Merge pull request #90142 from wmertens/pam-ssh-agent

pam_ssh_agent_auth: 0.10.3 -> 0.10.4
This commit is contained in:
Wout Mertens 2020-12-21 16:29:59 +01:00 committed by GitHub
commit 2194012d3b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 46 additions and 34 deletions

View file

@ -1,46 +1,52 @@
{ stdenv, fetchpatch, fetchurl, pam, openssl, perl }:
{ stdenv, fetchpatch, fetchFromGitHub, pam, openssl, perl }:
stdenv.mkDerivation rec {
name = "pam_ssh_agent_auth-0.10.3";
pname = "pam_ssh_agent_auth";
version = "0.10.4";
src = fetchurl {
url = "mirror://sourceforge/pamsshagentauth/${name}.tar.bz2";
sha256 = "0qx78x7nvqdscyp04hfijl4rgyf64xy03prr28hipvgasrcd6lrw";
src = fetchFromGitHub {
owner = "jbeverly";
repo = "pam_ssh_agent_auth";
rev = "pam_ssh_agent_auth-${version}";
sha256 = "YD1R8Cox0UoNiuWleKGzWSzxJ5lhDRCB2mZPp9OM6Cs=";
};
patches =
[ # Allow multiple colon-separated authorized keys files to be
# specified in the file= option.
./multiple-key-files.patch
(fetchpatch {
name = "openssl-1.1.1-1.patch";
url = "https://sources.debian.org/data/main/p/pam-ssh-agent-auth/0.10.3-3/debian/patches/openssl-1.1.1-1.patch";
sha256 = "1ndp5j4xfhzshhnl345gb4mkldx6vjfa7284xgng6ikhzpc6y7pf";
})
(fetchpatch {
name = "openssl-1.1.1-2.patch";
url = "https://sources.debian.org/data/main/p/pam-ssh-agent-auth/0.10.3-3/debian/patches/openssl-1.1.1-2.patch";
sha256 = "0ksrs4xr417by8klf7862n3dircvnw30an1akq4pnsd3ichscmww";
})
];
ed25519-donna = fetchFromGitHub {
owner = "floodyberry";
repo = "ed25519-donna";
rev = "8757bd4cd209cb032853ece0ce413f122eef212c";
sha256 = "ETFpIaWQnlYG8ZuDG2dNjUJddlvibB4ukHquTFn3NZM=";
};
buildInputs = [ pam openssl perl ];
# It's not clear to me why this is necessary, but without it, you see:
#
# checking OpenSSL header version... 1010104f (OpenSSL 1.1.1d 10 Sep 2019)
# checking OpenSSL library version... 1010104f (OpenSSL 1.1.1d 10 Sep 2019)
# checking whether OpenSSL's headers match the library... no
# configure: WARNING: Your OpenSSL headers do not match your
# library. Check config.log for details.
#
# ...despite the fact that clearly the values match
configureFlags = [ "--without-openssl-header-check" ];
patches = [
# Allow multiple colon-separated authorized keys files to be
# specified in the file= option.
./multiple-key-files.patch
];
configureFlags = [
# It's not clear to me why this is necessary, but without it, you see:
#
# checking OpenSSL header version... 1010108f (OpenSSL 1.1.1h 22 Sep 2020)
# checking OpenSSL library version... 1010108f (OpenSSL 1.1.1h 22 Sep 2020)
# checking whether OpenSSL's headers match the library... no
# configure: WARNING: Your OpenSSL headers do not match your
# library. Check config.log for details.
#
# ...despite the fact that clearly the values match
"--without-openssl-header-check"
# Make sure it can find ed25519-donna
"--with-cflags=-I$PWD"
];
prePatch = "cp -r ${ed25519-donna}/. ed25519-donna/.";
enableParallelBuilding = true;
meta = {
homepage = "http://pamsshagentauth.sourceforge.net/";
homepage = "https://github.com/jbeverly/pam_ssh_agent_auth";
description = "PAM module for authentication through the SSH agent";
maintainers = [ stdenv.lib.maintainers.eelco ];
platforms = stdenv.lib.platforms.linux;

View file

@ -87,21 +87,27 @@ diff -u pam_ssh_agent_auth-0.10.3-orig/pam_ssh_agent_auth.c pam_ssh_agent_auth-0
/*
* PAM_USER and PAM_RUSER do not necessarily have to get set by the calling application, and we may be unable to divine the latter.
@@ -187,16 +184,17 @@
@@ -184,5 +181,5 @@
*/
if(user && strlen(ruser) > 0) {
- pamsshagentauth_verbose("Attempting authentication: `%s' as `%s' using %s", ruser, user, authorized_keys_file);
+ pamsshagentauth_verbose("Attempting authentication: `%s' as `%s' using %s", ruser, user, authorized_keys_file_input);
@@ -201,3 +197,3 @@
retval = PAM_SUCCESS;
- pamsshagentauth_logit("Authenticated (sshd): `%s' as `%s' using %s", ruser, user, authorized_keys_file);
+ pamsshagentauth_logit("Authenticated (sshd): `%s' as `%s' using %s", ruser, user, authorized_keys_file_input);
@@ -211,11 +208,12 @@
/*
* this pw_uid is used to validate the SSH_AUTH_SOCK, and so must be the uid of the ruser invoking the program, not the target-user
*/
- if(pamsshagentauth_find_authorized_keys(user, ruser, servicename)) { /* getpwnam(ruser)->pw_uid)) { */
- pamsshagentauth_logit("Authenticated: `%s' as `%s' using %s", ruser, user, authorized_keys_file);
- pamsshagentauth_logit("Authenticated (agent): `%s' as `%s' using %s", ruser, user, authorized_keys_file);
+ const char *key_file;
+ if((key_file = pamsshagentauth_find_authorized_keys(user, ruser, servicename))) { /* getpwnam(ruser)->pw_uid)) { */
+ pamsshagentauth_logit("Authenticated: `%s' as `%s' using %s", ruser, user, key_file);
+ pamsshagentauth_logit("Authenticated (agent): `%s' as `%s' using %s", ruser, user, key_file);
retval = PAM_SUCCESS;
} else {
- pamsshagentauth_logit("Failed Authentication: `%s' as `%s' using %s", ruser, user, authorized_keys_file);