Hello community,
here is the log from the commit of package pam_ssh
checked in at Thu Jun 1 00:14:07 CEST 2006.
--------
--- pam_ssh/pam_ssh.changes 2006-01-25 21:39:15.000000000 +0100
+++ pam_ssh/pam_ssh.changes 2006-05-31 23:28:58.000000000 +0200
@@ -1,0 +2,9 @@
+Wed May 31 23:28:20 CEST 2006 - stark@suse.de
+
+- update to version 1.92
+ * allow working as session module without authentication
+ (workaround for #173803)
+ * incorporated include fixes
+- fixed syslog logging (part of #177885)
+
+-------------------------------------------------------------------
Old:
----
pam_ssh-1.91.diff
pam_ssh-1.91.tar.bz2
New:
----
logging.patch
pam_ssh-1.92.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ pam_ssh.spec ++++++
--- /var/tmp/diff_new_pack.e2PjeB/_old 2006-06-01 00:13:58.000000000 +0200
+++ /var/tmp/diff_new_pack.e2PjeB/_new 2006-06-01 00:13:58.000000000 +0200
@@ -1,11 +1,11 @@
#
-# spec file for package pam_ssh (Version 1.91)
+# spec file for package pam_ssh (Version 1.92)
#
-# Copyright (c) 2005 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
-# Please submit bugfixes or comments via http://www.suse.de/feedback/
+# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# norootforbuild
@@ -15,12 +15,12 @@
License: BSD
Group: Productivity/Networking/SSH
Autoreqprov: on
-Version: 1.91
-Release: 7
+Version: 1.92
+Release: 1
Summary: PAM Module for SSH Authentication
-URL: http://sourceforge.net/projects/pam-ssh/
-Source: pam_ssh-1.91.tar.bz2
-Patch: pam_ssh-1.91.diff
+URL: http://developer.novell.com/wiki/index.php/Pam_ssh
+Source: %{name}-%{version}.tar.bz2
+Patch1: logging.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -37,15 +37,17 @@
Roderick Schertler
%prep
-%setup -q -n pam_ssh-1.91
-%patch
+%setup -q
+%patch1
%build
%{suse_update_config -f}
autoreconf --verbose --force --install
CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" \
-./configure --libdir=/%{_lib} --with-pamdir=/%{_lib}/security \
- --prefix=/usr --mandir=%{_mandir}
+./configure --libdir=/%{_lib} \
+ --with-pamdir=/%{_lib}/security \
+ --prefix=%{_prefix} \
+ --mandir=%{_mandir}
make
%install
@@ -65,6 +67,12 @@
%attr(444,root,root) %_mandir/man*/*.*
%changelog -n pam_ssh
+* Wed May 31 2006 - stark@suse.de
+- update to version 1.92
+ * allow working as session module without authentication
+ (workaround for #173803)
+ * incorporated include fixes
+- fixed syslog logging (part of #177885)
* Wed Jan 25 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
* Fri Oct 14 2005 - ro@suse.de
++++++ logging.patch ++++++
--- pam_ssh.c
+++ pam_ssh.c
@@ -147,16 +147,19 @@
pam_ssh_log(int priority, const char *fmt, ...)
{
va_list ap; /* variable argument list */
- int errno_saved; /* for caching errno */
- char *tagged; /* format tagged with module name */
+ //int errno_saved; /* for caching errno */
+ //char *tagged; /* format tagged with module name */
- errno_saved = errno;
- asprintf(&tagged, "%s: %s", MODULE_NAME, fmt);
+ openlog(MODULE_NAME, LOG_PID, LOG_AUTHPRIV);
+ //errno_saved = errno;
+ //asprintf(&tagged, "%s: %s", MODULE_NAME, fmt);
va_start(ap, fmt);
- errno = errno_saved;
- vsyslog(priority, tagged ? tagged : fmt, ap);
- free(tagged);
+ //errno = errno_saved;
+ //vsyslog(priority, tagged ? tagged : fmt, ap);
+ vsyslog(priority, fmt, ap);
+ //free(tagged);
va_end(ap);
+ closelog();
}
@@ -355,7 +358,7 @@
int retval; /* from calls */
const char *user; /* username */
- log_init(MODULE_NAME, SYSLOG_LEVEL_ERROR, SYSLOG_FACILITY_AUTHPRIV, 0);
+ //log_init(MODULE_NAME, SYSLOG_LEVEL_ERROR, SYSLOG_FACILITY_AUTHPRIV, 0);
allow_blank_passphrase = 0;
keyfiles = kfspec = NULL;
@@ -517,7 +520,7 @@
const char *tty_raw; /* raw tty or display name */
char *tty_nodir; /* tty without / chars */
- log_init(MODULE_NAME, SYSLOG_LEVEL_ERROR, SYSLOG_FACILITY_AUTHPRIV, 0);
+ //log_init(MODULE_NAME, SYSLOG_LEVEL_ERROR, SYSLOG_FACILITY_AUTHPRIV, 0);
/* dump output of ssh-agent in ~/.ssh */
if ((retval = pam_get_data(pamh, "ssh_passwd_entry",
++++++ pam_ssh-1.91.tar.bz2 -> pam_ssh-1.92.tar.bz2 ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_ssh-1.91/AUTHORS new/pam_ssh-1.92/AUTHORS
--- old/pam_ssh-1.91/AUTHORS 2002-04-07 20:49:16.000000000 +0200
+++ new/pam_ssh-1.92/AUTHORS 2006-05-31 23:03:57.000000000 +0200
@@ -1,3 +1,3 @@
-$Id: AUTHORS,v 1.1 2002/04/07 18:49:16 akorty Exp $
-
-Written by Andrew J. Korty .
+Andrew J. Korty
+Roderick Schertler
+Patrice Dumas
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_ssh-1.91/COPYING new/pam_ssh-1.92/COPYING
--- old/pam_ssh-1.91/COPYING 2004-02-19 21:47:56.000000000 +0100
+++ new/pam_ssh-1.92/COPYING 2006-05-31 23:05:00.000000000 +0200
@@ -1,5 +1,3 @@
-$Id: COPYING,v 1.5 2004/02/19 20:47:56 akorty Exp $
-
Copyright (c) 1999, 2000, 2001, 2002, 2004 Andrew J. Korty
All rights reserved.
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_ssh-1.91/ChangeLog new/pam_ssh-1.92/ChangeLog
--- old/pam_ssh-1.91/ChangeLog 2004-04-12 16:34:51.000000000 +0200
+++ new/pam_ssh-1.92/ChangeLog 2006-05-31 23:02:20.000000000 +0200
@@ -1,3 +1,13 @@
+Version 1.92 released
+=====================
+
+2006-05-31 Wolfgang Rosenauer
+
+ * cipher.c, openpam_borrow_cred.c, openpam_restore_cred.c, pam_ssh.c:
+ added some needed includes
+ * pam_ssh.c: don't rely on authentication for the session functions
+ and don't save the passwd entry for them
+
Version 1.91 released
=====================
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_ssh-1.91/NEWS new/pam_ssh-1.92/NEWS
--- old/pam_ssh-1.91/NEWS 2004-04-12 16:21:38.000000000 +0200
+++ new/pam_ssh-1.92/NEWS 2006-05-31 23:07:55.000000000 +0200
@@ -1,4 +1,8 @@
-$Id: NEWS,v 1.9 2004/04/12 14:21:38 akorty Exp $
+Version 1.92
+============
+
+The module is usable now for session use only if wanted. It starts
+an ssh-agent without adding keys to it in that case.
Version 1.91
============
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_ssh-1.91/README new/pam_ssh-1.92/README
--- old/pam_ssh-1.91/README 2004-04-12 14:13:00.000000000 +0200
+++ new/pam_ssh-1.92/README 2006-05-31 22:51:42.000000000 +0200
@@ -1,5 +1,3 @@
-$Id: README,v 1.2 2004/02/21 14:41:38 akorty Exp $
-
This PAM module provides single sign-on behavior for SSH. The user
types an SSH passphrase when logging in (probably to GDM, KDM, or XDM)
and is authenticated if the passphrase successfully decrypts the
@@ -8,4 +6,5 @@
user can SSH to other hosts that accept key authentication without
typing any passwords.
-http://sourceforge.net/projects/pam-ssh/
+http://developer.novell.com/wiki/index.php/Pam_ssh
+(http://sourceforge.net/projects/pam-ssh/)
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_ssh-1.91/TODO new/pam_ssh-1.92/TODO
--- old/pam_ssh-1.91/TODO 2002-08-09 20:59:00.000000000 +0200
+++ new/pam_ssh-1.92/TODO 2006-05-31 23:12:32.000000000 +0200
@@ -1,4 +1,4 @@
-$Id: TODO,v 1.4 2002/08/09 18:59:00 akorty Exp $
+* fix and cleanup logging stuff
* Unit testing
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_ssh-1.91/cipher.c new/pam_ssh-1.92/cipher.c
--- old/pam_ssh-1.91/cipher.c 2004-02-19 19:58:20.000000000 +0100
+++ new/pam_ssh-1.92/cipher.c 2006-05-31 22:50:48.000000000 +0200
@@ -39,6 +39,7 @@
#include
#include
+#include
#include
#include "cipher.h"
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_ssh-1.91/configure new/pam_ssh-1.92/configure
--- old/pam_ssh-1.91/configure 2004-04-12 16:31:40.000000000 +0200
+++ new/pam_ssh-1.92/configure 2006-05-31 23:17:32.000000000 +0200
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.58 for pam_ssh 1.91.
+# Generated by GNU Autoconf 2.58 for pam_ssh 1.92.
#
# Report bugs to .
#
@@ -428,8 +428,8 @@
# Identity of this package.
PACKAGE_NAME='pam_ssh'
PACKAGE_TARNAME='pam_ssh'
-PACKAGE_VERSION='1.91'
-PACKAGE_STRING='pam_ssh 1.91'
+PACKAGE_VERSION='1.92'
+PACKAGE_STRING='pam_ssh 1.92'
PACKAGE_BUGREPORT='ajk@waterspout.com'
ac_unique_file="pam_ssh.c"
@@ -939,7 +939,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures pam_ssh 1.91 to adapt to many kinds of systems.
+\`configure' configures pam_ssh 1.92 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1006,7 +1006,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of pam_ssh 1.91:";;
+ short | recursive ) echo "Configuration of pam_ssh 1.92:";;
esac
cat <<\_ACEOF
@@ -1133,7 +1133,7 @@
test -n "$ac_init_help" && exit 0
if $ac_init_version; then
cat <<\_ACEOF
-pam_ssh configure 1.91
+pam_ssh configure 1.92
generated by GNU Autoconf 2.58
Copyright (C) 2003 Free Software Foundation, Inc.
@@ -1147,7 +1147,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by pam_ssh $as_me 1.91, which was
+It was created by pam_ssh $as_me 1.92, which was
generated by GNU Autoconf 2.58. Invocation command line was
$ $0 $@
@@ -1865,7 +1865,7 @@
# Define the identity of the package.
PACKAGE=pam_ssh
- VERSION=1.91
+ VERSION=1.92
cat >>confdefs.h <<_ACEOF
@@ -11291,7 +11291,7 @@
} >&5
cat >&5 <<_CSEOF
-This file was extended by pam_ssh $as_me 1.91, which was
+This file was extended by pam_ssh $as_me 1.92, which was
generated by GNU Autoconf 2.58. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -11354,7 +11354,7 @@
cat >>$CONFIG_STATUS <<_ACEOF
ac_cs_version="\\
-pam_ssh config.status 1.91
+pam_ssh config.status 1.92
configured by $0, generated by GNU Autoconf 2.58,
with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\"
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_ssh-1.91/configure.ac new/pam_ssh-1.92/configure.ac
--- old/pam_ssh-1.91/configure.ac 2004-04-12 16:21:48.000000000 +0200
+++ new/pam_ssh-1.92/configure.ac 2006-05-31 23:14:07.000000000 +0200
@@ -26,12 +26,12 @@
dnl Process this file with autoconf to produce a configure script.
-AC_INIT([pam_ssh],[1.91],[ajk@waterspout.com])
+AC_INIT([pam_ssh],[1.92],[ajk@waterspout.com])
AC_CONFIG_HEADERS([config.h])
AC_CONFIG_SRCDIR([pam_ssh.c])
AC_CANONICAL_TARGET([])
AM_DISABLE_STATIC
-AM_INIT_AUTOMAKE(pam_ssh, 1.91)
+AM_INIT_AUTOMAKE(pam_ssh, 1.92)
AM_PROG_LIBTOOL
AC_SUBST(LIBTOOL_DEPS)
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_ssh-1.91/openpam_borrow_cred.c new/pam_ssh-1.92/openpam_borrow_cred.c
--- old/pam_ssh-1.91/openpam_borrow_cred.c 2004-02-19 19:58:46.000000000 +0100
+++ new/pam_ssh-1.92/openpam_borrow_cred.c 2006-05-31 22:50:48.000000000 +0200
@@ -43,6 +43,7 @@
#include
#include
+#include
#include
#include "openpam_cred.h"
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_ssh-1.91/openpam_restore_cred.c new/pam_ssh-1.92/openpam_restore_cred.c
--- old/pam_ssh-1.91/openpam_restore_cred.c 2004-02-19 20:01:00.000000000 +0100
+++ new/pam_ssh-1.92/openpam_restore_cred.c 2006-05-31 22:50:48.000000000 +0200
@@ -43,6 +43,7 @@
#include
#include
+#include
#include
#include "openpam_cred.h"
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_ssh-1.91/pam_ssh.c new/pam_ssh-1.92/pam_ssh.c
--- old/pam_ssh-1.91/pam_ssh.c 2004-04-12 15:55:08.000000000 +0200
+++ new/pam_ssh-1.92/pam_ssh.c 2006-05-31 22:50:48.000000000 +0200
@@ -41,6 +41,7 @@
#include
#include
#include
+#include
#if HAVE_SYS_WAIT_H
# include
#endif
@@ -350,7 +351,6 @@
#endif
const char *pass; /* passphrase */
const struct passwd *pwent; /* user's passwd entry */
- struct passwd *pwent_keep; /* our own copy */
int retval; /* from calls */
const char *user; /* username */
@@ -461,22 +461,6 @@
return PAM_AUTH_ERR;
}
- /* copy the passwd entry (in case successive calls are made) and
- save it for the session phase */
-
- if (!(pwent_keep = malloc(sizeof *pwent))) {
- pam_ssh_log(LOG_CRIT, "out of memory");
- openpam_restore_cred(pamh);
- return PAM_SERVICE_ERR;
- }
- memcpy(pwent_keep, pwent, sizeof *pwent_keep);
- if ((retval = pam_set_data(pamh, "ssh_passwd_entry", pwent_keep,
- ssh_cleanup)) != PAM_SUCCESS) {
- free(pwent_keep);
- openpam_restore_cred(pamh);
- return retval;
- }
-
openpam_restore_cred(pamh);
return PAM_SUCCESS;
}
@@ -515,14 +499,16 @@
int start_agent; /* start agent? */
const char *tty_raw; /* raw tty or display name */
char *tty_nodir; /* tty without / chars */
+ const char *user; /* username */
log_init(MODULE_NAME, SYSLOG_LEVEL_ERROR, SYSLOG_FACILITY_AUTHPRIV, 0);
/* dump output of ssh-agent in ~/.ssh */
- if ((retval = pam_get_data(pamh, "ssh_passwd_entry",
- (const void **)(void *)&pwent))
- != PAM_SUCCESS)
+ if ((retval = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS)
return retval;
+ if (!(user && (pwent = getpwnam(user)) && pwent->pw_dir &&
+ *pwent->pw_dir))
+ return PAM_AUTH_ERR;
retval = openpam_borrow_cred(pamh, pwent);
if (retval != PAM_SUCCESS && retval != PAM_PERM_DENIED) {
@@ -842,10 +828,13 @@
const char *ssh_agent_pid; /* ssh-agent pid string */
const struct passwd *pwent; /* user's passwd entry */
struct stat sb; /* to check st_nlink */
+ const char *user; /* username */
- if ((retval = pam_get_data(pamh, "ssh_passwd_entry",
- (const void **)(void *)&pwent)) != PAM_SUCCESS)
+ if ((retval = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS)
return retval;
+ if (!(user && (pwent = getpwnam(user)) && pwent->pw_dir &&
+ *pwent->pw_dir))
+ return PAM_AUTH_ERR;
retval = openpam_borrow_cred(pamh, pwent);
if (retval != PAM_SUCCESS && retval != PAM_PERM_DENIED) {
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pam_ssh-1.91/pam_ssh.spec new/pam_ssh-1.92/pam_ssh.spec
--- old/pam_ssh-1.91/pam_ssh.spec 2004-04-12 16:33:27.000000000 +0200
+++ new/pam_ssh-1.92/pam_ssh.spec 2006-05-31 23:36:56.000000000 +0200
@@ -1,16 +1,15 @@
-Name: pam_ssh
-Version: 1.91
-Release: 0.fdr.1
-Epoch: 0
-Summary: A Pluggable Authentication Module (PAM) for use with SSH.
-Source: http://belnet.dl.sourceforge.net/sourceforge/%{name}/%{name}-%{version}.tar.bz2
-URL: http://sourceforge.net/projects/pam-ssh/
-
-License: BSD
-BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-Requires: pam, openssh, openssh-clients
-BuildRequires: pam-devel
-Group: System Environment/Base
+# norootforbuild
+
+Name: pam_ssh
+BuildRequires: pam-devel
+License: BSD
+Group: Productivity/Networking/SSH
+Version: 1.92
+Release: 1
+Summary: A Pluggable Authentication Module (PAM) for use with SSH.
+URL: http://developer.novell.com/wiki/index.php/Pam_ssh
+Source: http://belnet.dl.sourceforge.net/sourceforge/%{name}/%{name}-%{version}.tar.bz2
+BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
This PAM module provides single sign-on behavior for UNIX using SSH. Users
@@ -24,12 +23,11 @@
%build
%configure
make clean
-make %{?_smp_mflags}
+make
%install
rm -rf $RPM_BUILD_ROOT
make install DESTDIR=$RPM_BUILD_ROOT
-#%find_lang %{name}
find $RPM_BUILD_ROOT -type f -name "*.la" -exec rm -f {} ';'
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit-unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit-help@opensuse.org