summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'sys-auth/pam_ssh')
-rw-r--r--sys-auth/pam_ssh/ChangeLog12
-rw-r--r--sys-auth/pam_ssh/Manifest29
-rw-r--r--sys-auth/pam_ssh/files/digest-pam_ssh-1.91-r23
-rw-r--r--sys-auth/pam_ssh/files/pam_ssh-1.91-debian.patch487
-rw-r--r--sys-auth/pam_ssh/files/pam_ssh-1.91-syslog.patch12
-rw-r--r--sys-auth/pam_ssh/pam_ssh-1.91-r2.ebuild48
6 files changed, 589 insertions, 2 deletions
diff --git a/sys-auth/pam_ssh/ChangeLog b/sys-auth/pam_ssh/ChangeLog
index aebac9d24a4b..0408fe9bb9f2 100644
--- a/sys-auth/pam_ssh/ChangeLog
+++ b/sys-auth/pam_ssh/ChangeLog
@@ -1,6 +1,14 @@
# ChangeLog for sys-auth/pam_ssh
-# Copyright 2000-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-auth/pam_ssh/ChangeLog,v 1.2 2005/10/09 23:18:09 flameeyes Exp $
+# Copyright 2000-2006 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/pam_ssh/ChangeLog,v 1.3 2006/04/21 11:41:25 flameeyes Exp $
+
+*pam_ssh-1.91-r2 (21 Apr 2006)
+
+ 21 Apr 2006; Diego Pettenò <flameeyes@gentoo.org>
+ +files/pam_ssh-1.91-debian.patch, +files/pam_ssh-1.91-syslog.patch,
+ +pam_ssh-1.91-r2.ebuild:
+ Add patch from debian to fix removal of stale files. Thanks to Jan Kundrát
+ in bug #105546. Add patch to build with glibc 2.4. Restrict from confcache.
09 Oct 2005; Diego Pettenò <flameeyes@gentoo.org> metadata.xml:
Add pam-bugs email address as maintainer.
diff --git a/sys-auth/pam_ssh/Manifest b/sys-auth/pam_ssh/Manifest
index 41580bdaf258..704392b00bcb 100644
--- a/sys-auth/pam_ssh/Manifest
+++ b/sys-auth/pam_ssh/Manifest
@@ -1,10 +1,39 @@
MD5 3dcbd40067be2d5ae9ec4171a2966426 ChangeLog 1338
+RMD160 262007d5bfee3395cc8d1f74dcd0386a5d3ea3bc ChangeLog 1338
+SHA256 a441ae86a9ff9d9b11e7478dadc09b9d2a2e32f050974aa924dccc01aa4ccf15 ChangeLog 1338
MD5 5cd5460fb7b7377b0e576eac476bc830 files/1.9-standard-prompt.patch 378
+RMD160 f2687cfccf3d8d636dd36fb32b7d181c7116845a files/1.9-standard-prompt.patch 378
+SHA256 525c87beab1dd329cee9f3036e33e18c7278d90b63f14a893864cb74344ef990 files/1.9-standard-prompt.patch 378
MD5 2da9f0064c9caa03f6d298f3f3f6a169 files/digest-pam_ssh-1.9 64
+RMD160 b9abcd680a094c19b856999cacaa1169ea2bebd0 files/digest-pam_ssh-1.9 64
+SHA256 6244ff0d5072ea191a36560328cd6253e668c45292b98250fa85205aa160f828 files/digest-pam_ssh-1.9 64
MD5 d42a0e20bf5fa8783aa3a7c6de9a935e files/digest-pam_ssh-1.91 65
+RMD160 584e864a0d687e007990d5898f0f2bd0826d8832 files/digest-pam_ssh-1.91 65
+SHA256 68ea650542431df8243ce2a5524719dbbb42c2a52eec13e6cf87b02e6672bba2 files/digest-pam_ssh-1.91 65
MD5 d42a0e20bf5fa8783aa3a7c6de9a935e files/digest-pam_ssh-1.91-r1 65
+RMD160 584e864a0d687e007990d5898f0f2bd0826d8832 files/digest-pam_ssh-1.91-r1 65
+SHA256 68ea650542431df8243ce2a5524719dbbb42c2a52eec13e6cf87b02e6672bba2 files/digest-pam_ssh-1.91-r1 65
+MD5 70cacb21c3e0f6b4340ad071c3c35d44 files/digest-pam_ssh-1.91-r2 241
+RMD160 8e452c34304c53c30b23af6794d078a4f3d1a9fd files/digest-pam_ssh-1.91-r2 241
+SHA256 23b39e3fd624a55dff632be9852ac954561213c4bcf5289283a4551611ff52ac files/digest-pam_ssh-1.91-r2 241
+MD5 837bc88d6356de6f0bcc6d8a1033f47f files/pam_ssh-1.91-debian.patch 13855
+RMD160 35cea4b64425351e94f8e5ec4689f17cb97332e7 files/pam_ssh-1.91-debian.patch 13855
+SHA256 a64647467fb05b71a08fe718d371e62356ad8bbf7b7f5a7bc4827b08ca5c91cf files/pam_ssh-1.91-debian.patch 13855
MD5 4d93b0a0bbf019434f9c7a6da68c5e9f files/system-auth.example 612
+RMD160 ffbcbc7535cd654c5a9e8ce2d3584b841aea6e53 files/system-auth.example 612
+SHA256 3699db4595de56f31448c85a83c34277d1bebb5c805871b1c449446a49fb1989 files/system-auth.example 612
MD5 393d06cf4b76671f8e6ce72ac71bdad8 metadata.xml 218
+RMD160 1955c7446d4ceb77506ba7b58ee35913c576a72c metadata.xml 218
+SHA256 e0bb49cab71cc84d8bdad26876197164073722b378d27a5bf55bbfd2afdbd19c metadata.xml 218
MD5 e0412d38c87c68a94db0f947b09dd260 pam_ssh-1.9.ebuild 854
+RMD160 8ffc9574d17deacadfed706ce6fc6e0d763411a4 pam_ssh-1.9.ebuild 854
+SHA256 a85f03646f82c21bba8cabb8dd9cdd9b1e184bb8784ee3a41cfd6e683a424cc6 pam_ssh-1.9.ebuild 854
MD5 c6a80814e16dbf637777dae90dca00c7 pam_ssh-1.91-r1.ebuild 971
+RMD160 fb55fc91e78a10b6d6044f20acb21b5bd17f1d24 pam_ssh-1.91-r1.ebuild 971
+SHA256 533f76e403c5d3fc46baf8815b98c717c5468e3a7721cd7ba423f232ad342156 pam_ssh-1.91-r1.ebuild 971
+MD5 af36dd2aad3d7e39ddb8d92c0db3a51c pam_ssh-1.91-r2.ebuild 1064
+RMD160 27657fa5ebdd3793fa87dbd19fc290538cb3c475 pam_ssh-1.91-r2.ebuild 1064
+SHA256 30e14774b9e883096a3def9bb6110a5e429830d2e2dc78fb9935df35de965224 pam_ssh-1.91-r2.ebuild 1064
MD5 62f8e13a5948e373d0046ffa544e339a pam_ssh-1.91.ebuild 825
+RMD160 df21bd8e04b1f30c43deff87f3db6933ea9c654d pam_ssh-1.91.ebuild 825
+SHA256 4b4b221104b6ae2fca442b7edbf31698ca5d02b62e4cbb0f9b2204f30db1a51d pam_ssh-1.91.ebuild 825
diff --git a/sys-auth/pam_ssh/files/digest-pam_ssh-1.91-r2 b/sys-auth/pam_ssh/files/digest-pam_ssh-1.91-r2
new file mode 100644
index 000000000000..73184ea4beef
--- /dev/null
+++ b/sys-auth/pam_ssh/files/digest-pam_ssh-1.91-r2
@@ -0,0 +1,3 @@
+MD5 57a3aa476394efa219a8a99f527d4e4b pam_ssh-1.91.tar.bz2 193705
+RMD160 59be70cd4ef4f33ae9d78593e331e5eb3ed84669 pam_ssh-1.91.tar.bz2 193705
+SHA256 dde623585c2942fc079657e061ca47f3380850da5ac2dca708e98f8dd1ea18d0 pam_ssh-1.91.tar.bz2 193705
diff --git a/sys-auth/pam_ssh/files/pam_ssh-1.91-debian.patch b/sys-auth/pam_ssh/files/pam_ssh-1.91-debian.patch
new file mode 100644
index 000000000000..b1e49e23f4b8
--- /dev/null
+++ b/sys-auth/pam_ssh/files/pam_ssh-1.91-debian.patch
@@ -0,0 +1,487 @@
+--- libpam-ssh-1.91.0.orig/pam_ssh.c 2004-04-12 08:55:08.000000000 -0500
++++ libpam-ssh-1.91.0/pam_ssh.c 2005-04-03 21:18:58.140936716 -0500
+@@ -279,9 +279,8 @@
+ */
+
+ static int
+-add_keys(pam_handle_t *pamh, char *socket)
++add_keys(pam_handle_t *pamh, AuthenticationConnection *ac)
+ {
+- AuthenticationConnection *ac; /* connection to ssh-agent */
+ char *comment; /* private key comment */
+ char *data_name; /* PAM state */
+ int final; /* final return value */
+@@ -289,13 +288,6 @@
+ Key *key; /* user's private key */
+ int retval; /* from calls */
+
+- /* connect to the agent */
+-
+- if (!(ac = ssh_get_authentication_connection(socket))) {
+- pam_ssh_log(LOG_ERR, "%s: %m", socket);
+- return PAM_SESSION_ERR;
+- }
+-
+ /* hand off each private key to the agent */
+
+ final = 0;
+@@ -324,11 +316,177 @@
+ if (!final)
+ final = retval;
+ }
+- ssh_close_authentication_connection(ac);
+
+ return final ? PAM_SUCCESS : PAM_SESSION_ERR;
+ }
+
++static int
++start_ssh_agent(pam_handle_t *pamh, uid_t uid, FILE **env_read)
++{
++ pid_t child_pid; /* child process that spawns agent */
++ int child_pipe[2]; /* pipe to child process */
++ int child_status; /* child process status */
++ char *arg[3], *env[1]; /* to pass to execve() */
++
++ if (pipe(child_pipe) < 0) {
++ pam_ssh_log(LOG_ERR, "pipe: %m");
++ return PAM_SERVICE_ERR;
++ }
++ switch (child_pid = fork()) {
++ case -1: /* error */
++ pam_ssh_log(LOG_ERR, "fork: %m");
++ close(child_pipe[0]);
++ close(child_pipe[1]);
++ return PAM_SERVICE_ERR;
++ /* NOTREACHED */
++ case 0: /* child */
++
++ /* Permanently drop privileges using setuid()
++ before executing ssh-agent so that root
++ privileges can't possibly be regained (some
++ ssh-agents insist that euid == ruid
++ anyway). System V won't let us use
++ setuid() unless euid == 0, so we
++ temporarily regain root privileges first
++ with openpam_restore_cred() (which calls
++ seteuid()). */
++
++ switch (openpam_restore_cred(pamh)) {
++ case PAM_SYSTEM_ERR:
++ pam_ssh_log(LOG_ERR,
++ "can't restore privileges: %m");
++ _exit(EX_OSERR);
++ /* NOTREACHED */
++ case PAM_SUCCESS:
++ if (setuid(uid) == -1) {
++ pam_ssh_log(LOG_ERR,
++ "can't drop privileges: %m",
++ uid);
++ _exit(EX_NOPERM);
++ }
++ break;
++ }
++
++ if (close(child_pipe[0]) == -1) {
++ pam_ssh_log(LOG_ERR, "close: %m");
++ _exit(EX_OSERR);
++ }
++ if (child_pipe[1] != STDOUT_FILENO) {
++ if (dup2(child_pipe[1], STDOUT_FILENO) == -1) {
++ pam_ssh_log(LOG_ERR, "dup: %m");
++ _exit(EX_OSERR);
++ }
++ if (close(child_pipe[1]) == -1) {
++ pam_ssh_log(LOG_ERR, "close: %m");
++ _exit(EX_OSERR);
++ }
++ }
++ arg[0] = "ssh-agent";
++ arg[1] = "-s";
++ arg[2] = NULL;
++ env[0] = NULL;
++ execve(PATH_SSH_AGENT, arg, env);
++ pam_ssh_log(LOG_ERR, "%s: %m", PATH_SSH_AGENT);
++ _exit(127);
++ /* NOTREACHED */
++ }
++ if (close(child_pipe[1]) == -1) {
++ pam_ssh_log(LOG_ERR, "close: %m");
++ return PAM_SESSION_ERR;
++ }
++ if (!(*env_read = fdopen(child_pipe[0], "r"))) {
++ pam_ssh_log(LOG_ERR, "%s: %m", PATH_SSH_AGENT);
++ return PAM_SESSION_ERR;
++ }
++
++ child_status = 0;
++ if (waitpid_intr(child_pid, &child_status, 0) == -1 &&
++ errno != ECHILD) {
++ pam_ssh_log(LOG_ERR, "%s: %m", PATH_SSH_AGENT);
++ return PAM_SESSION_ERR;
++ }
++
++ if (child_status != 0) {
++ if (WIFSIGNALED(child_status))
++ pam_ssh_log(LOG_ERR, "%s exited on signal %d",
++ PATH_SSH_AGENT, WTERMSIG(child_status));
++ else
++ if (WEXITSTATUS(child_status) == 127)
++ pam_ssh_log(LOG_ERR,
++ "cannot execute %s",
++ PATH_SSH_AGENT);
++ else
++ pam_ssh_log(LOG_ERR,
++ "%s exited with status %d",
++ PATH_SSH_AGENT,
++ WEXITSTATUS(child_status));
++ return PAM_SESSION_ERR;
++ }
++
++ return PAM_SUCCESS;
++}
++
++static int
++read_write_agent_env(pam_handle_t *pamh,
++ FILE *env_read,
++ int env_write,
++ char **agent_socket)
++{
++ char *agent_pid; /* copy of agent PID */
++ char *env_end; /* end of env */
++ char env_string[BUFSIZ]; /* environment string */
++ char *env_value; /* envariable value */
++ int retval; /* from calls */
++
++ while (fgets(env_string, sizeof env_string, env_read)) {
++
++ /* parse environment definitions */
++
++ if (env_write >= 0)
++ write(env_write, env_string, strlen(env_string));
++ if (!(env_value = strchr(env_string, '=')) ||
++ !(env_end = strchr(env_value, ';')))
++ continue;
++ *env_end = '\0';
++
++ /* pass to the application */
++
++ if ((retval = pam_putenv(pamh, env_string)) != PAM_SUCCESS)
++ return retval;
++
++ *env_value++ = '\0';
++
++ /* save the agent socket so we can connect to it and add
++ the keys as well as the PID so we can kill the agent on
++ session close. */
++
++ agent_pid = NULL;
++ if (strcmp(&env_string[strlen(env_string) -
++ strlen(ENV_SOCKET_SUFFIX)], ENV_SOCKET_SUFFIX) == 0 &&
++ !(*agent_socket = strdup(env_value))) {
++ pam_ssh_log(LOG_CRIT, "out of memory");
++ return PAM_SERVICE_ERR;
++ } else if (strcmp(&env_string[strlen(env_string) -
++ strlen(ENV_PID_SUFFIX)], ENV_PID_SUFFIX) == 0 &&
++ (!(agent_pid = strdup(env_value)) ||
++ (retval = pam_set_data(pamh, "ssh_agent_pid",
++ agent_pid, ssh_cleanup)) != PAM_SUCCESS)) {
++ if (agent_pid)
++ free(agent_pid);
++ else {
++ pam_ssh_log(LOG_CRIT, "out of memory");
++ return PAM_SERVICE_ERR;
++ }
++ if (agent_socket)
++ free(agent_socket);
++ return retval;
++ }
++
++ }
++
++ return PAM_SUCCESS;
++}
++
+
+ PAM_EXTERN int
+ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, int argc,
+@@ -494,17 +652,10 @@
+ pam_sm_open_session(pam_handle_t *pamh, int flags __unused,
+ int argc __unused, const char **argv __unused)
+ {
+- char *agent_pid; /* copy of agent PID */
++ AuthenticationConnection *ac; /* connection to ssh-agent */
+ char *agent_socket; /* agent socket */
+- char *arg[3], *env[1]; /* to pass to execve() */
+- pid_t child_pid; /* child process that spawns agent */
+- int child_pipe[2]; /* pipe to child process */
+- int child_status; /* child process status */
+ char *cp; /* scratch */
+- char *env_end; /* end of env */
+ FILE *env_read; /* env data source */
+- char env_string[BUFSIZ]; /* environment string */
+- char *env_value; /* envariable value */
+ int env_write; /* env file descriptor */
+ char hname[MAXHOSTNAMELEN]; /* local hostname */
+ int no_link; /* link per-agent file? */
+@@ -515,6 +666,7 @@
+ int start_agent; /* start agent? */
+ const char *tty_raw; /* raw tty or display name */
+ char *tty_nodir; /* tty without / chars */
++ int attempt; /* No. of attempt to contact agent */
+
+ log_init(MODULE_NAME, SYSLOG_LEVEL_ERROR, SYSLOG_FACILITY_AUTHPRIV, 0);
+
+@@ -568,215 +720,70 @@
+ per-session filename later. Start the agent if we can't open
+ the file for reading. */
+
+- env_write = child_pid = no_link = start_agent = 0;
+- env_read = NULL;
+- if ((env_write = open(per_agent, O_CREAT | O_EXCL | O_WRONLY, S_IRUSR))
+- < 0 && !(env_read = fopen(per_agent, "r")))
+- no_link = 1;
+- if (!env_read) {
+- start_agent = 1;
+- if (pipe(child_pipe) < 0) {
+- pam_ssh_log(LOG_ERR, "pipe: %m");
+- close(env_write);
+- openpam_restore_cred(pamh);
+- return PAM_SERVICE_ERR;
+- }
+- switch (child_pid = fork()) {
+- case -1: /* error */
+- pam_ssh_log(LOG_ERR, "fork: %m");
+- close(child_pipe[0]);
+- close(child_pipe[1]);
+- close(env_write);
+- openpam_restore_cred(pamh);
+- return PAM_SERVICE_ERR;
+- /* NOTREACHED */
+- case 0: /* child */
+-
+- /* Permanently drop privileges using setuid()
+- before executing ssh-agent so that root
+- privileges can't possibly be regained (some
+- ssh-agents insist that euid == ruid
+- anyway). System V won't let us use
+- setuid() unless euid == 0, so we
+- temporarily regain root privileges first
+- with openpam_restore_cred() (which calls
+- seteuid()). */
+-
+- switch (openpam_restore_cred(pamh)) {
+- case PAM_SYSTEM_ERR:
+- pam_ssh_log(LOG_ERR,
+- "can't restore privileges: %m");
+- _exit(EX_OSERR);
+- /* NOTREACHED */
+- case PAM_SUCCESS:
+- if (setuid(pwent->pw_uid) == -1) {
+- pam_ssh_log(LOG_ERR,
+- "can't drop privileges: %m",
+- pwent->pw_uid);
+- _exit(EX_NOPERM);
+- }
+- break;
+- }
+-
+- if (close(child_pipe[0]) == -1) {
+- pam_ssh_log(LOG_ERR, "close: %m");
+- _exit(EX_OSERR);
+- }
+- if (child_pipe[1] != STDOUT_FILENO) {
+- if (dup2(child_pipe[1], STDOUT_FILENO) == -1) {
+- pam_ssh_log(LOG_ERR, "dup: %m");
+- _exit(EX_OSERR);
+- }
+- if (close(child_pipe[1]) == -1) {
+- pam_ssh_log(LOG_ERR, "close: %m");
+- _exit(EX_OSERR);
+- }
++ for ( attempt = 0; attempt < 2; ++attempt ) {
++ env_write = no_link = start_agent = 0;
++ env_read = NULL;
++ if ((env_write = open(per_agent, O_CREAT | O_EXCL | O_WRONLY, S_IRUSR))
++ < 0 && !(env_read = fopen(per_agent, "r")))
++ no_link = 1;
++ if (!env_read) {
++ start_agent = 1;
++ if ((retval = start_ssh_agent(pamh, pwent->pw_uid, &env_read))
++ != PAM_SUCCESS) {
++ close(env_write);
++ openpam_restore_cred(pamh);
++ return retval;
+ }
+- arg[0] = "ssh-agent";
+- arg[1] = "-s";
+- arg[2] = NULL;
+- env[0] = NULL;
+- execve(PATH_SSH_AGENT, arg, env);
+- pam_ssh_log(LOG_ERR, "%s: %m", PATH_SSH_AGENT);
+- _exit(127);
+- /* NOTREACHED */
+- }
+- if (close(child_pipe[1]) == -1) {
+- pam_ssh_log(LOG_ERR, "close: %m");
+- openpam_restore_cred(pamh);
+- return PAM_SESSION_ERR;
+- }
+- if (!(env_read = fdopen(child_pipe[0], "r"))) {
+- pam_ssh_log(LOG_ERR, "%s: %m", PATH_SSH_AGENT);
+- close(env_write);
+- openpam_restore_cred(pamh);
+- return PAM_SESSION_ERR;
+- }
+- }
+-
+- /* save environment for application with pam_putenv() */
+-
+- agent_socket = NULL;
+- while (fgets(env_string, sizeof env_string, env_read)) {
+-
+- /* parse environment definitions */
+-
+- if (env_write >= 0)
+- write(env_write, env_string, strlen(env_string));
+- if (!(env_value = strchr(env_string, '=')) ||
+- !(env_end = strchr(env_value, ';')))
+- continue;
+- *env_end = '\0';
+-
+- /* pass to the application */
+-
+- if ((retval = pam_putenv(pamh, env_string)) != PAM_SUCCESS) {
+- fclose(env_read);
+- if (start_agent)
+- waitpid_intr(child_pid, &child_status, 0);
+- close(env_write);
+- if (agent_socket)
+- free(agent_socket);
+- openpam_restore_cred(pamh);
+- return retval;
+ }
+
+- *env_value++ = '\0';
+-
+- /* save the agent socket so we can connect to it and add
+- the keys as well as the PID so we can kill the agent on
+- session close. */
+-
+- agent_pid = NULL;
+- if (strcmp(&env_string[strlen(env_string) -
+- strlen(ENV_SOCKET_SUFFIX)], ENV_SOCKET_SUFFIX) == 0 &&
+- !(agent_socket = strdup(env_value))) {
+- pam_ssh_log(LOG_CRIT, "out of memory");
+- fclose(env_read);
+- if (start_agent)
+- waitpid_intr(child_pid, &child_status, 0);
+- close(env_write);
++ agent_socket = NULL;
++ retval = read_write_agent_env(pamh, env_read, env_write, &agent_socket);
++ close(env_write);
++ if (retval != PAM_SUCCESS) {
+ if (agent_socket)
+ free(agent_socket);
+- openpam_restore_cred(pamh);
+- return PAM_SERVICE_ERR;
+- } else if (strcmp(&env_string[strlen(env_string) -
+- strlen(ENV_PID_SUFFIX)], ENV_PID_SUFFIX) == 0 &&
+- (!(agent_pid = strdup(env_value)) ||
+- (retval = pam_set_data(pamh, "ssh_agent_pid",
+- agent_pid, ssh_cleanup)) != PAM_SUCCESS)) {
+ fclose(env_read);
+- if (start_agent)
+- waitpid_intr(child_pid, &child_status, 0);
+- close(env_write);
+- if (agent_pid)
+- free(agent_pid);
+- else {
+- pam_ssh_log(LOG_CRIT, "out of memory");
+- openpam_restore_cred(pamh);
+- return PAM_SERVICE_ERR;
+- }
+- if (agent_socket)
+- free(agent_socket);
+ openpam_restore_cred(pamh);
+ return retval;
+ }
+
+- }
+- close(env_write);
+-
+- if (fclose(env_read) != 0) {
+- pam_ssh_log(LOG_ERR, "fclose: %m");
+- openpam_restore_cred(pamh);
+- return PAM_SESSION_ERR;
+- }
+-
+- if (start_agent) {
+-
+- /* Ignore ECHILD in case a SIGCHLD handler is installed. */
+-
+- child_status = 0;
+- if (waitpid_intr(child_pid, &child_status, 0) == -1 &&
+- errno != ECHILD) {
+- pam_ssh_log(LOG_ERR, "%s: %m", PATH_SSH_AGENT);
++ if (fclose(env_read) != 0) {
++ pam_ssh_log(LOG_ERR, "fclose: %m");
+ if (agent_socket)
+ free(agent_socket);
+ openpam_restore_cred(pamh);
+ return PAM_SESSION_ERR;
+ }
+
+- if (child_status != 0) {
+- if (WIFSIGNALED(child_status))
+- pam_ssh_log(LOG_ERR, "%s exited on signal %d",
+- PATH_SSH_AGENT, WTERMSIG(child_status));
+- else
+- if (WEXITSTATUS(retval) == 127)
+- pam_ssh_log(LOG_ERR,
+- "cannot execute %s",
+- PATH_SSH_AGENT);
+- else
+- pam_ssh_log(LOG_ERR,
+- "%s exited with status %d",
+- PATH_SSH_AGENT,
+- WEXITSTATUS(child_status));
+- if (agent_socket)
+- free(agent_socket);
++ if (!agent_socket) {
+ openpam_restore_cred(pamh);
+ return PAM_SESSION_ERR;
+ }
++
++ ac = ssh_get_authentication_connection(agent_socket);
++ if (ac) {
++ free(agent_socket);
++ break;
++ }
++ pam_ssh_log(LOG_ERR, "%s: %m", agent_socket);
++ free(agent_socket);
++ if (start_agent)
++ break;
++ unlink(per_agent);
+ }
+
+- if (!agent_socket) {
+- openpam_restore_cred(pamh);
++ if (!ac)
+ return PAM_SESSION_ERR;
+- }
+
+- if (start_agent && (retval = add_keys(pamh, agent_socket))
+- != PAM_SUCCESS) {
++ if (start_agent)
++ retval = add_keys(pamh, ac);
++
++ ssh_close_authentication_connection(ac);
++
++ if (start_agent && retval != PAM_SUCCESS) {
+ openpam_restore_cred(pamh);
+ return retval;
+ }
+- free(agent_socket);
+
+ /* if we couldn't access the per-agent file, don't link a
+ per-session filename to it */
diff --git a/sys-auth/pam_ssh/files/pam_ssh-1.91-syslog.patch b/sys-auth/pam_ssh/files/pam_ssh-1.91-syslog.patch
new file mode 100644
index 000000000000..0289d0828510
--- /dev/null
+++ b/sys-auth/pam_ssh/files/pam_ssh-1.91-syslog.patch
@@ -0,0 +1,12 @@
+Index: pam_ssh-1.91/pam_ssh.c
+===================================================================
+--- pam_ssh-1.91.orig/pam_ssh.c
++++ pam_ssh-1.91/pam_ssh.c
+@@ -63,6 +63,7 @@
+ #include <string.h>
+ #include <sysexits.h>
+ #include <unistd.h>
++#include <syslog.h>
+
+ #define PAM_SM_AUTH
+ #define PAM_SM_SESSION
diff --git a/sys-auth/pam_ssh/pam_ssh-1.91-r2.ebuild b/sys-auth/pam_ssh/pam_ssh-1.91-r2.ebuild
new file mode 100644
index 000000000000..66e6bdd5a45d
--- /dev/null
+++ b/sys-auth/pam_ssh/pam_ssh-1.91-r2.ebuild
@@ -0,0 +1,48 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/pam_ssh/pam_ssh-1.91-r2.ebuild,v 1.1 2006/04/21 11:41:25 flameeyes Exp $
+
+inherit pam eutils
+
+DESCRIPTION="Uses ssh-agent to provide single sign-on"
+HOMEPAGE="http://pam-ssh.sourceforge.net/"
+SRC_URI="mirror://sourceforge/pam-ssh/${P}.tar.bz2"
+
+RESTRICT="nomirror confcache"
+LICENSE="BSD as-is"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~x86"
+IUSE=""
+
+# Doesn't work on OpenPAM.
+DEPEND="sys-libs/pam
+ sys-devel/libtool"
+
+RDEPEND="sys-libs/pam
+ virtual/ssh"
+
+src_unpack() {
+ unpack ${A}
+ cd "${S}"
+
+ epatch "${FILESDIR}/${P}-debian.patch" #105546
+ epatch "${FILESDIR}/${P}-syslog.patch" # glibc-2.4
+}
+
+src_compile() {
+ econf \
+ "--with-pam-dir=$(getpam_mod_dir)" \
+ || die "econf failed"
+
+ emake || die "emake failed"
+}
+
+src_install() {
+ make install DESTDIR=${D} || die "install failed"
+ dodoc AUTHORS ChangeLog NEWS README TODO "${FILESDIR}/system-auth.example"
+}
+
+pkg_postinst() {
+ einfo "You can find an example system-auth file that uses this"
+ einfo "library in /usr/share/doc/${PF}"
+}