[Midnightbsd-cvs] src [12243] trunk/lib/libpam/modules/pam_ssh: tag

laffer1 at midnightbsd.org laffer1 at midnightbsd.org
Thu Aug 8 21:36:54 EDT 2019 

Revision: 12243
          http://svnweb.midnightbsd.org/src/?rev=12243
Author:   laffer1
Date:     2019-08-08 21:36:53 -0400 (Thu, 08 Aug 2019)
Log Message:
-----------
tag

Modified Paths:
--------------
    trunk/lib/libpam/modules/pam_ssh/pam_ssh.8
    trunk/lib/libpam/modules/pam_ssh/pam_ssh.c

Modified: trunk/lib/libpam/modules/pam_ssh/pam_ssh.8
===================================================================
--- trunk/lib/libpam/modules/pam_ssh/pam_ssh.8	2019-08-09 01:32:27 UTC (rev 12242)
+++ trunk/lib/libpam/modules/pam_ssh/pam_ssh.8	2019-08-09 01:36:53 UTC (rev 12243)
@@ -33,7 +33,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $FreeBSD: stable/10/lib/libpam/modules/pam_ssh/pam_ssh.8 226101 2011-10-07 12:58:33Z des $
+.\" $FreeBSD: stable/11/lib/libpam/modules/pam_ssh/pam_ssh.8 306308 2016-09-25 09:36:52Z roberto $
 .\"
 .Dd October 7, 2011
 .Dt PAM_SSH 8
@@ -129,9 +129,7 @@
 authentication phase.
 .El
 .Sh FILES
-.Bl -tag -width ".Pa $HOME/.ssh/identity" -compact
-.It Pa $HOME/.ssh/identity
-SSH1 RSA key
+.Bl -tag -width ".Pa $HOME/.ssh/id_ed25519" -compact
 .It Pa $HOME/.ssh/id_rsa
 SSH2 RSA key
 .It Pa $HOME/.ssh/id_dsa
@@ -138,6 +136,8 @@
 SSH2 DSA key
 .It Pa $HOME/.ssh/id_ecdsa
 SSH2 ECDSA key
+.It Pa $HOME/.ssh/id_ed25519
+SSH2 Ed25519 key
 .El
 .Sh SEE ALSO
 .Xr ssh-agent 1 ,
@@ -148,7 +148,7 @@
 .Nm
 module was originally written by
 .An -nosplit
-.An "Andrew J. Korty" Aq ajk at iu.edu .
+.An Andrew J. Korty Aq Mt ajk at iu.edu .
 The current implementation was developed for the
 .Fx
 Project by
@@ -157,4 +157,4 @@
 .Pq Dq CBOSS ,
 as part of the DARPA CHATS research program.
 This manual page was written by
-.An "Mark R V Murray" Aq markm at FreeBSD.org .
+.An Mark R V Murray Aq Mt markm at FreeBSD.org .

Modified: trunk/lib/libpam/modules/pam_ssh/pam_ssh.c
===================================================================
--- trunk/lib/libpam/modules/pam_ssh/pam_ssh.c	2019-08-09 01:32:27 UTC (rev 12242)
+++ trunk/lib/libpam/modules/pam_ssh/pam_ssh.c	2019-08-09 01:36:53 UTC (rev 12243)
@@ -1,5 +1,7 @@
 /* $MidnightBSD$ */
 /*-
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
  * Copyright (c) 2003 Networks Associates Technology, Inc.
  * Copyright (c) 2004-2011 Dag-Erling Smørgrav
  * All rights reserved.
@@ -35,7 +37,7 @@
  */
 
 #include <sys/cdefs.h>
-__FBSDID("$FreeBSD: stable/10/lib/libpam/modules/pam_ssh/pam_ssh.c 296781 2016-03-12 23:53:20Z des $");
+__FBSDID("$FreeBSD: head/lib/libpam/modules/pam_ssh/pam_ssh.c 338561 2018-09-10 16:20:12Z des $");
 
 #include <sys/param.h>
 #include <sys/wait.h>
@@ -59,19 +61,18 @@
 #include <openssl/evp.h>
 
 #define __bounded__(x, y, z)
-#include "key.h"
-#include "buffer.h"
 #include "authfd.h"
 #include "authfile.h"
+#include "sshkey.h"
 
 #define ssh_add_identity(auth, key, comment) \
-	ssh_add_identity_constrained(auth, key, comment, 0, 0)
+	ssh_add_identity_constrained(auth, key, comment, 0, 0, 0)
 
 extern char **environ;
 
 struct pam_ssh_key {
-	Key	*key;
-	char	*comment;
+	struct sshkey	*key;
+	char		*comment;
 };
 
 static const char *pam_ssh_prompt = "SSH passphrase: ";
@@ -78,10 +79,10 @@
 static const char *pam_ssh_have_keys = "pam_ssh_have_keys";
 
 static const char *pam_ssh_keyfiles[] = {
-	".ssh/identity",	/* SSH1 RSA key */
 	".ssh/id_rsa",		/* SSH2 RSA key */
 	".ssh/id_dsa",		/* SSH2 DSA key */
 	".ssh/id_ecdsa",	/* SSH2 ECDSA key */
+	".ssh/id_ed25519",	/* SSH2 Ed25519 key */
 	NULL
 };
 
@@ -100,14 +101,14 @@
 pam_ssh_load_key(const char *dir, const char *kfn, const char *passphrase,
     int nullok)
 {
+	char fn[PATH_MAX];
 	struct pam_ssh_key *psk;
-	char fn[PATH_MAX];
+	struct sshkey *key;
 	char *comment;
-	Key *key;
+	int ret;
 
 	if (snprintf(fn, sizeof(fn), "%s/%s", dir, kfn) > (int)sizeof(fn))
 		return (NULL);
-	comment = NULL;
 	/*
 	 * If the key is unencrypted, OpenSSL ignores the passphrase, so
 	 * it will seem like the user typed in the right one.  This allows
@@ -116,14 +117,14 @@
 	 * with an empty passphrase, and if the key is not encrypted,
 	 * accept only an empty passphrase.
 	 */
-	key = key_load_private(fn, "", &comment);
-	if (key != NULL && !(*passphrase == '\0' && nullok)) {
-		key_free(key);
+	ret = sshkey_load_private(fn, "", &key, &comment);
+	if (ret == 0 && !(*passphrase == '\0' && nullok)) {
+		sshkey_free(key);
 		return (NULL);
 	}
-	if (key == NULL)
-		key = key_load_private(fn, passphrase, &comment);
-	if (key == NULL) {
+	if (ret != 0)
+		ret = sshkey_load_private(fn, passphrase, &key, &comment);
+	if (ret != 0) {
 		openpam_log(PAM_LOG_DEBUG, "failed to load key from %s", fn);
 		return (NULL);
 	}
@@ -130,7 +131,7 @@
 
 	openpam_log(PAM_LOG_DEBUG, "loaded '%s' from %s", comment, fn);
 	if ((psk = malloc(sizeof(*psk))) == NULL) {
-		key_free(key);
+		sshkey_free(key);
 		free(comment);
 		return (NULL);
 	}
@@ -149,7 +150,7 @@
 	struct pam_ssh_key *psk;
 
 	psk = data;
-	key_free(psk->key);
+	sshkey_free(psk->key);
 	free(psk->comment);
 	free(psk);
 }

More information about the Midnightbsd-cvs mailing list