diff options
author | miwi <miwi@FreeBSD.org> | 2011-10-23 23:46:38 +0800 |
---|---|---|
committer | miwi <miwi@FreeBSD.org> | 2011-10-23 23:46:38 +0800 |
commit | f0d605f8a354fffe0527cc81f570841ffc38575c (patch) | |
tree | 67071dbfa711f448236f8983a7815b00e2481160 /security | |
parent | 52d9b85779b2f2b3e32fbc146ecb552a866b64a4 (diff) | |
download | freebsd-ports-gnome-f0d605f8a354fffe0527cc81f570841ffc38575c.tar.gz freebsd-ports-gnome-f0d605f8a354fffe0527cc81f570841ffc38575c.tar.zst freebsd-ports-gnome-f0d605f8a354fffe0527cc81f570841ffc38575c.zip |
- Update to 0.9.3
PR: 161473
Submitted by: Corey Smith <corsmith@gmail.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/pam_ssh_agent_auth/Makefile | 1 | ||||
-rw-r--r-- | security/pam_ssh_agent_auth/files/patch-entropy.c | 25 | ||||
-rw-r--r-- | security/pam_ssh_agent_auth/files/patch-iterate_ssh_agent_keys.c | 20 | ||||
-rw-r--r-- | security/pam_ssh_agent_auth/files/patch-key.c | 51 | ||||
-rw-r--r-- | security/pam_ssh_agent_auth/files/patch-log.c | 11 | ||||
-rw-r--r-- | security/pam_ssh_agent_auth/files/patch-log.h | 11 | ||||
-rw-r--r-- | security/pam_ssh_agent_auth/files/patch-misc.c | 102 | ||||
-rw-r--r-- | security/pam_ssh_agent_auth/files/patch-pam_ssh_agent_auth.c | 58 | ||||
-rw-r--r-- | security/pam_ssh_agent_auth/files/patch-pam_user_key_allowed2.c | 42 | ||||
-rw-r--r-- | security/pam_ssh_agent_auth/files/patch-secure_filename.c | 29 | ||||
-rw-r--r-- | security/pam_ssh_agent_auth/files/patch-ssh-dss.c | 11 | ||||
-rw-r--r-- | security/pam_ssh_agent_auth/files/patch-ssh-rsa.c | 28 |
12 files changed, 389 insertions, 0 deletions
diff --git a/security/pam_ssh_agent_auth/Makefile b/security/pam_ssh_agent_auth/Makefile index 62b14afab939..d746a7cfdfca 100644 --- a/security/pam_ssh_agent_auth/Makefile +++ b/security/pam_ssh_agent_auth/Makefile @@ -7,6 +7,7 @@ PORTNAME= pam_ssh_agent_auth PORTVERSION= 0.9.3 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= SF/pamsshagentauth/${PORTNAME}/v${PORTVERSION}/ diff --git a/security/pam_ssh_agent_auth/files/patch-entropy.c b/security/pam_ssh_agent_auth/files/patch-entropy.c new file mode 100644 index 000000000000..fdee6b3d25eb --- /dev/null +++ b/security/pam_ssh_agent_auth/files/patch-entropy.c @@ -0,0 +1,25 @@ +--- ./entropy.c 2009-08-08 20:54:21.000000000 -0400 ++++ ../../pam_ssh_agent_auth-0.9.3.fixed/entropy.c 2011-10-10 13:10:35.864389493 -0400 +@@ -79,11 +79,11 @@ + mysig_t old_sigchld; + + if (RAND_status() == 1) { +- verbose("RNG is ready, skipping seeding"); ++ pam_ssh_auth_verbose("RNG is ready, skipping seeding"); + return; + } + +- verbose("Seeding PRNG from %s", SSH_RAND_HELPER); ++ pam_ssh_auth_verbose("Seeding PRNG from %s", SSH_RAND_HELPER); + + if ((devnull = open("/dev/null", O_RDWR)) == -1) + fatal("Couldn't open /dev/null: %s", strerror(errno)); +@@ -187,7 +187,7 @@ + + buf = buffer_get_string_ret(m, &len); + if (buf != NULL) { +- verbose("rexec_recv_rng_seed: seeding rng with %u bytes", len); ++ pam_ssh_auth_verbose("rexec_recv_rng_seed: seeding rng with %u bytes", len); + RAND_add(buf, len, len); + } + } diff --git a/security/pam_ssh_agent_auth/files/patch-iterate_ssh_agent_keys.c b/security/pam_ssh_agent_auth/files/patch-iterate_ssh_agent_keys.c new file mode 100644 index 000000000000..7d1c341df7a3 --- /dev/null +++ b/security/pam_ssh_agent_auth/files/patch-iterate_ssh_agent_keys.c @@ -0,0 +1,20 @@ +--- ./iterate_ssh_agent_keys.c 2010-01-12 21:17:01.000000000 -0500 ++++ ../../pam_ssh_agent_auth-0.9.3.fixed/iterate_ssh_agent_keys.c 2011-10-10 13:10:35.864389493 -0400 +@@ -82,7 +82,7 @@ + session_id2 = session_id2_gen(); + + if ((ac = ssh_get_authentication_connection(uid))) { +- verbose("Contacted ssh-agent of user %s (%u)", getpwuid(uid)->pw_name, uid); ++ pam_ssh_auth_verbose("Contacted ssh-agent of user %s (%u)", getpwuid(uid)->pw_name, uid); + for (key = ssh_get_first_identity(ac, &comment, 2); key != NULL; key = ssh_get_next_identity(ac, &comment, 2)) + { + if(key != NULL) { +@@ -103,7 +103,7 @@ + ssh_close_authentication_connection(ac); + } + else { +- verbose("No ssh-agent could be contacted"); ++ pam_ssh_auth_verbose("No ssh-agent could be contacted"); + } + xfree(session_id2); + EVP_cleanup(); diff --git a/security/pam_ssh_agent_auth/files/patch-key.c b/security/pam_ssh_agent_auth/files/patch-key.c new file mode 100644 index 000000000000..1e8ac711fd36 --- /dev/null +++ b/security/pam_ssh_agent_auth/files/patch-key.c @@ -0,0 +1,51 @@ +--- ./key.c 2009-08-08 20:54:21.000000000 -0400 ++++ ../../pam_ssh_agent_auth-0.9.3.fixed/key.c 2011-10-10 13:10:35.865388224 -0400 +@@ -420,26 +420,26 @@ + case KEY_DSA: + space = strchr(cp, ' '); + if (space == NULL) { +- verbose("key_read: missing whitespace"); ++ pam_ssh_auth_verbose("key_read: missing whitespace"); + return -1; + } + *space = '\0'; + type = key_type_from_name(cp); + *space = ' '; + if (type == KEY_UNSPEC) { +- verbose("key_read: missing keytype"); ++ pam_ssh_auth_verbose("key_read: missing keytype"); + return -1; + } + cp = space+1; + if (*cp == '\0') { +- verbose("key_read: short string"); ++ pam_ssh_auth_verbose("key_read: short string"); + return -1; + } + if (ret->type == KEY_UNSPEC) { + ret->type = type; + } else if (ret->type != type) { + /* is a key, but different type */ +- verbose("key_read: type mismatch"); ++ pam_ssh_auth_verbose("key_read: type mismatch"); + return -1; + } + len = 2*strlen(cp); +@@ -656,7 +656,7 @@ + } else if (strcmp(name, "ssh-dss") == 0) { + return KEY_DSA; + } +- verbose("key_type_from_name: unknown key type '%s'", name); ++ pam_ssh_auth_verbose("key_type_from_name: unknown key type '%s'", name); + return KEY_UNSPEC; + } + +@@ -677,7 +677,7 @@ + return 0; + } + } +- verbose("key names ok: [%s]", names); ++ pam_ssh_auth_verbose("key names ok: [%s]", names); + xfree(s); + return 1; + } diff --git a/security/pam_ssh_agent_auth/files/patch-log.c b/security/pam_ssh_agent_auth/files/patch-log.c new file mode 100644 index 000000000000..dde5df93a137 --- /dev/null +++ b/security/pam_ssh_agent_auth/files/patch-log.c @@ -0,0 +1,11 @@ +--- ./log.c 2009-08-08 20:54:21.000000000 -0400 ++++ ../../pam_ssh_agent_auth-0.9.3.fixed/log.c 2011-10-10 13:10:35.865388224 -0400 +@@ -166,7 +166,7 @@ + /* More detailed messages (information that does not need to go to the log). */ + + void +-verbose(const char *fmt,...) ++pam_ssh_auth_verbose(const char *fmt,...) + { + va_list args; + diff --git a/security/pam_ssh_agent_auth/files/patch-log.h b/security/pam_ssh_agent_auth/files/patch-log.h new file mode 100644 index 000000000000..9cb1e9160ed0 --- /dev/null +++ b/security/pam_ssh_agent_auth/files/patch-log.h @@ -0,0 +1,11 @@ +--- ./log.h 2009-08-08 20:54:21.000000000 -0400 ++++ ../../pam_ssh_agent_auth-0.9.3.fixed/log.h 2011-10-10 13:10:38.856166661 -0400 +@@ -55,7 +55,7 @@ + void logerror(const char *, ...) __attribute__((format(printf, 1, 2))); + void sigdie(const char *, ...) __attribute__((format(printf, 1, 2))); + void logit(const char *, ...) __attribute__((format(printf, 1, 2))); +-void verbose(const char *, ...) __attribute__((format(printf, 1, 2))); ++void pam_ssh_auth_verbose(const char *, ...) __attribute__((format(printf, 1, 2))); + void debug(const char *, ...) __attribute__((format(printf, 1, 2))); + void debug2(const char *, ...) __attribute__((format(printf, 1, 2))); + void debug3(const char *, ...) __attribute__((format(printf, 1, 2))); diff --git a/security/pam_ssh_agent_auth/files/patch-misc.c b/security/pam_ssh_agent_auth/files/patch-misc.c new file mode 100644 index 000000000000..306aaee19bb1 --- /dev/null +++ b/security/pam_ssh_agent_auth/files/patch-misc.c @@ -0,0 +1,102 @@ +--- ./misc.c 2009-08-08 20:54:21.000000000 -0400 ++++ ../../pam_ssh_agent_auth-0.9.3.fixed/misc.c 2011-10-10 13:10:35.866387792 -0400 +@@ -84,13 +84,13 @@ + return (-1); + } + if (val & O_NONBLOCK) { +- verbose("fd %d is O_NONBLOCK", fd); ++ pam_ssh_auth_verbose("fd %d is O_NONBLOCK", fd); + return (0); + } +- verbose("fd %d setting O_NONBLOCK", fd); ++ pam_ssh_auth_verbose("fd %d setting O_NONBLOCK", fd); + val |= O_NONBLOCK; + if (fcntl(fd, F_SETFL, val) == -1) { +- verbose("fcntl(%d, F_SETFL, O_NONBLOCK): %s", fd, ++ pam_ssh_auth_verbose("fcntl(%d, F_SETFL, O_NONBLOCK): %s", fd, + strerror(errno)); + return (-1); + } +@@ -108,13 +108,13 @@ + return (-1); + } + if (!(val & O_NONBLOCK)) { +- verbose("fd %d is not O_NONBLOCK", fd); ++ pam_ssh_auth_verbose("fd %d is not O_NONBLOCK", fd); + return (0); + } +- verbose("fd %d clearing O_NONBLOCK", fd); ++ pam_ssh_auth_verbose("fd %d clearing O_NONBLOCK", fd); + val &= ~O_NONBLOCK; + if (fcntl(fd, F_SETFL, val) == -1) { +- verbose("fcntl(%d, F_SETFL, ~O_NONBLOCK): %s", ++ pam_ssh_auth_verbose("fcntl(%d, F_SETFL, ~O_NONBLOCK): %s", + fd, strerror(errno)); + return (-1); + } +@@ -138,15 +138,15 @@ + + optlen = sizeof opt; + if (getsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, &optlen) == -1) { +- verbose("getsockopt TCP_NODELAY: %.100s", strerror(errno)); ++ pam_ssh_auth_verbose("getsockopt TCP_NODELAY: %.100s", strerror(errno)); + return; + } + if (opt == 1) { +- verbose("fd %d is TCP_NODELAY", fd); ++ pam_ssh_auth_verbose("fd %d is TCP_NODELAY", fd); + return; + } + opt = 1; +- verbose("fd %d setting TCP_NODELAY", fd); ++ pam_ssh_auth_verbose("fd %d setting TCP_NODELAY", fd); + if (setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, sizeof opt) == -1) + logerror("setsockopt TCP_NODELAY: %.100s", strerror(errno)); + } +@@ -367,7 +367,7 @@ + return(xstrdup(host)); + if (asprintf(&hoststr, "[%s]:%d", host, (int)port) < 0) + fatal("put_host_port: asprintf: %s", strerror(errno)); +- verbose("put_host_port: %s", hoststr); ++ pam_ssh_auth_verbose("put_host_port: %s", hoststr); + return hoststr; + } + +@@ -631,7 +631,7 @@ + if (buf[strlen(buf) - 1] == '\n' || feof(f)) { + return 0; + } else { +- verbose("%s: %s line %lu exceeds size limit", __func__, ++ pam_ssh_auth_verbose("%s: %s line %lu exceeds size limit", __func__, + filename, *lineno); + /* discard remainder of line */ + while (fgetc(f) != '\n' && !feof(f)) +@@ -662,16 +662,16 @@ + break; + } + } else { +- verbose("%s: invalid tunnel %u", __func__, tun); ++ pam_ssh_auth_verbose("%s: invalid tunnel %u", __func__, tun); + return (-1); + } + + if (fd < 0) { +- verbose("%s: %s open failed: %s", __func__, name, strerror(errno)); ++ pam_ssh_auth_verbose("%s: %s open failed: %s", __func__, name, strerror(errno)); + return (-1); + } + +- verbose("%s: %s mode %d fd %d", __func__, name, mode, fd); ++ pam_ssh_auth_verbose("%s: %s mode %d fd %d", __func__, name, mode, fd); + + /* Set the tunnel device operation mode */ + snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "tun%d", tun); +@@ -703,7 +703,7 @@ + close(fd); + if (sock >= 0) + close(sock); +- verbose("%s: failed to set %s mode %d: %s", __func__, name, ++ pam_ssh_auth_verbose("%s: failed to set %s mode %d: %s", __func__, name, + mode, strerror(errno)); + return (-1); + #else diff --git a/security/pam_ssh_agent_auth/files/patch-pam_ssh_agent_auth.c b/security/pam_ssh_agent_auth/files/patch-pam_ssh_agent_auth.c new file mode 100644 index 000000000000..24c384604681 --- /dev/null +++ b/security/pam_ssh_agent_auth/files/patch-pam_ssh_agent_auth.c @@ -0,0 +1,58 @@ +--- ./pam_ssh_agent_auth.c 2011-01-26 15:59:21.000000000 -0500 ++++ ../../pam_ssh_agent_auth-0.9.3.fixed/pam_ssh_agent_auth.c 2011-10-10 13:10:35.866387792 -0400 +@@ -124,7 +124,7 @@ + pam_get_item(pamh, PAM_USER, (void *) &user); + pam_get_item(pamh, PAM_RUSER, (void *) &ruser_ptr); + +- verbose("Beginning pam_ssh_agent_auth for user %s", user); ++ pam_ssh_auth_verbose("Beginning pam_ssh_agent_auth for user %s", user); + + if(ruser_ptr) { + strncpy(ruser, ruser_ptr, sizeof(ruser) - 1); +@@ -139,12 +139,12 @@ + #ifdef ENABLE_SUDO_HACK + if( (strlen(sudo_service_name) > 0) && strncasecmp(servicename, sudo_service_name, sizeof(sudo_service_name) - 1) == 0 && getenv("SUDO_USER") ) { + strncpy(ruser, getenv("SUDO_USER"), sizeof(ruser) - 1 ); +- verbose( "Using environment variable SUDO_USER (%s)", ruser ); ++ pam_ssh_auth_verbose( "Using environment variable SUDO_USER (%s)", ruser ); + } else + #endif + { + if( ! getpwuid(getuid()) ) { +- verbose("Unable to getpwuid(getuid())"); ++ pam_ssh_auth_verbose("Unable to getpwuid(getuid())"); + goto cleanexit; + } + strncpy(ruser, getpwuid(getuid())->pw_name, sizeof(ruser) - 1); +@@ -153,11 +153,11 @@ + + /* Might as well explicitely confirm the user exists here */ + if(! getpwnam(ruser) ) { +- verbose("getpwnam(%s) failed, bailing out", ruser); ++ pam_ssh_auth_verbose("getpwnam(%s) failed, bailing out", ruser); + goto cleanexit; + } + if( ! getpwnam(user) ) { +- verbose("getpwnam(%s) failed, bailing out", user); ++ pam_ssh_auth_verbose("getpwnam(%s) failed, bailing out", user); + goto cleanexit; + } + +@@ -167,7 +167,7 @@ + */ + parse_authorized_key_file(user, authorized_keys_file_input); + } else { +- verbose("Using default file=/etc/security/authorized_keys"); ++ pam_ssh_auth_verbose("Using default file=/etc/security/authorized_keys"); + authorized_keys_file = xstrdup("/etc/security/authorized_keys"); + } + +@@ -177,7 +177,7 @@ + */ + + if(user && strlen(ruser) > 0) { +- verbose("Attempting authentication: `%s' as `%s' using %s", ruser, user, authorized_keys_file); ++ pam_ssh_auth_verbose("Attempting authentication: `%s' as `%s' using %s", ruser, user, authorized_keys_file); + + /* + * this pw_uid is used to validate the SSH_AUTH_SOCK, and so must be the uid of the ruser invoking the program, not the target-user diff --git a/security/pam_ssh_agent_auth/files/patch-pam_user_key_allowed2.c b/security/pam_ssh_agent_auth/files/patch-pam_user_key_allowed2.c new file mode 100644 index 000000000000..45dd90a0642c --- /dev/null +++ b/security/pam_ssh_agent_auth/files/patch-pam_user_key_allowed2.c @@ -0,0 +1,42 @@ +--- ./pam_user_key_allowed2.c 2011-06-07 02:32:46.000000000 -0400 ++++ ../../pam_ssh_agent_auth-0.9.3.fixed/pam_user_key_allowed2.c 2011-10-10 13:10:35.866387792 -0400 +@@ -63,11 +63,11 @@ + Key *found; + char *fp; + +- verbose("trying public key file %s", file); ++ pam_ssh_auth_verbose("trying public key file %s", file); + + /* Fail not so quietly if file does not exist */ + if (stat(file, &st) < 0) { +- verbose("File not found: %s", file); ++ pam_ssh_auth_verbose("File not found: %s", file); + return 0; + } + /* Open the file containing the authorized keys. */ +@@ -97,7 +97,7 @@ + if (key_read(found, &cp) != 1) { + /* no key? check if there are options for this key */ + int quoted = 0; +- verbose("user_key_allowed: check options: '%s'", cp); ++ pam_ssh_auth_verbose("user_key_allowed: check options: '%s'", cp); + key_options = cp; + for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) { + if (*cp == '\\' && cp[1] == '"') +@@ -109,7 +109,7 @@ + for (; *cp == ' ' || *cp == '\t'; cp++) + ; + if (key_read(found, &cp) != 1) { +- verbose("user_key_allowed: advance: '%s'", cp); ++ pam_ssh_auth_verbose("user_key_allowed: advance: '%s'", cp); + /* still no key? advance to next line*/ + continue; + } +@@ -128,6 +128,6 @@ + fclose(f); + key_free(found); + if (!found_key) +- verbose("key not found"); ++ pam_ssh_auth_verbose("key not found"); + return found_key; + } diff --git a/security/pam_ssh_agent_auth/files/patch-secure_filename.c b/security/pam_ssh_agent_auth/files/patch-secure_filename.c new file mode 100644 index 000000000000..ca1db1d085c2 --- /dev/null +++ b/security/pam_ssh_agent_auth/files/patch-secure_filename.c @@ -0,0 +1,29 @@ +--- ./secure_filename.c 2009-08-08 20:54:21.000000000 -0400 ++++ ../../pam_ssh_agent_auth-0.9.3.fixed/secure_filename.c 2011-10-10 13:10:35.867387919 -0400 +@@ -80,7 +80,7 @@ + int comparehome = 0; + struct stat st; + +- verbose("secure_filename: checking for uid: %u", uid); ++ pam_ssh_auth_verbose("secure_filename: checking for uid: %u", uid); + + if (realpath(file, buf) == NULL) { + snprintf(err, errlen, "realpath %s failed: %s", file, +@@ -107,7 +107,7 @@ + } + strlcpy(buf, cp, sizeof(buf)); + +- verbose("secure_filename: checking '%s'", buf); ++ pam_ssh_auth_verbose("secure_filename: checking '%s'", buf); + if (stat(buf, &st) < 0 || + (st.st_uid != 0 && st.st_uid != uid) || + (st.st_mode & 022) != 0) { +@@ -118,7 +118,7 @@ + + /* If are passed the homedir then we can stop */ + if (comparehome && strcmp(homedir, buf) == 0) { +- verbose("secure_filename: terminating check at '%s'", ++ pam_ssh_auth_verbose("secure_filename: terminating check at '%s'", + buf); + break; + } diff --git a/security/pam_ssh_agent_auth/files/patch-ssh-dss.c b/security/pam_ssh_agent_auth/files/patch-ssh-dss.c new file mode 100644 index 000000000000..9c439d60a0b7 --- /dev/null +++ b/security/pam_ssh_agent_auth/files/patch-ssh-dss.c @@ -0,0 +1,11 @@ +--- ./ssh-dss.c 2009-08-08 20:54:21.000000000 -0400 ++++ ../../pam_ssh_agent_auth-0.9.3.fixed/ssh-dss.c 2011-10-10 13:10:35.867387919 -0400 +@@ -179,7 +179,7 @@ + + DSA_SIG_free(sig); + +- verbose("ssh_dss_verify: signature %s", ++ pam_ssh_auth_verbose("ssh_dss_verify: signature %s", + ret == 1 ? "correct" : ret == 0 ? "incorrect" : "error"); + return ret; + } diff --git a/security/pam_ssh_agent_auth/files/patch-ssh-rsa.c b/security/pam_ssh_agent_auth/files/patch-ssh-rsa.c new file mode 100644 index 000000000000..de035d161386 --- /dev/null +++ b/security/pam_ssh_agent_auth/files/patch-ssh-rsa.c @@ -0,0 +1,28 @@ +--- ./ssh-rsa.c 2009-08-08 20:54:21.000000000 -0400 ++++ ../../pam_ssh_agent_auth-0.9.3.fixed/ssh-rsa.c 2011-10-10 13:10:35.867387919 -0400 +@@ -75,7 +75,7 @@ + } + if (len < slen) { + u_int diff = slen - len; +- verbose("slen %u > len %u", slen, len); ++ pam_ssh_auth_verbose("slen %u > len %u", slen, len); + memmove(sig + diff, sig, len); + memset(sig, 0, diff); + } else if (len > slen) { +@@ -148,7 +148,7 @@ + return -1; + } else if (len < modlen) { + u_int diff = modlen - len; +- verbose("ssh_rsa_verify: add padding: modlen %u > len %u", ++ pam_ssh_auth_verbose("ssh_rsa_verify: add padding: modlen %u > len %u", + modlen, len); + sigblob = xrealloc(sigblob, 1, modlen); + memmove(sigblob + diff, sigblob, len); +@@ -169,7 +169,7 @@ + memset(digest, 'd', sizeof(digest)); + memset(sigblob, 's', len); + xfree(sigblob); +- verbose("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : ""); ++ pam_ssh_auth_verbose("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : ""); + return ret; + } |