Merge pull request #90142 from wmertens/pam-ssh-agent
pam_ssh_agent_auth: 0.10.3 -> 0.10.4
This commit is contained in:
commit
2194012d3b
2 changed files with 46 additions and 34 deletions
|
@ -1,46 +1,52 @@
|
|||
{ stdenv, fetchpatch, fetchurl, pam, openssl, perl }:
|
||||
{ stdenv, fetchpatch, fetchFromGitHub, pam, openssl, perl }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "pam_ssh_agent_auth-0.10.3";
|
||||
pname = "pam_ssh_agent_auth";
|
||||
version = "0.10.4";
|
||||
|
||||
src = fetchurl {
|
||||
url = "mirror://sourceforge/pamsshagentauth/${name}.tar.bz2";
|
||||
sha256 = "0qx78x7nvqdscyp04hfijl4rgyf64xy03prr28hipvgasrcd6lrw";
|
||||
src = fetchFromGitHub {
|
||||
owner = "jbeverly";
|
||||
repo = "pam_ssh_agent_auth";
|
||||
rev = "pam_ssh_agent_auth-${version}";
|
||||
sha256 = "YD1R8Cox0UoNiuWleKGzWSzxJ5lhDRCB2mZPp9OM6Cs=";
|
||||
};
|
||||
|
||||
patches =
|
||||
[ # Allow multiple colon-separated authorized keys files to be
|
||||
# specified in the file= option.
|
||||
./multiple-key-files.patch
|
||||
(fetchpatch {
|
||||
name = "openssl-1.1.1-1.patch";
|
||||
url = "https://sources.debian.org/data/main/p/pam-ssh-agent-auth/0.10.3-3/debian/patches/openssl-1.1.1-1.patch";
|
||||
sha256 = "1ndp5j4xfhzshhnl345gb4mkldx6vjfa7284xgng6ikhzpc6y7pf";
|
||||
})
|
||||
(fetchpatch {
|
||||
name = "openssl-1.1.1-2.patch";
|
||||
url = "https://sources.debian.org/data/main/p/pam-ssh-agent-auth/0.10.3-3/debian/patches/openssl-1.1.1-2.patch";
|
||||
sha256 = "0ksrs4xr417by8klf7862n3dircvnw30an1akq4pnsd3ichscmww";
|
||||
})
|
||||
];
|
||||
ed25519-donna = fetchFromGitHub {
|
||||
owner = "floodyberry";
|
||||
repo = "ed25519-donna";
|
||||
rev = "8757bd4cd209cb032853ece0ce413f122eef212c";
|
||||
sha256 = "ETFpIaWQnlYG8ZuDG2dNjUJddlvibB4ukHquTFn3NZM=";
|
||||
};
|
||||
|
||||
buildInputs = [ pam openssl perl ];
|
||||
|
||||
# It's not clear to me why this is necessary, but without it, you see:
|
||||
#
|
||||
# checking OpenSSL header version... 1010104f (OpenSSL 1.1.1d 10 Sep 2019)
|
||||
# checking OpenSSL library version... 1010104f (OpenSSL 1.1.1d 10 Sep 2019)
|
||||
# checking whether OpenSSL's headers match the library... no
|
||||
# configure: WARNING: Your OpenSSL headers do not match your
|
||||
# library. Check config.log for details.
|
||||
#
|
||||
# ...despite the fact that clearly the values match
|
||||
configureFlags = [ "--without-openssl-header-check" ];
|
||||
patches = [
|
||||
# Allow multiple colon-separated authorized keys files to be
|
||||
# specified in the file= option.
|
||||
./multiple-key-files.patch
|
||||
];
|
||||
|
||||
configureFlags = [
|
||||
# It's not clear to me why this is necessary, but without it, you see:
|
||||
#
|
||||
# checking OpenSSL header version... 1010108f (OpenSSL 1.1.1h 22 Sep 2020)
|
||||
# checking OpenSSL library version... 1010108f (OpenSSL 1.1.1h 22 Sep 2020)
|
||||
# checking whether OpenSSL's headers match the library... no
|
||||
# configure: WARNING: Your OpenSSL headers do not match your
|
||||
# library. Check config.log for details.
|
||||
#
|
||||
# ...despite the fact that clearly the values match
|
||||
"--without-openssl-header-check"
|
||||
# Make sure it can find ed25519-donna
|
||||
"--with-cflags=-I$PWD"
|
||||
];
|
||||
|
||||
prePatch = "cp -r ${ed25519-donna}/. ed25519-donna/.";
|
||||
|
||||
enableParallelBuilding = true;
|
||||
|
||||
meta = {
|
||||
homepage = "http://pamsshagentauth.sourceforge.net/";
|
||||
homepage = "https://github.com/jbeverly/pam_ssh_agent_auth";
|
||||
description = "PAM module for authentication through the SSH agent";
|
||||
maintainers = [ stdenv.lib.maintainers.eelco ];
|
||||
platforms = stdenv.lib.platforms.linux;
|
||||
|
|
|
@ -87,21 +87,27 @@ diff -u pam_ssh_agent_auth-0.10.3-orig/pam_ssh_agent_auth.c pam_ssh_agent_auth-0
|
|||
|
||||
/*
|
||||
* PAM_USER and PAM_RUSER do not necessarily have to get set by the calling application, and we may be unable to divine the latter.
|
||||
@@ -187,16 +184,17 @@
|
||||
@@ -184,5 +181,5 @@
|
||||
*/
|
||||
|
||||
if(user && strlen(ruser) > 0) {
|
||||
- pamsshagentauth_verbose("Attempting authentication: `%s' as `%s' using %s", ruser, user, authorized_keys_file);
|
||||
+ pamsshagentauth_verbose("Attempting authentication: `%s' as `%s' using %s", ruser, user, authorized_keys_file_input);
|
||||
|
||||
@@ -201,3 +197,3 @@
|
||||
retval = PAM_SUCCESS;
|
||||
- pamsshagentauth_logit("Authenticated (sshd): `%s' as `%s' using %s", ruser, user, authorized_keys_file);
|
||||
+ pamsshagentauth_logit("Authenticated (sshd): `%s' as `%s' using %s", ruser, user, authorized_keys_file_input);
|
||||
|
||||
@@ -211,11 +208,12 @@
|
||||
/*
|
||||
* this pw_uid is used to validate the SSH_AUTH_SOCK, and so must be the uid of the ruser invoking the program, not the target-user
|
||||
*/
|
||||
- if(pamsshagentauth_find_authorized_keys(user, ruser, servicename)) { /* getpwnam(ruser)->pw_uid)) { */
|
||||
- pamsshagentauth_logit("Authenticated: `%s' as `%s' using %s", ruser, user, authorized_keys_file);
|
||||
- pamsshagentauth_logit("Authenticated (agent): `%s' as `%s' using %s", ruser, user, authorized_keys_file);
|
||||
+ const char *key_file;
|
||||
+ if((key_file = pamsshagentauth_find_authorized_keys(user, ruser, servicename))) { /* getpwnam(ruser)->pw_uid)) { */
|
||||
+ pamsshagentauth_logit("Authenticated: `%s' as `%s' using %s", ruser, user, key_file);
|
||||
+ pamsshagentauth_logit("Authenticated (agent): `%s' as `%s' using %s", ruser, user, key_file);
|
||||
retval = PAM_SUCCESS;
|
||||
} else {
|
||||
- pamsshagentauth_logit("Failed Authentication: `%s' as `%s' using %s", ruser, user, authorized_keys_file);
|
||||
|
|
Loading…
Reference in a new issue