diff options
| author |   Diego Elio Pettenò <flameeyes@gentoo.org> | 2010-09-29 21:20:13 +0000 |
|---|---|---|
| committer | Diego Elio Pettenò <flameeyes@gentoo.org> | 2010-09-29 21:20:13 +0000 |
| commit | 2df1684739ab9c7c684b5e0829f8fe45b414f809 (patch) | |
| tree | 7feff5757b685875e649ec3929b555f13144bdca /sys-auth | |
| parent | Version bump. Include patches from r1, plus i18n updates. (diff) | |
| download | historical-2df1684739ab9c7c684b5e0829f8fe45b414f809.tar.gz historical-2df1684739ab9c7c684b5e0829f8fe45b414f809.tar.bz2 historical-2df1684739ab9c7c684b5e0829f8fe45b414f809.zip | |
Fix dependencies over OpenSSH (bug #282993; thanks to Csaba Tóth for reporting and Constanze Hausner for the solution). Also cleanup old versions.
Package-Manager: portage-2.2_rc88/cvs/Linux x86_64
Diffstat (limited to 'sys-auth')
| -rw-r--r-- | sys-auth/pam_ssh/ChangeLog | 10 | ||||
| -rw-r--r-- | sys-auth/pam_ssh/Manifest | 17 | ||||
| -rw-r--r-- | sys-auth/pam_ssh/files/pam_ssh-1.91-debian.patch | 487 | ||||
| -rw-r--r-- | sys-auth/pam_ssh/files/pam_ssh-1.91-openssl-0.9.8.patch | 12 | ||||
| -rw-r--r-- | sys-auth/pam_ssh/files/pam_ssh-1.91-syslog.patch | 12 | ||||
| -rw-r--r-- | sys-auth/pam_ssh/files/system-auth.example | 16 | ||||
| -rw-r--r-- | sys-auth/pam_ssh/pam_ssh-1.92.ebuild | 49 | ||||
| -rw-r--r-- | sys-auth/pam_ssh/pam_ssh-1.97-r2.ebuild | 13 | ||||
| -rw-r--r-- | sys-auth/pam_ssh/pam_ssh-1.97.ebuild | 45 |
9 files changed, 21 insertions, 640 deletions
diff --git a/sys-auth/pam_ssh/ChangeLog b/sys-auth/pam_ssh/ChangeLog index 280556a9c367..d5bb59738a68 100644 --- a/sys-auth/pam_ssh/ChangeLog +++ b/sys-auth/pam_ssh/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for sys-auth/pam_ssh # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-auth/pam_ssh/ChangeLog,v 1.38 2010/08/07 12:45:27 flameeyes Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-auth/pam_ssh/ChangeLog,v 1.39 2010/09/29 21:20:13 flameeyes Exp $ + + 29 Sep 2010; Diego E. Pettenò <flameeyes@gentoo.org> + -files/pam_ssh-1.91-debian.patch, -files/pam_ssh-1.91-openssl-0.9.8.patch, + -files/pam_ssh-1.91-syslog.patch, -pam_ssh-1.92.ebuild, + -pam_ssh-1.97.ebuild, pam_ssh-1.97-r2.ebuild, -files/system-auth.example: + Fix dependencies over OpenSSH (bug #282993; thanks to Csaba Tóth for + reporting and Constanze Hausner for the solution). Also cleanup old + versions. 07 Aug 2010; Diego E. Pettenò <flameeyes@gentoo.org> pam_ssh-1.97-r2.ebuild: diff --git a/sys-auth/pam_ssh/Manifest b/sys-auth/pam_ssh/Manifest index 9cc5cf8d2ea4..244cc34e7996 100644 --- a/sys-auth/pam_ssh/Manifest +++ b/sys-auth/pam_ssh/Manifest @@ -1,24 +1,17 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -AUX pam_ssh-1.91-debian.patch 13855 RMD160 35cea4b64425351e94f8e5ec4689f17cb97332e7 SHA1 28bbab2ba09356520b571990fc03b0c182bf135e SHA256 a64647467fb05b71a08fe718d371e62356ad8bbf7b7f5a7bc4827b08ca5c91cf -AUX pam_ssh-1.91-openssl-0.9.8.patch 291 RMD160 f8cbc5831b4286f688f336ece32b7003a937cf4b SHA1 def422cb326165107ad9a4e347724284ae1abe30 SHA256 0e4b3bbd14b874bd9999f92cc2b4358f95e458654e0cc3bcc755790cbcdfea1d -AUX pam_ssh-1.91-syslog.patch 308 RMD160 f06a704155b76052bdd536e8b27a579cf9d0a4bb SHA1 2f80221a9a804e8da777179dc0768dbc73a7fb65 SHA256 b581d3422f93a8de7cd8b7dbc23c58da133eb63127059e6ff0b1f3e93e63a802 AUX pam_ssh-1.97-doublefree.patch 975 RMD160 45e10e818eea022e3990acaefd6f54aa2edf21f7 SHA1 193ccf9442506f2b98f07c794858c9aff85452df SHA256 035b20e4cfc0e723166c44414216ed4234d130877f9d717c905c5f1697421df0 AUX pam_symbols.ver 35 RMD160 52c7d91bc13dc5ef75ddb26ee2d821743959d880 SHA1 d7a59e17da407b58e1f103e1c1008ee9a86422ee SHA256 3359a9186617879479a4e943a16bc8c69e4d0ab259e6b729f983ca9328616756 -AUX system-auth.example 612 RMD160 ffbcbc7535cd654c5a9e8ce2d3584b841aea6e53 SHA1 f90c19c81821789fe16a200320792887b8680c44 SHA256 3699db4595de56f31448c85a83c34277d1bebb5c805871b1c449446a49fb1989 -DIST pam_ssh-1.92.tar.bz2 260444 RMD160 d7121ab89baaec82853758449f84429a387fee0e SHA1 33f537343fa4435717cbf83db52d19c6eed9a35e SHA256 d98f4698f692d46996b3845c2164528c8ad82f112df1c42abe7b8ebb2b133362 DIST pam_ssh-1.97.tar.bz2 200184 RMD160 bc36f34fdf9ed545b8c52c7072e3f759a61527ce SHA1 ed5e529e94b754cb88dc64da4be397f046612fd0 SHA256 10233b0d3e480fdc977d4e3a1ea5a994cf1f257c3b948650a86e4d753796789d -EBUILD pam_ssh-1.92.ebuild 1215 RMD160 1489eb768160f2036fcb8d834200449e4278924d SHA1 7b2835c4a1e9fffb79b313c18eab5f6ff7409c77 SHA256 fc366eb514c2acb3db0d753088274c2ea0a1e11973d62dfb9187f15700ba6f57 EBUILD pam_ssh-1.97-r1.ebuild 1162 RMD160 8d9aa02ec416d7ce8cc66135023e19961e98f09e SHA1 31cc7370e3da00fa36c8caaaad7933be2e870611 SHA256 ba2831a115847e58fdc2e495a6aa31c71f322b2171fe957fc403265ccdadacf6 -EBUILD pam_ssh-1.97-r2.ebuild 1401 RMD160 b42f72d2545102439098746a312c3d39b45c6cf8 SHA1 7db9b10101e43e9f80401bf8acec6ad18360953a SHA256 f9976577bab0c78b7f33216288e2c0dca4ceedaea41d7af929612859c2de3971 -EBUILD pam_ssh-1.97.ebuild 1090 RMD160 94403c76c8e0e3f575501dc8f7174fb135e24d0f SHA1 a28ba94075d59906d046d04d6effac0817e6b689 SHA256 6a760e0ac0d0f48b438fac657814c7ce2685df15cb9fd9301c3b8e720172e09d -MISC ChangeLog 6149 RMD160 02c3b0142e7480eec79ee475678aa578a41f184d SHA1 888619aadaad4915a6a2ce546cc90de7d8e405b3 SHA256 e9b1d1e12ba5fcc092194d9dbae558ca0440b1b67a83756f090626c5b5353006 +EBUILD pam_ssh-1.97-r2.ebuild 1501 RMD160 9b6aeaaa55903ec187d05308dc7a7348565a4a02 SHA1 508271ff7dfca2493f52a5a47a85decd9775cdab SHA256 96049f8c499e3b10872deead480eb92d5992ebfba688d27e61c46c13e5c9c08c +MISC ChangeLog 6571 RMD160 688fc20e578f4bdfea70b5a612a477c01c2d8e31 SHA1 8c2c1dc012e802819cb993a83dc6827f9c069331 SHA256 7931b068d19492a914be77994b622211a454d1713a7d0aeb1e3a0563af22aee3 MISC metadata.xml 218 RMD160 1955c7446d4ceb77506ba7b58ee35913c576a72c SHA1 02dacc356a39905402083cb54ae4f6dd0ac59fad SHA256 e0bb49cab71cc84d8bdad26876197164073722b378d27a5bf55bbfd2afdbd19c -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) -iEYEARECAAYFAkxdVZwACgkQAiZjviIA2XhaoQCcDVbFPfVFvYczP7mJImhfEIHY -akQAn1YAfEfXcIwtxgn3NjJpg85RFEvC -=oYKP +iEYEARECAAYFAkyjrZAACgkQAiZjviIA2XgjCQCfRLlK758ZgLcI4MVZst6pGIQh +3S4AoIgoWEQC8yGtYIO6UvFZCOKSAddv +=gZ3G -----END PGP SIGNATURE----- diff --git a/sys-auth/pam_ssh/files/pam_ssh-1.91-debian.patch b/sys-auth/pam_ssh/files/pam_ssh-1.91-debian.patch deleted file mode 100644 index b1e49e23f4b8..000000000000 --- a/sys-auth/pam_ssh/files/pam_ssh-1.91-debian.patch +++ /dev/null @@ -1,487 +0,0 @@ ---- libpam-ssh-1.91.0.orig/pam_ssh.c 2004-04-12 08:55:08.000000000 -0500 -+++ libpam-ssh-1.91.0/pam_ssh.c 2005-04-03 21:18:58.140936716 -0500 -@@ -279,9 +279,8 @@ - */ - - static int --add_keys(pam_handle_t *pamh, char *socket) -+add_keys(pam_handle_t *pamh, AuthenticationConnection *ac) - { -- AuthenticationConnection *ac; /* connection to ssh-agent */ - char *comment; /* private key comment */ - char *data_name; /* PAM state */ - int final; /* final return value */ -@@ -289,13 +288,6 @@ - Key *key; /* user's private key */ - int retval; /* from calls */ - -- /* connect to the agent */ -- -- if (!(ac = ssh_get_authentication_connection(socket))) { -- pam_ssh_log(LOG_ERR, "%s: %m", socket); -- return PAM_SESSION_ERR; -- } -- - /* hand off each private key to the agent */ - - final = 0; -@@ -324,11 +316,177 @@ - if (!final) - final = retval; - } -- ssh_close_authentication_connection(ac); - - return final ? PAM_SUCCESS : PAM_SESSION_ERR; - } - -+static int -+start_ssh_agent(pam_handle_t *pamh, uid_t uid, FILE **env_read) -+{ -+ pid_t child_pid; /* child process that spawns agent */ -+ int child_pipe[2]; /* pipe to child process */ -+ int child_status; /* child process status */ -+ char *arg[3], *env[1]; /* to pass to execve() */ -+ -+ if (pipe(child_pipe) < 0) { -+ pam_ssh_log(LOG_ERR, "pipe: %m"); -+ return PAM_SERVICE_ERR; -+ } -+ switch (child_pid = fork()) { -+ case -1: /* error */ -+ pam_ssh_log(LOG_ERR, "fork: %m"); -+ close(child_pipe[0]); -+ close(child_pipe[1]); -+ return PAM_SERVICE_ERR; -+ /* NOTREACHED */ -+ case 0: /* child */ -+ -+ /* Permanently drop privileges using setuid() -+ before executing ssh-agent so that root -+ privileges can't possibly be regained (some -+ ssh-agents insist that euid == ruid -+ anyway). System V won't let us use -+ setuid() unless euid == 0, so we -+ temporarily regain root privileges first -+ with openpam_restore_cred() (which calls -+ seteuid()). */ -+ -+ switch (openpam_restore_cred(pamh)) { -+ case PAM_SYSTEM_ERR: -+ pam_ssh_log(LOG_ERR, -+ "can't restore privileges: %m"); -+ _exit(EX_OSERR); -+ /* NOTREACHED */ -+ case PAM_SUCCESS: -+ if (setuid(uid) == -1) { -+ pam_ssh_log(LOG_ERR, -+ "can't drop privileges: %m", -+ uid); -+ _exit(EX_NOPERM); -+ } -+ break; -+ } -+ -+ if (close(child_pipe[0]) == -1) { -+ pam_ssh_log(LOG_ERR, "close: %m"); -+ _exit(EX_OSERR); -+ } -+ if (child_pipe[1] != STDOUT_FILENO) { -+ if (dup2(child_pipe[1], STDOUT_FILENO) == -1) { -+ pam_ssh_log(LOG_ERR, "dup: %m"); -+ _exit(EX_OSERR); -+ } -+ if (close(child_pipe[1]) == -1) { -+ pam_ssh_log(LOG_ERR, "close: %m"); -+ _exit(EX_OSERR); -+ } -+ } -+ arg[0] = "ssh-agent"; -+ arg[1] = "-s"; -+ arg[2] = NULL; -+ env[0] = NULL; -+ execve(PATH_SSH_AGENT, arg, env); -+ pam_ssh_log(LOG_ERR, "%s: %m", PATH_SSH_AGENT); -+ _exit(127); -+ /* NOTREACHED */ -+ } -+ if (close(child_pipe[1]) == -1) { -+ pam_ssh_log(LOG_ERR, "close: %m"); -+ return PAM_SESSION_ERR; -+ } -+ if (!(*env_read = fdopen(child_pipe[0], "r"))) { -+ pam_ssh_log(LOG_ERR, "%s: %m", PATH_SSH_AGENT); -+ return PAM_SESSION_ERR; -+ } -+ -+ child_status = 0; -+ if (waitpid_intr(child_pid, &child_status, 0) == -1 && -+ errno != ECHILD) { -+ pam_ssh_log(LOG_ERR, "%s: %m", PATH_SSH_AGENT); -+ return PAM_SESSION_ERR; -+ } -+ -+ if (child_status != 0) { -+ if (WIFSIGNALED(child_status)) -+ pam_ssh_log(LOG_ERR, "%s exited on signal %d", -+ PATH_SSH_AGENT, WTERMSIG(child_status)); -+ else -+ if (WEXITSTATUS(child_status) == 127) -+ pam_ssh_log(LOG_ERR, -+ "cannot execute %s", -+ PATH_SSH_AGENT); -+ else -+ pam_ssh_log(LOG_ERR, -+ "%s exited with status %d", -+ PATH_SSH_AGENT, -+ WEXITSTATUS(child_status)); -+ return PAM_SESSION_ERR; -+ } -+ -+ return PAM_SUCCESS; -+} -+ -+static int -+read_write_agent_env(pam_handle_t *pamh, -+ FILE *env_read, -+ int env_write, -+ char **agent_socket) -+{ -+ char *agent_pid; /* copy of agent PID */ -+ char *env_end; /* end of env */ -+ char env_string[BUFSIZ]; /* environment string */ -+ char *env_value; /* envariable value */ -+ int retval; /* from calls */ -+ -+ while (fgets(env_string, sizeof env_string, env_read)) { -+ -+ /* parse environment definitions */ -+ -+ if (env_write >= 0) -+ write(env_write, env_string, strlen(env_string)); -+ if (!(env_value = strchr(env_string, '=')) || -+ !(env_end = strchr(env_value, ';'))) -+ continue; -+ *env_end = '\0'; -+ -+ /* pass to the application */ -+ -+ if ((retval = pam_putenv(pamh, env_string)) != PAM_SUCCESS) -+ return retval; -+ -+ *env_value++ = '\0'; -+ -+ /* save the agent socket so we can connect to it and add -+ the keys as well as the PID so we can kill the agent on -+ session close. */ -+ -+ agent_pid = NULL; -+ if (strcmp(&env_string[strlen(env_string) - -+ strlen(ENV_SOCKET_SUFFIX)], ENV_SOCKET_SUFFIX) == 0 && -+ !(*agent_socket = strdup(env_value))) { -+ pam_ssh_log(LOG_CRIT, "out of memory"); -+ return PAM_SERVICE_ERR; -+ } else if (strcmp(&env_string[strlen(env_string) - -+ strlen(ENV_PID_SUFFIX)], ENV_PID_SUFFIX) == 0 && -+ (!(agent_pid = strdup(env_value)) || -+ (retval = pam_set_data(pamh, "ssh_agent_pid", -+ agent_pid, ssh_cleanup)) != PAM_SUCCESS)) { -+ if (agent_pid) -+ free(agent_pid); -+ else { -+ pam_ssh_log(LOG_CRIT, "out of memory"); -+ return PAM_SERVICE_ERR; -+ } -+ if (agent_socket) -+ free(agent_socket); -+ return retval; -+ } -+ -+ } -+ -+ return PAM_SUCCESS; -+} -+ - - PAM_EXTERN int - pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, int argc, -@@ -494,17 +652,10 @@ - pam_sm_open_session(pam_handle_t *pamh, int flags __unused, - int argc __unused, const char **argv __unused) - { -- char *agent_pid; /* copy of agent PID */ -+ AuthenticationConnection *ac; /* connection to ssh-agent */ - char *agent_socket; /* agent socket */ -- char *arg[3], *env[1]; /* to pass to execve() */ -- pid_t child_pid; /* child process that spawns agent */ -- int child_pipe[2]; /* pipe to child process */ -- int child_status; /* child process status */ - char *cp; /* scratch */ -- char *env_end; /* end of env */ - FILE *env_read; /* env data source */ -- char env_string[BUFSIZ]; /* environment string */ -- char *env_value; /* envariable value */ - int env_write; /* env file descriptor */ - char hname[MAXHOSTNAMELEN]; /* local hostname */ - int no_link; /* link per-agent file? */ -@@ -515,6 +666,7 @@ - int start_agent; /* start agent? */ - const char *tty_raw; /* raw tty or display name */ - char *tty_nodir; /* tty without / chars */ -+ int attempt; /* No. of attempt to contact agent */ - - log_init(MODULE_NAME, SYSLOG_LEVEL_ERROR, SYSLOG_FACILITY_AUTHPRIV, 0); - -@@ -568,215 +720,70 @@ - per-session filename later. Start the agent if we can't open - the file for reading. */ - -- env_write = child_pid = no_link = start_agent = 0; -- env_read = NULL; -- if ((env_write = open(per_agent, O_CREAT | O_EXCL | O_WRONLY, S_IRUSR)) -- < 0 && !(env_read = fopen(per_agent, "r"))) -- no_link = 1; -- if (!env_read) { -- start_agent = 1; -- if (pipe(child_pipe) < 0) { -- pam_ssh_log(LOG_ERR, "pipe: %m"); -- close(env_write); -- openpam_restore_cred(pamh); -- return PAM_SERVICE_ERR; -- } -- switch (child_pid = fork()) { -- case -1: /* error */ -- pam_ssh_log(LOG_ERR, "fork: %m"); -- close(child_pipe[0]); -- close(child_pipe[1]); -- close(env_write); -- openpam_restore_cred(pamh); -- return PAM_SERVICE_ERR; -- /* NOTREACHED */ -- case 0: /* child */ -- -- /* Permanently drop privileges using setuid() -- before executing ssh-agent so that root -- privileges can't possibly be regained (some -- ssh-agents insist that euid == ruid -- anyway). System V won't let us use -- setuid() unless euid == 0, so we -- temporarily regain root privileges first -- with openpam_restore_cred() (which calls -- seteuid()). */ -- -- switch (openpam_restore_cred(pamh)) { -- case PAM_SYSTEM_ERR: -- pam_ssh_log(LOG_ERR, -- "can't restore privileges: %m"); -- _exit(EX_OSERR); -- /* NOTREACHED */ -- case PAM_SUCCESS: -- if (setuid(pwent->pw_uid) == -1) { -- pam_ssh_log(LOG_ERR, -- "can't drop privileges: %m", -- pwent->pw_uid); -- _exit(EX_NOPERM); -- } -- break; -- } -- -- if (close(child_pipe[0]) == -1) { -- pam_ssh_log(LOG_ERR, "close: %m"); -- _exit(EX_OSERR); -- } -- if (child_pipe[1] != STDOUT_FILENO) { -- if (dup2(child_pipe[1], STDOUT_FILENO) == -1) { -- pam_ssh_log(LOG_ERR, "dup: %m"); -- _exit(EX_OSERR); -- } -- if (close(child_pipe[1]) == -1) { -- pam_ssh_log(LOG_ERR, "close: %m"); -- _exit(EX_OSERR); -- } -+ for ( attempt = 0; attempt < 2; ++attempt ) { -+ env_write = no_link = start_agent = 0; -+ env_read = NULL; -+ if ((env_write = open(per_agent, O_CREAT | O_EXCL | O_WRONLY, S_IRUSR)) -+ < 0 && !(env_read = fopen(per_agent, "r"))) -+ no_link = 1; -+ if (!env_read) { -+ start_agent = 1; -+ if ((retval = start_ssh_agent(pamh, pwent->pw_uid, &env_read)) -+ != PAM_SUCCESS) { -+ close(env_write); -+ openpam_restore_cred(pamh); -+ return retval; - } -- arg[0] = "ssh-agent"; -- arg[1] = "-s"; -- arg[2] = NULL; -- env[0] = NULL; -- execve(PATH_SSH_AGENT, arg, env); -- pam_ssh_log(LOG_ERR, "%s: %m", PATH_SSH_AGENT); -- _exit(127); -- /* NOTREACHED */ -- } -- if (close(child_pipe[1]) == -1) { -- pam_ssh_log(LOG_ERR, "close: %m"); -- openpam_restore_cred(pamh); -- return PAM_SESSION_ERR; -- } -- if (!(env_read = fdopen(child_pipe[0], "r"))) { -- pam_ssh_log(LOG_ERR, "%s: %m", PATH_SSH_AGENT); -- close(env_write); -- openpam_restore_cred(pamh); -- return PAM_SESSION_ERR; -- } -- } -- -- /* save environment for application with pam_putenv() */ -- -- agent_socket = NULL; -- while (fgets(env_string, sizeof env_string, env_read)) { -- -- /* parse environment definitions */ -- -- if (env_write >= 0) -- write(env_write, env_string, strlen(env_string)); -- if (!(env_value = strchr(env_string, '=')) || -- !(env_end = strchr(env_value, ';'))) -- continue; -- *env_end = '\0'; -- -- /* pass to the application */ -- -- if ((retval = pam_putenv(pamh, env_string)) != PAM_SUCCESS) { -- fclose(env_read); -- if (start_agent) -- waitpid_intr(child_pid, &child_status, 0); -- close(env_write); -- if (agent_socket) -- free(agent_socket); -- openpam_restore_cred(pamh); -- return retval; - } - -- *env_value++ = '\0'; -- -- /* save the agent socket so we can connect to it and add -- the keys as well as the PID so we can kill the agent on -- session close. */ -- -- agent_pid = NULL; -- if (strcmp(&env_string[strlen(env_string) - -- strlen(ENV_SOCKET_SUFFIX)], ENV_SOCKET_SUFFIX) == 0 && -- !(agent_socket = strdup(env_value))) { -- pam_ssh_log(LOG_CRIT, "out of memory"); -- fclose(env_read); -- if (start_agent) -- waitpid_intr(child_pid, &child_status, 0); -- close(env_write); -+ agent_socket = NULL; -+ retval = read_write_agent_env(pamh, env_read, env_write, &agent_socket); -+ close(env_write); -+ if (retval != PAM_SUCCESS) { - if (agent_socket) - free(agent_socket); -- openpam_restore_cred(pamh); -- return PAM_SERVICE_ERR; -- } else if (strcmp(&env_string[strlen(env_string) - -- strlen(ENV_PID_SUFFIX)], ENV_PID_SUFFIX) == 0 && -- (!(agent_pid = strdup(env_value)) || -- (retval = pam_set_data(pamh, "ssh_agent_pid", -- agent_pid, ssh_cleanup)) != PAM_SUCCESS)) { - fclose(env_read); -- if (start_agent) -- waitpid_intr(child_pid, &child_status, 0); -- close(env_write); -- if (agent_pid) -- free(agent_pid); -- else { -- pam_ssh_log(LOG_CRIT, "out of memory"); -- openpam_restore_cred(pamh); -- return PAM_SERVICE_ERR; -- } -- if (agent_socket) -- free(agent_socket); - openpam_restore_cred(pamh); - return retval; - } - -- } -- close(env_write); -- -- if (fclose(env_read) != 0) { -- pam_ssh_log(LOG_ERR, "fclose: %m"); -- openpam_restore_cred(pamh); -- return PAM_SESSION_ERR; -- } -- -- if (start_agent) { -- -- /* Ignore ECHILD in case a SIGCHLD handler is installed. */ -- -- child_status = 0; -- if (waitpid_intr(child_pid, &child_status, 0) == -1 && -- errno != ECHILD) { -- pam_ssh_log(LOG_ERR, "%s: %m", PATH_SSH_AGENT); -+ if (fclose(env_read) != 0) { -+ pam_ssh_log(LOG_ERR, "fclose: %m"); - if (agent_socket) - free(agent_socket); - openpam_restore_cred(pamh); - return PAM_SESSION_ERR; - } - -- if (child_status != 0) { -- if (WIFSIGNALED(child_status)) -- pam_ssh_log(LOG_ERR, "%s exited on signal %d", -- PATH_SSH_AGENT, WTERMSIG(child_status)); -- else -- if (WEXITSTATUS(retval) == 127) -- pam_ssh_log(LOG_ERR, -- "cannot execute %s", -- PATH_SSH_AGENT); -- else -- pam_ssh_log(LOG_ERR, -- "%s exited with status %d", -- PATH_SSH_AGENT, -- WEXITSTATUS(child_status)); -- if (agent_socket) -- free(agent_socket); -+ if (!agent_socket) { - openpam_restore_cred(pamh); - return PAM_SESSION_ERR; - } -+ -+ ac = ssh_get_authentication_connection(agent_socket); -+ if (ac) { -+ free(agent_socket); -+ break; -+ } -+ pam_ssh_log(LOG_ERR, "%s: %m", agent_socket); -+ free(agent_socket); -+ if (start_agent) -+ break; -+ unlink(per_agent); - } - -- if (!agent_socket) { -- openpam_restore_cred(pamh); -+ if (!ac) - return PAM_SESSION_ERR; -- } - -- if (start_agent && (retval = add_keys(pamh, agent_socket)) -- != PAM_SUCCESS) { -+ if (start_agent) -+ retval = add_keys(pamh, ac); -+ -+ ssh_close_authentication_connection(ac); -+ -+ if (start_agent && retval != PAM_SUCCESS) { - openpam_restore_cred(pamh); - return retval; - } -- free(agent_socket); - - /* if we couldn't access the per-agent file, don't link a - per-session filename to it */ diff --git a/sys-auth/pam_ssh/files/pam_ssh-1.91-openssl-0.9.8.patch b/sys-auth/pam_ssh/files/pam_ssh-1.91-openssl-0.9.8.patch deleted file mode 100644 index fa142b011ef4..000000000000 --- a/sys-auth/pam_ssh/files/pam_ssh-1.91-openssl-0.9.8.patch +++ /dev/null @@ -1,12 +0,0 @@ -Index: pam_ssh-1.91/cipher.c -=================================================================== ---- pam_ssh-1.91.orig/cipher.c -+++ pam_ssh-1.91/cipher.c -@@ -39,6 +39,7 @@ - #include <string.h> - - #include <openssl/evp.h> -+#include <openssl/md5.h> - - #include <config.h> - #include "cipher.h" diff --git a/sys-auth/pam_ssh/files/pam_ssh-1.91-syslog.patch b/sys-auth/pam_ssh/files/pam_ssh-1.91-syslog.patch deleted file mode 100644 index 0289d0828510..000000000000 --- a/sys-auth/pam_ssh/files/pam_ssh-1.91-syslog.patch +++ /dev/null @@ -1,12 +0,0 @@ -Index: pam_ssh-1.91/pam_ssh.c -=================================================================== ---- pam_ssh-1.91.orig/pam_ssh.c -+++ pam_ssh-1.91/pam_ssh.c -@@ -63,6 +63,7 @@ - #include <string.h> - #include <sysexits.h> - #include <unistd.h> -+#include <syslog.h> - - #define PAM_SM_AUTH - #define PAM_SM_SESSION diff --git a/sys-auth/pam_ssh/files/system-auth.example b/sys-auth/pam_ssh/files/system-auth.example deleted file mode 100644 index df13fe867914..000000000000 --- a/sys-auth/pam_ssh/files/system-auth.example +++ /dev/null @@ -1,16 +0,0 @@ -#%PAM-1.0 - -auth required /lib/security/pam_env.so -auth sufficient /lib/security/pam_ssh.so -auth sufficient /lib/security/pam_unix.so use_first_pass likeauth nullok nodelay -auth required /lib/security/pam_deny.so - -account required /lib/security/pam_unix.so - -password required /lib/security/pam_cracklib.so retry=3 -password sufficient /lib/security/pam_unix.so nullok md5 shadow use_authtok -password required /lib/security/pam_deny.so - -session required /lib/security/pam_limits.so -session required /lib/security/pam_unix.so -session optional /lib/security/pam_ssh.so diff --git a/sys-auth/pam_ssh/pam_ssh-1.92.ebuild b/sys-auth/pam_ssh/pam_ssh-1.92.ebuild deleted file mode 100644 index f90ec23c03ab..000000000000 --- a/sys-auth/pam_ssh/pam_ssh-1.92.ebuild +++ /dev/null @@ -1,49 +0,0 @@ -# Copyright 1999-2009 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-auth/pam_ssh/pam_ssh-1.92.ebuild,v 1.21 2009/03/15 16:55:46 ranger Exp $ - -inherit pam eutils - -DESCRIPTION="Uses ssh-agent to provide single sign-on" -HOMEPAGE="http://pam-ssh.sourceforge.net/" -SRC_URI="mirror://sourceforge/pam-ssh/${P}.tar.bz2" - -LICENSE="BSD as-is" -SLOT="0" -KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86" -IUSE="" - -# Doesn't work on OpenPAM. -DEPEND="sys-libs/pam - sys-devel/libtool" - -RDEPEND="sys-libs/pam - virtual/ssh" - -src_unpack() { - unpack ${A} - cd "${S}" - - epatch "${FILESDIR}/${PN}-1.91-debian.patch" #105546 - epatch "${FILESDIR}/${PN}-1.91-syslog.patch" # glibc-2.4 -} - -src_compile() { - econf \ - "--with-pam-dir=$(getpam_mod_dir)" \ - || die "econf failed" - - emake || die "emake failed" -} - -src_install() { - emake DESTDIR="${D}" install || die "install failed" - dodoc AUTHORS ChangeLog NEWS README TODO - - find "${D}" -name '*.la' -delete || die "Unable to remove libtool archives." -} - -pkg_postinst() { - elog "You can enable pam_ssh for system authentication by enabling" - elog "the ssh USE flag on sys-auth/pambase." -} diff --git a/sys-auth/pam_ssh/pam_ssh-1.97-r2.ebuild b/sys-auth/pam_ssh/pam_ssh-1.97-r2.ebuild index cce4a58da572..1908a50b642e 100644 --- a/sys-auth/pam_ssh/pam_ssh-1.97-r2.ebuild +++ b/sys-auth/pam_ssh/pam_ssh-1.97-r2.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2010 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-auth/pam_ssh/pam_ssh-1.97-r2.ebuild,v 1.2 2010/08/07 12:45:27 flameeyes Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-auth/pam_ssh/pam_ssh-1.97-r2.ebuild,v 1.3 2010/09/29 21:20:13 flameeyes Exp $ EAPI=2 @@ -15,12 +15,13 @@ SLOT="0" KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~ia64-linux ~x86-linux" IUSE="" -# Doesn't work on OpenPAM. -DEPEND="sys-libs/pam - sys-devel/libtool" - +# Doesn't work on OpenPAM; looks for OpenSSH at build time (bug +# #282993) and won't work with other implementations either RDEPEND="sys-libs/pam - virtual/ssh" + net-misc/openssh" + +DEPEND="${RDEPEND} + sys-devel/libtool" src_prepare() { epatch "${FILESDIR}/${P}-doublefree.patch" diff --git a/sys-auth/pam_ssh/pam_ssh-1.97.ebuild b/sys-auth/pam_ssh/pam_ssh-1.97.ebuild deleted file mode 100644 index 439180951044..000000000000 --- a/sys-auth/pam_ssh/pam_ssh-1.97.ebuild +++ /dev/null @@ -1,45 +0,0 @@ -# Copyright 1999-2009 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-auth/pam_ssh/pam_ssh-1.97.ebuild,v 1.3 2009/07/29 21:16:06 maekke Exp $ - -EAPI=2 - -inherit pam autotools - -DESCRIPTION="Uses ssh-agent to provide single sign-on" -HOMEPAGE="http://pam-ssh.sourceforge.net/" -SRC_URI="mirror://sourceforge/pam-ssh/${P}.tar.bz2" - -LICENSE="BSD as-is" -SLOT="0" -KEYWORDS="~alpha amd64 ~arm hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86" -IUSE="" - -# Doesn't work on OpenPAM. -DEPEND="sys-libs/pam - sys-devel/libtool" - -RDEPEND="sys-libs/pam - virtual/ssh" - -src_prepare() { - eautoreconf -} - -src_configure() { - econf \ - "--with-pam-dir=$(getpam_mod_dir)" \ - || die "econf failed" -} - -src_install() { - emake DESTDIR="${D}" install || die "install failed" - dodoc AUTHORS ChangeLog NEWS README TODO || die - - find "${D}" -name '*.la' -delete || die "Unable to remove libtool archives." -} - -pkg_postinst() { - elog "You can enable pam_ssh for system authentication by enabling" - elog "the ssh USE flag on sys-auth/pambase." -} |