diff -Nurwd orig/pam-p11-0.1.3/debian/compat pam-p11-0.1.3/debian/compat --- orig/pam-p11-0.1.3/debian/compat 1970-01-01 00:00:00.000000000 +0000 +++ pam-p11-0.1.3/debian/compat 2008-03-03 15:21:37.000000000 +0100 @@ -0,0 +1 @@ +5 diff -Nurwd orig/pam-p11-0.1.3/src/Makefile.am pam-p11-0.1.3/src/Makefile.am --- orig/pam-p11-0.1.3/src/Makefile.am 2005-12-26 21:44:06.000000000 +0100 +++ pam-p11-0.1.3/src/Makefile.am 2008-03-03 15:20:02.000000000 +0100 @@ -2,8 +2,9 @@ MAINTAINERCLEANFILES = Makefile.in -AM_CFLAGS = -Wall -fno-strict-aliasing $(OPENSSL_CFLAGS) $(LIBP11_CFLAGS) -AM_LDFLAGS = -module -avoid-version +AM_CFLAGS = -Wall -fno-strict-aliasing $(OPENSSL_CFLAGS) $(LIBP11_CFLAGS) -I/usr/include/ssh + +AM_LDFLAGS = -module -avoid-version -lssh -lopenbsd-compat lib_LTLIBRARIES = pam_p11_openssh.la pam_p11_opensc.la diff -Nurwd orig/pam-p11-0.1.3/src/Makefile.in pam-p11-0.1.3/src/Makefile.in --- orig/pam-p11-0.1.3/src/Makefile.in 2007-07-16 10:57:47.000000000 +0200 +++ pam-p11-0.1.3/src/Makefile.in 2008-03-03 15:43:49.000000000 +0100 @@ -71,7 +71,7 @@ am_test_OBJECTS = test.$(OBJEXT) test_OBJECTS = $(am_test_OBJECTS) test_DEPENDENCIES = ./.libs/pam_p11_openssh.so -DEFAULT_INCLUDES = -I. -I$(srcdir) +DEFAULT_INCLUDES = -I. -I$(srcdir) -I /usr/include/ssh depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ @@ -127,7 +127,7 @@ LIBOBJS = @LIBOBJS@ LIBP11_CFLAGS = @LIBP11_CFLAGS@ LIBP11_LIBS = @LIBP11_LIBS@ -LIBS = @LIBS@ +LIBS = -lssh -lopenbsd-compat @LIBS@ LIBTOOL = @LIBTOOL@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ diff -Nurwd orig/pam-p11-0.1.3/src/match_opensc.c pam-p11-0.1.3/src/match_opensc.c --- orig/pam-p11-0.1.3/src/match_opensc.c 2007-07-03 18:19:22.000000000 +0200 +++ pam-p11-0.1.3/src/match_opensc.c 2008-03-03 20:47:27.000000000 +0100 @@ -48,7 +48,7 @@ (*ncerts)++; } -extern int match_user(X509 * x509, const char *login) +extern int int_match_user(X509 * x509, const char *login) { char filename[PATH_MAX]; struct passwd *pw; @@ -97,3 +97,4 @@ } return 0; } + diff -Nurwd orig/pam-p11-0.1.3/src/match_openssh.c pam-p11-0.1.3/src/match_openssh.c --- orig/pam-p11-0.1.3/src/match_openssh.c 2005-12-26 21:44:06.000000000 +0100 +++ pam-p11-0.1.3/src/match_openssh.c 2008-03-03 20:45:35.000000000 +0100 @@ -219,7 +219,7 @@ (*nkeys)++; } -extern int match_user(X509 * x509, const char *login) +extern int int_match_user(X509 * x509, const char *login) { char filename[PATH_MAX]; char line[OPENSSH_LINE_MAX]; diff -Nurwd orig/pam-p11-0.1.3/src/pam_p11.c pam-p11-0.1.3/src/pam_p11.c --- orig/pam-p11-0.1.3/src/pam_p11.c 2007-07-03 18:19:22.000000000 +0200 +++ pam-p11-0.1.3/src/pam_p11.c 2008-03-03 21:20:58.000000000 +0100 @@ -24,6 +24,11 @@ #include +/*For ssh-agent*/ +#include +#include +#include + /* We have to make this definitions before we include the pam header files! */ #define PAM_SM_AUTH #define PAM_SM_ACCOUNT @@ -39,10 +44,10 @@ #define LOGNAME "pam_p11" /* name for log-file entries */ #define RANDOM_SOURCE "/dev/urandom" -#define RANDOM_SIZE 128 +#define RANDOM_SIZE 36 #define MAX_SIGSIZE 256 -extern int match_user(X509 * x509, const char *login); +extern int int_match_user(X509 * x509, const char *login); /* * comodity function that returns 1 on null, empty o spaced string @@ -150,7 +155,7 @@ authcert = &certs[i]; if (authcert != NULL) { /* check whether the certificate matches the user */ - rv = match_user(authcert->x509, user); + rv = int_match_user(authcert->x509, user); if (rv < 0) { syslog(LOG_ERR, "match_user() failed"); rv = PAM_AUTHINFO_UNAVAIL; @@ -213,6 +218,14 @@ free(&resp[0]); } + /*Authentificate on ssh-agent */ + AuthenticationConnection *auth = ssh_get_authentication_connection(); + if (auth) { + ssh_update_card(auth, 0, "0", password, 0, 0); + ssh_update_card(auth, 1, "0", password, 0, 0); + ssh_close_authentication_connection(auth); + } + /* perform pkcs #11 login */ rv = PKCS11_login(slot, 0, password); memset(password, 0, strlen(password)); Binärdateien orig/pam-p11-0.1.3/src/.pam_p11.c.swp and pam-p11-0.1.3/src/.pam_p11.c.swp sind verschieden.