Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 10 Oct 2011 19:19:32 GMT
From:      Corey Smith <corsmith@gmail.com>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   ports/161473: security/pam_ssh_agent_auth: update to fix segmentation fault in 0.9.3
Message-ID:  <201110101919.p9AJJWur030359@red.freebsd.org>
Resent-Message-ID: <201110101920.p9AJK74c091728@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help

>Number:         161473
>Category:       ports
>Synopsis:       security/pam_ssh_agent_auth: update to fix segmentation fault in 0.9.3
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Mon Oct 10 19:20:07 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator:     Corey Smith
>Release:        8.2-RELEASE-p4
>Organization:
>Environment:
FreeBSD tst 8.2-RELEASE-p4 FreeBSD 8.2-RELEASE-p4 #1: Sun Oct  9 09:36:36 EDT 2011     root@tst:/usr/src/sys/amd64/compile/CUSTOM  amd64

>Description:
When using this port with the current version of sudo a segmentation fault occurs.  More information can be found at:

http://lists.freebsd.org/pipermail/freebsd-security/2011-September/006014.html

This patch fixes the problem by renaming the function call in pam_ssh_agent_auth.

The purpose of this update is to provide a work-able solution until a more permanent fix is available from the developer.

-Corey Smith
>How-To-Repeat:
# update to latest security/sudo and security/pam_ssh_agent_auth
sudo su -
# segmentation fault
>Fix:
Patch attached

Patch attached with submission follows:

diff -urN pam_ssh_agent_auth.orig/Makefile pam_ssh_agent_auth/Makefile
--- pam_ssh_agent_auth.orig/Makefile	2011-06-25 01:29:26.000000000 -0400
+++ pam_ssh_agent_auth/Makefile	2011-10-10 14:58:03.000000000 -0400
@@ -7,6 +7,7 @@
 
 PORTNAME=	pam_ssh_agent_auth
 PORTVERSION=	0.9.3
+PORTREVISION=	1
 CATEGORIES=	security
 MASTER_SITES=	SF/pamsshagentauth/${PORTNAME}/v${PORTVERSION}/
 
diff -urN pam_ssh_agent_auth.orig/files/patch-entropy.c pam_ssh_agent_auth/files/patch-entropy.c
--- pam_ssh_agent_auth.orig/files/patch-entropy.c	1969-12-31 19:00:00.000000000 -0500
+++ pam_ssh_agent_auth/files/patch-entropy.c	2011-10-10 14:53:51.000000000 -0400
@@ -0,0 +1,25 @@
+--- ./entropy.c	2009-08-08 20:54:21.000000000 -0400
++++ ../../pam_ssh_agent_auth-0.9.3.fixed/entropy.c	2011-10-10 13:10:35.864389493 -0400
+@@ -79,11 +79,11 @@
+ 	mysig_t old_sigchld;
+ 
+ 	if (RAND_status() == 1) {
+-		verbose("RNG is ready, skipping seeding");
++		pam_ssh_auth_verbose("RNG is ready, skipping seeding");
+ 		return;
+ 	}
+ 
+-	verbose("Seeding PRNG from %s", SSH_RAND_HELPER);
++	pam_ssh_auth_verbose("Seeding PRNG from %s", SSH_RAND_HELPER);
+ 
+ 	if ((devnull = open("/dev/null", O_RDWR)) == -1)
+ 		fatal("Couldn't open /dev/null: %s", strerror(errno));
+@@ -187,7 +187,7 @@
+ 
+ 	buf = buffer_get_string_ret(m, &len);
+ 	if (buf != NULL) {
+-		verbose("rexec_recv_rng_seed: seeding rng with %u bytes", len);
++		pam_ssh_auth_verbose("rexec_recv_rng_seed: seeding rng with %u bytes", len);
+ 		RAND_add(buf, len, len);
+ 	}
+ }
diff -urN pam_ssh_agent_auth.orig/files/patch-iterate_ssh_agent_keys.c pam_ssh_agent_auth/files/patch-iterate_ssh_agent_keys.c
--- pam_ssh_agent_auth.orig/files/patch-iterate_ssh_agent_keys.c	1969-12-31 19:00:00.000000000 -0500
+++ pam_ssh_agent_auth/files/patch-iterate_ssh_agent_keys.c	2011-10-10 14:54:07.000000000 -0400
@@ -0,0 +1,20 @@
+--- ./iterate_ssh_agent_keys.c	2010-01-12 21:17:01.000000000 -0500
++++ ../../pam_ssh_agent_auth-0.9.3.fixed/iterate_ssh_agent_keys.c	2011-10-10 13:10:35.864389493 -0400
+@@ -82,7 +82,7 @@
+     session_id2 = session_id2_gen();
+ 
+     if ((ac = ssh_get_authentication_connection(uid))) {
+-        verbose("Contacted ssh-agent of user %s (%u)", getpwuid(uid)->pw_name, uid);
++        pam_ssh_auth_verbose("Contacted ssh-agent of user %s (%u)", getpwuid(uid)->pw_name, uid);
+         for (key = ssh_get_first_identity(ac, &comment, 2); key != NULL; key = ssh_get_next_identity(ac, &comment, 2)) 
+         {
+             if(key != NULL) {
+@@ -103,7 +103,7 @@
+         ssh_close_authentication_connection(ac);
+     }
+     else {
+-        verbose("No ssh-agent could be contacted");
++        pam_ssh_auth_verbose("No ssh-agent could be contacted");
+     }
+     xfree(session_id2);
+     EVP_cleanup();
diff -urN pam_ssh_agent_auth.orig/files/patch-key.c pam_ssh_agent_auth/files/patch-key.c
--- pam_ssh_agent_auth.orig/files/patch-key.c	1969-12-31 19:00:00.000000000 -0500
+++ pam_ssh_agent_auth/files/patch-key.c	2011-10-10 14:54:32.000000000 -0400
@@ -0,0 +1,51 @@
+--- ./key.c	2009-08-08 20:54:21.000000000 -0400
++++ ../../pam_ssh_agent_auth-0.9.3.fixed/key.c	2011-10-10 13:10:35.865388224 -0400
+@@ -420,26 +420,26 @@
+ 	case KEY_DSA:
+ 		space = strchr(cp, ' ');
+ 		if (space == NULL) {
+-			verbose("key_read: missing whitespace");
++			pam_ssh_auth_verbose("key_read: missing whitespace");
+ 			return -1;
+ 		}
+ 		*space = '\0';
+ 		type = key_type_from_name(cp);
+ 		*space = ' ';
+ 		if (type == KEY_UNSPEC) {
+-			verbose("key_read: missing keytype");
++			pam_ssh_auth_verbose("key_read: missing keytype");
+ 			return -1;
+ 		}
+ 		cp = space+1;
+ 		if (*cp == '\0') {
+-			verbose("key_read: short string");
++			pam_ssh_auth_verbose("key_read: short string");
+ 			return -1;
+ 		}
+ 		if (ret->type == KEY_UNSPEC) {
+ 			ret->type = type;
+ 		} else if (ret->type != type) {
+ 			/* is a key, but different type */
+-			verbose("key_read: type mismatch");
++			pam_ssh_auth_verbose("key_read: type mismatch");
+ 			return -1;
+ 		}
+ 		len = 2*strlen(cp);
+@@ -656,7 +656,7 @@
+ 	} else if (strcmp(name, "ssh-dss") == 0) {
+ 		return KEY_DSA;
+ 	}
+-	verbose("key_type_from_name: unknown key type '%s'", name);
++	pam_ssh_auth_verbose("key_type_from_name: unknown key type '%s'", name);
+ 	return KEY_UNSPEC;
+ }
+ 
+@@ -677,7 +677,7 @@
+ 			return 0;
+ 		}
+ 	}
+-	verbose("key names ok: [%s]", names);
++	pam_ssh_auth_verbose("key names ok: [%s]", names);
+ 	xfree(s);
+ 	return 1;
+ }
diff -urN pam_ssh_agent_auth.orig/files/patch-log.c pam_ssh_agent_auth/files/patch-log.c
--- pam_ssh_agent_auth.orig/files/patch-log.c	1969-12-31 19:00:00.000000000 -0500
+++ pam_ssh_agent_auth/files/patch-log.c	2011-10-10 14:54:51.000000000 -0400
@@ -0,0 +1,11 @@
+--- ./log.c	2009-08-08 20:54:21.000000000 -0400
++++ ../../pam_ssh_agent_auth-0.9.3.fixed/log.c	2011-10-10 13:10:35.865388224 -0400
+@@ -166,7 +166,7 @@
+ /* More detailed messages (information that does not need to go to the log). */
+ 
+ void
+-verbose(const char *fmt,...)
++pam_ssh_auth_verbose(const char *fmt,...)
+ {
+ 	va_list args;
+ 
diff -urN pam_ssh_agent_auth.orig/files/patch-log.h pam_ssh_agent_auth/files/patch-log.h
--- pam_ssh_agent_auth.orig/files/patch-log.h	1969-12-31 19:00:00.000000000 -0500
+++ pam_ssh_agent_auth/files/patch-log.h	2011-10-10 14:55:03.000000000 -0400
@@ -0,0 +1,11 @@
+--- ./log.h	2009-08-08 20:54:21.000000000 -0400
++++ ../../pam_ssh_agent_auth-0.9.3.fixed/log.h	2011-10-10 13:10:38.856166661 -0400
+@@ -55,7 +55,7 @@
+ void     logerror(const char *, ...) __attribute__((format(printf, 1, 2)));
+ void     sigdie(const char *, ...) __attribute__((format(printf, 1, 2)));
+ void     logit(const char *, ...) __attribute__((format(printf, 1, 2)));
+-void     verbose(const char *, ...) __attribute__((format(printf, 1, 2)));
++void     pam_ssh_auth_verbose(const char *, ...) __attribute__((format(printf, 1, 2)));
+ void     debug(const char *, ...) __attribute__((format(printf, 1, 2)));
+ void     debug2(const char *, ...) __attribute__((format(printf, 1, 2)));
+ void     debug3(const char *, ...) __attribute__((format(printf, 1, 2)));
diff -urN pam_ssh_agent_auth.orig/files/patch-misc.c pam_ssh_agent_auth/files/patch-misc.c
--- pam_ssh_agent_auth.orig/files/patch-misc.c	1969-12-31 19:00:00.000000000 -0500
+++ pam_ssh_agent_auth/files/patch-misc.c	2011-10-10 14:55:23.000000000 -0400
@@ -0,0 +1,102 @@
+--- ./misc.c	2009-08-08 20:54:21.000000000 -0400
++++ ../../pam_ssh_agent_auth-0.9.3.fixed/misc.c	2011-10-10 13:10:35.866387792 -0400
+@@ -84,13 +84,13 @@
+ 		return (-1);
+ 	}
+ 	if (val & O_NONBLOCK) {
+-		verbose("fd %d is O_NONBLOCK", fd);
++		pam_ssh_auth_verbose("fd %d is O_NONBLOCK", fd);
+ 		return (0);
+ 	}
+-	verbose("fd %d setting O_NONBLOCK", fd);
++	pam_ssh_auth_verbose("fd %d setting O_NONBLOCK", fd);
+ 	val |= O_NONBLOCK;
+ 	if (fcntl(fd, F_SETFL, val) == -1) {
+-		verbose("fcntl(%d, F_SETFL, O_NONBLOCK): %s", fd,
++		pam_ssh_auth_verbose("fcntl(%d, F_SETFL, O_NONBLOCK): %s", fd,
+ 		    strerror(errno));
+ 		return (-1);
+ 	}
+@@ -108,13 +108,13 @@
+ 		return (-1);
+ 	}
+ 	if (!(val & O_NONBLOCK)) {
+-		verbose("fd %d is not O_NONBLOCK", fd);
++		pam_ssh_auth_verbose("fd %d is not O_NONBLOCK", fd);
+ 		return (0);
+ 	}
+-	verbose("fd %d clearing O_NONBLOCK", fd);
++	pam_ssh_auth_verbose("fd %d clearing O_NONBLOCK", fd);
+ 	val &= ~O_NONBLOCK;
+ 	if (fcntl(fd, F_SETFL, val) == -1) {
+-		verbose("fcntl(%d, F_SETFL, ~O_NONBLOCK): %s",
++		pam_ssh_auth_verbose("fcntl(%d, F_SETFL, ~O_NONBLOCK): %s",
+ 		    fd, strerror(errno));
+ 		return (-1);
+ 	}
+@@ -138,15 +138,15 @@
+ 
+ 	optlen = sizeof opt;
+ 	if (getsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, &optlen) == -1) {
+-		verbose("getsockopt TCP_NODELAY: %.100s", strerror(errno));
++		pam_ssh_auth_verbose("getsockopt TCP_NODELAY: %.100s", strerror(errno));
+ 		return;
+ 	}
+ 	if (opt == 1) {
+-		verbose("fd %d is TCP_NODELAY", fd);
++		pam_ssh_auth_verbose("fd %d is TCP_NODELAY", fd);
+ 		return;
+ 	}
+ 	opt = 1;
+-	verbose("fd %d setting TCP_NODELAY", fd);
++	pam_ssh_auth_verbose("fd %d setting TCP_NODELAY", fd);
+ 	if (setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, sizeof opt) == -1)
+ 		logerror("setsockopt TCP_NODELAY: %.100s", strerror(errno));
+ }
+@@ -367,7 +367,7 @@
+ 		return(xstrdup(host));
+ 	if (asprintf(&hoststr, "[%s]:%d", host, (int)port) < 0)
+ 		fatal("put_host_port: asprintf: %s", strerror(errno));
+-	verbose("put_host_port: %s", hoststr);
++	pam_ssh_auth_verbose("put_host_port: %s", hoststr);
+ 	return hoststr;
+ }
+ 
+@@ -631,7 +631,7 @@
+ 		if (buf[strlen(buf) - 1] == '\n' || feof(f)) {
+ 			return 0;
+ 		} else {
+-			verbose("%s: %s line %lu exceeds size limit", __func__,
++			pam_ssh_auth_verbose("%s: %s line %lu exceeds size limit", __func__,
+ 			    filename, *lineno);
+ 			/* discard remainder of line */
+ 			while (fgetc(f) != '\n' && !feof(f))
+@@ -662,16 +662,16 @@
+ 				break;
+ 		}
+ 	} else {
+-		verbose("%s: invalid tunnel %u", __func__, tun);
++		pam_ssh_auth_verbose("%s: invalid tunnel %u", __func__, tun);
+ 		return (-1);
+ 	}
+ 
+ 	if (fd < 0) {
+-		verbose("%s: %s open failed: %s", __func__, name, strerror(errno));
++		pam_ssh_auth_verbose("%s: %s open failed: %s", __func__, name, strerror(errno));
+ 		return (-1);
+ 	}
+ 
+-	verbose("%s: %s mode %d fd %d", __func__, name, mode, fd);
++	pam_ssh_auth_verbose("%s: %s mode %d fd %d", __func__, name, mode, fd);
+ 
+ 	/* Set the tunnel device operation mode */
+ 	snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "tun%d", tun);
+@@ -703,7 +703,7 @@
+ 		close(fd);
+ 	if (sock >= 0)
+ 		close(sock);
+-	verbose("%s: failed to set %s mode %d: %s", __func__, name,
++	pam_ssh_auth_verbose("%s: failed to set %s mode %d: %s", __func__, name,
+ 	    mode, strerror(errno));
+ 	return (-1);
+ #else
diff -urN pam_ssh_agent_auth.orig/files/patch-pam_ssh_agent_auth.c pam_ssh_agent_auth/files/patch-pam_ssh_agent_auth.c
--- pam_ssh_agent_auth.orig/files/patch-pam_ssh_agent_auth.c	1969-12-31 19:00:00.000000000 -0500
+++ pam_ssh_agent_auth/files/patch-pam_ssh_agent_auth.c	2011-10-10 14:55:48.000000000 -0400
@@ -0,0 +1,58 @@
+--- ./pam_ssh_agent_auth.c	2011-01-26 15:59:21.000000000 -0500
++++ ../../pam_ssh_agent_auth-0.9.3.fixed/pam_ssh_agent_auth.c	2011-10-10 13:10:35.866387792 -0400
+@@ -124,7 +124,7 @@
+     pam_get_item(pamh, PAM_USER, (void *) &user);
+     pam_get_item(pamh, PAM_RUSER, (void *) &ruser_ptr);
+ 
+-    verbose("Beginning pam_ssh_agent_auth for user %s", user);
++    pam_ssh_auth_verbose("Beginning pam_ssh_agent_auth for user %s", user);
+ 
+     if(ruser_ptr) {
+         strncpy(ruser, ruser_ptr, sizeof(ruser) - 1);
+@@ -139,12 +139,12 @@
+ #ifdef ENABLE_SUDO_HACK
+         if( (strlen(sudo_service_name) > 0) && strncasecmp(servicename, sudo_service_name, sizeof(sudo_service_name) - 1) == 0 && getenv("SUDO_USER") ) {
+             strncpy(ruser, getenv("SUDO_USER"), sizeof(ruser) - 1 );
+-            verbose( "Using environment variable SUDO_USER (%s)", ruser );
++            pam_ssh_auth_verbose( "Using environment variable SUDO_USER (%s)", ruser );
+         } else 
+ #endif
+         {
+             if( ! getpwuid(getuid()) ) {
+-                verbose("Unable to getpwuid(getuid())");
++                pam_ssh_auth_verbose("Unable to getpwuid(getuid())");
+                 goto cleanexit;
+             }
+             strncpy(ruser, getpwuid(getuid())->pw_name, sizeof(ruser) - 1);
+@@ -153,11 +153,11 @@
+ 
+     /* Might as well explicitely confirm the user exists here */
+     if(! getpwnam(ruser) ) {
+-        verbose("getpwnam(%s) failed, bailing out", ruser);
++        pam_ssh_auth_verbose("getpwnam(%s) failed, bailing out", ruser);
+         goto cleanexit;
+     }
+     if( ! getpwnam(user) ) {
+-        verbose("getpwnam(%s) failed, bailing out", user);
++        pam_ssh_auth_verbose("getpwnam(%s) failed, bailing out", user);
+         goto cleanexit;
+     }
+ 
+@@ -167,7 +167,7 @@
+          */
+         parse_authorized_key_file(user, authorized_keys_file_input);
+     } else {
+-        verbose("Using default file=/etc/security/authorized_keys");
++        pam_ssh_auth_verbose("Using default file=/etc/security/authorized_keys");
+         authorized_keys_file = xstrdup("/etc/security/authorized_keys");
+     }
+ 
+@@ -177,7 +177,7 @@
+      */
+ 
+     if(user && strlen(ruser) > 0) {
+-        verbose("Attempting authentication: `%s' as `%s' using %s", ruser, user, authorized_keys_file);
++        pam_ssh_auth_verbose("Attempting authentication: `%s' as `%s' using %s", ruser, user, authorized_keys_file);
+ 
+         /* 
+          * this pw_uid is used to validate the SSH_AUTH_SOCK, and so must be the uid of the ruser invoking the program, not the target-user
diff -urN pam_ssh_agent_auth.orig/files/patch-pam_user_key_allowed2.c pam_ssh_agent_auth/files/patch-pam_user_key_allowed2.c
--- pam_ssh_agent_auth.orig/files/patch-pam_user_key_allowed2.c	1969-12-31 19:00:00.000000000 -0500
+++ pam_ssh_agent_auth/files/patch-pam_user_key_allowed2.c	2011-10-10 14:56:12.000000000 -0400
@@ -0,0 +1,42 @@
+--- ./pam_user_key_allowed2.c	2011-06-07 02:32:46.000000000 -0400
++++ ../../pam_ssh_agent_auth-0.9.3.fixed/pam_user_key_allowed2.c	2011-10-10 13:10:35.866387792 -0400
+@@ -63,11 +63,11 @@
+ 	Key *found;
+ 	char *fp;
+ 
+-	verbose("trying public key file %s", file);
++	pam_ssh_auth_verbose("trying public key file %s", file);
+ 
+ 	/* Fail not so quietly if file does not exist */
+ 	if (stat(file, &st) < 0) {
+-        verbose("File not found: %s", file);
++        pam_ssh_auth_verbose("File not found: %s", file);
+ 		return 0;
+ 	}
+ 	/* Open the file containing the authorized keys. */
+@@ -97,7 +97,7 @@
+ 		if (key_read(found, &cp) != 1) {
+ 			/* no key?  check if there are options for this key */
+ 			int quoted = 0;
+-			verbose("user_key_allowed: check options: '%s'", cp);
++			pam_ssh_auth_verbose("user_key_allowed: check options: '%s'", cp);
+ 			key_options = cp;
+ 			for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
+ 				if (*cp == '\\' && cp[1] == '"')
+@@ -109,7 +109,7 @@
+ 			for (; *cp == ' ' || *cp == '\t'; cp++)
+ 				;
+ 			if (key_read(found, &cp) != 1) {
+-				verbose("user_key_allowed: advance: '%s'", cp);
++				pam_ssh_auth_verbose("user_key_allowed: advance: '%s'", cp);
+ 				/* still no key?  advance to next line*/
+ 				continue;
+ 			}
+@@ -128,6 +128,6 @@
+ 	fclose(f);
+ 	key_free(found);
+ 	if (!found_key)
+-		verbose("key not found");
++		pam_ssh_auth_verbose("key not found");
+ 	return found_key;
+ }
diff -urN pam_ssh_agent_auth.orig/files/patch-secure_filename.c pam_ssh_agent_auth/files/patch-secure_filename.c
--- pam_ssh_agent_auth.orig/files/patch-secure_filename.c	1969-12-31 19:00:00.000000000 -0500
+++ pam_ssh_agent_auth/files/patch-secure_filename.c	2011-10-10 14:56:35.000000000 -0400
@@ -0,0 +1,29 @@
+--- ./secure_filename.c	2009-08-08 20:54:21.000000000 -0400
++++ ../../pam_ssh_agent_auth-0.9.3.fixed/secure_filename.c	2011-10-10 13:10:35.867387919 -0400
+@@ -80,7 +80,7 @@
+ 	int comparehome = 0;
+ 	struct stat st;
+ 
+-    verbose("secure_filename: checking for uid: %u", uid);
++    pam_ssh_auth_verbose("secure_filename: checking for uid: %u", uid);
+ 
+ 	if (realpath(file, buf) == NULL) {
+ 		snprintf(err, errlen, "realpath %s failed: %s", file,
+@@ -107,7 +107,7 @@
+ 		}
+ 		strlcpy(buf, cp, sizeof(buf));
+ 
+-		verbose("secure_filename: checking '%s'", buf);
++		pam_ssh_auth_verbose("secure_filename: checking '%s'", buf);
+ 		if (stat(buf, &st) < 0 ||
+ 		    (st.st_uid != 0 && st.st_uid != uid) ||
+ 		    (st.st_mode & 022) != 0) {
+@@ -118,7 +118,7 @@
+ 
+ 		/* If are passed the homedir then we can stop */
+ 		if (comparehome && strcmp(homedir, buf) == 0) {
+-			verbose("secure_filename: terminating check at '%s'",
++			pam_ssh_auth_verbose("secure_filename: terminating check at '%s'",
+ 			    buf);
+ 			break;
+ 		}
diff -urN pam_ssh_agent_auth.orig/files/patch-ssh-dss.c pam_ssh_agent_auth/files/patch-ssh-dss.c
--- pam_ssh_agent_auth.orig/files/patch-ssh-dss.c	1969-12-31 19:00:00.000000000 -0500
+++ pam_ssh_agent_auth/files/patch-ssh-dss.c	2011-10-10 14:56:52.000000000 -0400
@@ -0,0 +1,11 @@
+--- ./ssh-dss.c	2009-08-08 20:54:21.000000000 -0400
++++ ../../pam_ssh_agent_auth-0.9.3.fixed/ssh-dss.c	2011-10-10 13:10:35.867387919 -0400
+@@ -179,7 +179,7 @@
+ 
+ 	DSA_SIG_free(sig);
+ 
+-	verbose("ssh_dss_verify: signature %s",
++	pam_ssh_auth_verbose("ssh_dss_verify: signature %s",
+ 	    ret == 1 ? "correct" : ret == 0 ? "incorrect" : "error");
+ 	return ret;
+ }
diff -urN pam_ssh_agent_auth.orig/files/patch-ssh-rsa.c pam_ssh_agent_auth/files/patch-ssh-rsa.c
--- pam_ssh_agent_auth.orig/files/patch-ssh-rsa.c	1969-12-31 19:00:00.000000000 -0500
+++ pam_ssh_agent_auth/files/patch-ssh-rsa.c	2011-10-10 14:57:05.000000000 -0400
@@ -0,0 +1,29 @@
+--- ./ssh-rsa.c	2009-08-08 20:54:21.000000000 -0400
++++ ../../pam_ssh_agent_auth-0.9.3.fixed/ssh-rsa.c	2011-10-10 13:10:35.867387919 -0400
+@@ -75,7 +75,7 @@
+ 	}
+ 	if (len < slen) {
+ 		u_int diff = slen - len;
+-		verbose("slen %u > len %u", slen, len);
++		pam_ssh_auth_verbose("slen %u > len %u", slen, len);
+ 		memmove(sig + diff, sig, len);
+ 		memset(sig, 0, diff);
+ 	} else if (len > slen) {
+@@ -148,7 +148,7 @@
+ 		return -1;
+ 	} else if (len < modlen) {
+ 		u_int diff = modlen - len;
+-		verbose("ssh_rsa_verify: add padding: modlen %u > len %u",
++		pam_ssh_auth_verbose("ssh_rsa_verify: add padding: modlen %u > len %u",
+ 		    modlen, len);
+ 		sigblob = xrealloc(sigblob, 1, modlen);
+ 		memmove(sigblob + diff, sigblob, len);
+@@ -169,7 +169,7 @@
+ 	memset(digest, 'd', sizeof(digest));
+ 	memset(sigblob, 's', len);
+ 	xfree(sigblob);
+-	verbose("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : "");
++	pam_ssh_auth_verbose("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : "");
+ 	return ret;
+ }
+ 


>Release-Note:
>Audit-Trail:
>Unformatted:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201110101919.p9AJJWur030359>