Bug#805879: libpam-sshauth dropped support for publickey authentication

Eric Desrochers Mon, 23 Nov 2015 07:03:42 -0800

Description:

New version of this lib shipped has dropped this feature; which is apparently 
related to author switching to using libssh2 (was using libssh before).


Revision #108 has been approved and merged upstream to add back support for 
publickey authentication & ssh-agent.

Reference:
https://code.launchpad.net/~benoit-guyard/ltsp/libpam-sshauth/+merge/273930

-- 
Eric Desrochers | Mobile: +1 438 399 7175 (Eastern Time)
Technical Account Manager | Canonical Canada, Ltd.
<[email protected]> | GPG: 2048R/8F1CA067

diff -Nru libpam-sshauth-0.3.1/debian/changelog 
libpam-sshauth-0.3.1/debian/changelog
--- libpam-sshauth-0.3.1/debian/changelog       2013-07-04 14:16:58.000000000 
-0400
+++ libpam-sshauth-0.3.1/debian/changelog       2015-11-23 09:54:44.000000000 
-0500
@@ -1,3 +1,10 @@
+libpam-sshauth (0.3.1-2) unstable; urgency=low
+
+  * debian/patches/add-back-support-for-publickey-authentication.patch: Added 
back
+    support for publickey authentication (Closes: #805879) 
+
+ -- Eric Desrochers <[email protected]>  Mon, 23 Nov 2015 09:51:52 
-0500
+
 libpam-sshauth (0.3.1-1) unstable; urgency=low
 
   * New upstream version:
diff -Nru 
libpam-sshauth-0.3.1/debian/patches/add-back-support-for-publickey-authentication.patch
 
libpam-sshauth-0.3.1/debian/patches/add-back-support-for-publickey-authentication.patch
--- 
libpam-sshauth-0.3.1/debian/patches/add-back-support-for-publickey-authentication.patch
     1969-12-31 19:00:00.000000000 -0500
+++ 
libpam-sshauth-0.3.1/debian/patches/add-back-support-for-publickey-authentication.patch
     2015-11-23 09:51:33.000000000 -0500
@@ -0,0 +1,113 @@
+Description: Added back support for publickey authentication
+
+libpam-sshauth used to support publickey authentication with ssh-agent.
+version 0.3-1 dropped this feature which is related to author switching to 
using libssh2. 
+
+Author: Benoit Guyard <[email protected]>
+Origin: upstream, 
https://code.launchpad.net/~benoit-guyard/ltsp/libpam-sshauth/+merge/273930
+--- a/src/auth_funcs.c
++++ b/src/auth_funcs.c
+@@ -37,6 +37,7 @@
+ 
+ #define SSH_AUTH_METHOD_PASSWORD 1
+ #define SSH_AUTH_METHOD_INTERACTIVE 2
++#define SSH_AUTH_METHOD_PUBLICKEY 3
+ 
+ #define SSH_AUTH_SUCCESS 0
+ #define SSH_AUTH_ERROR 1
+@@ -184,8 +185,10 @@
+   char *userauthlist;
+   struct hostent *server;
+   struct sockaddr_in serv_addr;
++  struct libssh2_agent_publickey *identity, *prev_identity = NULL;
+   LIBSSH2_SESSION *session = NULL;
+   LIBSSH2_KNOWNHOSTS *nh = NULL;
++  LIBSSH2_AGENT *agent = NULL;
+   size_t len;
+   FILE *khf;
+ 
+@@ -381,10 +384,84 @@
+     {
+       method |= SSH_AUTH_METHOD_INTERACTIVE;
+     }
++  if (strstr (userauthlist, "publickey") != NULL)
++    {
++      method |= SSH_AUTH_METHOD_PUBLICKEY;
++    }
+ 
+   do
+     {
+       /*
++       * Authenticate depending on the method available.
++       * Try public key first.
++       */
++
++      if (method & SSH_AUTH_METHOD_PUBLICKEY)
++        {
++          pam_debug(pamh, "Trying public key authentication.");
++
++          /* Connect to the ssh-agent */ 
++          agent = libssh2_agent_init(session);
++
++          if (!agent)
++            {
++              pam_debug(pamh, "Failure initializing ssh-agent support.");
++              goto fail;
++            }
++
++          if (libssh2_agent_connect(agent))
++            {
++              pam_debug(pamh, "Failure connecting to ssh-agent.");
++              goto fail;
++             }
++
++          if (libssh2_agent_list_identities(agent))
++            {
++              pam_debug(pamh, "Failure requesting identities to ssh-agent.");
++              goto fail;
++            }
++
++          while (1)
++            {
++              ssh_result = libssh2_agent_get_identity(agent, &identity, 
prev_identity);
++
++              if (ssh_result == 1)
++                break;
++
++              if (ssh_result < 0) 
++                {
++                  pam_debug(pamh, "Failure obtaining identity from ssh-agent 
support.");
++                  ssh_result = 1;
++                  goto fail;
++                }
++
++              if (libssh2_agent_userauth(agent, username, identity))
++                {
++                  pam_debug(pamh, "Publickey authentication failed!");
++                }
++              else
++                {
++                  pam_debug(pamh, "Publickey Authentication succeeded!");
++                  break;
++                }
++                prev_identity = identity;
++            }
++
++          if (ssh_result) 
++            {
++              pam_debug(pamh, "Couldn't continue authentication.");
++              goto fail;
++            }
++
++         /* We're authenticated now. */ 
++          if (ssh_result == SSH_AUTH_SUCCESS)
++            {
++              libssh2_agent_disconnect(agent);
++              break;
++            }
++        }
++
++      /*
+        * Try keyboard interactive next, if supported.
+        */
+ 
diff -Nru libpam-sshauth-0.3.1/debian/patches/series 
libpam-sshauth-0.3.1/debian/patches/series
--- libpam-sshauth-0.3.1/debian/patches/series  1969-12-31 19:00:00.000000000 
-0500
+++ libpam-sshauth-0.3.1/debian/patches/series  2015-11-23 09:51:33.000000000 
-0500
@@ -0,0 +1 @@
+add-back-support-for-publickey-authentication.patch

Bug#805879: libpam-sshauth dropped support for publickey authentication

Reply via email to