diff --git a/.gitignore b/.gitignore index 4b56bc0..b846d8f 100644 --- a/.gitignore +++ b/.gitignore @@ -24,3 +24,4 @@ pam_ssh_agent_auth-0.9.2.tar.bz2 /openssh-7.2p2.tar.gz /openssh-7.3p1.tar.gz /openssh-7.4p1.tar.gz +/pam_ssh_agent_auth-0.10.3.tar.bz2 diff --git a/openssh-7.2p1-fips.patch b/openssh-7.2p1-fips.patch index 0fd9b98..f8991f0 100644 --- a/openssh-7.2p1-fips.patch +++ b/openssh-7.2p1-fips.patch @@ -333,9 +333,9 @@ diff -up openssh-7.4p1/myproposal.h.fips openssh-7.4p1/myproposal.h #else /* WITH_OPENSSL */ #define KEX_SERVER_KEX \ -diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c.fips openssh-7.4p1/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c ---- openssh-7.4p1/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c.fips 2016-12-23 16:37:49.185741531 +0100 -+++ openssh-7.4p1/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c 2016-12-23 16:37:49.300741586 +0100 +diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.fips openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c +--- openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.fips 2016-12-23 16:37:49.185741531 +0100 ++++ openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c 2016-12-23 16:37:49.300741586 +0100 @@ -55,6 +55,7 @@ #include "secure_filename.h" #include "uidswap.h" diff --git a/openssh-7.3p1-openssl-1.1.0.patch b/openssh-7.3p1-openssl-1.1.0.patch index 436778d..d0b34ad 100644 --- a/openssh-7.3p1-openssl-1.1.0.patch +++ b/openssh-7.3p1-openssl-1.1.0.patch @@ -1689,9 +1689,9 @@ diff -up openssh-7.4p1/openbsd-compat/openssl-compat.c.openssl openssh-7.4p1/ope } #endif -diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.2/configure.ac.openssl openssh-7.4p1/pam_ssh_agent_auth-0.10.2/configure.ac ---- openssh-7.4p1/pam_ssh_agent_auth-0.10.2/configure.ac.openssl 2014-03-31 19:35:17.000000000 +0200 -+++ openssh-7.4p1/pam_ssh_agent_auth-0.10.2/configure.ac 2016-12-23 17:47:36.433817753 +0100 +diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/configure.ac.openssl openssh-7.4p1/pam_ssh_agent_auth-0.10.3/configure.ac +--- openssh-7.4p1/pam_ssh_agent_auth-0.10.3/configure.ac.openssl 2014-03-31 19:35:17.000000000 +0200 ++++ openssh-7.4p1/pam_ssh_agent_auth-0.10.3/configure.ac 2016-12-23 17:47:36.433817753 +0100 @@ -1829,6 +1829,7 @@ AC_RUN_IFELSE( [AC_LANG_SOURCE([[ #include diff --git a/openssh.spec b/openssh.spec index 1b71c16..48a67c0 100644 --- a/openssh.spec +++ b/openssh.spec @@ -66,9 +66,9 @@ # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 %global openssh_ver 7.4p1 -%global openssh_rel 2 -%global pam_ssh_agent_ver 0.10.2 -%global pam_ssh_agent_rel 5 +%global openssh_rel 3 +%global pam_ssh_agent_ver 0.10.3 +%global pam_ssh_agent_rel 1 Summary: An open source implementation of SSH protocol versions 1 and 2 Name: openssh diff --git a/pam_ssh_agent_auth-0.10.2-compat.patch b/pam_ssh_agent_auth-0.10.2-compat.patch index 972767b..da5c38c 100644 --- a/pam_ssh_agent_auth-0.10.2-compat.patch +++ b/pam_ssh_agent_auth-0.10.2-compat.patch @@ -1,7 +1,33 @@ -diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/iterate_ssh_agent_keys.c.old openssh-7.1p2/pam_ssh_agent_auth-0.10.2/iterate_ssh_agent_keys.c ---- openssh-7.1p2/pam_ssh_agent_auth-0.10.2/iterate_ssh_agent_keys.c.old 2016-01-22 16:27:56.867903172 +0100 -+++ openssh-7.1p2/pam_ssh_agent_auth-0.10.2/iterate_ssh_agent_keys.c 2016-01-22 16:56:48.114868014 +0100 -@@ -59,6 +59,8 @@ +diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/get_command_line.c.psaa-compat openssh-7.4p1/pam_ssh_agent_auth-0.10.3/get_command_line.c +--- openssh-7.4p1/pam_ssh_agent_auth-0.10.3/get_command_line.c.psaa-compat 2016-11-13 04:24:32.000000000 +0100 ++++ openssh-7.4p1/pam_ssh_agent_auth-0.10.3/get_command_line.c 2017-02-07 14:41:20.483509205 +0100 +@@ -65,8 +65,8 @@ proc_pid_cmdline(char *** inargv) + case EOF: + case '\0': + if (len > 0) { +- argv = pamsshagentauth_xrealloc(argv, count + 1, sizeof(*argv)); +- argv[count] = pamsshagentauth_xcalloc(len + 1, sizeof(*argv[count])); ++ argv = xreallocarray(argv, count + 1, sizeof(*argv)); ++ argv[count] = xcalloc(len + 1, sizeof(*argv[count])); + strncpy(argv[count++], argbuf, len); + memset(argbuf, '\0', MAX_LEN_PER_CMDLINE_ARG + 1); + len = 0; +@@ -105,9 +105,9 @@ pamsshagentauth_free_command_line(char * + { + size_t i; + for (i = 0; i < n_args; i++) +- pamsshagentauth_xfree(argv[i]); ++ free(argv[i]); + +- pamsshagentauth_xfree(argv); ++ free(argv); + return; + } + +diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-compat openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c +--- openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-compat 2017-02-07 14:41:20.479509208 +0100 ++++ openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c 2017-02-07 14:41:20.481509206 +0100 +@@ -58,6 +58,8 @@ #include "get_command_line.h" extern char **environ; @@ -10,7 +36,7 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/iterate_ssh_agent_keys.c.old op /* * Added by Jamie Beverly, ensure socket fd points to a socket owned by the user * A cursory check is done, but to avoid race conditions, it is necessary -@@ -77,7 +77,7 @@ log_action(char ** action, size_t count) +@@ -77,7 +79,7 @@ log_action(char ** action, size_t count) if (count == 0) return NULL; @@ -19,7 +45,7 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/iterate_ssh_agent_keys.c.old op for (i = 0; i < count; i++) { strcat(buf, (i > 0) ? " '" : "'"); strncat(buf, action[i], MAX_LEN_PER_CMDLINE_ARG); -@@ -71,12 +90,12 @@ void +@@ -90,12 +92,12 @@ void agent_action(Buffer *buf, char ** action, size_t count) { size_t i; @@ -35,7 +61,7 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/iterate_ssh_agent_keys.c.old op } } -@@ -100,7 +119,7 @@ pamsshagentauth_session_id2_gen(Buffer * +@@ -119,17 +121,17 @@ pamsshagentauth_session_id2_gen(Buffer * char * retc; int32_t reti; @@ -44,17 +70,11 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/iterate_ssh_agent_keys.c.old op cookie_len = ((uint8_t) rnd); while (cookie_len < 16) { cookie_len += 16; /* Add 16 bytes to the size to ensure that while the length is random, the length is always reasonable; ticket #18 */ -@@ -126,7 +128,7 @@ pamsshagentauth_session_id2_gen(Buffer * - cookie_len += 16; /* Add 16 bytes to the size to ensure that while the length is random, the length is always reasonable; ticket #18 */ } - cookie = pamsshagentauth_xcalloc(1,cookie_len); + cookie = xcalloc(1,cookie_len); - for (i = 0; i < cookie_len; i++) { - if (i % 4 == 0) { -@@ -110,7 +129,7 @@ pamsshagentauth_session_id2_gen(Buffer * - for (i = 0; i < cookie_len; i++) { if (i % 4 == 0) { - rnd = pamsshagentauth_arc4random(); @@ -62,7 +82,7 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/iterate_ssh_agent_keys.c.old op } cookie[i] = (u_char) rnd; rnd >>= 8; -@@ -125,7 +144,7 @@ pamsshagentauth_session_id2_gen(Buffer * +@@ -144,7 +146,7 @@ pamsshagentauth_session_id2_gen(Buffer * } else { action_logbuf = "unknown on this platform"; @@ -71,7 +91,7 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/iterate_ssh_agent_keys.c.old op } /* -@@ -142,35 +161,35 @@ pamsshagentauth_session_id2_gen(Buffer * +@@ -161,35 +163,35 @@ pamsshagentauth_session_id2_gen(Buffer * retc = getcwd(pwd, sizeof(pwd) - 1); time(&ts); @@ -129,7 +149,7 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/iterate_ssh_agent_keys.c.old op free(cookie); return; -@@ -190,11 +289,11 @@ pamsshagentauth_find_authorized_keys(con +@@ -295,29 +297,29 @@ pamsshagentauth_find_authorized_keys(con pamsshagentauth_session_id2_gen(&session_id2, user, ruser, servicename); if ((ac = ssh_get_authentication_connection_for_uid(uid))) { @@ -143,7 +163,6 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/iterate_ssh_agent_keys.c.old op id->key = key; id->filename = comment; id->ac = ac; -@@ -203,18 +302,18 @@ pamsshagentauth_find_authorized_keys(con if(userauth_pubkey_from_id(ruser, id, &session_id2)) { retval = 1; } @@ -167,9 +186,9 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/iterate_ssh_agent_keys.c.old op } /* pamsshagentauth_xfree(session_id2); */ EVP_cleanup(); -diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_ssh_agent_auth.c.old openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_ssh_agent_auth.c ---- openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_ssh_agent_auth.c.old 2016-01-22 17:03:42.746602825 +0100 -+++ openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_ssh_agent_auth.c 2016-01-22 17:06:07.841485483 +0100 +diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c.psaa-compat openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c +--- openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c.psaa-compat 2017-02-07 14:41:20.480509207 +0100 ++++ openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_ssh_agent_auth.c 2017-02-07 14:44:20.549369019 +0100 @@ -104,7 +104,7 @@ pam_sm_authenticate(pam_handle_t * pamh, * a patch 8-) */ @@ -183,8 +202,8 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_ssh_agent_auth.c.old openss #endif } -- pamsshagentauth_log_init(__progname, log_lvl, facility, 0); -+ log_init(__progname, log_lvl, facility, 0); +- pamsshagentauth_log_init(__progname, log_lvl, facility, getenv("PAM_SSH_AGENT_AUTH_DEBUG") ? 1 : 0); ++ log_init(__progname, log_lvl, facility, getenv("PAM_SSH_AGENT_AUTH_DEBUG") ? 1 : 0); pam_get_item(pamh, PAM_USER, (void *) &user); pam_get_item(pamh, PAM_RUSER, (void *) &ruser_ptr); @@ -199,7 +218,7 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_ssh_agent_auth.c.old openss strncpy(ruser, getenv("SUDO_USER"), sizeof(ruser) - 1 ); - pamsshagentauth_verbose( "Using environment variable SUDO_USER (%s)", ruser ); + verbose( "Using environment variable SUDO_USER (%s)", ruser ); - } else + } else #endif { if( ! getpwuid(getuid()) ) { @@ -232,7 +251,7 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_ssh_agent_auth.c.old openss + authorized_keys_file = xstrdup("/etc/security/authorized_keys"); } - /* + /* @@ -187,19 +187,19 @@ pam_sm_authenticate(pam_handle_t * pamh, */ @@ -240,7 +259,7 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_ssh_agent_auth.c.old openss - pamsshagentauth_verbose("Attempting authentication: `%s' as `%s' using %s", ruser, user, authorized_keys_file); + verbose("Attempting authentication: `%s' as `%s' using %s", ruser, user, authorized_keys_file); - /* + /* * this pw_uid is used to validate the SSH_AUTH_SOCK, and so must be the uid of the ruser invoking the program, not the target-user */ if(pamsshagentauth_find_authorized_keys(user, ruser, servicename)) { /* getpwnam(ruser)->pw_uid)) { */ @@ -257,132 +276,51 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_ssh_agent_auth.c.old openss } cleanexit: -diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/userauth_pubkey_from_id.c.old openssh-7.1p2/pam_ssh_agent_auth-0.10.2/userauth_pubkey_from_id.c ---- openssh-7.1p2/pam_ssh_agent_auth-0.10.2/userauth_pubkey_from_id.c.old 2016-01-22 16:57:15.210850825 +0100 -+++ openssh-7.1p2/pam_ssh_agent_auth-0.10.2/userauth_pubkey_from_id.c 2016-01-22 17:03:13.913623276 +0100 -@@ -48,6 +48,8 @@ - #include "identity.h" - #include "pam_user_authorized_keys.h" +diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.c.psaa-compat openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.c +--- openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.c.psaa-compat 2016-11-13 04:24:32.000000000 +0100 ++++ openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_authorized_keys.c 2017-02-07 14:41:20.484509204 +0100 +@@ -117,12 +117,12 @@ parse_authorized_key_file(const char *us + } else { + slash_ptr = strchr(auth_keys_file_buf, '/'); + if(!slash_ptr) +- pamsshagentauth_fatal ++ fatal + ("cannot expand tilde in path without a `/'"); -+#define SSH2_MSG_USERAUTH_TRUST_REQUEST 54 -+ - /* extern u_char *session_id2; - extern uint8_t session_id_len; - */ -@@ -67,35 +67,35 @@ userauth_pubkey_from_id(const char *ruse - if(! pam_user_key_allowed(ruser, id->key)) - goto user_auth_clean_exit; + owner_uname_len = slash_ptr - auth_keys_file_buf - 1; + if(owner_uname_len > (sizeof(owner_uname) - 1)) +- pamsshagentauth_fatal("Username too long"); ++ fatal("Username too long"); -- if(pamsshagentauth_key_to_blob(id->key, &pkblob, &blen) == 0) -+ if(key_to_blob(id->key, &pkblob, &blen) == 0) - goto user_auth_clean_exit; - - /* construct packet to sign and test */ -- pamsshagentauth_buffer_init(&b); -+ buffer_init(&b); - -- pamsshagentauth_buffer_put_string(&b, session_id2->buf + session_id2->offset, session_id2->end - session_id2->offset); -- pamsshagentauth_buffer_put_char(&b, SSH2_MSG_USERAUTH_TRUST_REQUEST); -- pamsshagentauth_buffer_put_cstring(&b, ruser); -- pamsshagentauth_buffer_put_cstring(&b, "pam_ssh_agent_auth"); -- pamsshagentauth_buffer_put_cstring(&b, "publickey"); -- pamsshagentauth_buffer_put_char(&b, 1); -- pamsshagentauth_buffer_put_cstring(&b, pkalg); -- pamsshagentauth_buffer_put_string(&b, pkblob, blen); -+ buffer_put_string(&b, sshbuf_ptr(session_id2), sshbuf_len(session_id2)); -+ buffer_put_char(&b, SSH2_MSG_USERAUTH_TRUST_REQUEST); -+ buffer_put_cstring(&b, ruser); -+ buffer_put_cstring(&b, "pam_ssh_agent_auth"); -+ buffer_put_cstring(&b, "publickey"); -+ buffer_put_char(&b, 1); -+ buffer_put_cstring(&b, pkalg); -+ buffer_put_string(&b, pkblob, blen); - -- if(ssh_agent_sign(id->ac, id->key, &sig, &slen, pamsshagentauth_buffer_ptr(&b), pamsshagentauth_buffer_len(&b)) != 0) -+ if(ssh_agent_sign(id->ac, id->key, &sig, &slen, buffer_ptr(&b), buffer_len(&b)) != 0) - goto user_auth_clean_exit; - - /* test for correct signature */ -- if(pamsshagentauth_key_verify(id->key, sig, slen, pamsshagentauth_buffer_ptr(&b), pamsshagentauth_buffer_len(&b)) == 1) -+ if(key_verify(id->key, sig, slen, buffer_ptr(&b), buffer_len(&b)) == 1) - authenticated = 1; - - user_auth_clean_exit: - /* if(&b != NULL) */ -- pamsshagentauth_buffer_free(&b); -+ buffer_free(&b); - if(sig != NULL) -- pamsshagentauth_xfree(sig); -+ free(sig); - if(pkblob != NULL) -- pamsshagentauth_xfree(pkblob); -+ free(pkblob); - CRYPTO_cleanup_all_ex_data(); - return authenticated; + strncat(owner_uname, auth_keys_file_buf + 1, owner_uname_len); + if(!authorized_keys_file_allowed_owner_uid) +@@ -130,11 +130,11 @@ parse_authorized_key_file(const char *us + getpwnam(owner_uname)->pw_uid; + } + authorized_keys_file = +- pamsshagentauth_tilde_expand_filename(auth_keys_file_buf, ++ tilde_expand_filename(auth_keys_file_buf, + authorized_keys_file_allowed_owner_uid); + strncpy(auth_keys_file_buf, authorized_keys_file, + sizeof(auth_keys_file_buf) - 1); +- pamsshagentauth_xfree(authorized_keys_file) /* when we ++ free(authorized_keys_file) /* when we + percent_expand + later, we'd step + on this, so free +@@ -150,7 +150,7 @@ parse_authorized_key_file(const char *us + strncat(hostname, fqdn, strcspn(fqdn, ".")); + #endif + authorized_keys_file = +- pamsshagentauth_percent_expand(auth_keys_file_buf, "h", ++ percent_expand(auth_keys_file_buf, "h", + getpwnam(user)->pw_dir, "H", hostname, + "f", fqdn, "u", user, NULL); } -diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/secure_filename.c.old openssh-7.1p2/pam_ssh_agent_auth-0.10.2/secure_filename.c ---- openssh-7.1p2/pam_ssh_agent_auth-0.10.2/secure_filename.c.old 2016-01-22 17:12:03.026198234 +0100 -+++ openssh-7.1p2/pam_ssh_agent_auth-0.10.2/secure_filename.c 2016-01-22 17:12:31.817174950 +0100 -@@ -80,7 +80,7 @@ pamsshagentauth_auth_secure_path(const c - int comparehome = 0; - struct stat st; - -- pamsshagentauth_verbose("auth_secure_filename: checking for uid: %u", uid); -+ verbose("auth_secure_filename: checking for uid: %u", uid); - - if (realpath(name, buf) == NULL) { - snprintf(err, errlen, "realpath %s failed: %s", name, -@@ -115,9 +115,9 @@ pamsshagentauth_auth_secure_path(const c - snprintf(err, errlen, "dirname() failed"); - return -1; - } -- pamsshagentauth_strlcpy(buf, cp, sizeof(buf)); -+ strlcpy(buf, cp, sizeof(buf)); - -- pamsshagentauth_verbose("secure_filename: checking '%s'", buf); -+ verbose("secure_filename: checking '%s'", buf); - if (stat(buf, &st) < 0 || - (st.st_uid != 0 && st.st_uid != uid) || - (st.st_mode & 022) != 0) { -@@ -128,7 +128,7 @@ pamsshagentauth_auth_secure_path(const c - - /* If are passed the homedir then we can stop */ - if (comparehome && strcmp(homedir, buf) == 0) { -- pamsshagentauth_verbose("secure_filename: terminating check at '%s'", -+ verbose("secure_filename: terminating check at '%s'", - buf); - break; - } -diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/get_command_line.c.old openssh-7.1p2/pam_ssh_agent_auth-0.10.2/get_command_line.c ---- openssh-7.1p2/pam_ssh_agent_auth-0.10.2/get_command_line.c.old 2016-01-22 17:13:18.226137418 +0100 -+++ openssh-7.1p2/pam_ssh_agent_auth-0.10.2/get_command_line.c 2016-01-22 17:14:27.753081189 +0100 -@@ -65,8 +65,8 @@ proc_pid_cmdline(char *** inargv) - case EOF: - case '\0': - if (len > 0) { -- argv = pamsshagentauth_xrealloc(argv, count + 1, sizeof(*argv)); -- argv[count] = pamsshagentauth_xcalloc(len + 1, sizeof(*argv[count])); -+ argv = xreallocarray(argv, count + 1, sizeof(*argv)); -+ argv[count] = xcalloc(len + 1, sizeof(*argv[count])); - strncpy(argv[count++], argbuf, len); - memset(argbuf, '\0', MAX_LEN_PER_CMDLINE_ARG + 1); - len = 0; -@@ -105,9 +105,9 @@ pamsshagentauth_free_command_line(char * - { - size_t i; - for (i = 0; i < n_args; i++) -- pamsshagentauth_xfree(argv[i]); -+ free(argv[i]); - -- pamsshagentauth_xfree(argv); -+ free(argv); - return; - } - -diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c.old openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c ---- openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c.old 2016-01-22 17:15:57.547008570 +0100 -+++ openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c 2016-01-22 17:16:18.297991788 +0100 -@@ -48,6 +48,7 @@ +diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-compat openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c +--- openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-compat 2016-11-13 04:24:32.000000000 +0100 ++++ openssh-7.4p1/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c 2017-02-07 14:41:20.484509204 +0100 +@@ -48,11 +48,13 @@ #include "buffer.h" #include "log.h" #include "compat.h" @@ -390,15 +328,13 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c.old ope #include "key.h" #include "pathnames.h" #include "misc.h" -@@ -54,6 +54,7 @@ - #include "misc.h" #include "secure_filename.h" #include "uidswap.h" +#include #include "identity.h" -@@ -68,7 +68,7 @@ pamsshagentauth_check_authkeys_file(FILE +@@ -68,7 +70,7 @@ pamsshagentauth_check_authkeys_file(FILE char *fp; found_key = 0; @@ -407,7 +343,7 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c.old ope while(read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { char *cp = NULL; /* *key_options = NULL; */ -@@ -78,11 +78,11 @@ pamsshagentauth_check_authkeys_file(FILE +@@ -78,11 +80,11 @@ pamsshagentauth_check_authkeys_file(FILE if(!*cp || *cp == '\n' || *cp == '#') continue; @@ -421,7 +357,7 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c.old ope /* key_options = cp; */ for(; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) { if(*cp == '\\' && cp[1] == '"') -@@ -92,26 +92,26 @@ pamsshagentauth_check_authkeys_file(FILE +@@ -92,26 +94,26 @@ pamsshagentauth_check_authkeys_file(FILE } /* Skip remaining whitespace. */ for(; *cp == ' ' || *cp == '\t'; cp++); @@ -458,7 +394,7 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c.old ope return found_key; } -@@ -128,11 +128,11 @@ pamsshagentauth_user_key_allowed2(struct +@@ -128,11 +130,11 @@ pamsshagentauth_user_key_allowed2(struct char buf[SSH_MAX_PUBKEY_BYTES]; /* Temporarily use the user's uid. */ @@ -472,7 +408,7 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c.old ope return 0; } -@@ -144,7 +144,7 @@ pamsshagentauth_user_key_allowed2(struct +@@ -144,7 +146,7 @@ pamsshagentauth_user_key_allowed2(struct if(pamsshagentauth_secure_filename(f, file, pw, buf, sizeof(buf)) != 0) { fclose(f); @@ -481,7 +417,7 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c.old ope return 0; } -@@ -187,44 +187,44 @@ pamsshagentauth_user_key_command_allowed +@@ -187,44 +189,44 @@ pamsshagentauth_user_key_command_allowed else { pw = getpwnam(authorized_keys_command_user); if(pw == NULL) { @@ -534,7 +470,7 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c.old ope close(p[0]); close(p[1]); return 0; -@@ -234,13 +234,13 @@ pamsshagentauth_user_key_command_allowed +@@ -234,13 +236,13 @@ pamsshagentauth_user_key_command_allowed /* do this before the setresuid so thta they can be logged */ if((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) { @@ -550,7 +486,7 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c.old ope _exit(1); } #if defined(HAVE_SETRESGID) && !defined(BROKEN_SETRESGID) -@@ -248,7 +248,7 @@ pamsshagentauth_user_key_command_allowed +@@ -248,7 +250,7 @@ pamsshagentauth_user_key_command_allowed #else if (setgid(pw->pw_gid) != 0 || setegid(pw->pw_gid) != 0) { #endif @@ -559,7 +495,7 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c.old ope strerror(errno)); _exit(1); } -@@ -258,7 +258,7 @@ pamsshagentauth_user_key_command_allowed +@@ -258,7 +260,7 @@ pamsshagentauth_user_key_command_allowed #else if (setuid(pw->pw_uid) != 0 || seteuid(pw->pw_uid) != 0) { #endif @@ -568,7 +504,7 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c.old ope strerror(errno)); _exit(1); } -@@ -270,18 +270,18 @@ pamsshagentauth_user_key_command_allowed +@@ -270,18 +272,18 @@ pamsshagentauth_user_key_command_allowed /* pretty sure this will barf because we are now suid, but since we should't reach this anyway, I'll leave it here */ @@ -590,7 +526,7 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c.old ope close(p[0]); /* Don't leave zombie child */ while(waitpid(pid, NULL, 0) == -1 && errno == EINTR); -@@ -292,22 +292,22 @@ pamsshagentauth_user_key_command_allowed +@@ -292,22 +294,22 @@ pamsshagentauth_user_key_command_allowed while(waitpid(pid, &status, 0) == -1) { if(errno != EINTR) { @@ -617,50 +553,110 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_user_key_allowed2.c.old ope + restore_uid(); return found_key; } -diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_user_authorized_keys.c.psaa-xfree openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_user_authorized_keys.c ---- openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_user_authorized_keys.c.psaa-xfree 2016-01-22 15:30:26.300302721 +0100 -+++ openssh-7.1p2/pam_ssh_agent_auth-0.10.2/pam_user_authorized_keys.c 2016-01-22 15:33:57.567226875 +0100 -@@ -117,12 +117,12 @@ parse_authorized_key_file(const char *us - } else { - slash_ptr = strchr(auth_keys_file_buf, '/'); - if(!slash_ptr) -- pamsshagentauth_fatal -+ fatal - ("cannot expand tilde in path without a `/'"); +diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/secure_filename.c.psaa-compat openssh-7.4p1/pam_ssh_agent_auth-0.10.3/secure_filename.c +--- openssh-7.4p1/pam_ssh_agent_auth-0.10.3/secure_filename.c.psaa-compat 2016-11-13 04:24:32.000000000 +0100 ++++ openssh-7.4p1/pam_ssh_agent_auth-0.10.3/secure_filename.c 2017-02-07 14:41:20.481509206 +0100 +@@ -80,7 +80,7 @@ pamsshagentauth_auth_secure_path(const c + int comparehome = 0; + struct stat st; - owner_uname_len = slash_ptr - auth_keys_file_buf - 1; - if(owner_uname_len > (sizeof(owner_uname) - 1)) -- pamsshagentauth_fatal("Username too long"); -+ fatal("Username too long"); +- pamsshagentauth_verbose("auth_secure_filename: checking for uid: %u", uid); ++ verbose("auth_secure_filename: checking for uid: %u", uid); - strncat(owner_uname, auth_keys_file_buf + 1, owner_uname_len); - if(!authorized_keys_file_allowed_owner_uid) -@@ -130,11 +130,11 @@ parse_authorized_key_file(const char *us - getpwnam(owner_uname)->pw_uid; - } - authorized_keys_file = -- pamsshagentauth_tilde_expand_filename(auth_keys_file_buf, -+ tilde_expand_filename(auth_keys_file_buf, - authorized_keys_file_allowed_owner_uid); - strncpy(auth_keys_file_buf, authorized_keys_file, - sizeof(auth_keys_file_buf) - 1); -- pamsshagentauth_xfree(authorized_keys_file) /* when we -+ free(authorized_keys_file) /* when we - percent_expand - later, we'd step - on this, so free -@@ -150,7 +150,7 @@ parse_authorized_key_file(const char *us - strncat(hostname, fqdn, strcspn(fqdn, ".")); - #endif - authorized_keys_file = -- pamsshagentauth_percent_expand(auth_keys_file_buf, "h", -+ percent_expand(auth_keys_file_buf, "h", - getpwnam(user)->pw_dir, "H", hostname, - "f", fqdn, "u", user, NULL); + if (realpath(name, buf) == NULL) { + snprintf(err, errlen, "realpath %s failed: %s", name, +@@ -115,9 +115,9 @@ pamsshagentauth_auth_secure_path(const c + snprintf(err, errlen, "dirname() failed"); + return -1; + } +- pamsshagentauth_strlcpy(buf, cp, sizeof(buf)); ++ strlcpy(buf, cp, sizeof(buf)); + +- pamsshagentauth_verbose("secure_filename: checking '%s'", buf); ++ verbose("secure_filename: checking '%s'", buf); + if (stat(buf, &st) < 0 || + (st.st_uid != 0 && st.st_uid != uid) || + (st.st_mode & 022) != 0) { +@@ -128,7 +128,7 @@ pamsshagentauth_auth_secure_path(const c + + /* If are passed the homedir then we can stop */ + if (comparehome && strcmp(homedir, buf) == 0) { +- pamsshagentauth_verbose("secure_filename: terminating check at '%s'", ++ verbose("secure_filename: terminating check at '%s'", + buf); + break; + } +diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-compat openssh-7.4p1/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c +--- openssh-7.4p1/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-compat 2016-11-13 04:24:32.000000000 +0100 ++++ openssh-7.4p1/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c 2017-02-07 14:41:20.484509204 +0100 +@@ -48,6 +48,8 @@ + #include "identity.h" + #include "pam_user_authorized_keys.h" + ++#define SSH2_MSG_USERAUTH_TRUST_REQUEST 54 ++ + /* extern u_char *session_id2; + extern uint8_t session_id_len; + */ +@@ -65,37 +67,38 @@ userauth_pubkey_from_id(const char *ruse + + /* first test if this key is even allowed */ + if(! pam_user_key_allowed(ruser, id->key)) +- goto user_auth_clean_exit; ++ goto user_auth_clean_exit_without_buffer; + +- if(pamsshagentauth_key_to_blob(id->key, &pkblob, &blen) == 0) +- goto user_auth_clean_exit; ++ if(key_to_blob(id->key, &pkblob, &blen) == 0) ++ goto user_auth_clean_exit_without_buffer; + + /* construct packet to sign and test */ +- pamsshagentauth_buffer_init(&b); ++ buffer_init(&b); + +- pamsshagentauth_buffer_put_string(&b, session_id2->buf + session_id2->offset, session_id2->end - session_id2->offset); +- pamsshagentauth_buffer_put_char(&b, SSH2_MSG_USERAUTH_TRUST_REQUEST); +- pamsshagentauth_buffer_put_cstring(&b, ruser); +- pamsshagentauth_buffer_put_cstring(&b, "pam_ssh_agent_auth"); +- pamsshagentauth_buffer_put_cstring(&b, "publickey"); +- pamsshagentauth_buffer_put_char(&b, 1); +- pamsshagentauth_buffer_put_cstring(&b, pkalg); +- pamsshagentauth_buffer_put_string(&b, pkblob, blen); ++ buffer_put_string(&b, sshbuf_ptr(session_id2), sshbuf_len(session_id2)); ++ buffer_put_char(&b, SSH2_MSG_USERAUTH_TRUST_REQUEST); ++ buffer_put_cstring(&b, ruser); ++ buffer_put_cstring(&b, "pam_ssh_agent_auth"); ++ buffer_put_cstring(&b, "publickey"); ++ buffer_put_char(&b, 1); ++ buffer_put_cstring(&b, pkalg); ++ buffer_put_string(&b, pkblob, blen); + +- if(ssh_agent_sign(id->ac, id->key, &sig, &slen, pamsshagentauth_buffer_ptr(&b), pamsshagentauth_buffer_len(&b)) != 0) ++ if(ssh_agent_sign(id->ac, id->key, &sig, &slen, buffer_ptr(&b), buffer_len(&b)) != 0) + goto user_auth_clean_exit; + + /* test for correct signature */ +- if(pamsshagentauth_key_verify(id->key, sig, slen, pamsshagentauth_buffer_ptr(&b), pamsshagentauth_buffer_len(&b)) == 1) ++ if(key_verify(id->key, sig, slen, buffer_ptr(&b), buffer_len(&b)) == 1) + authenticated = 1; + + user_auth_clean_exit: + /* if(&b != NULL) */ +- pamsshagentauth_buffer_free(&b); ++ buffer_free(&b); ++ user_auth_clean_exit_without_buffer: + if(sig != NULL) +- pamsshagentauth_xfree(sig); ++ free(sig); + if(pkblob != NULL) +- pamsshagentauth_xfree(pkblob); ++ free(pkblob); + CRYPTO_cleanup_all_ex_data(); + return authenticated; } -diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/uuencode.c.psaa-xfree openssh-7.1p2/pam_ssh_agent_auth-0.10.2/uuencode.c ---- openssh-7.1p2/pam_ssh_agent_auth-0.10.2/uuencode.c.psaa-xfree 2014-03-23 23:52:21.000000000 +0100 -+++ openssh-7.1p2/pam_ssh_agent_auth-0.10.2/uuencode.c 2016-01-22 15:39:26.210104334 +0100 +diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/uuencode.c.psaa-compat openssh-7.4p1/pam_ssh_agent_auth-0.10.3/uuencode.c +--- openssh-7.4p1/pam_ssh_agent_auth-0.10.3/uuencode.c.psaa-compat 2016-11-13 04:24:32.000000000 +0100 ++++ openssh-7.4p1/pam_ssh_agent_auth-0.10.3/uuencode.c 2017-02-07 14:41:20.484509204 +0100 @@ -56,7 +56,7 @@ pamsshagentauth_uudecode(const char *src /* and remove trailing whitespace because __b64_pton needs this */ *p = '\0'; @@ -670,7 +666,7 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/uuencode.c.psaa-xfree openssh-7 return len; } -@@ -70,7 +70,7 @@ pamsshagentauth_dump_base64(FILE *fp, u_ +@@ -70,7 +70,7 @@ pamsshagentauth_dump_base64(FILE *fp, co fprintf(fp, "dump_base64: len > 65536\n"); return; } @@ -679,35 +675,10 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/uuencode.c.psaa-xfree openssh-7 n = pamsshagentauth_uuencode(data, len, buf, 2*len); for (i = 0; i < n; i++) { fprintf(fp, "%c", buf[i]); -@@ -79,5 +79,5 @@ pamsshagentauth_dump_base64(FILE *fp, u_ +@@ -79,5 +79,5 @@ pamsshagentauth_dump_base64(FILE *fp, co } if (i % 70 != 69) fprintf(fp, "\n"); - pamsshagentauth_xfree(buf); + free(buf); } -diff --git a/pam_ssh_agent_auth-0.10.2/userauth_pubkey_from_id.c b/pam_ssh_agent_auth-0.10.2/userauth_pubkey_from_id.c -index d5a574f..9e866c1 100644 ---- a/pam_ssh_agent_auth-0.10.2/userauth_pubkey_from_id.c -+++ b/pam_ssh_agent_auth-0.10.2/userauth_pubkey_from_id.c -@@ -68,10 +68,10 @@ userauth_pubkey_from_id(const char *ruser, Identity * id, Buffer * session_id2) - - /* first test if this key is even allowed */ - if(! pam_user_key_allowed(ruser, id->key)) -- goto user_auth_clean_exit; -+ goto user_auth_clean_exit_without_buffer; - - if(key_to_blob(id->key, &pkblob, &blen) == 0) -- goto user_auth_clean_exit; -+ goto user_auth_clean_exit_without_buffer; - - /* construct packet to sign and test */ - buffer_init(&b); -@@ -95,6 +95,7 @@ userauth_pubkey_from_id(const char *ruser, Identity * id, Buffer * session_id2) - user_auth_clean_exit: - /* if(&b != NULL) */ - buffer_free(&b); -+ user_auth_clean_exit_without_buffer: - if(sig != NULL) - free(sig); - if(pkblob != NULL) diff --git a/pam_ssh_agent_auth-0.9.3-build.patch b/pam_ssh_agent_auth-0.9.3-build.patch index be5f94c..eba99fd 100644 --- a/pam_ssh_agent_auth-0.9.3-build.patch +++ b/pam_ssh_agent_auth-0.9.3-build.patch @@ -1,6 +1,6 @@ -diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/iterate_ssh_agent_keys.c.psaa-build openssh-7.1p2/pam_ssh_agent_auth-0.10.2/iterate_ssh_agent_keys.c ---- openssh-7.1p2/pam_ssh_agent_auth-0.10.2/iterate_ssh_agent_keys.c.psaa-build 2016-01-22 14:59:18.943919791 +0100 -+++ openssh-7.1p2/pam_ssh_agent_auth-0.10.2/iterate_ssh_agent_keys.c 2016-01-22 15:16:12.534599318 +0100 +diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-build openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c +--- openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-build 2016-11-13 04:24:32.000000000 +0100 ++++ openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c 2017-02-07 14:29:41.626116675 +0100 @@ -43,12 +43,31 @@ #include #include "ssh2.h" @@ -42,7 +42,7 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/iterate_ssh_agent_keys.c.psaa-b uint8_t i = 0; uint32_t rnd = 0; uint8_t cookie_len; -@@ -110,7 +129,7 @@ pamsshagentauth_session_id2_gen(Buffer * +@@ -112,7 +131,7 @@ pamsshagentauth_session_id2_gen(Buffer * if (i % 4 == 0) { rnd = pamsshagentauth_arc4random(); } @@ -51,7 +51,7 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/iterate_ssh_agent_keys.c.psaa-b rnd >>= 8; } -@@ -142,6 +161,86 @@ pamsshagentauth_session_id2_gen(Buffer * +@@ -177,6 +196,86 @@ pamsshagentauth_session_id2_gen(Buffer * } int @@ -147,9 +147,9 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/iterate_ssh_agent_keys.c.psaa-b pamsshagentauth_verbose("Contacted ssh-agent of user %s (%u)", ruser, uid); for (key = ssh_get_first_identity(ac, &comment, 2); key != NULL; key = ssh_get_next_identity(ac, &comment, 2)) { -diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/Makefile.in.psaa-build openssh-7.1p2/pam_ssh_agent_auth-0.10.2/Makefile.in ---- openssh-7.1p2/pam_ssh_agent_auth-0.10.2/Makefile.in.psaa-build 2014-03-31 19:35:17.000000000 +0200 -+++ openssh-7.1p2/pam_ssh_agent_auth-0.10.2/Makefile.in 2016-01-22 15:20:16.479521651 +0100 +diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/Makefile.in.psaa-build openssh-7.4p1/pam_ssh_agent_auth-0.10.3/Makefile.in +--- openssh-7.4p1/pam_ssh_agent_auth-0.10.3/Makefile.in.psaa-build 2016-11-13 04:24:32.000000000 +0100 ++++ openssh-7.4p1/pam_ssh_agent_auth-0.10.3/Makefile.in 2017-02-07 14:40:14.407566921 +0100 @@ -52,7 +52,7 @@ PATHS= CC=@CC@ LD=@LD@ @@ -168,18 +168,18 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/Makefile.in.psaa-build openssh- LDFLAGS_SHARED = @LDFLAGS_SHARED@ EXEEXT=@EXEEXT@ -@@ -72,7 +72,7 @@ PAM_MODULES=pam_ssh_agent_auth.so +@@ -74,7 +74,7 @@ SSHOBJS=xmalloc.o atomicio.o authfd.o bu - SSHOBJS=xmalloc.o atomicio.o authfd.o bufaux.o bufbn.o buffer.o cleanup.o entropy.o fatal.o key.o log.o misc.o secure_filename.o ssh-dss.o ssh-rsa.o uuencode.o compat.o uidswap.o + ED25519OBJS=ed25519-donna/ed25519.o -PAM_SSH_AGENT_AUTH_OBJS=pam_user_key_allowed2.o iterate_ssh_agent_keys.o userauth_pubkey_from_id.o pam_user_authorized_keys.o get_command_line.o +PAM_SSH_AGENT_AUTH_OBJS=pam_user_key_allowed2.o iterate_ssh_agent_keys.o userauth_pubkey_from_id.o pam_user_authorized_keys.o get_command_line.o secure_filename.o MANPAGES_IN = pam_ssh_agent_auth.pod -@@ -91,13 +91,13 @@ $(PAM_MODULES): Makefile.in config.h +@@ -94,13 +94,13 @@ $(PAM_MODULES): Makefile.in config.h .c.o: - $(CC) $(CFLAGS) $(CPPFLAGS) -c $< + $(CC) $(CFLAGS) $(CPPFLAGS) -c $< -o $@ -LIBCOMPAT=openbsd-compat/libopenbsd-compat.a +LIBCOMPAT=../openbsd-compat/libopenbsd-compat.a @@ -187,10 +187,10 @@ diff -up openssh-7.1p2/pam_ssh_agent_auth-0.10.2/Makefile.in.psaa-build openssh- (cd openbsd-compat && $(MAKE)) always: --pam_ssh_agent_auth.so: $(LIBCOMPAT) $(SSHOBJS) $(PAM_SSH_AGENT_AUTH_OBJS) pam_ssh_agent_auth.o -- $(LD) $(LDFLAGS_SHARED) -o $@ $(SSHOBJS) $(PAM_SSH_AGENT_AUTH_OBJS) $(LDFLAGS) -lopenbsd-compat pam_ssh_agent_auth.o $(LIBS) -lpam +-pam_ssh_agent_auth.so: $(LIBCOMPAT) $(SSHOBJS) $(ED25519OBJS) $(PAM_SSH_AGENT_AUTH_OBJS) pam_ssh_agent_auth.o +- $(LD) $(LDFLAGS_SHARED) -o $@ $(SSHOBJS) $(ED25519OBJS) $(PAM_SSH_AGENT_AUTH_OBJS) $(LDFLAGS) -lopenbsd-compat pam_ssh_agent_auth.o $(LIBS) -lpam +pam_ssh_agent_auth.so: $(PAM_SSH_AGENT_AUTH_OBJS) pam_ssh_agent_auth.o + $(LD) $(LDFLAGS_SHARED) -o $@ $(PAM_SSH_AGENT_AUTH_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat pam_ssh_agent_auth.o $(LIBS) -lpam -lnss3 $(MANPAGES): $(MANPAGES_IN) - pod2man --section=8 --release=v0.10.2 --name=pam_ssh_agent_auth --official --center "PAM" pam_ssh_agent_auth.pod > pam_ssh_agent_auth.8 + pod2man --section=8 --release=v0.10.3 --name=pam_ssh_agent_auth --official --center "PAM" pam_ssh_agent_auth.pod > pam_ssh_agent_auth.8 diff --git a/sources b/sources index 49a2a6d..26b90c1 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ +SHA512 (pam_ssh_agent_auth-0.10.3.tar.bz2) = d75062c4e46b0b011f46aed9704a99049995fea8b5115ff7ee26dad7e93cbcf54a8af7efc6b521109d77dc03c6f5284574d2e1b84c6829cec25610f24fb4bd66 SHA512 (openssh-7.4p1.tar.gz) = 4f3256f461f01366c5d5e0e45285eec65016e2643b3284b407f48f53d81087bf2c1caf7d5f7530d307a15c91c64de91446e1cba948e8fc68f82098290fe3b292 -SHA512 (pam_ssh_agent_auth-0.10.2.tar.bz2) = b4b9bc4486d873f236f7c54874c996e24f344f889dfda3beadb12b97cbb89078028a103a4a7175cd919fb0a12fd5bcefef50420510ae5eff9252e494e0124b38