fix pam_ssh cross compilation (remove ugly useless rsa checks)

author: Maksim 'max_posedon' Melnikau <maxposedon@gmail.com> 2009-05-12 12:57:03 +0000
committer: Maksim 'max_posedon' Melnikau <maxposedon@gmail.com> 2009-05-12 12:57:03 +0000
commit: d16700ff6201ff668a3bd064beac36c527e16933 (patch)
tree: bb6ff61eca8d95fd1eeb1eb7d515f8306f960d28 /sys-auth
parent: This fixes ticket #205. Thanks to arussello for the patch! (diff)
download: embedded-cross-d16700ff6201ff668a3bd064beac36c527e16933.tar.gz
embedded-cross-d16700ff6201ff668a3bd064beac36c527e16933.tar.bz2
embedded-cross-d16700ff6201ff668a3bd064beac36c527e16933.zip
7 files changed, 649 insertions, 0 deletions
diff --git a/sys-auth/pam_ssh/Manifest b/sys-auth/pam_ssh/Manifest
new file mode 100644
index 0000000..d57559b
--- /dev/null
+++ b/sys-auth/pam_ssh/Manifest
@@ -0,0 +1,7 @@
+AUX pam_ssh-1.91-debian.patch 13855 RMD160 35cea4b64425351e94f8e5ec4689f17cb97332e7 SHA1 28bbab2ba09356520b571990fc03b0c182bf135e SHA256 a64647467fb05b71a08fe718d371e62356ad8bbf7b7f5a7bc4827b08ca5c91cf
+AUX pam_ssh-1.91-openssl-0.9.8.patch 291 RMD160 f8cbc5831b4286f688f336ece32b7003a937cf4b SHA1 def422cb326165107ad9a4e347724284ae1abe30 SHA256 0e4b3bbd14b874bd9999f92cc2b4358f95e458654e0cc3bcc755790cbcdfea1d
+AUX pam_ssh-1.91-syslog.patch 308 RMD160 f06a704155b76052bdd536e8b27a579cf9d0a4bb SHA1 2f80221a9a804e8da777179dc0768dbc73a7fb65 SHA256 b581d3422f93a8de7cd8b7dbc23c58da133eb63127059e6ff0b1f3e93e63a802
+AUX pam_ssh-1.92-remove-rsa-tests.patch 1565 RMD160 fd65909d722d97a73a9beec72d464bf752996955 SHA1 3fce1158d670b6b8cf03ee5b2accb8b78a7d178f SHA256 c770057b3e909100c6ae70a476806018919b9de65e7b07ee34618f8f209e6821
+AUX system-auth.example 612 RMD160 ffbcbc7535cd654c5a9e8ce2d3584b841aea6e53 SHA1 f90c19c81821789fe16a200320792887b8680c44 SHA256 3699db4595de56f31448c85a83c34277d1bebb5c805871b1c449446a49fb1989
+DIST pam_ssh-1.92.tar.bz2 260444 RMD160 d7121ab89baaec82853758449f84429a387fee0e SHA1 33f537343fa4435717cbf83db52d19c6eed9a35e SHA256 d98f4698f692d46996b3845c2164528c8ad82f112df1c42abe7b8ebb2b133362
+EBUILD pam_ssh-1.92.ebuild 1423 RMD160 eecea6461e2496093deeea6da58e8c2bb8f83e55 SHA1 98c1ab825a3f0a9500700ab3b8a17138b9271030 SHA256 d149d320002093588a0e8d78467b4e82cd1bea611a4425643c63b0011cff90d9
diff --git a/sys-auth/pam_ssh/files/pam_ssh-1.91-debian.patch b/sys-auth/pam_ssh/files/pam_ssh-1.91-debian.patch
new file mode 100644
index 0000000..b1e49e2
--- /dev/null
+++ b/sys-auth/pam_ssh/files/pam_ssh-1.91-debian.patch
@@ -0,0 +1,487 @@
+--- libpam-ssh-1.91.0.orig/pam_ssh.c	2004-04-12 08:55:08.000000000 -0500
++++ libpam-ssh-1.91.0/pam_ssh.c	2005-04-03 21:18:58.140936716 -0500
+@@ -279,9 +279,8 @@
+  */
+ 
+ static int
+-add_keys(pam_handle_t *pamh, char *socket)
++add_keys(pam_handle_t *pamh, AuthenticationConnection *ac)
+ {
+-	AuthenticationConnection *ac;	/* connection to ssh-agent */
+ 	char *comment;			/* private key comment */
+ 	char *data_name;		/* PAM state */
+ 	int final;			/* final return value */
+@@ -289,13 +288,6 @@
+ 	Key *key;			/* user's private key */
+ 	int retval;			/* from calls */
+ 
+-	/* connect to the agent */
+-
+-	if (!(ac = ssh_get_authentication_connection(socket))) {
+-		pam_ssh_log(LOG_ERR, "%s: %m", socket);
+-		return PAM_SESSION_ERR;
+-	}
+-
+ 	/* hand off each private key to the agent */
+ 
+ 	final = 0;
+@@ -324,11 +316,177 @@
+ 		if (!final)
+ 			final = retval;
+ 	}
+-	ssh_close_authentication_connection(ac);
+ 
+ 	return final ? PAM_SUCCESS : PAM_SESSION_ERR;
+ }
+ 
++static int
++start_ssh_agent(pam_handle_t *pamh, uid_t uid, FILE **env_read)
++{
++	pid_t child_pid;		/* child process that spawns agent */
++	int child_pipe[2];		/* pipe to child process */
++	int child_status;		/* child process status */
++	char *arg[3], *env[1];		/* to pass to execve() */
++
++	if (pipe(child_pipe) < 0) {
++		pam_ssh_log(LOG_ERR, "pipe: %m");
++		return PAM_SERVICE_ERR;
++	}
++	switch (child_pid = fork()) {
++	case -1:	/* error */
++		pam_ssh_log(LOG_ERR, "fork: %m");
++		close(child_pipe[0]);
++		close(child_pipe[1]);
++		return PAM_SERVICE_ERR;
++		/* NOTREACHED */
++	case 0:		/* child */
++
++		/* Permanently drop privileges using setuid()
++			 before executing ssh-agent so that root
++			 privileges can't possibly be regained (some
++			 ssh-agents insist that euid == ruid
++			 anyway).  System V won't let us use
++			 setuid() unless euid == 0, so we
++			 temporarily regain root privileges first
++			 with openpam_restore_cred() (which calls
++			 seteuid()). */
++
++		switch (openpam_restore_cred(pamh)) {
++		case PAM_SYSTEM_ERR:
++			pam_ssh_log(LOG_ERR,
++			            "can't restore privileges: %m");
++			_exit(EX_OSERR);
++			/* NOTREACHED */
++		case PAM_SUCCESS:
++			if (setuid(uid) == -1) {
++				pam_ssh_log(LOG_ERR,
++				            "can't drop privileges: %m",
++				            uid);
++				_exit(EX_NOPERM);
++			}
++			break;
++		}
++
++		if (close(child_pipe[0]) == -1) {
++			pam_ssh_log(LOG_ERR, "close: %m");
++			_exit(EX_OSERR);
++		}
++		if (child_pipe[1] != STDOUT_FILENO) {
++			if (dup2(child_pipe[1], STDOUT_FILENO) == -1) {
++				pam_ssh_log(LOG_ERR, "dup: %m");
++				_exit(EX_OSERR);
++			}
++			if (close(child_pipe[1]) == -1) {
++				pam_ssh_log(LOG_ERR, "close: %m");
++				_exit(EX_OSERR);
++			}
++		}
++		arg[0] = "ssh-agent";
++		arg[1] = "-s";
++		arg[2] = NULL;
++		env[0] = NULL;
++		execve(PATH_SSH_AGENT, arg, env);
++		pam_ssh_log(LOG_ERR, "%s: %m", PATH_SSH_AGENT);
++		_exit(127);
++		/* NOTREACHED */
++	}
++	if (close(child_pipe[1]) == -1) {
++		pam_ssh_log(LOG_ERR, "close: %m");
++		return PAM_SESSION_ERR;
++	}
++	if (!(*env_read = fdopen(child_pipe[0], "r"))) {
++		pam_ssh_log(LOG_ERR, "%s: %m", PATH_SSH_AGENT);
++		return PAM_SESSION_ERR;
++	}
++
++	child_status = 0;
++	if (waitpid_intr(child_pid, &child_status, 0) == -1 &&
++			errno != ECHILD) {
++		pam_ssh_log(LOG_ERR, "%s: %m", PATH_SSH_AGENT);
++		return PAM_SESSION_ERR;
++	}
++
++	if (child_status != 0) {
++		if (WIFSIGNALED(child_status))
++			pam_ssh_log(LOG_ERR, "%s exited on signal %d",
++									PATH_SSH_AGENT, WTERMSIG(child_status));
++		else
++			if (WEXITSTATUS(child_status) == 127)
++				pam_ssh_log(LOG_ERR,
++				            "cannot execute %s",
++				            PATH_SSH_AGENT);
++			else
++				pam_ssh_log(LOG_ERR,
++				            "%s exited with status %d",
++				            PATH_SSH_AGENT,
++				            WEXITSTATUS(child_status));
++		return PAM_SESSION_ERR;
++	}
++
++	return PAM_SUCCESS;
++}
++
++static int
++read_write_agent_env(pam_handle_t *pamh,
++                     FILE *env_read,
++                     int env_write,
++                     char **agent_socket)
++{
++	char *agent_pid;		/* copy of agent PID */
++	char *env_end;			/* end of env */
++	char env_string[BUFSIZ];	/* environment string */
++	char *env_value;		/* envariable value */
++	int retval;			/* from calls */
++
++	while (fgets(env_string, sizeof env_string, env_read)) {
++
++		/* parse environment definitions */
++
++		if (env_write >= 0)
++			write(env_write, env_string, strlen(env_string));
++		if (!(env_value = strchr(env_string, '=')) ||
++		    !(env_end = strchr(env_value, ';')))
++			continue;
++		*env_end = '\0';
++
++		/* pass to the application */
++
++		if ((retval = pam_putenv(pamh, env_string)) != PAM_SUCCESS)
++			return retval;
++
++		*env_value++ = '\0';
++
++		/* save the agent socket so we can connect to it and add
++                   the keys as well as the PID so we can kill the agent on
++                   session close. */
++
++		agent_pid = NULL;
++		if (strcmp(&env_string[strlen(env_string) -
++		    strlen(ENV_SOCKET_SUFFIX)], ENV_SOCKET_SUFFIX) == 0 &&
++		    !(*agent_socket = strdup(env_value))) {
++			pam_ssh_log(LOG_CRIT, "out of memory");
++			return PAM_SERVICE_ERR;
++		} else if (strcmp(&env_string[strlen(env_string) -
++		    strlen(ENV_PID_SUFFIX)], ENV_PID_SUFFIX) == 0 &&
++		    (!(agent_pid = strdup(env_value)) ||
++		    (retval = pam_set_data(pamh, "ssh_agent_pid",
++		    agent_pid, ssh_cleanup)) != PAM_SUCCESS)) {
++			if (agent_pid)
++				free(agent_pid);
++			else {
++				pam_ssh_log(LOG_CRIT, "out of memory");
++				return PAM_SERVICE_ERR;
++			}
++			if (agent_socket)
++				free(agent_socket);
++			return retval;
++		}
++
++	}
++
++	return PAM_SUCCESS;
++}
++
+ 
+ PAM_EXTERN int
+ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, int argc,
+@@ -494,17 +652,10 @@
+ pam_sm_open_session(pam_handle_t *pamh, int flags __unused,
+     int argc __unused, const char **argv __unused)
+ {
+-	char *agent_pid;		/* copy of agent PID */
++	AuthenticationConnection *ac;	/* connection to ssh-agent */
+ 	char *agent_socket;		/* agent socket */
+-	char *arg[3], *env[1];		/* to pass to execve() */
+-	pid_t child_pid;		/* child process that spawns agent */
+-	int child_pipe[2];		/* pipe to child process */
+-	int child_status;		/* child process status */
+ 	char *cp;			/* scratch */
+-	char *env_end;			/* end of env */
+ 	FILE *env_read;			/* env data source */
+-	char env_string[BUFSIZ];	/* environment string */
+-	char *env_value;		/* envariable value */
+ 	int env_write;			/* env file descriptor */
+ 	char hname[MAXHOSTNAMELEN];	/* local hostname */
+ 	int no_link;			/* link per-agent file? */
+@@ -515,6 +666,7 @@
+ 	int start_agent;		/* start agent? */
+ 	const char *tty_raw;		/* raw tty or display name */
+ 	char *tty_nodir;		/* tty without / chars */
++	int attempt;			/* No. of attempt to contact agent */
+ 
+ 	log_init(MODULE_NAME, SYSLOG_LEVEL_ERROR, SYSLOG_FACILITY_AUTHPRIV, 0);
+ 
+@@ -568,215 +720,70 @@
+            per-session filename later.  Start the agent if we can't open
+ 	   the file for reading. */
+ 
+-	env_write = child_pid = no_link = start_agent = 0;
+-	env_read = NULL;
+-	if ((env_write = open(per_agent, O_CREAT | O_EXCL | O_WRONLY, S_IRUSR))
+-	    < 0 && !(env_read = fopen(per_agent, "r")))
+-		no_link = 1;
+-	if (!env_read) {
+-		start_agent = 1;
+-		if (pipe(child_pipe) < 0) {
+-			pam_ssh_log(LOG_ERR, "pipe: %m");
+-			close(env_write);
+-			openpam_restore_cred(pamh);
+-			return PAM_SERVICE_ERR;
+-		}
+-		switch (child_pid = fork()) {
+-		case -1:	/* error */
+-			pam_ssh_log(LOG_ERR, "fork: %m");
+-			close(child_pipe[0]);
+-			close(child_pipe[1]);
+-			close(env_write);
+-			openpam_restore_cred(pamh);
+-			return PAM_SERVICE_ERR;
+-			/* NOTREACHED */
+-		case 0:		/* child */
+-
+-			/* Permanently drop privileges using setuid()
+-			   before executing ssh-agent so that root
+-			   privileges can't possibly be regained (some
+-			   ssh-agents insist that euid == ruid
+-			   anyway).  System V won't let us use
+-			   setuid() unless euid == 0, so we
+-			   temporarily regain root privileges first
+-			   with openpam_restore_cred() (which calls
+-			   seteuid()). */
+-
+-			switch (openpam_restore_cred(pamh)) {
+-			case PAM_SYSTEM_ERR:
+-				pam_ssh_log(LOG_ERR,
+-				    "can't restore privileges: %m");
+-				_exit(EX_OSERR);
+-				/* NOTREACHED */
+-			case PAM_SUCCESS:
+-				if (setuid(pwent->pw_uid) == -1) {
+-					pam_ssh_log(LOG_ERR,
+-					    "can't drop privileges: %m",
+-					    pwent->pw_uid);
+-					_exit(EX_NOPERM);
+-				}
+-				break;
+-			}
+-
+-			if (close(child_pipe[0]) == -1) {
+-				pam_ssh_log(LOG_ERR, "close: %m");
+-				_exit(EX_OSERR);
+-			}
+-			if (child_pipe[1] != STDOUT_FILENO) {
+-				if (dup2(child_pipe[1], STDOUT_FILENO) == -1) {
+-					pam_ssh_log(LOG_ERR, "dup: %m");
+-					_exit(EX_OSERR);
+-				}
+-				if (close(child_pipe[1]) == -1) {
+-					pam_ssh_log(LOG_ERR, "close: %m");
+-					_exit(EX_OSERR);
+-				}
++	for ( attempt = 0; attempt < 2; ++attempt ) {
++		env_write = no_link = start_agent = 0;
++		env_read = NULL;
++		if ((env_write = open(per_agent, O_CREAT | O_EXCL | O_WRONLY, S_IRUSR))
++				< 0 && !(env_read = fopen(per_agent, "r")))
++			no_link = 1;
++		if (!env_read) {
++			start_agent = 1;
++			if ((retval = start_ssh_agent(pamh, pwent->pw_uid, &env_read))
++					!= PAM_SUCCESS) {
++				close(env_write);
++				openpam_restore_cred(pamh);
++				return retval;
+ 			}
+-			arg[0] = "ssh-agent";
+-			arg[1] = "-s";
+-			arg[2] = NULL;
+-			env[0] = NULL;
+-			execve(PATH_SSH_AGENT, arg, env);
+-			pam_ssh_log(LOG_ERR, "%s: %m", PATH_SSH_AGENT);
+-			_exit(127);
+-			/* NOTREACHED */
+-		}
+-		if (close(child_pipe[1]) == -1) {
+-			pam_ssh_log(LOG_ERR, "close: %m");
+-			openpam_restore_cred(pamh);
+-			return PAM_SESSION_ERR;
+-		}
+-		if (!(env_read = fdopen(child_pipe[0], "r"))) {
+-			pam_ssh_log(LOG_ERR, "%s: %m", PATH_SSH_AGENT);
+-			close(env_write);
+-			openpam_restore_cred(pamh);
+-			return PAM_SESSION_ERR;
+-		}
+-	}
+-
+-	/* save environment for application with pam_putenv() */
+-
+-	agent_socket = NULL;
+-	while (fgets(env_string, sizeof env_string, env_read)) {
+-
+-		/* parse environment definitions */
+-
+-		if (env_write >= 0)
+-			write(env_write, env_string, strlen(env_string));
+-		if (!(env_value = strchr(env_string, '=')) ||
+-		    !(env_end = strchr(env_value, ';')))
+-			continue;
+-		*env_end = '\0';
+-
+-		/* pass to the application */
+-
+-		if ((retval = pam_putenv(pamh, env_string)) != PAM_SUCCESS) {
+-			fclose(env_read);
+-			if (start_agent)
+-				waitpid_intr(child_pid, &child_status, 0);
+-			close(env_write);
+-			if (agent_socket)
+-				free(agent_socket);
+-			openpam_restore_cred(pamh);
+-			return retval;
+ 		}
+ 
+-		*env_value++ = '\0';
+-
+-		/* save the agent socket so we can connect to it and add
+-                   the keys as well as the PID so we can kill the agent on
+-                   session close. */
+-
+-		agent_pid = NULL;
+-		if (strcmp(&env_string[strlen(env_string) -
+-		    strlen(ENV_SOCKET_SUFFIX)], ENV_SOCKET_SUFFIX) == 0 &&
+-		    !(agent_socket = strdup(env_value))) {
+-			pam_ssh_log(LOG_CRIT, "out of memory");
+-			fclose(env_read);
+-			if (start_agent)
+-				waitpid_intr(child_pid, &child_status, 0);
+-			close(env_write);
++		agent_socket = NULL;
++		retval = read_write_agent_env(pamh, env_read, env_write, &agent_socket);
++		close(env_write);
++		if (retval != PAM_SUCCESS) {
+ 			if (agent_socket)
+ 				free(agent_socket);
+-			openpam_restore_cred(pamh);
+-			return PAM_SERVICE_ERR;
+-		} else if (strcmp(&env_string[strlen(env_string) -
+-		    strlen(ENV_PID_SUFFIX)], ENV_PID_SUFFIX) == 0 &&
+-		    (!(agent_pid = strdup(env_value)) ||
+-		    (retval = pam_set_data(pamh, "ssh_agent_pid",
+-		    agent_pid, ssh_cleanup)) != PAM_SUCCESS)) {
+ 			fclose(env_read);
+-			if (start_agent)
+-				waitpid_intr(child_pid, &child_status, 0);
+-			close(env_write);
+-			if (agent_pid)
+-				free(agent_pid);
+-			else {
+-				pam_ssh_log(LOG_CRIT, "out of memory");
+-				openpam_restore_cred(pamh);
+-				return PAM_SERVICE_ERR;
+-			}
+-			if (agent_socket)
+-				free(agent_socket);
+ 			openpam_restore_cred(pamh);
+ 			return retval;
+ 		}
+ 
+-	}
+-	close(env_write);
+-
+-	if (fclose(env_read) != 0) {
+-		pam_ssh_log(LOG_ERR, "fclose: %m");
+-		openpam_restore_cred(pamh);
+-		return PAM_SESSION_ERR;
+-	}
+-
+-	if (start_agent) {
+-
+-		/* Ignore ECHILD in case a SIGCHLD handler is installed. */
+-
+-		child_status = 0;
+-		if (waitpid_intr(child_pid, &child_status, 0) == -1 &&
+-		    errno != ECHILD) {
+-			pam_ssh_log(LOG_ERR, "%s: %m", PATH_SSH_AGENT);
++		if (fclose(env_read) != 0) {
++			pam_ssh_log(LOG_ERR, "fclose: %m");
+ 			if (agent_socket)
+ 				free(agent_socket);
+ 			openpam_restore_cred(pamh);
+ 			return PAM_SESSION_ERR;
+ 		}
+ 
+-		if (child_status != 0) {
+-			if (WIFSIGNALED(child_status))
+-				pam_ssh_log(LOG_ERR, "%s exited on signal %d",
+-				    PATH_SSH_AGENT, WTERMSIG(child_status));
+-			else
+-				if (WEXITSTATUS(retval) == 127)
+-					pam_ssh_log(LOG_ERR,
+-					    "cannot execute %s",
+-					    PATH_SSH_AGENT);
+-				else
+-					pam_ssh_log(LOG_ERR,
+-					    "%s exited with status %d",
+-					    PATH_SSH_AGENT,
+-					    WEXITSTATUS(child_status));
+-			if (agent_socket)
+-				free(agent_socket);
++		if (!agent_socket) {
+ 			openpam_restore_cred(pamh);
+ 			return PAM_SESSION_ERR;
+ 		}
++
++		ac = ssh_get_authentication_connection(agent_socket);
++		if (ac) {
++			free(agent_socket);
++			break;
++		}
++		pam_ssh_log(LOG_ERR, "%s: %m", agent_socket);
++		free(agent_socket);
++		if (start_agent)
++			break;
++		unlink(per_agent);
+ 	}
+ 
+-	if (!agent_socket) {
+-		openpam_restore_cred(pamh);
++	if (!ac)
+ 		return PAM_SESSION_ERR;
+-	}
+ 
+-	if (start_agent && (retval = add_keys(pamh, agent_socket))
+-	    != PAM_SUCCESS) {
++	if (start_agent)
++		retval = add_keys(pamh, ac);
++
++	ssh_close_authentication_connection(ac);
++
++	if (start_agent && retval != PAM_SUCCESS) {
+ 		openpam_restore_cred(pamh);
+ 		return retval;
+ 	}
+-	free(agent_socket);
+ 
+ 	/* if we couldn't access the per-agent file, don't link a
+            per-session filename to it */
diff --git a/sys-auth/pam_ssh/files/pam_ssh-1.91-openssl-0.9.8.patch b/sys-auth/pam_ssh/files/pam_ssh-1.91-openssl-0.9.8.patch
new file mode 100644
index 0000000..fa142b0
--- /dev/null
+++ b/sys-auth/pam_ssh/files/pam_ssh-1.91-openssl-0.9.8.patch
@@ -0,0 +1,12 @@
+Index: pam_ssh-1.91/cipher.c
+===================================================================
+--- pam_ssh-1.91.orig/cipher.c
++++ pam_ssh-1.91/cipher.c
+@@ -39,6 +39,7 @@
+ #include <string.h>
+ 
+ #include <openssl/evp.h>
++#include <openssl/md5.h>
+ 
+ #include <config.h>
+ #include "cipher.h"
diff --git a/sys-auth/pam_ssh/files/pam_ssh-1.91-syslog.patch b/sys-auth/pam_ssh/files/pam_ssh-1.91-syslog.patch
new file mode 100644
index 0000000..0289d08
--- /dev/null
+++ b/sys-auth/pam_ssh/files/pam_ssh-1.91-syslog.patch
@@ -0,0 +1,12 @@
+Index: pam_ssh-1.91/pam_ssh.c
+===================================================================
+--- pam_ssh-1.91.orig/pam_ssh.c
++++ pam_ssh-1.91/pam_ssh.c
+@@ -63,6 +63,7 @@
+ #include <string.h>
+ #include <sysexits.h>
+ #include <unistd.h>
++#include <syslog.h>
+ 
+ #define PAM_SM_AUTH
+ #define PAM_SM_SESSION
diff --git a/sys-auth/pam_ssh/files/pam_ssh-1.92-remove-rsa-tests.patch b/sys-auth/pam_ssh/files/pam_ssh-1.92-remove-rsa-tests.patch
new file mode 100644
index 0000000..d9353ca
--- /dev/null
+++ b/sys-auth/pam_ssh/files/pam_ssh-1.92-remove-rsa-tests.patch
@@ -0,0 +1,61 @@
+--- configure.ac.old	2009-05-12 15:37:09.000000000 +0300
++++ configure.ac	2009-05-12 15:38:54.000000000 +0300
+@@ -156,37 +156,6 @@
+ fi
+ LIBS="$saved_LIBS -lcrypto"
+ 
+-# Now test RSA support
+-saved_LIBS="$LIBS"
+-AC_MSG_CHECKING([for RSA support])
+-for WANTS_RSAREF in "" 1 ; do
+-	if test -z "$WANTS_RSAREF" ; then
+-		LIBS="$saved_LIBS"
+-	else
+-		LIBS="$saved_LIBS -lRSAglue -lrsaref"
+-	fi
+-	AC_RUN_IFELSE([AC_LANG_SOURCE([[
+-#include <string.h>
+-#include <openssl/rand.h>
+-#include <openssl/rsa.h>
+-#include <openssl/bn.h>
+-#include <openssl/sha.h>
+-int main(void) 
+-{
+-	int num; RSA *key; static unsigned char p_in[] = "blahblah";
+-	unsigned char c[256], p[256];
+-	memset(c, 0, sizeof(c)); RAND_add(c, sizeof(c), sizeof(c));
+-	if ((key=RSA_generate_key(512, 3, NULL, NULL))==NULL) return(1);
+-	num = RSA_public_encrypt(sizeof(p_in) - 1, p_in, c, key, RSA_PKCS1_PADDING);
+-	return(-1 == RSA_private_decrypt(num, c, p, key, RSA_PKCS1_PADDING));
+-}
+-	]])],[
+-		rsa_works=1
+-		break;
+-	],[],[])
+-done
+-LIBS="$saved_LIBS"
+-
+ if test ! -z "$no_rsa" ; then
+ 	AC_MSG_RESULT(disabled)
+ 	RSA_MSG="disabled"
+@@ -206,20 +175,6 @@
+ 	fi
+ fi
+ 
+-# Sanity check OpenSSL headers
+-AC_MSG_CHECKING([whether OpenSSL's headers match the library])
+-AC_RUN_IFELSE([AC_LANG_SOURCE([[
+-#include <string.h>
+-#include <openssl/opensslv.h>
+-int main(void) { return(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
+-	]])],[
+-		AC_MSG_RESULT(yes)
+-	],[
+-		AC_MSG_RESULT(no)
+-		AC_MSG_ERROR(Your OpenSSL headers do not match your library)
+-	
+-],[])
+-
+ dnl Checks for header files.
+ 
+ AC_HEADER_STDC
diff --git a/sys-auth/pam_ssh/files/system-auth.example b/sys-auth/pam_ssh/files/system-auth.example
new file mode 100644
index 0000000..df13fe8
--- /dev/null
+++ b/sys-auth/pam_ssh/files/system-auth.example
@@ -0,0 +1,16 @@
+#%PAM-1.0
+
+auth       required	/lib/security/pam_env.so
+auth       sufficient   /lib/security/pam_ssh.so
+auth       sufficient	/lib/security/pam_unix.so use_first_pass likeauth nullok nodelay
+auth       required	/lib/security/pam_deny.so
+
+account    required	/lib/security/pam_unix.so
+
+password   required	/lib/security/pam_cracklib.so retry=3
+password   sufficient	/lib/security/pam_unix.so nullok md5 shadow use_authtok
+password   required	/lib/security/pam_deny.so
+
+session    required	/lib/security/pam_limits.so
+session    required	/lib/security/pam_unix.so
+session    optional     /lib/security/pam_ssh.so
diff --git a/sys-auth/pam_ssh/pam_ssh-1.92.ebuild b/sys-auth/pam_ssh/pam_ssh-1.92.ebuild
new file mode 100644
index 0000000..7999dde
--- /dev/null
+++ b/sys-auth/pam_ssh/pam_ssh-1.92.ebuild
@@ -0,0 +1,54 @@
+# Copyright 1999-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/pam_ssh/pam_ssh-1.92.ebuild,v 1.21 2009/03/15 16:55:46 ranger Exp $
+
+inherit pam eutils toolchain-funcs autotools
+
+DESCRIPTION="Uses ssh-agent to provide single sign-on"
+HOMEPAGE="http://pam-ssh.sourceforge.net/"
+SRC_URI="mirror://sourceforge/pam-ssh/${P}.tar.bz2"
+
+LICENSE="BSD as-is"
+SLOT="0"
+KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86"
+IUSE=""
+
+# Doesn't work on OpenPAM.
+DEPEND="sys-libs/pam
+	sys-devel/libtool"
+
+RDEPEND="sys-libs/pam
+	virtual/ssh"
+
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+
+	epatch "${FILESDIR}/${PN}-1.91-debian.patch" #105546
+	epatch "${FILESDIR}/${PN}-1.91-syslog.patch" # glibc-2.4
+	if tc-is-cross-compiler ; then
+		# Remove RSA tests, they useless because rsa support included in openssl
+		epatch "${FILESDIR}/${PN}-1.92-remove-rsa-tests.patch"
+		eautoreconf
+	fi
+}
+
+src_compile() {
+	econf \
+		"--with-pam-dir=$(getpam_mod_dir)" \
+		|| die "econf failed"
+
+	emake || die "emake failed"
+}
+
+src_install() {
+	emake DESTDIR="${D}" install || die "install failed"
+	dodoc AUTHORS ChangeLog NEWS README TODO
+
+	find "${D}" -name '*.la' -delete || die "Unable to remove libtool archives."
+}
+
+pkg_postinst() {
+	elog "You can enable pam_ssh for system authentication by enabling"
+	elog "the ssh USE flag on sys-auth/pambase."
+}
author	Maksim 'max_posedon' Melnikau <maxposedon@gmail.com>	2009-05-12 12:57:03 +0000
committer	Maksim 'max_posedon' Melnikau <maxposedon@gmail.com>	2009-05-12 12:57:03 +0000
commit	d16700ff6201ff668a3bd064beac36c527e16933 (patch)
tree	bb6ff61eca8d95fd1eeb1eb7d515f8306f960d28 /sys-auth
parent	This fixes ticket #205. Thanks to arussello for the patch! (diff)
download	embedded-cross-d16700ff6201ff668a3bd064beac36c527e16933.tar.gz embedded-cross-d16700ff6201ff668a3bd064beac36c527e16933.tar.bz2 embedded-cross-d16700ff6201ff668a3bd064beac36c527e16933.zip