- waitpid_intr(child_pid, &child_status, 0); +- close(env_write); +- if (agent_pid) +- free(agent_pid); +- else { +- pam_ssh_log(LOG_CRIT, "out of memory"); +- openpam_restore_cred(pamh); +- return PAM_SERVICE_ERR; +- } +- if (agent_socket) +- free(agent_socket); + openpam_restore_cred(pamh); + return retval; + } + +- } +- close(env_write); +- +- if (fclose(env_read) != 0) { +- pam_ssh_log(LOG_ERR, "fclose: %m"); +- openpam_restore_cred(pamh); +- return PAM_SESSION_ERR; +- } +- +- if (start_agent) { +- +- /* Ignore ECHILD in case a SIGCHLD handler is installed. */ +- +- child_status = 0; +- if (waitpid_intr(child_pid, &child_status, 0) == -1 && +- errno != ECHILD) { +- pam_ssh_log(LOG_ERR, "%s: %m", PATH_SSH_AGENT); ++ if (fclose(env_read) != 0) { ++ pam_ssh_log(LOG_ERR, "fclose: %m"); + if (agent_socket) + free(agent_socket); + openpam_restore_cred(pamh); + return PAM_SESSION_ERR; + } + +- if (child_status != 0) { +- if (WIFSIGNALED(child_status)) +- pam_ssh_log(LOG_ERR, "%s exited on signal %d", +- PATH_SSH_AGENT, WTERMSIG(child_status)); +- else +- if (WEXITSTATUS(retval) == 127) +- pam_ssh_log(LOG_ERR, +- "cannot execute %s", +- PATH_SSH_AGENT); +- else +- pam_ssh_log(LOG_ERR, +- "%s exited with status %d", +- PATH_SSH_AGENT, +- WEXITSTATUS(child_status)); +- if (agent_socket) +- free(agent_socket); ++ if (!agent_socket) { + openpam_restore_cred(pamh); + return PAM_SESSION_ERR; + } ++ ++ ac = ssh_get_authentication_connection(agent_socket); ++ if (ac) { ++ free(agent_socket); ++ break; ++ } ++ pam_ssh_log(LOG_ERR, "%s: %m", agent_socket); ++ free(agent_socket); ++ if (start_agent) ++ break; ++ unlink(per_agent); + } + +- if (!agent_socket) { +- openpam_restore_cred(pamh); ++ if (!ac) + return PAM_SESSION_ERR; +- } + +- if (start_agent && (retval = add_keys(pamh, agent_socket)) +- != PAM_SUCCESS) { ++ if (start_agent) ++ retval = add_keys(pamh, ac); ++ ++ ssh_close_authentication_connection(ac); ++ ++ if (start_agent && retval != PAM_SUCCESS) { + openpam_restore_cred(pamh); + return retval; + } +- free(agent_socket); + + /* if we couldn't access the per-agent file, don't link a + per-session filename to it */ diff --git a/sys-auth/pam_ssh/files/pam_ssh-1.91-syslog.patch b/sys-auth/pam_ssh/files/pam_ssh-1.91-syslog.patch new file mode 100644 index 000000000000..0289d0828510 --- /dev/null +++ b/sys-auth/pam_ssh/files/pam_ssh-1.91-syslog.patch @@ -0,0 +1,12 @@ +Index: pam_ssh-1.91/pam_ssh.c +=================================================================== +--- pam_ssh-1.91.orig/pam_ssh.c ++++ pam_ssh-1.91/pam_ssh.c +@@ -63,6 +63,7 @@ + #include <string.h> + #include <sysexits.h> + #include <unistd.h> ++#include <syslog.h> + + #define PAM_SM_AUTH + #define PAM_SM_SESSION diff --git a/sys-auth/pam_ssh/pam_ssh-1.91-r2.ebuild b/sys-auth/pam_ssh/pam_ssh-1.91-r2.ebuild new file mode 100644 index 000000000000..66e6bdd5a45d --- /dev/null +++ b/sys-auth/pam_ssh/pam_ssh-1.91-r2.ebuild @@ -0,0 +1,48 @@ +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-auth/pam_ssh/pam_ssh-1.91-r2.ebuild,v 1.1 2006/04/21 11:41:25 flameeyes Exp $ + +inherit pam eutils + +DESCRIPTION="Uses ssh-agent to provide single sign-on" +HOMEPAGE="http://pam-ssh.sourceforge.net/" +SRC_URI="mirror://sourceforge/pam-ssh/${P}.tar.bz2" + +RESTRICT="nomirror confcache" +LICENSE="BSD as-is" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~x86" +IUSE="" + +# Doesn't work on OpenPAM. +DEPEND="sys-libs/pam + sys-devel/libtool" + +RDEPEND="sys-libs/pam + virtual/ssh" + +src_unpack() { + unpack ${A} + cd "${S}" + + epatch "${FILESDIR}/${P}-debian.patch" #105546 + epatch "${FILESDIR}/${P}-syslog.patch" # glibc-2.4 +} + +src_compile() { + econf \ + "--with-pam-dir=$(getpam_mod_dir)" \ + || die "econf failed" + + emake || die "emake failed" +} + +src_install() { + make install DESTDIR=${D} || die "install failed" + dodoc AUTHORS ChangeLog NEWS README TODO "${FILESDIR}/system-auth.example" +} + +pkg_postinst() { + einfo "You can find an example system-auth file that uses this" + einfo "library in /usr/share/doc/${PF}" +} |