Hello community, here is the log from the commit of package pam_ssh checked in at Thu Jun 1 00:14:07 CEST 2006. -------- --- pam_ssh/pam_ssh.changes 2006-01-25 21:39:15.000000000 +0100 +++ pam_ssh/pam_ssh.changes 2006-05-31 23:28:58.000000000 +0200 @@ -1,0 +2,9 @@ +Wed May 31 23:28:20 CEST 2006 - stark@suse.de + +- update to version 1.92 + * allow working as session module without authentication + (workaround for #173803) + * incorporated include fixes +- fixed syslog logging (part of #177885) + +------------------------------------------------------------------- Old: ---- pam_ssh-1.91.diff pam_ssh-1.91.tar.bz2 New: ---- logging.patch pam_ssh-1.92.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pam_ssh.spec ++++++ --- /var/tmp/diff_new_pack.e2PjeB/_old 2006-06-01 00:13:58.000000000 +0200 +++ /var/tmp/diff_new_pack.e2PjeB/_new 2006-06-01 00:13:58.000000000 +0200 @@ -1,11 +1,11 @@ # -# spec file for package pam_ssh (Version 1.91) +# spec file for package pam_ssh (Version 1.92) # -# Copyright (c) 2005 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine # package are under the same license as the package itself. # -# Please submit bugfixes or comments via http://www.suse.de/feedback/ +# Please submit bugfixes or comments via http://bugs.opensuse.org/ # # norootforbuild @@ -15,12 +15,12 @@ License: BSD Group: Productivity/Networking/SSH Autoreqprov: on -Version: 1.91 -Release: 7 +Version: 1.92 +Release: 1 Summary: PAM Module for SSH Authentication -URL: http://sourceforge.net/projects/pam-ssh/ -Source: pam_ssh-1.91.tar.bz2 -Patch: pam_ssh-1.91.diff +URL: http://developer.novell.com/wiki/index.php/Pam_ssh +Source: %{name}-%{version}.tar.bz2 +Patch1: logging.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -37,15 +37,17 @@ Roderick Schertler %prep -%setup -q -n pam_ssh-1.91 -%patch +%setup -q +%patch1 %build %{suse_update_config -f} autoreconf --verbose --force --install CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" \ -./configure --libdir=/%{_lib} --with-pamdir=/%{_lib}/security \ - --prefix=/usr --mandir=%{_mandir} +./configure --libdir=/%{_lib} \ + --with-pamdir=/%{_lib}/security \ + --prefix=%{_prefix} \ + --mandir=%{_mandir} make %install @@ -65,6 +67,12 @@ %attr(444,root,root) %_mandir/man*/*.* %changelog -n pam_ssh +* Wed May 31 2006 - stark@suse.de +- update to version 1.92 + * allow working as session module without authentication + (workaround for #173803) + * incorporated include fixes +- fixed syslog logging (part of #177885) * Wed Jan 25 2006 - mls@suse.de - converted neededforbuild to BuildRequires * Fri Oct 14 2005 - ro@suse.de ++++++ logging.patch ++++++ --- pam_ssh.c +++ pam_ssh.c @@ -147,16 +147,19 @@ pam_ssh_log(int priority, const char *fmt, ...) { va_list ap; /* variable argument list */ - int errno_saved; /* for caching errno */ - char *tagged; /* format tagged with module name */ + //int errno_saved; /* for caching errno */ + //char *tagged; /* format tagged with module name */ - errno_saved = errno; - asprintf(&tagged, "%s: %s", MODULE_NAME, fmt); + openlog(MODULE_NAME, LOG_PID, LOG_AUTHPRIV); + //errno_saved = errno; + //asprintf(&tagged, "%s: %s", MODULE_NAME, fmt); va_start(ap, fmt); - errno = errno_saved; - vsyslog(priority, tagged ? tagged : fmt, ap); - free(tagged); + //errno = errno_saved; + //vsyslog(priority, tagged ? tagged : fmt, ap); + vsyslog(priority, fmt, ap); + //free(tagged); va_end(ap); + closelog(); } @@ -355,7 +358,7 @@ int retval; /* from calls */ const char *user; /* username */ - log_init(MODULE_NAME, SYSLOG_LEVEL_ERROR, SYSLOG_FACILITY_AUTHPRIV, 0); + //log_init(MODULE_NAME, SYSLOG_LEVEL_ERROR, SYSLOG_FACILITY_AUTHPRIV, 0); allow_blank_passphrase = 0; keyfiles = kfspec = NULL; @@ -517,7 +520,7 @@ const char *tty_raw; /* raw tty or display name */ char *tty_nodir; /* tty without / chars */ - log_init(MODULE_NAME, SYSLOG_LEVEL_ERROR, SYSLOG_FACILITY_AUTHPRIV, 0); + //log_init(MODULE_NAME, SYSLOG_LEVEL_ERROR, SYSLOG_FACILITY_AUTHPRIV, 0); /* dump output of ssh-agent in ~/.ssh */ if ((retval = pam_get_data(pamh, "ssh_passwd_entry", ++++++ pam_ssh-1.91.tar.bz2 -> pam_ssh-1.92.tar.bz2 ++++++ diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_ssh-1.91/AUTHORS new/pam_ssh-1.92/AUTHORS --- old/pam_ssh-1.91/AUTHORS 2002-04-07 20:49:16.000000000 +0200 +++ new/pam_ssh-1.92/AUTHORS 2006-05-31 23:03:57.000000000 +0200 @@ -1,3 +1,3 @@ -$Id: AUTHORS,v 1.1 2002/04/07 18:49:16 akorty Exp $ - -Written by Andrew J. Korty <ajk@iu.edu>. +Andrew J. Korty <ajk@iu.edu> +Roderick Schertler +Patrice Dumas diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_ssh-1.91/COPYING new/pam_ssh-1.92/COPYING --- old/pam_ssh-1.91/COPYING 2004-02-19 21:47:56.000000000 +0100 +++ new/pam_ssh-1.92/COPYING 2006-05-31 23:05:00.000000000 +0200 @@ -1,5 +1,3 @@ -$Id: COPYING,v 1.5 2004/02/19 20:47:56 akorty Exp $ - Copyright (c) 1999, 2000, 2001, 2002, 2004 Andrew J. Korty All rights reserved. diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_ssh-1.91/ChangeLog new/pam_ssh-1.92/ChangeLog --- old/pam_ssh-1.91/ChangeLog 2004-04-12 16:34:51.000000000 +0200 +++ new/pam_ssh-1.92/ChangeLog 2006-05-31 23:02:20.000000000 +0200 @@ -1,3 +1,13 @@ +Version 1.92 released +===================== + +2006-05-31 Wolfgang Rosenauer + + * cipher.c, openpam_borrow_cred.c, openpam_restore_cred.c, pam_ssh.c: + added some needed includes + * pam_ssh.c: don't rely on authentication for the session functions + and don't save the passwd entry for them + Version 1.91 released ===================== diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_ssh-1.91/NEWS new/pam_ssh-1.92/NEWS --- old/pam_ssh-1.91/NEWS 2004-04-12 16:21:38.000000000 +0200 +++ new/pam_ssh-1.92/NEWS 2006-05-31 23:07:55.000000000 +0200 @@ -1,4 +1,8 @@ -$Id: NEWS,v 1.9 2004/04/12 14:21:38 akorty Exp $ +Version 1.92 +============ + +The module is usable now for session use only if wanted. It starts +an ssh-agent without adding keys to it in that case. Version 1.91 ============ diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_ssh-1.91/README new/pam_ssh-1.92/README --- old/pam_ssh-1.91/README 2004-04-12 14:13:00.000000000 +0200 +++ new/pam_ssh-1.92/README 2006-05-31 22:51:42.000000000 +0200 @@ -1,5 +1,3 @@ -$Id: README,v 1.2 2004/02/21 14:41:38 akorty Exp $ - This PAM module provides single sign-on behavior for SSH. The user types an SSH passphrase when logging in (probably to GDM, KDM, or XDM) and is authenticated if the passphrase successfully decrypts the @@ -8,4 +6,5 @@ user can SSH to other hosts that accept key authentication without typing any passwords. -http://sourceforge.net/projects/pam-ssh/ +http://developer.novell.com/wiki/index.php/Pam_ssh +(http://sourceforge.net/projects/pam-ssh/) diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_ssh-1.91/TODO new/pam_ssh-1.92/TODO --- old/pam_ssh-1.91/TODO 2002-08-09 20:59:00.000000000 +0200 +++ new/pam_ssh-1.92/TODO 2006-05-31 23:12:32.000000000 +0200 @@ -1,4 +1,4 @@ -$Id: TODO,v 1.4 2002/08/09 18:59:00 akorty Exp $ +* fix and cleanup logging stuff * Unit testing diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_ssh-1.91/cipher.c new/pam_ssh-1.92/cipher.c --- old/pam_ssh-1.91/cipher.c 2004-02-19 19:58:20.000000000 +0100 +++ new/pam_ssh-1.92/cipher.c 2006-05-31 22:50:48.000000000 +0200 @@ -39,6 +39,7 @@ #include <string.h> #include <openssl/evp.h> +#include <openssl/md5.h> #include <config.h> #include "cipher.h" diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_ssh-1.91/configure new/pam_ssh-1.92/configure --- old/pam_ssh-1.91/configure 2004-04-12 16:31:40.000000000 +0200 +++ new/pam_ssh-1.92/configure 2006-05-31 23:17:32.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.58 for pam_ssh 1.91. +# Generated by GNU Autoconf 2.58 for pam_ssh 1.92. # # Report bugs to <ajk@waterspout.com>. # @@ -428,8 +428,8 @@ # Identity of this package. PACKAGE_NAME='pam_ssh' PACKAGE_TARNAME='pam_ssh' -PACKAGE_VERSION='1.91' -PACKAGE_STRING='pam_ssh 1.91' +PACKAGE_VERSION='1.92' +PACKAGE_STRING='pam_ssh 1.92' PACKAGE_BUGREPORT='ajk@waterspout.com' ac_unique_file="pam_ssh.c" @@ -939,7 +939,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures pam_ssh 1.91 to adapt to many kinds of systems. +\`configure' configures pam_ssh 1.92 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1006,7 +1006,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of pam_ssh 1.91:";; + short | recursive ) echo "Configuration of pam_ssh 1.92:";; esac cat <<\_ACEOF @@ -1133,7 +1133,7 @@ test -n "$ac_init_help" && exit 0 if $ac_init_version; then cat <<\_ACEOF -pam_ssh configure 1.91 +pam_ssh configure 1.92 generated by GNU Autoconf 2.58 Copyright (C) 2003 Free Software Foundation, Inc. @@ -1147,7 +1147,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by pam_ssh $as_me 1.91, which was +It was created by pam_ssh $as_me 1.92, which was generated by GNU Autoconf 2.58. Invocation command line was $ $0 $@ @@ -1865,7 +1865,7 @@ # Define the identity of the package. PACKAGE=pam_ssh - VERSION=1.91 + VERSION=1.92 cat >>confdefs.h <<_ACEOF @@ -11291,7 +11291,7 @@ } >&5 cat >&5 <<_CSEOF -This file was extended by pam_ssh $as_me 1.91, which was +This file was extended by pam_ssh $as_me 1.92, which was generated by GNU Autoconf 2.58. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -11354,7 +11354,7 @@ cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ -pam_ssh config.status 1.91 +pam_ssh config.status 1.92 configured by $0, generated by GNU Autoconf 2.58, with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\" diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_ssh-1.91/configure.ac new/pam_ssh-1.92/configure.ac --- old/pam_ssh-1.91/configure.ac 2004-04-12 16:21:48.000000000 +0200 +++ new/pam_ssh-1.92/configure.ac 2006-05-31 23:14:07.000000000 +0200 @@ -26,12 +26,12 @@ dnl Process this file with autoconf to produce a configure script. -AC_INIT([pam_ssh],[1.91],[ajk@waterspout.com]) +AC_INIT([pam_ssh],[1.92],[ajk@waterspout.com]) AC_CONFIG_HEADERS([config.h]) AC_CONFIG_SRCDIR([pam_ssh.c]) AC_CANONICAL_TARGET([]) AM_DISABLE_STATIC -AM_INIT_AUTOMAKE(pam_ssh, 1.91) +AM_INIT_AUTOMAKE(pam_ssh, 1.92) AM_PROG_LIBTOOL AC_SUBST(LIBTOOL_DEPS) diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_ssh-1.91/openpam_borrow_cred.c new/pam_ssh-1.92/openpam_borrow_cred.c --- old/pam_ssh-1.91/openpam_borrow_cred.c 2004-02-19 19:58:46.000000000 +0100 +++ new/pam_ssh-1.92/openpam_borrow_cred.c 2006-05-31 22:50:48.000000000 +0200 @@ -43,6 +43,7 @@ #include <unistd.h> #include <pam_appl.h> +#include <security/pam_modules.h> #include <config.h> #include "openpam_cred.h" diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_ssh-1.91/openpam_restore_cred.c new/pam_ssh-1.92/openpam_restore_cred.c --- old/pam_ssh-1.91/openpam_restore_cred.c 2004-02-19 20:01:00.000000000 +0100 +++ new/pam_ssh-1.92/openpam_restore_cred.c 2006-05-31 22:50:48.000000000 +0200 @@ -43,6 +43,7 @@ #include <unistd.h> #include <pam_appl.h> +#include <security/pam_modules.h> #include <config.h> #include "openpam_cred.h" diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_ssh-1.91/pam_ssh.c new/pam_ssh-1.92/pam_ssh.c --- old/pam_ssh-1.91/pam_ssh.c 2004-04-12 15:55:08.000000000 +0200 +++ new/pam_ssh-1.92/pam_ssh.c 2006-05-31 22:50:48.000000000 +0200 @@ -41,6 +41,7 @@ #include <sys/param.h> #include <sys/stat.h> #include <config.h> +#include <syslog.h> #if HAVE_SYS_WAIT_H # include <sys/wait.h> #endif @@ -350,7 +351,6 @@ #endif const char *pass; /* passphrase */ const struct passwd *pwent; /* user's passwd entry */ - struct passwd *pwent_keep; /* our own copy */ int retval; /* from calls */ const char *user; /* username */ @@ -461,22 +461,6 @@ return PAM_AUTH_ERR; } - /* copy the passwd entry (in case successive calls are made) and - save it for the session phase */ - - if (!(pwent_keep = malloc(sizeof *pwent))) { - pam_ssh_log(LOG_CRIT, "out of memory"); - openpam_restore_cred(pamh); - return PAM_SERVICE_ERR; - } - memcpy(pwent_keep, pwent, sizeof *pwent_keep); - if ((retval = pam_set_data(pamh, "ssh_passwd_entry", pwent_keep, - ssh_cleanup)) != PAM_SUCCESS) { - free(pwent_keep); - openpam_restore_cred(pamh); - return retval; - } - openpam_restore_cred(pamh); return PAM_SUCCESS; } @@ -515,14 +499,16 @@ int start_agent; /* start agent? */ const char *tty_raw; /* raw tty or display name */ char *tty_nodir; /* tty without / chars */ + const char *user; /* username */ log_init(MODULE_NAME, SYSLOG_LEVEL_ERROR, SYSLOG_FACILITY_AUTHPRIV, 0); /* dump output of ssh-agent in ~/.ssh */ - if ((retval = pam_get_data(pamh, "ssh_passwd_entry", - (const void **)(void *)&pwent)) - != PAM_SUCCESS) + if ((retval = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) return retval; + if (!(user && (pwent = getpwnam(user)) && pwent->pw_dir && + *pwent->pw_dir)) + return PAM_AUTH_ERR; retval = openpam_borrow_cred(pamh, pwent); if (retval != PAM_SUCCESS && retval != PAM_PERM_DENIED) { @@ -842,10 +828,13 @@ const char *ssh_agent_pid; /* ssh-agent pid string */ const struct passwd *pwent; /* user's passwd entry */ struct stat sb; /* to check st_nlink */ + const char *user; /* username */ - if ((retval = pam_get_data(pamh, "ssh_passwd_entry", - (const void **)(void *)&pwent)) != PAM_SUCCESS) + if ((retval = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) return retval; + if (!(user && (pwent = getpwnam(user)) && pwent->pw_dir && + *pwent->pw_dir)) + return PAM_AUTH_ERR; retval = openpam_borrow_cred(pamh, pwent); if (retval != PAM_SUCCESS && retval != PAM_PERM_DENIED) { diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_ssh-1.91/pam_ssh.spec new/pam_ssh-1.92/pam_ssh.spec --- old/pam_ssh-1.91/pam_ssh.spec 2004-04-12 16:33:27.000000000 +0200 +++ new/pam_ssh-1.92/pam_ssh.spec 2006-05-31 23:36:56.000000000 +0200 @@ -1,16 +1,15 @@ -Name: pam_ssh -Version: 1.91 -Release: 0.fdr.1 -Epoch: 0 -Summary: A Pluggable Authentication Module (PAM) for use with SSH. -Source: http://belnet.dl.sourceforge.net/sourceforge/%{name}/%{name}-%{version}.tar.bz2 -URL: http://sourceforge.net/projects/pam-ssh/ - -License: BSD -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -Requires: pam, openssh, openssh-clients -BuildRequires: pam-devel -Group: System Environment/Base +# norootforbuild + +Name: pam_ssh +BuildRequires: pam-devel +License: BSD +Group: Productivity/Networking/SSH +Version: 1.92 +Release: 1 +Summary: A Pluggable Authentication Module (PAM) for use with SSH. +URL: http://developer.novell.com/wiki/index.php/Pam_ssh +Source: http://belnet.dl.sourceforge.net/sourceforge/%{name}/%{name}-%{version}.tar.bz2 +BuildRoot: %{_tmppath}/%{name}-%{version}-build %description This PAM module provides single sign-on behavior for UNIX using SSH. Users @@ -24,12 +23,11 @@ %build %configure make clean -make %{?_smp_mflags} +make %install rm -rf $RPM_BUILD_ROOT make install DESTDIR=$RPM_BUILD_ROOT -#%find_lang %{name} find $RPM_BUILD_ROOT -type f -name "*.la" -exec rm -f {} ';' ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit-unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit-help@opensuse.org