|
Lines 45-54
Link Here
|
| 45 |
#include <security/pam_modules.h> |
45 |
#include <security/pam_modules.h> |
| 46 |
#include <security/pam_mod_misc.h> |
46 |
#include <security/pam_mod_misc.h> |
| 47 |
|
47 |
|
|
|
48 |
#include <openssl/dsa.h> |
| 49 |
#include <openssl/rsa.h> |
| 50 |
|
| 48 |
#include "includes.h" |
51 |
#include "includes.h" |
| 49 |
#include "rsa.h" |
|
|
| 50 |
#include "ssh.h" |
52 |
#include "ssh.h" |
|
|
53 |
#include "key.h" |
| 51 |
#include "authfd.h" |
54 |
#include "authfd.h" |
|
|
55 |
#include "authfile.h" |
| 52 |
|
56 |
|
| 53 |
#define MODULE_NAME "pam_ssh" |
57 |
#define MODULE_NAME "pam_ssh" |
| 54 |
#define NEED_PASSPHRASE "Need passphrase for %s (%s).\nEnter passphrase: " |
58 |
#define NEED_PASSPHRASE "Need passphrase for %s (%s).\nEnter passphrase: " |
|
Lines 56-65
Link Here
|
| 56 |
|
60 |
|
| 57 |
|
61 |
|
| 58 |
void |
62 |
void |
| 59 |
rsa_cleanup(pam_handle_t *pamh, void *data, int error_status) |
63 |
key_cleanup(pam_handle_t *pamh, void *data, int error_status) |
| 60 |
{ |
64 |
{ |
| 61 |
if (data) |
65 |
if (data) |
| 62 |
RSA_free(data); |
66 |
key_free(data); |
| 63 |
} |
67 |
} |
| 64 |
|
68 |
|
| 65 |
|
69 |
|
|
Lines 205-215
Link Here
|
| 205 |
char *comment_priv; /* on private key */ |
209 |
char *comment_priv; /* on private key */ |
| 206 |
char *comment_pub; /* on public key */ |
210 |
char *comment_pub; /* on public key */ |
| 207 |
char *identity; /* user's identity file */ |
211 |
char *identity; /* user's identity file */ |
| 208 |
RSA *key; /* user's private key */ |
212 |
Key *key; /* user's private key */ |
| 209 |
int options; /* module options */ |
213 |
int options; /* module options */ |
| 210 |
const char *pass; /* passphrase */ |
214 |
const char *pass; /* passphrase */ |
| 211 |
char *prompt; /* passphrase prompt */ |
215 |
char *prompt; /* passphrase prompt */ |
| 212 |
RSA *public_key; /* user's public key */ |
216 |
Key *public_key; /* user's public key */ |
| 213 |
const PASSWD *pwent; /* user's passwd entry */ |
217 |
const PASSWD *pwent; /* user's passwd entry */ |
| 214 |
PASSWD *pwent_keep; /* our own copy */ |
218 |
PASSWD *pwent_keep; /* our own copy */ |
| 215 |
int retval; /* from calls */ |
219 |
int retval; /* from calls */ |
|
Lines 235-242
Link Here
|
| 235 |
* Fail unless we can load the public key. Change to the |
239 |
* Fail unless we can load the public key. Change to the |
| 236 |
* owner's UID to appease load_public_key(). |
240 |
* owner's UID to appease load_public_key(). |
| 237 |
*/ |
241 |
*/ |
| 238 |
key = RSA_new(); |
242 |
key = key_new(KEY_RSA); |
| 239 |
public_key = RSA_new(); |
243 |
public_key = key_new(KEY_RSA); |
| 240 |
saved_uid = getuid(); |
244 |
saved_uid = getuid(); |
| 241 |
(void)setreuid(pwent->pw_uid, saved_uid); |
245 |
(void)setreuid(pwent->pw_uid, saved_uid); |
| 242 |
retval = load_public_key(identity, public_key, &comment_pub); |
246 |
retval = load_public_key(identity, public_key, &comment_pub); |
|
Lines 245-251
Link Here
|
| 245 |
free(identity); |
249 |
free(identity); |
| 246 |
return PAM_AUTH_ERR; |
250 |
return PAM_AUTH_ERR; |
| 247 |
} |
251 |
} |
| 248 |
RSA_free(public_key); |
252 |
key_free(public_key); |
| 249 |
/* build the passphrase prompt */ |
253 |
/* build the passphrase prompt */ |
| 250 |
retval = asprintf(&prompt, NEED_PASSPHRASE, identity, comment_pub); |
254 |
retval = asprintf(&prompt, NEED_PASSPHRASE, identity, comment_pub); |
| 251 |
free(comment_pub); |
255 |
free(comment_pub); |
|
Lines 276-283
Link Here
|
| 276 |
* phase. |
280 |
* phase. |
| 277 |
*/ |
281 |
*/ |
| 278 |
if ((retval = pam_set_data(pamh, "ssh_private_key", key, |
282 |
if ((retval = pam_set_data(pamh, "ssh_private_key", key, |
| 279 |
rsa_cleanup)) != PAM_SUCCESS) { |
283 |
key_cleanup)) != PAM_SUCCESS) { |
| 280 |
RSA_free(key); |
284 |
key_free(key); |
| 281 |
free(comment_priv); |
285 |
free(comment_priv); |
| 282 |
return retval; |
286 |
return retval; |
| 283 |
} |
287 |
} |
|
Lines 329-335
Link Here
|
| 329 |
char *env_end; /* end of env */ |
333 |
char *env_end; /* end of env */ |
| 330 |
char *env_file; /* to store env */ |
334 |
char *env_file; /* to store env */ |
| 331 |
FILE *env_fp; /* env_file handle */ |
335 |
FILE *env_fp; /* env_file handle */ |
| 332 |
RSA *key; /* user's private key */ |
336 |
Key *key; /* user's private key */ |
| 333 |
FILE *pipe; /* ssh-agent handle */ |
337 |
FILE *pipe; /* ssh-agent handle */ |
| 334 |
const PASSWD *pwent; /* user's passwd entry */ |
338 |
const PASSWD *pwent; /* user's passwd entry */ |
| 335 |
int retval; /* from calls */ |
339 |
int retval; /* from calls */ |
|
Lines 439-445
Link Here
|
| 439 |
env_destroy(ssh_env); |
443 |
env_destroy(ssh_env); |
| 440 |
return PAM_SESSION_ERR; |
444 |
return PAM_SESSION_ERR; |
| 441 |
} |
445 |
} |
| 442 |
retval = ssh_add_identity(ac, key, comment); |
446 |
retval = ssh_add_identity(ac, key->rsa, comment); |
| 443 |
ssh_close_authentication_connection(ac); |
447 |
ssh_close_authentication_connection(ac); |
| 444 |
env_swap(ssh_env, 0); |
448 |
env_swap(ssh_env, 0); |
| 445 |
return retval ? PAM_SUCCESS : PAM_SESSION_ERR; |
449 |
return retval ? PAM_SUCCESS : PAM_SESSION_ERR; |