diff -up openssh/pam_ssh_agent_auth-0.10.3/identity.h.psaa-agent openssh/pam_ssh_agent_auth-0.10.3/identity.h --- openssh/pam_ssh_agent_auth-0.10.3/identity.h.psaa-agent 2016-11-13 04:24:32.000000000 +0100 +++ openssh/pam_ssh_agent_auth-0.10.3/identity.h 2017-09-27 14:25:49.421739027 +0200 @@ -38,6 +38,12 @@ typedef struct identity Identity; typedef struct idlist Idlist; +typedef struct { + int fd; + Buffer identities; + int howmany; +} AuthenticationConnection; + struct identity { TAILQ_ENTRY(identity) next; AuthenticationConnection *ac; /* set if agent supports key */ diff -up openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-agent openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c --- openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-agent 2017-09-27 14:25:49.420739021 +0200 +++ openssh/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c 2017-09-27 14:25:49.421739027 +0200 @@ -39,6 +39,7 @@ #include "buffer.h" #include "key.h" #include "authfd.h" +#include "ssherr.h" #include #include #include "ssh2.h" @@ -291,36 +292,43 @@ pamsshagentauth_find_authorized_keys(con { Buffer session_id2 = { 0 }; Identity *id; - Key *key; AuthenticationConnection *ac; - char *comment; uint8_t retval = 0; uid_t uid = getpwnam(ruser)->pw_uid; + struct ssh_identitylist *idlist; + int r; + unsigned int i; OpenSSL_add_all_digests(); pamsshagentauth_session_id2_gen(&session_id2, user, ruser, servicename); if ((ac = ssh_get_authentication_connection_for_uid(uid))) { verbose("Contacted ssh-agent of user %s (%u)", ruser, uid); - for (key = ssh_get_first_identity(ac, &comment, 2); key != NULL; key = ssh_get_next_identity(ac, &comment, 2)) + if ((r = ssh_fetch_identitylist(ac->fd, &idlist)) != 0) { + if (r != SSH_ERR_AGENT_NO_IDENTITIES) + fprintf(stderr, "error fetching identities for " + "protocol %d: %s\n", 2, ssh_err(r)); + } else { + for (i = 0; i < idlist->nkeys; i++) { - if(key != NULL) { + if(idlist->keys[i] != NULL) { id = xcalloc(1, sizeof(*id)); - id->key = key; - id->filename = comment; + id->key = idlist->keys[i]; + id->filename = idlist->comments[i]; id->ac = ac; if(userauth_pubkey_from_id(ruser, id, &session_id2)) { retval = 1; } - free(id->filename); - key_free(id->key); free(id); if(retval == 1) break; } } buffer_free(&session_id2); - ssh_close_authentication_connection(ac); + ssh_free_identitylist(idlist); + ssh_close_authentication_socket(ac->fd); + free(ac); + } } else { verbose("No ssh-agent could be contacted"); diff -up openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-agent openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c --- openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c.psaa-agent 2017-09-27 14:26:04.277820716 +0200 +++ openssh/pam_ssh_agent_auth-0.10.3/pam_user_key_allowed2.c 2017-09-27 14:26:34.426986497 +0200 @@ -70,7 +70,7 @@ pamsshagentauth_check_authkeys_file(FILE char *fp; found_key = 0; - found = key_new(key->type); + found = sshkey_new(key->type); while(read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { char *cp = NULL; /* *key_options = NULL; */ @@ -80,7 +80,7 @@ pamsshagentauth_check_authkeys_file(FILE if(!*cp || *cp == '\n' || *cp == '#') continue; - if(key_read(found, &cp) != 1) { + if(sshkey_read(found, &cp) != 0) { /* no key? check if there are options for this key */ int quoted = 0; @@ -94,24 +94,24 @@ pamsshagentauth_check_authkeys_file(FILE } /* Skip remaining whitespace. */ for(; *cp == ' ' || *cp == '\t'; cp++); - if(key_read(found, &cp) != 1) { + if(sshkey_read(found, &cp) != 0) { verbose("user_key_allowed: advance: '%s'", cp); /* still no key? advance to next line */ continue; } } - if(key_equal(found, key)) { + if(sshkey_equal(found, key)) { found_key = 1; logit("matching key found: file/command %s, line %lu", file, linenum); fp = sshkey_fingerprint(found, SSH_DIGEST_MD5, SSH_FP_HEX); logit("Found matching %s key: %s", - key_type(found), fp); + sshkey_type(found), fp); free(fp); break; } } - key_free(found); + sshkey_free(found); if(!found_key) verbose("key not found"); return found_key; diff -up openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-agent openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c --- openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c.psaa-agent 2017-09-27 14:25:49.420739021 +0200 +++ openssh/pam_ssh_agent_auth-0.10.3/userauth_pubkey_from_id.c 2017-09-27 14:25:49.422739032 +0200 @@ -57,10 +57,11 @@ extern uint8_t session_id_len; int userauth_pubkey_from_id(const char *ruser, Identity * id, Buffer * session_id2) { - Buffer b = { 0 }; + Buffer b; char *pkalg = NULL; u_char *pkblob = NULL, *sig = NULL; - u_int blen = 0, slen = 0; + u_int blen = 0; + size_t slen = 0; int authenticated = 0; pkalg = (char *) key_ssh_name(id->key); @@ -84,7 +85,7 @@ userauth_pubkey_from_id(const char *ruse buffer_put_cstring(&b, pkalg); buffer_put_string(&b, pkblob, blen); - if(ssh_agent_sign(id->ac, id->key, &sig, &slen, buffer_ptr(&b), buffer_len(&b)) != 0) + if(ssh_agent_sign(id->ac->fd, id->key, &sig, &slen, buffer_ptr(&b), buffer_len(&b), NULL, 0) != 0) goto user_auth_clean_exit; /* test for correct signature */