Bug#805879: libpam-sshauth dropped support for publickey authentication

Mon, 23 Nov 2015 07:36:36 -0800 

-- 
Eric Desrochers | Mobile: +1 438 399 7175 (Eastern Time)
Technical Account Manager | Canonical Canada, Ltd.
<[email protected]> | GPG: 2048R/8F1CA067


Description: Added back support for publickey authentication

libpam-sshauth used to support publickey authentication with ssh-agent.
version 0.3-1 dropped this feature which is related to author switching to using libssh2. 

Author: Benoit Guyard <[email protected]>
Origin: upstream, https://code.launchpad.net/~benoit-guyard/ltsp/libpam-sshauth/+merge/273930
--- a/src/auth_funcs.c
+++ b/src/auth_funcs.c
@@ -37,6 +37,7 @@
 
 #define SSH_AUTH_METHOD_PASSWORD 1
 #define SSH_AUTH_METHOD_INTERACTIVE 2
+#define SSH_AUTH_METHOD_PUBLICKEY 3
 
 #define SSH_AUTH_SUCCESS 0
 #define SSH_AUTH_ERROR 1
@@ -184,8 +185,10 @@
   char *userauthlist;
   struct hostent *server;
   struct sockaddr_in serv_addr;
+  struct libssh2_agent_publickey *identity, *prev_identity = NULL;
   LIBSSH2_SESSION *session = NULL;
   LIBSSH2_KNOWNHOSTS *nh = NULL;
+  LIBSSH2_AGENT *agent = NULL;
   size_t len;
   FILE *khf;
 
@@ -381,10 +384,84 @@
     {
       method |= SSH_AUTH_METHOD_INTERACTIVE;
     }
+  if (strstr (userauthlist, "publickey") != NULL)
+    {
+      method |= SSH_AUTH_METHOD_PUBLICKEY;
+    }
 
   do
     {
       /*
+       * Authenticate depending on the method available.
+       * Try public key first.
+       */
+
+      if (method & SSH_AUTH_METHOD_PUBLICKEY)
+        {
+          pam_debug(pamh, "Trying public key authentication.");
+
+          /* Connect to the ssh-agent */ 
+          agent = libssh2_agent_init(session);
+
+          if (!agent)
+            {
+              pam_debug(pamh, "Failure initializing ssh-agent support.");
+              goto fail;
+            }
+
+          if (libssh2_agent_connect(agent))
+            {
+              pam_debug(pamh, "Failure connecting to ssh-agent.");
+              goto fail;
+             }
+
+          if (libssh2_agent_list_identities(agent))
+            {
+              pam_debug(pamh, "Failure requesting identities to ssh-agent.");
+              goto fail;
+            }
+
+          while (1)
+            {
+              ssh_result = libssh2_agent_get_identity(agent, &identity, prev_identity);
+
+              if (ssh_result == 1)
+                break;
+
+              if (ssh_result < 0) 
+                {
+                  pam_debug(pamh, "Failure obtaining identity from ssh-agent support.");
+                  ssh_result = 1;
+                  goto fail;
+                }
+
+              if (libssh2_agent_userauth(agent, username, identity))
+                {
+                  pam_debug(pamh, "Publickey authentication failed!");
+                }
+              else
+                {
+                  pam_debug(pamh, "Publickey Authentication succeeded!");
+                  break;
+                }
+                prev_identity = identity;
+            }
+
+          if (ssh_result) 
+            {
+              pam_debug(pamh, "Couldn't continue authentication.");
+              goto fail;
+            }
+
+         /* We're authenticated now. */ 
+          if (ssh_result == SSH_AUTH_SUCCESS)
+            {
+              libssh2_agent_disconnect(agent);
+              break;
+            }
+        }
+
+      /*
        * Try keyboard interactive next, if supported.
        */

Reply via email to