pam_ssh_agent_auth: 0.10.3 -> 0.10.4

2024-11-20 20:02:14 +03:00 · 2020-12-16 13:11:55 +01:00 · 2020-12-16 13:11:55 +01:00 · 2c6d008cfa
commit 2c6d008cfa
parent f79dfa8151
2 changed files with 46 additions and 34 deletions
--- a/pkgs/os-specific/linux/pam_ssh_agent_auth/default.nix
+++ b/pkgs/os-specific/linux/pam_ssh_agent_auth/default.nix
@ -1,46 +1,52 @@
-{ stdenv, fetchpatch, fetchurl, pam, openssl, perl }:
+{ stdenv, fetchpatch, fetchFromGitHub, pam, openssl, perl }:

 stdenv.mkDerivation rec {
-  name = "pam_ssh_agent_auth-0.10.3";
+  pname = "pam_ssh_agent_auth";
+  version = "0.10.4";

-  src = fetchurl {
-    url = "mirror://sourceforge/pamsshagentauth/${name}.tar.bz2";
-    sha256 = "0qx78x7nvqdscyp04hfijl4rgyf64xy03prr28hipvgasrcd6lrw";
+  src = fetchFromGitHub {
+    owner = "jbeverly";
+    repo = "pam_ssh_agent_auth";
+    rev = "pam_ssh_agent_auth-${version}";
+    sha256 = "YD1R8Cox0UoNiuWleKGzWSzxJ5lhDRCB2mZPp9OM6Cs=";
  };

-  patches =
-    [ # Allow multiple colon-separated authorized keys files to be
-      # specified in the file= option.
-      ./multiple-key-files.patch
-      (fetchpatch {
-        name = "openssl-1.1.1-1.patch";
-        url = "https://sources.debian.org/data/main/p/pam-ssh-agent-auth/0.10.3-3/debian/patches/openssl-1.1.1-1.patch";
-        sha256 = "1ndp5j4xfhzshhnl345gb4mkldx6vjfa7284xgng6ikhzpc6y7pf";
-      })
-      (fetchpatch {
-        name = "openssl-1.1.1-2.patch";
-        url = "https://sources.debian.org/data/main/p/pam-ssh-agent-auth/0.10.3-3/debian/patches/openssl-1.1.1-2.patch";
-        sha256 = "0ksrs4xr417by8klf7862n3dircvnw30an1akq4pnsd3ichscmww";
-      })
-    ];
+  ed25519-donna = fetchFromGitHub {
+    owner = "floodyberry";
+    repo = "ed25519-donna";
+    rev = "8757bd4cd209cb032853ece0ce413f122eef212c";
+    sha256 = "ETFpIaWQnlYG8ZuDG2dNjUJddlvibB4ukHquTFn3NZM=";
+  };

  buildInputs = [ pam openssl perl ];

-  # It's not clear to me why this is necessary, but without it, you see:
-  #
-  # checking OpenSSL header version... 1010104f (OpenSSL 1.1.1d  10 Sep 2019)
-  # checking OpenSSL library version... 1010104f (OpenSSL 1.1.1d  10 Sep 2019)
-  # checking whether OpenSSL's headers match the library... no
-  # configure: WARNING: Your OpenSSL headers do not match your
-  # library. Check config.log for details.
-  #
-  # ...despite the fact that clearly the values match
-  configureFlags = [ "--without-openssl-header-check" ];
+  patches = [
+    # Allow multiple colon-separated authorized keys files to be
+    # specified in the file= option.
+    ./multiple-key-files.patch
+  ];
+
+  configureFlags = [
+    # It's not clear to me why this is necessary, but without it, you see:
+    #
+    # checking OpenSSL header version... 1010108f (OpenSSL 1.1.1h  22 Sep 2020)
+    # checking OpenSSL library version... 1010108f (OpenSSL 1.1.1h  22 Sep 2020)
+    # checking whether OpenSSL's headers match the library... no
+    # configure: WARNING: Your OpenSSL headers do not match your
+    # library. Check config.log for details.
+    #
+    # ...despite the fact that clearly the values match
+    "--without-openssl-header-check"
+    # Make sure it can find ed25519-donna
+    "--with-cflags=-I$PWD"
+  ];
+
+  prePatch = "cp -r ${ed25519-donna}/. ed25519-donna/.";

  enableParallelBuilding = true;

  meta = {
-    homepage = "http://pamsshagentauth.sourceforge.net/";
+    homepage = "https://github.com/jbeverly/pam_ssh_agent_auth";
    description = "PAM module for authentication through the SSH agent";
    maintainers = [ stdenv.lib.maintainers.eelco ];
    platforms = stdenv.lib.platforms.linux;
--- a/pkgs/os-specific/linux/pam_ssh_agent_auth/multiple-key-files.patch
+++ b/pkgs/os-specific/linux/pam_ssh_agent_auth/multiple-key-files.patch
@ -87,21 +87,27 @@ diff -u pam_ssh_agent_auth-0.10.3-orig/pam_ssh_agent_auth.c pam_ssh_agent_auth-0
 
     /*
      * PAM_USER and PAM_RUSER do not necessarily have to get set by the calling application, and we may be unable to divine the latter.
-@@ -187,16 +184,17 @@
+@@ -184,5 +181,5 @@
      */
 
     if(user && strlen(ruser) > 0) {
 -        pamsshagentauth_verbose("Attempting authentication: `%s' as `%s' using %s", ruser, user, authorized_keys_file);
 +        pamsshagentauth_verbose("Attempting authentication: `%s' as `%s' using %s", ruser, user, authorized_keys_file_input);
 
+@@ -201,3 +197,3 @@
+                 retval = PAM_SUCCESS;
+-                pamsshagentauth_logit("Authenticated (sshd): `%s' as `%s' using %s", ruser, user, authorized_keys_file);
+                pamsshagentauth_logit("Authenticated (sshd): `%s' as `%s' using %s", ruser, user, authorized_keys_file_input);
+ 
+@@ -211,11 +208,12 @@
         /*
          * this pw_uid is used to validate the SSH_AUTH_SOCK, and so must be the uid of the ruser invoking the program, not the target-user
          */
 -        if(pamsshagentauth_find_authorized_keys(user, ruser, servicename)) { /* getpwnam(ruser)->pw_uid)) { */
-            pamsshagentauth_logit("Authenticated: `%s' as `%s' using %s", ruser, user, authorized_keys_file);
+-            pamsshagentauth_logit("Authenticated (agent): `%s' as `%s' using %s", ruser, user, authorized_keys_file);
 +        const char *key_file;
 +        if((key_file = pamsshagentauth_find_authorized_keys(user, ruser, servicename))) { /* getpwnam(ruser)->pw_uid)) { */
-+            pamsshagentauth_logit("Authenticated: `%s' as `%s' using %s", ruser, user, key_file);
+            pamsshagentauth_logit("Authenticated (agent): `%s' as `%s' using %s", ruser, user, key_file);
             retval = PAM_SUCCESS;
         } else {
 -            pamsshagentauth_logit("Failed Authentication: `%s' as `%s' using %s", ruser, user, authorized_keys_file);