forked from mirrors/nixpkgs
Merge pull request #90142 from wmertens/pam-ssh-agent
pam_ssh_agent_auth: 0.10.3 -> 0.10.4
This commit is contained in:
Wout Mertens
GitHub
commit
2194012d3b
|
|
@ -1,46 +1,52 @@
|
||||||
{ stdenv, fetchpatch, fetchurl, pam, openssl, perl }:
|
{ stdenv, fetchpatch, fetchFromGitHub, pam, openssl, perl }:
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
name = "pam_ssh_agent_auth-0.10.3";
|
pname = "pam_ssh_agent_auth";
|
||||||
|
version = "0.10.4";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchFromGitHub {
|
||||||
url = "mirror://sourceforge/pamsshagentauth/${name}.tar.bz2";
|
owner = "jbeverly";
|
||||||
sha256 = "0qx78x7nvqdscyp04hfijl4rgyf64xy03prr28hipvgasrcd6lrw";
|
repo = "pam_ssh_agent_auth";
|
||||||
|
rev = "pam_ssh_agent_auth-${version}";
|
||||||
|
sha256 = "YD1R8Cox0UoNiuWleKGzWSzxJ5lhDRCB2mZPp9OM6Cs=";
|
||||||
};
|
};
|
||||||
|
|
||||||
patches =
|
ed25519-donna = fetchFromGitHub {
|
||||||
[ # Allow multiple colon-separated authorized keys files to be
|
owner = "floodyberry";
|
||||||
# specified in the file= option.
|
repo = "ed25519-donna";
|
||||||
./multiple-key-files.patch
|
rev = "8757bd4cd209cb032853ece0ce413f122eef212c";
|
||||||
(fetchpatch {
|
sha256 = "ETFpIaWQnlYG8ZuDG2dNjUJddlvibB4ukHquTFn3NZM=";
|
||||||
name = "openssl-1.1.1-1.patch";
|
};
|
||||||
url = "https://sources.debian.org/data/main/p/pam-ssh-agent-auth/0.10.3-3/debian/patches/openssl-1.1.1-1.patch";
|
|
||||||
sha256 = "1ndp5j4xfhzshhnl345gb4mkldx6vjfa7284xgng6ikhzpc6y7pf";
|
|
||||||
})
|
|
||||||
(fetchpatch {
|
|
||||||
name = "openssl-1.1.1-2.patch";
|
|
||||||
url = "https://sources.debian.org/data/main/p/pam-ssh-agent-auth/0.10.3-3/debian/patches/openssl-1.1.1-2.patch";
|
|
||||||
sha256 = "0ksrs4xr417by8klf7862n3dircvnw30an1akq4pnsd3ichscmww";
|
|
||||||
})
|
|
||||||
];
|
|
||||||
|
|
||||||
buildInputs = [ pam openssl perl ];
|
buildInputs = [ pam openssl perl ];
|
||||||
|
|
||||||
|
patches = [
|
||||||
|
# Allow multiple colon-separated authorized keys files to be
|
||||||
|
# specified in the file= option.
|
||||||
|
./multiple-key-files.patch
|
||||||
|
];
|
||||||
|
|
||||||
|
configureFlags = [
|
||||||
# It's not clear to me why this is necessary, but without it, you see:
|
# It's not clear to me why this is necessary, but without it, you see:
|
||||||
#
|
#
|
||||||
# checking OpenSSL header version... 1010104f (OpenSSL 1.1.1d 10 Sep 2019)
|
# checking OpenSSL header version... 1010108f (OpenSSL 1.1.1h 22 Sep 2020)
|
||||||
# checking OpenSSL library version... 1010104f (OpenSSL 1.1.1d 10 Sep 2019)
|
# checking OpenSSL library version... 1010108f (OpenSSL 1.1.1h 22 Sep 2020)
|
||||||
# checking whether OpenSSL's headers match the library... no
|
# checking whether OpenSSL's headers match the library... no
|
||||||
# configure: WARNING: Your OpenSSL headers do not match your
|
# configure: WARNING: Your OpenSSL headers do not match your
|
||||||
# library. Check config.log for details.
|
# library. Check config.log for details.
|
||||||
#
|
#
|
||||||
# ...despite the fact that clearly the values match
|
# ...despite the fact that clearly the values match
|
||||||
configureFlags = [ "--without-openssl-header-check" ];
|
"--without-openssl-header-check"
|
||||||
|
# Make sure it can find ed25519-donna
|
||||||
|
"--with-cflags=-I$PWD"
|
||||||
|
];
|
||||||
|
|
||||||
|
prePatch = "cp -r ${ed25519-donna}/. ed25519-donna/.";
|
||||||
|
|
||||||
enableParallelBuilding = true;
|
enableParallelBuilding = true;
|
||||||
|
|
||||||
meta = {
|
meta = {
|
||||||
homepage = "http://pamsshagentauth.sourceforge.net/";
|
homepage = "https://github.com/jbeverly/pam_ssh_agent_auth";
|
||||||
description = "PAM module for authentication through the SSH agent";
|
description = "PAM module for authentication through the SSH agent";
|
||||||
maintainers = [ stdenv.lib.maintainers.eelco ];
|
maintainers = [ stdenv.lib.maintainers.eelco ];
|
||||||
platforms = stdenv.lib.platforms.linux;
|
platforms = stdenv.lib.platforms.linux;
|
||||||
|
|
|
||||||
|
|
@ -87,21 +87,27 @@ diff -u pam_ssh_agent_auth-0.10.3-orig/pam_ssh_agent_auth.c pam_ssh_agent_auth-0
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* PAM_USER and PAM_RUSER do not necessarily have to get set by the calling application, and we may be unable to divine the latter.
|
* PAM_USER and PAM_RUSER do not necessarily have to get set by the calling application, and we may be unable to divine the latter.
|
||||||
@@ -187,16 +184,17 @@
|
@@ -184,5 +181,5 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
if(user && strlen(ruser) > 0) {
|
if(user && strlen(ruser) > 0) {
|
||||||
- pamsshagentauth_verbose("Attempting authentication: `%s' as `%s' using %s", ruser, user, authorized_keys_file);
|
- pamsshagentauth_verbose("Attempting authentication: `%s' as `%s' using %s", ruser, user, authorized_keys_file);
|
||||||
+ pamsshagentauth_verbose("Attempting authentication: `%s' as `%s' using %s", ruser, user, authorized_keys_file_input);
|
+ pamsshagentauth_verbose("Attempting authentication: `%s' as `%s' using %s", ruser, user, authorized_keys_file_input);
|
||||||
|
|
||||||
|
@@ -201,3 +197,3 @@
|
||||||
|
retval = PAM_SUCCESS;
|
||||||
|
- pamsshagentauth_logit("Authenticated (sshd): `%s' as `%s' using %s", ruser, user, authorized_keys_file);
|
||||||
|
+ pamsshagentauth_logit("Authenticated (sshd): `%s' as `%s' using %s", ruser, user, authorized_keys_file_input);
|
||||||
|
|
||||||
|
@@ -211,11 +208,12 @@
|
||||||
/*
|
/*
|
||||||
* this pw_uid is used to validate the SSH_AUTH_SOCK, and so must be the uid of the ruser invoking the program, not the target-user
|
* this pw_uid is used to validate the SSH_AUTH_SOCK, and so must be the uid of the ruser invoking the program, not the target-user
|
||||||
*/
|
*/
|
||||||
- if(pamsshagentauth_find_authorized_keys(user, ruser, servicename)) { /* getpwnam(ruser)->pw_uid)) { */
|
- if(pamsshagentauth_find_authorized_keys(user, ruser, servicename)) { /* getpwnam(ruser)->pw_uid)) { */
|
||||||
- pamsshagentauth_logit("Authenticated: `%s' as `%s' using %s", ruser, user, authorized_keys_file);
|
- pamsshagentauth_logit("Authenticated (agent): `%s' as `%s' using %s", ruser, user, authorized_keys_file);
|
||||||
+ const char *key_file;
|
+ const char *key_file;
|
||||||
+ if((key_file = pamsshagentauth_find_authorized_keys(user, ruser, servicename))) { /* getpwnam(ruser)->pw_uid)) { */
|
+ if((key_file = pamsshagentauth_find_authorized_keys(user, ruser, servicename))) { /* getpwnam(ruser)->pw_uid)) { */
|
||||||
+ pamsshagentauth_logit("Authenticated: `%s' as `%s' using %s", ruser, user, key_file);
|
+ pamsshagentauth_logit("Authenticated (agent): `%s' as `%s' using %s", ruser, user, key_file);
|
||||||
retval = PAM_SUCCESS;
|
retval = PAM_SUCCESS;
|
||||||
} else {
|
} else {
|
||||||
- pamsshagentauth_logit("Failed Authentication: `%s' as `%s' using %s", ruser, user, authorized_keys_file);
|
- pamsshagentauth_logit("Failed Authentication: `%s' as `%s' using %s", ruser, user, authorized_keys_file);
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue