CVS commit: src/lib/libpam/modules/pam_ssh
Module Name:src
Committed By: hannken
Date: Wed Jun 15 08:31:34 UTC 2022
Modified Files:
src/lib/libpam/modules/pam_ssh: pam_ssh.c
Log Message:
Set provider to NULL -- "pam" is not a valid security key helper library.
Now ssh-agent no longer fails key addition with
error: Cannot add provider: RSA is not an authenticator-hosted key
To generate a diff of this commit:
cvs rdiff -u -r1.29 -r1.30 src/lib/libpam/modules/pam_ssh/pam_ssh.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/lib/libpam/modules/pam_ssh/pam_ssh.c
diff -u src/lib/libpam/modules/pam_ssh/pam_ssh.c:1.29 src/lib/libpam/modules/pam_ssh/pam_ssh.c:1.30
--- src/lib/libpam/modules/pam_ssh/pam_ssh.c:1.29 Thu Feb 24 00:26:26 2022
+++ src/lib/libpam/modules/pam_ssh/pam_ssh.c Wed Jun 15 08:31:34 2022
@@ -1,4 +1,4 @@
-/* $NetBSD: pam_ssh.c,v 1.29 2022/02/24 00:26:26 christos Exp $ */
+/* $NetBSD: pam_ssh.c,v 1.30 2022/06/15 08:31:34 hannken Exp $ */
/*-
* Copyright (c) 2003 Networks Associates Technology, Inc.
@@ -38,7 +38,7 @@
#ifdef __FreeBSD__
__FBSDID("$FreeBSD: src/lib/libpam/modules/pam_ssh/pam_ssh.c,v 1.40 2004/02/10 10:13:21 des Exp $");
#else
-__RCSID("$NetBSD: pam_ssh.c,v 1.29 2022/02/24 00:26:26 christos Exp $");
+__RCSID("$NetBSD: pam_ssh.c,v 1.30 2022/06/15 08:31:34 hannken Exp $");
#endif
#include
@@ -68,7 +68,7 @@ __RCSID("$NetBSD: pam_ssh.c,v 1.29 2022/
#include "authfile.h"
#define ssh_add_identity(auth, key, comment) \
-ssh_add_identity_constrained(auth, key, comment, 0, 0, 0, "pam", NULL, 00)
+ssh_add_identity_constrained(auth, key, comment, 0, 0, 0, NULL, NULL, 00)
extern char **environ;
CVS commit: src/lib/libpam/modules/pam_ssh
Module Name:src Committed By: hannken Date: Wed Jun 15 08:31:34 UTC 2022 Modified Files: src/lib/libpam/modules/pam_ssh: pam_ssh.c Log Message: Set provider to NULL -- "pam" is not a valid security key helper library. Now ssh-agent no longer fails key addition with error: Cannot add provider: RSA is not an authenticator-hosted key To generate a diff of this commit: cvs rdiff -u -r1.29 -r1.30 src/lib/libpam/modules/pam_ssh/pam_ssh.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/lib/libpam/modules/pam_ssh
Module Name:src Committed By: christos Date: Thu Feb 24 00:26:27 UTC 2022 Modified Files: src/lib/libpam/modules/pam_ssh: pam_ssh.c Log Message: Add constrain arguments To generate a diff of this commit: cvs rdiff -u -r1.28 -r1.29 src/lib/libpam/modules/pam_ssh/pam_ssh.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/lib/libpam/modules/pam_ssh
Module Name:src
Committed By: christos
Date: Thu Feb 24 00:26:27 UTC 2022
Modified Files:
src/lib/libpam/modules/pam_ssh: pam_ssh.c
Log Message:
Add constrain arguments
To generate a diff of this commit:
cvs rdiff -u -r1.28 -r1.29 src/lib/libpam/modules/pam_ssh/pam_ssh.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/lib/libpam/modules/pam_ssh/pam_ssh.c
diff -u src/lib/libpam/modules/pam_ssh/pam_ssh.c:1.28 src/lib/libpam/modules/pam_ssh/pam_ssh.c:1.29
--- src/lib/libpam/modules/pam_ssh/pam_ssh.c:1.28 Wed Feb 26 22:25:08 2020
+++ src/lib/libpam/modules/pam_ssh/pam_ssh.c Wed Feb 23 19:26:26 2022
@@ -1,4 +1,4 @@
-/* $NetBSD: pam_ssh.c,v 1.28 2020/02/27 03:25:08 christos Exp $ */
+/* $NetBSD: pam_ssh.c,v 1.29 2022/02/24 00:26:26 christos Exp $ */
/*-
* Copyright (c) 2003 Networks Associates Technology, Inc.
@@ -38,7 +38,7 @@
#ifdef __FreeBSD__
__FBSDID("$FreeBSD: src/lib/libpam/modules/pam_ssh/pam_ssh.c,v 1.40 2004/02/10 10:13:21 des Exp $");
#else
-__RCSID("$NetBSD: pam_ssh.c,v 1.28 2020/02/27 03:25:08 christos Exp $");
+__RCSID("$NetBSD: pam_ssh.c,v 1.29 2022/02/24 00:26:26 christos Exp $");
#endif
#include
@@ -68,7 +68,7 @@ __RCSID("$NetBSD: pam_ssh.c,v 1.28 2020/
#include "authfile.h"
#define ssh_add_identity(auth, key, comment) \
- ssh_add_identity_constrained(auth, key, comment, 0, 0, 0, "pam")
+ssh_add_identity_constrained(auth, key, comment, 0, 0, 0, "pam", NULL, 00)
extern char **environ;
CVS commit: src/lib/libpam/modules/pam_ssh
Module Name:src
Committed By: mlelstv
Date: Sat Jun 1 07:15:39 UTC 2019
Modified Files:
src/lib/libpam/modules/pam_ssh: pam_ssh.c
Log Message:
Fix key loading logic and add log message when rejecting an unencrypted key.
To generate a diff of this commit:
cvs rdiff -u -r1.26 -r1.27 src/lib/libpam/modules/pam_ssh/pam_ssh.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/lib/libpam/modules/pam_ssh/pam_ssh.c
diff -u src/lib/libpam/modules/pam_ssh/pam_ssh.c:1.26 src/lib/libpam/modules/pam_ssh/pam_ssh.c:1.27
--- src/lib/libpam/modules/pam_ssh/pam_ssh.c:1.26 Sun Aug 26 08:54:03 2018
+++ src/lib/libpam/modules/pam_ssh/pam_ssh.c Sat Jun 1 07:15:39 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: pam_ssh.c,v 1.26 2018/08/26 08:54:03 christos Exp $ */
+/* $NetBSD: pam_ssh.c,v 1.27 2019/06/01 07:15:39 mlelstv Exp $ */
/*-
* Copyright (c) 2003 Networks Associates Technology, Inc.
@@ -38,7 +38,7 @@
#ifdef __FreeBSD__
__FBSDID("$FreeBSD: src/lib/libpam/modules/pam_ssh/pam_ssh.c,v 1.40 2004/02/10 10:13:21 des Exp $");
#else
-__RCSID("$NetBSD: pam_ssh.c,v 1.26 2018/08/26 08:54:03 christos Exp $");
+__RCSID("$NetBSD: pam_ssh.c,v 1.27 2019/06/01 07:15:39 mlelstv Exp $");
#endif
#include
@@ -119,13 +119,14 @@ pam_ssh_load_key(const char *dir, const
* accept only an empty passphrase.
*/
r = sshkey_load_private(fn, "", , );
- if (r && !(*passphrase == '\0' && nullok)) {
+ if (r == 0 && !(*passphrase == '\0' && nullok)) {
+ openpam_log(PAM_LOG_DEBUG, "rejected unencrypted key from %s", fn);
sshkey_free(key);
free(comment);
return (NULL);
}
if (r)
- sshkey_load_private(fn, passphrase, , );
+ r = sshkey_load_private(fn, passphrase, , );
if (r) {
openpam_log(PAM_LOG_DEBUG, "failed to load key from %s", fn);
if (comment != NULL)
CVS commit: src/lib/libpam/modules/pam_ssh
Module Name:src Committed By: mlelstv Date: Sat Jun 1 07:15:39 UTC 2019 Modified Files: src/lib/libpam/modules/pam_ssh: pam_ssh.c Log Message: Fix key loading logic and add log message when rejecting an unencrypted key. To generate a diff of this commit: cvs rdiff -u -r1.26 -r1.27 src/lib/libpam/modules/pam_ssh/pam_ssh.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Re: CVS commit: src/lib/libpam/modules/pam_ssh
mrg@ wrote: there's *really* broken code that writes to a time_t via a long*. OpenBSD still uses long (not time_t) for tv_sec in struct timeval... --- Izumi Tsutsui
Re: CVS commit: src/lib/libpam/modules/pam_ssh
On Nov 22, 11:10pm, tsut...@ceres.dti.ne.jp (Izumi Tsutsui) wrote: -- Subject: Re: CVS commit: src/lib/libpam/modules/pam_ssh | mrg@ wrote: | | there's *really* broken code that writes to a time_t via a long*. | | OpenBSD still uses long (not time_t) for tv_sec in struct timeval... Yes, but the portable openssh cannot make such assumptions! After all, according to posix time_t can be float. christos
Re: CVS commit: src/lib/libpam/modules/pam_ssh
In article 20101121204136.cbed017...@cvs.netbsd.org, Adam Ciarcinski source-changes-d@NetBSD.org wrote: -=-=-=-=-=- Module Name: src Committed By: adam Date: Sun Nov 21 20:41:36 UTC 2010 Modified Files: src/lib/libpam/modules/pam_ssh: pam_ssh.c Log Message: Use ssh_add_identity_constrained() instead of ssh_add_identity() Just for this example you need to bump the major of libssh! christos
Re: CVS commit: src/lib/libpam/modules/pam_ssh
On Mon, 22 Nov 2010, Christos Zoulas wrote: In article 20101121204136.cbed017...@cvs.netbsd.org, Adam Ciarcinski source-changes-d@NetBSD.org wrote: -=-=-=-=-=- Module Name:src Committed By: adam Date: Sun Nov 21 20:41:36 UTC 2010 Modified Files: src/lib/libpam/modules/pam_ssh: pam_ssh.c Log Message: Use ssh_add_identity_constrained() instead of ssh_add_identity() Just for this example you need to bump the major of libssh! I'm having all sorts of troubles with casting for prints, etc. -- Hisashi T Fujinaka - ht...@twofifty.com BSEE(6/86) + BSChem(3/95) + BAEnglish(8/95) + MSCS(8/03) + $2.50 = latte
re: CVS commit: src/lib/libpam/modules/pam_ssh
On Mon, 22 Nov 2010, Christos Zoulas wrote: In article 20101121204136.cbed017...@cvs.netbsd.org, Adam Ciarcinski source-changes-d@NetBSD.org wrote: -=-=-=-=-=- Module Name: src Committed By: adam Date: Sun Nov 21 20:41:36 UTC 2010 Modified Files: src/lib/libpam/modules/pam_ssh: pam_ssh.c Log Message: Use ssh_add_identity_constrained() instead of ssh_add_identity() Just for this example you need to bump the major of libssh! I'm having all sorts of troubles with casting for prints, etc. there are multiple issues. there's *really* broken code that writes to a time_t via a long*. here's the patches i've got in my tree right now. the first one is the real bug fix, the rest just make it compile for me. for some reason it took sparc and vax builds to find all of these. .mrg. Index: dist/servconf.c === RCS file: /cvsroot/src/crypto/external/bsd/openssh/dist/servconf.c,v retrieving revision 1.5 diff -p -r1.5 servconf.c *** dist/servconf.c 21 Nov 2010 18:59:04 - 1.5 --- dist/servconf.c 22 Nov 2010 03:13:06 - *** process_server_config_line(ServerOptions *** 816,822 int cmdline = 0, *intptr, value, n; SyslogFacility *log_facility_ptr; LogLevel *log_level_ptr; ! unsigned long lvalue, *longptr; ServerOpCodes opcode; int port = 0; u_int i, flags = 0; --- 816,823 int cmdline = 0, *intptr, value, n; SyslogFacility *log_facility_ptr; LogLevel *log_level_ptr; ! unsigned long lvalue; ! time_t *timetptr; ServerOpCodes opcode; int port = 0; u_int i, flags = 0; *** process_server_config_line(ServerOptions *** 831,837 if (!arg || !*arg || *arg == '#') return 0; intptr = NULL; ! longptr = NULL; charptr = NULL; opcode = parse_token(arg, filename, linenum, flags); --- 832,838 if (!arg || !*arg || *arg == '#') return 0; intptr = NULL; ! timetptr = NULL; charptr = NULL; opcode = parse_token(arg, filename, linenum, flags); *** process_server_config_line(ServerOptions *** 1627,1645 *intptr = value; break; case sBindTimeout: ! longptr = (unsigned long *) options-lpk.b_timeout.tv_sec; parse_ulong: arg = strdelim(cp); if (!arg || *arg == '\0') fatal(%s line %d: missing integer value., filename, linenum); lvalue = atol(arg); ! if (*activep *longptr == -1) ! *longptr = lvalue; break; case sSearchTimeout: ! longptr = (unsigned long *) options-lpk.s_timeout.tv_sec; goto parse_ulong; break; case sLdapConf: --- 1628,1646 *intptr = value; break; case sBindTimeout: ! timetptr = options-lpk.b_timeout.tv_sec; parse_ulong: arg = strdelim(cp); if (!arg || *arg == '\0') fatal(%s line %d: missing integer value., filename, linenum); lvalue = atol(arg); ! if (*activep *timetptr == -1) ! *timetptr = (time_t)lvalue; break; case sSearchTimeout: ! timetptr = options-lpk.s_timeout.tv_sec; goto parse_ulong; break; case sLdapConf: Index: dist/sftp.c === RCS file: /cvsroot/src/crypto/external/bsd/openssh/dist/sftp.c,v retrieving revision 1.4 diff -p -r1.4 sftp.c *** dist/sftp.c 21 Nov 2010 18:29:49 - 1.4 --- dist/sftp.c 22 Nov 2010 03:13:06 - *** complete(EditLine *el, int ch) *** 1778,1784 struct complete_ctx *complete_ctx; lf = el_line(el); ! if (el_get(el, EL_CLIENTDATA, (void**)complete_ctx) != 0) fatal(%s: el_get failed, __func__); /* Figure out which argument the cursor points to */ --- 1778,1784 struct complete_ctx *complete_ctx; lf = el_line(el); ! if (el_get(el, EL_CLIENTDATA, complete_ctx) != 0) fatal(%s: el_get failed, __func__); /* Figure out which argument the cursor points to */ Index: dist/ssh-keygen.c === RCS file: /cvsroot/src/crypto/external/bsd/openssh/dist/ssh-keygen.c,v retrieving revision 1.4 diff -p -r1.4 ssh-keygen.c *** dist/ssh-keygen.c 21 Nov 2010 18:29:49 - 1.4 --- dist/ssh-keygen.c 22 Nov 2010 03:13:06 - *** do_ca_sign(struct passwd *pw, int argc,
Re: CVS commit: src/lib/libpam/modules/pam_ssh
On Nov 21, 6:31pm, ht...@twofifty.com (Hisashi T Fujinaka) wrote: -- Subject: Re: CVS commit: src/lib/libpam/modules/pam_ssh | I'm having all sorts of troubles with casting for prints, etc. Adam is fixing them. Adam, if you need help, just let me know. christos
