1 files changed, 19 insertions, 12 deletions

diff --git a/security/openssh/files/pam_ssh.c b/security/openssh/files/pam_ssh.c
index 9392b9e3eaf1..7ee0788c4144 100644
--- a/security/openssh/files/pam_ssh.c
+++ b/security/openssh/files/pam_ssh.c
@@ -44,10 +44,14 @@
 #include <security/pam_modules.h>
 #include <security/pam_mod_misc.h>
 
+#include <openssl/dsa.h>
+
 #include "includes.h"
 #include "rsa.h"
+#include "key.h"
 #include "ssh.h"
 #include "authfd.h"
+#include "authfile.h"
 
 #define	MODULE_NAME	"pam_ssh"
 #define	NEED_PASSPHRASE	"Need passphrase for %s (%s).\nEnter passphrase: "
@@ -203,11 +207,11 @@ pam_sm_authenticate(
 	char		*comment_priv;		/* on private key */
 	char		*comment_pub;		/* on public key */
 	char		*identity;		/* user's identity file */
-	RSA		*key;			/* user's private key */
+	Key		 key;			/* user's private key */
 	int		 options;		/* module options */
 	const char	*pass;			/* passphrase */
 	char		*prompt;		/* passphrase prompt */
-	RSA		*public_key;		/* user's public key */
+	Key		 public_key;		/* user's public key */
 	const PASSWD	*pwent;			/* user's passwd entry */
 	PASSWD		*pwent_keep;		/* our own copy */
 	int		 retval;		/* from calls */
@@ -233,17 +237,19 @@ pam_sm_authenticate(
 	 * Fail unless we can load the public key.  Change to the
 	 * owner's UID to appease load_public_key().
 	 */
-	key = RSA_new();
-	public_key = RSA_new();
+	key.type = KEY_RSA;
+	key.rsa = RSA_new();
+	public_key.type = KEY_RSA;
+	public_key.rsa = RSA_new();
 	saved_uid = getuid();
 	(void)setreuid(pwent->pw_uid, saved_uid);
-	retval = load_public_key(identity, public_key, &comment_pub);
+	retval = load_public_key(identity, &public_key, &comment_pub);
 	(void)setuid(saved_uid);
 	if (!retval) {
 		free(identity);
 		return PAM_AUTH_ERR;
 	}
-	RSA_free(public_key);
+	RSA_free(public_key.rsa);
 	/* build the passphrase prompt */
 	retval = asprintf(&prompt, NEED_PASSPHRASE, identity, comment_pub);
 	free(comment_pub);
@@ -264,7 +270,7 @@ pam_sm_authenticate(
 	 * If success, the user is authenticated.
 	 */
 	(void)setreuid(pwent->pw_uid, saved_uid);
-	retval = load_private_key(identity, pass, key, &comment_priv);
+	retval = load_private_key(identity, pass, &key, &comment_priv);
 	free(identity);
 	(void)setuid(saved_uid);
 	if (!retval)
@@ -273,9 +279,9 @@ pam_sm_authenticate(
 	 * Save the key and comment to pass to ssh-agent in the session
 	 * phase.
 	 */
-	if ((retval = pam_set_data(pamh, "ssh_private_key", key,
+	if ((retval = pam_set_data(pamh, "ssh_private_key", key.rsa,
 	    rsa_cleanup)) != PAM_SUCCESS) {
-		RSA_free(key);
+		RSA_free(key.rsa);
 		free(comment_priv);
 		return retval;
 	}
@@ -327,7 +333,7 @@ pam_sm_open_session(
 	char		*env_end;		/* end of env */
 	char		*env_file;		/* to store env */
 	FILE		*env_fp;		/* env_file handle */
-	RSA		*key;			/* user's private key */
+	Key		 key;			/* user's private key */
 	FILE		*pipe;			/* ssh-agent handle */
 	const PASSWD	*pwent;			/* user's passwd entry */
 	int		 retval;		/* from calls */
@@ -421,9 +427,10 @@ pam_sm_open_session(
 		env_destroy(ssh_env);
 		return PAM_SESSION_ERR;
 	}
+	key.type = KEY_RSA;
 	/* connect to the agent and hand off the private key */
 	if ((retval = pam_get_data(pamh, "ssh_private_key",
-	    (const void **)&key)) != PAM_SUCCESS ||
+	    (const void **)&key.rsa)) != PAM_SUCCESS ||
 	    (retval = pam_get_data(pamh, "ssh_key_comment",
 	    (const void **)&comment)) != PAM_SUCCESS ||
 	    (retval = env_commit(ssh_env)) != PAM_SUCCESS) {
@@ -436,7 +443,7 @@ pam_sm_open_session(
 		env_destroy(ssh_env);
 		return PAM_SESSION_ERR;
 	}
-	retval = ssh_add_identity(ac, key, comment);
+	retval = ssh_add_identity(ac, key.rsa, comment);
 	ssh_close_authentication_connection(ac);
 	env_swap(ssh_env, 0);
 	return retval ? PAM_SUCCESS : PAM_SESSION_ERR;