[Pkg-ltsp-devel] Bug#805879: libpam-sshauth dropped support for publickey authentication
Eric Desrochers
eric.desrochers at canonical.com
Mon Nov 23 15:01:23 UTC 2015
Description:
New version of this lib shipped has dropped this feature; which is apparently related to author switching to using libssh2 (was using libssh before).
Revision #108 has been approved and merged upstream to add back support for publickey authentication & ssh-agent.
Reference:
https://code.launchpad.net/~benoit-guyard/ltsp/libpam-sshauth/+merge/273930
--
Eric Desrochers | Mobile: +1 438 399 7175 (Eastern Time)
Technical Account Manager | Canonical Canada, Ltd.
<eric.desrochers at canonical.com> | GPG: 2048R/8F1CA067
-------------- next part --------------
diff -Nru libpam-sshauth-0.3.1/debian/changelog libpam-sshauth-0.3.1/debian/changelog
--- libpam-sshauth-0.3.1/debian/changelog 2013-07-04 14:16:58.000000000 -0400
+++ libpam-sshauth-0.3.1/debian/changelog 2015-11-23 09:54:44.000000000 -0500
@@ -1,3 +1,10 @@
+libpam-sshauth (0.3.1-2) unstable; urgency=low
+
+ * debian/patches/add-back-support-for-publickey-authentication.patch: Added back
+ support for publickey authentication (Closes: #805879)
+
+ -- Eric Desrochers <eric.desrochers at canonical.com> Mon, 23 Nov 2015 09:51:52 -0500
+
libpam-sshauth (0.3.1-1) unstable; urgency=low
* New upstream version:
diff -Nru libpam-sshauth-0.3.1/debian/patches/add-back-support-for-publickey-authentication.patch libpam-sshauth-0.3.1/debian/patches/add-back-support-for-publickey-authentication.patch
--- libpam-sshauth-0.3.1/debian/patches/add-back-support-for-publickey-authentication.patch 1969-12-31 19:00:00.000000000 -0500
+++ libpam-sshauth-0.3.1/debian/patches/add-back-support-for-publickey-authentication.patch 2015-11-23 09:51:33.000000000 -0500
@@ -0,0 +1,113 @@
+Description: Added back support for publickey authentication
+
+libpam-sshauth used to support publickey authentication with ssh-agent.
+version 0.3-1 dropped this feature which is related to author switching to using libssh2.
+
+Author: Benoit Guyard <benoit.guyard at eidosmontreal.com>
+Origin: upstream, https://code.launchpad.net/~benoit-guyard/ltsp/libpam-sshauth/+merge/273930
+--- a/src/auth_funcs.c
++++ b/src/auth_funcs.c
+@@ -37,6 +37,7 @@
+
+ #define SSH_AUTH_METHOD_PASSWORD 1
+ #define SSH_AUTH_METHOD_INTERACTIVE 2
++#define SSH_AUTH_METHOD_PUBLICKEY 3
+
+ #define SSH_AUTH_SUCCESS 0
+ #define SSH_AUTH_ERROR 1
+@@ -184,8 +185,10 @@
+ char *userauthlist;
+ struct hostent *server;
+ struct sockaddr_in serv_addr;
++ struct libssh2_agent_publickey *identity, *prev_identity = NULL;
+ LIBSSH2_SESSION *session = NULL;
+ LIBSSH2_KNOWNHOSTS *nh = NULL;
++ LIBSSH2_AGENT *agent = NULL;
+ size_t len;
+ FILE *khf;
+
+@@ -381,10 +384,84 @@
+ {
+ method |= SSH_AUTH_METHOD_INTERACTIVE;
+ }
++ if (strstr (userauthlist, "publickey") != NULL)
++ {
++ method |= SSH_AUTH_METHOD_PUBLICKEY;
++ }
+
+ do
+ {
+ /*
++ * Authenticate depending on the method available.
++ * Try public key first.
++ */
++
++ if (method & SSH_AUTH_METHOD_PUBLICKEY)
++ {
++ pam_debug(pamh, "Trying public key authentication.");
++
++ /* Connect to the ssh-agent */
++ agent = libssh2_agent_init(session);
++
++ if (!agent)
++ {
++ pam_debug(pamh, "Failure initializing ssh-agent support.");
++ goto fail;
++ }
++
++ if (libssh2_agent_connect(agent))
++ {
++ pam_debug(pamh, "Failure connecting to ssh-agent.");
++ goto fail;
++ }
++
++ if (libssh2_agent_list_identities(agent))
++ {
++ pam_debug(pamh, "Failure requesting identities to ssh-agent.");
++ goto fail;
++ }
++
++ while (1)
++ {
++ ssh_result = libssh2_agent_get_identity(agent, &identity, prev_identity);
++
++ if (ssh_result == 1)
++ break;
++
++ if (ssh_result < 0)
++ {
++ pam_debug(pamh, "Failure obtaining identity from ssh-agent support.");
++ ssh_result = 1;
++ goto fail;
++ }
++
++ if (libssh2_agent_userauth(agent, username, identity))
++ {
++ pam_debug(pamh, "Publickey authentication failed!");
++ }
++ else
++ {
++ pam_debug(pamh, "Publickey Authentication succeeded!");
++ break;
++ }
++ prev_identity = identity;
++ }
++
++ if (ssh_result)
++ {
++ pam_debug(pamh, "Couldn't continue authentication.");
++ goto fail;
++ }
++
++ /* We're authenticated now. */
++ if (ssh_result == SSH_AUTH_SUCCESS)
++ {
++ libssh2_agent_disconnect(agent);
++ break;
++ }
++ }
++
++ /*
+ * Try keyboard interactive next, if supported.
+ */
+
diff -Nru libpam-sshauth-0.3.1/debian/patches/series libpam-sshauth-0.3.1/debian/patches/series
--- libpam-sshauth-0.3.1/debian/patches/series 1969-12-31 19:00:00.000000000 -0500
+++ libpam-sshauth-0.3.1/debian/patches/series 2015-11-23 09:51:33.000000000 -0500
@@ -0,0 +1 @@
+add-back-support-for-publickey-authentication.patch
More information about the Pkg-ltsp-devel
mailing list