3 /*-
9  * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
27  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
91 static const char *pam_ssh_agent = "/usr/bin/ssh-agent";
92 static const char *const pam_ssh_agent_argv[] = { "ssh_agent", "-s", NULL };
104 	struct pam_ssh_key *psk;  in pam_ssh_load_key()  local
138 	if ((psk = malloc(sizeof(*psk))) == NULL) {  in pam_ssh_load_key()
143 	psk->key = key;  in pam_ssh_load_key()
144 	psk->comment = comment;  in pam_ssh_load_key()
145 	return (psk);  in pam_ssh_load_key()
155 	struct pam_ssh_key *psk;  in pam_ssh_free_key()  local
157 	psk = data;  in pam_ssh_free_key()
158 	sshkey_free(psk->key);  in pam_ssh_free_key()
159 	free(psk->comment);  in pam_ssh_free_key()
160 	free(psk);  in pam_ssh_free_key()
170 	struct pam_ssh_key *psk;  in pam_sm_authenticate()  local
186 	if (pwd->pw_dir == NULL)  in pam_sm_authenticate()
206 		psk = pam_ssh_load_key(pwd->pw_dir, *kfn, passphrase, nullok);  in pam_sm_authenticate()
207 		if (psk != NULL) {  in pam_sm_authenticate()
208 			pam_set_data(pamh, *kfn, psk, pam_ssh_free_key);  in pam_sm_authenticate()
228 	/* no keys? */  in pam_sm_authenticate()
245  * Parses a line from ssh-agent's output.
273 		/* store key-value pair in environment */  in pam_ssh_process_agent_output()
291 	if (pipe(agent_pipe) == -1)  in pam_ssh_start_agent()
297 	if (pid == (pid_t)-1) {  in pam_ssh_start_agent()
308 		if (setgid(pwd->pw_gid) == -1) {  in pam_ssh_start_agent()
310 			    __func__, (int)pwd->pw_gid, strerror(errno));  in pam_ssh_start_agent()
313 		if (initgroups(pwd->pw_name, pwd->pw_gid) == -1) {  in pam_ssh_start_agent()
316 			    __func__, pwd->pw_name, strerror(errno));  in pam_ssh_start_agent()
319 		if (setuid(pwd->pw_uid) == -1) {  in pam_ssh_start_agent()
321 			    __func__, (int)pwd->pw_uid, strerror(errno));  in pam_ssh_start_agent()
357 	const struct pam_ssh_key *psk;  in pam_ssh_add_keys_to_agent()  local
378 		agent_fd = -1;  in pam_ssh_add_keys_to_agent()
386 		psk = vp;  in pam_ssh_add_keys_to_agent()
387 		if (pam_err == PAM_SUCCESS && psk != NULL) {  in pam_ssh_add_keys_to_agent()
388 			if (ssh_add_identity(agent_fd, psk->key, psk->comment))  in pam_ssh_add_keys_to_agent()
390 				    "added %s to ssh agent", psk->comment);  in pam_ssh_add_keys_to_agent()
393 				    "to add %s to ssh agent", psk->comment);  in pam_ssh_add_keys_to_agent()
401 	if (agent_fd != -1)  in pam_ssh_add_keys_to_agent()
423 	/* no keys, no work */  in pam_sm_open_session()
467 		openpam_log(PAM_LOG_DEBUG, "no ssh agent");  in pam_sm_close_session()
476 	if (kill(pid, SIGTERM) == -1 ||  in pam_sm_close_session()
477 	    (waitpid(pid, &status, 0) == -1 && errno != ECHILD))  in pam_sm_close_session()