[src/trunk]: src/lib/libpam/modules/pam_ssh Fix key loading logic and add log...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/lib/libpam/modules/pam_ssh Fix key loading logic and add log...
From: mlelstv <mlelstv%NetBSD.org@localhost>
Date: Sat, 19 Oct 2019 20:32:52 +0000

details:   https://anonhg.NetBSD.org/src/rev/18c0f928526d
branches:  trunk
changeset: 456924:18c0f928526d
user:      mlelstv <mlelstv%NetBSD.org@localhost>
date:      Sat Jun 01 07:15:39 2019 +0000

description:
Fix key loading logic and add log message when rejecting an unencrypted key.

diffstat:

 lib/libpam/modules/pam_ssh/pam_ssh.c |  9 +++++----
 1 files changed, 5 insertions(+), 4 deletions(-)

diffs (35 lines):

diff -r 72a41899620e -r 18c0f928526d lib/libpam/modules/pam_ssh/pam_ssh.c
--- a/lib/libpam/modules/pam_ssh/pam_ssh.c      Sat Jun 01 06:59:17 2019 +0000
+++ b/lib/libpam/modules/pam_ssh/pam_ssh.c      Sat Jun 01 07:15:39 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: pam_ssh.c,v 1.26 2018/08/26 08:54:03 christos Exp $    */
+/*     $NetBSD: pam_ssh.c,v 1.27 2019/06/01 07:15:39 mlelstv Exp $     */
 
 /*-
  * Copyright (c) 2003 Networks Associates Technology, Inc.
@@ -38,7 +38,7 @@
 #ifdef __FreeBSD__
 __FBSDID("$FreeBSD: src/lib/libpam/modules/pam_ssh/pam_ssh.c,v 1.40 2004/02/10 10:13:21 des Exp $");
 #else
-__RCSID("$NetBSD: pam_ssh.c,v 1.26 2018/08/26 08:54:03 christos Exp $");
+__RCSID("$NetBSD: pam_ssh.c,v 1.27 2019/06/01 07:15:39 mlelstv Exp $");
 #endif
 
 #include <sys/param.h>
@@ -119,13 +119,14 @@
         * accept only an empty passphrase.
         */
        r = sshkey_load_private(fn, "", &key, &comment);
-       if (r && !(*passphrase == '\0' && nullok)) {
+       if (r == 0 && !(*passphrase == '\0' && nullok)) {
+               openpam_log(PAM_LOG_DEBUG, "rejected unencrypted key from %s", fn);
                sshkey_free(key);
                free(comment);
                return (NULL);
        }
        if (r)
-               sshkey_load_private(fn, passphrase, &key, &comment);
+               r = sshkey_load_private(fn, passphrase, &key, &comment);
        if (r) {
                openpam_log(PAM_LOG_DEBUG, "failed to load key from %s", fn);
                if (comment != NULL)

Prev by Date: [src/trunk]: src Deal with fallout from the addition of
Next by Date: [src/trunk]: src/distrib/sets/lists radeon_drv major was bumped.
Previous by Thread: [src/trunk]: src Deal with fallout from the addition of
Next by Thread: [src/trunk]: src/distrib/sets/lists radeon_drv major was bumped.
Indexes:

Home | Main Index | Thread Index | Old Index