diff options
Diffstat (limited to 'security/openssh/files/pam_ssh.c')
-rw-r--r-- | security/openssh/files/pam_ssh.c | 31 |
1 files changed, 19 insertions, 12 deletions
diff --git a/security/openssh/files/pam_ssh.c b/security/openssh/files/pam_ssh.c index 9392b9e3eaf1..7ee0788c4144 100644 --- a/security/openssh/files/pam_ssh.c +++ b/security/openssh/files/pam_ssh.c @@ -44,10 +44,14 @@ #include <security/pam_modules.h> #include <security/pam_mod_misc.h> +#include <openssl/dsa.h> + #include "includes.h" #include "rsa.h" +#include "key.h" #include "ssh.h" #include "authfd.h" +#include "authfile.h" #define MODULE_NAME "pam_ssh" #define NEED_PASSPHRASE "Need passphrase for %s (%s).\nEnter passphrase: " @@ -203,11 +207,11 @@ pam_sm_authenticate( char *comment_priv; /* on private key */ char *comment_pub; /* on public key */ char *identity; /* user's identity file */ - RSA *key; /* user's private key */ + Key key; /* user's private key */ int options; /* module options */ const char *pass; /* passphrase */ char *prompt; /* passphrase prompt */ - RSA *public_key; /* user's public key */ + Key public_key; /* user's public key */ const PASSWD *pwent; /* user's passwd entry */ PASSWD *pwent_keep; /* our own copy */ int retval; /* from calls */ @@ -233,17 +237,19 @@ pam_sm_authenticate( * Fail unless we can load the public key. Change to the * owner's UID to appease load_public_key(). */ - key = RSA_new(); - public_key = RSA_new(); + key.type = KEY_RSA; + key.rsa = RSA_new(); + public_key.type = KEY_RSA; + public_key.rsa = RSA_new(); saved_uid = getuid(); (void)setreuid(pwent->pw_uid, saved_uid); - retval = load_public_key(identity, public_key, &comment_pub); + retval = load_public_key(identity, &public_key, &comment_pub); (void)setuid(saved_uid); if (!retval) { free(identity); return PAM_AUTH_ERR; } - RSA_free(public_key); + RSA_free(public_key.rsa); /* build the passphrase prompt */ retval = asprintf(&prompt, NEED_PASSPHRASE, identity, comment_pub); free(comment_pub); @@ -264,7 +270,7 @@ pam_sm_authenticate( * If success, the user is authenticated. */ (void)setreuid(pwent->pw_uid, saved_uid); - retval = load_private_key(identity, pass, key, &comment_priv); + retval = load_private_key(identity, pass, &key, &comment_priv); free(identity); (void)setuid(saved_uid); if (!retval) @@ -273,9 +279,9 @@ pam_sm_authenticate( * Save the key and comment to pass to ssh-agent in the session * phase. */ - if ((retval = pam_set_data(pamh, "ssh_private_key", key, + if ((retval = pam_set_data(pamh, "ssh_private_key", key.rsa, rsa_cleanup)) != PAM_SUCCESS) { - RSA_free(key); + RSA_free(key.rsa); free(comment_priv); return retval; } @@ -327,7 +333,7 @@ pam_sm_open_session( char *env_end; /* end of env */ char *env_file; /* to store env */ FILE *env_fp; /* env_file handle */ - RSA *key; /* user's private key */ + Key key; /* user's private key */ FILE *pipe; /* ssh-agent handle */ const PASSWD *pwent; /* user's passwd entry */ int retval; /* from calls */ @@ -421,9 +427,10 @@ pam_sm_open_session( env_destroy(ssh_env); return PAM_SESSION_ERR; } + key.type = KEY_RSA; /* connect to the agent and hand off the private key */ if ((retval = pam_get_data(pamh, "ssh_private_key", - (const void **)&key)) != PAM_SUCCESS || + (const void **)&key.rsa)) != PAM_SUCCESS || (retval = pam_get_data(pamh, "ssh_key_comment", (const void **)&comment)) != PAM_SUCCESS || (retval = env_commit(ssh_env)) != PAM_SUCCESS) { @@ -436,7 +443,7 @@ pam_sm_open_session( env_destroy(ssh_env); return PAM_SESSION_ERR; } - retval = ssh_add_identity(ac, key, comment); + retval = ssh_add_identity(ac, key.rsa, comment); ssh_close_authentication_connection(ac); env_swap(ssh_env, 0); return retval ? PAM_SUCCESS : PAM_SESSION_ERR; |