Add patch from debian to fix removal of stale files. Thanks to Jan Kundrát in bug #105546. Add patch to build with glibc 2.4. Restrict from confcache.

(Portage version: 2.1_pre7-r5)

6 files changed, 589 insertions, 2 deletions

diff --git a/sys-auth/pam_ssh/ChangeLog b/sys-auth/pam_ssh/ChangeLog
index aebac9d24a4b..0408fe9bb9f2 100644
--- a/sys-auth/pam_ssh/ChangeLog
+++ b/sys-auth/pam_ssh/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for sys-auth/pam_ssh
-# Copyright 2000-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-auth/pam_ssh/ChangeLog,v 1.2 2005/10/09 23:18:09 flameeyes Exp $
+# Copyright 2000-2006 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/pam_ssh/ChangeLog,v 1.3 2006/04/21 11:41:25 flameeyes Exp $
+
+*pam_ssh-1.91-r2 (21 Apr 2006)
+
+  21 Apr 2006; Diego Pettenò <flameeyes@gentoo.org>
+  +files/pam_ssh-1.91-debian.patch, +files/pam_ssh-1.91-syslog.patch,
+  +pam_ssh-1.91-r2.ebuild:
+  Add patch from debian to fix removal of stale files. Thanks to Jan Kundrát
+  in bug #105546. Add patch to build with glibc 2.4. Restrict from confcache.
 
   09 Oct 2005; Diego Pettenò <flameeyes@gentoo.org> metadata.xml:
   Add pam-bugs email address as maintainer.
diff --git a/sys-auth/pam_ssh/Manifest b/sys-auth/pam_ssh/Manifest
index 41580bdaf258..704392b00bcb 100644
--- a/sys-auth/pam_ssh/Manifest
+++ b/sys-auth/pam_ssh/Manifest
@@ -1,10 +1,39 @@
 MD5 3dcbd40067be2d5ae9ec4171a2966426 ChangeLog 1338
+RMD160 262007d5bfee3395cc8d1f74dcd0386a5d3ea3bc ChangeLog 1338
+SHA256 a441ae86a9ff9d9b11e7478dadc09b9d2a2e32f050974aa924dccc01aa4ccf15 ChangeLog 1338
 MD5 5cd5460fb7b7377b0e576eac476bc830 files/1.9-standard-prompt.patch 378
+RMD160 f2687cfccf3d8d636dd36fb32b7d181c7116845a files/1.9-standard-prompt.patch 378
+SHA256 525c87beab1dd329cee9f3036e33e18c7278d90b63f14a893864cb74344ef990 files/1.9-standard-prompt.patch 378
 MD5 2da9f0064c9caa03f6d298f3f3f6a169 files/digest-pam_ssh-1.9 64
+RMD160 b9abcd680a094c19b856999cacaa1169ea2bebd0 files/digest-pam_ssh-1.9 64
+SHA256 6244ff0d5072ea191a36560328cd6253e668c45292b98250fa85205aa160f828 files/digest-pam_ssh-1.9 64
 MD5 d42a0e20bf5fa8783aa3a7c6de9a935e files/digest-pam_ssh-1.91 65
+RMD160 584e864a0d687e007990d5898f0f2bd0826d8832 files/digest-pam_ssh-1.91 65
+SHA256 68ea650542431df8243ce2a5524719dbbb42c2a52eec13e6cf87b02e6672bba2 files/digest-pam_ssh-1.91 65
 MD5 d42a0e20bf5fa8783aa3a7c6de9a935e files/digest-pam_ssh-1.91-r1 65
+RMD160 584e864a0d687e007990d5898f0f2bd0826d8832 files/digest-pam_ssh-1.91-r1 65
+SHA256 68ea650542431df8243ce2a5524719dbbb42c2a52eec13e6cf87b02e6672bba2 files/digest-pam_ssh-1.91-r1 65
+MD5 70cacb21c3e0f6b4340ad071c3c35d44 files/digest-pam_ssh-1.91-r2 241
+RMD160 8e452c34304c53c30b23af6794d078a4f3d1a9fd files/digest-pam_ssh-1.91-r2 241
+SHA256 23b39e3fd624a55dff632be9852ac954561213c4bcf5289283a4551611ff52ac files/digest-pam_ssh-1.91-r2 241
+MD5 837bc88d6356de6f0bcc6d8a1033f47f files/pam_ssh-1.91-debian.patch 13855
+RMD160 35cea4b64425351e94f8e5ec4689f17cb97332e7 files/pam_ssh-1.91-debian.patch 13855
+SHA256 a64647467fb05b71a08fe718d371e62356ad8bbf7b7f5a7bc4827b08ca5c91cf files/pam_ssh-1.91-debian.patch 13855
 MD5 4d93b0a0bbf019434f9c7a6da68c5e9f files/system-auth.example 612
+RMD160 ffbcbc7535cd654c5a9e8ce2d3584b841aea6e53 files/system-auth.example 612
+SHA256 3699db4595de56f31448c85a83c34277d1bebb5c805871b1c449446a49fb1989 files/system-auth.example 612
 MD5 393d06cf4b76671f8e6ce72ac71bdad8 metadata.xml 218
+RMD160 1955c7446d4ceb77506ba7b58ee35913c576a72c metadata.xml 218
+SHA256 e0bb49cab71cc84d8bdad26876197164073722b378d27a5bf55bbfd2afdbd19c metadata.xml 218
 MD5 e0412d38c87c68a94db0f947b09dd260 pam_ssh-1.9.ebuild 854
+RMD160 8ffc9574d17deacadfed706ce6fc6e0d763411a4 pam_ssh-1.9.ebuild 854
+SHA256 a85f03646f82c21bba8cabb8dd9cdd9b1e184bb8784ee3a41cfd6e683a424cc6 pam_ssh-1.9.ebuild 854
 MD5 c6a80814e16dbf637777dae90dca00c7 pam_ssh-1.91-r1.ebuild 971
+RMD160 fb55fc91e78a10b6d6044f20acb21b5bd17f1d24 pam_ssh-1.91-r1.ebuild 971
+SHA256 533f76e403c5d3fc46baf8815b98c717c5468e3a7721cd7ba423f232ad342156 pam_ssh-1.91-r1.ebuild 971
+MD5 af36dd2aad3d7e39ddb8d92c0db3a51c pam_ssh-1.91-r2.ebuild 1064
+RMD160 27657fa5ebdd3793fa87dbd19fc290538cb3c475 pam_ssh-1.91-r2.ebuild 1064
+SHA256 30e14774b9e883096a3def9bb6110a5e429830d2e2dc78fb9935df35de965224 pam_ssh-1.91-r2.ebuild 1064
 MD5 62f8e13a5948e373d0046ffa544e339a pam_ssh-1.91.ebuild 825
+RMD160 df21bd8e04b1f30c43deff87f3db6933ea9c654d pam_ssh-1.91.ebuild 825
+SHA256 4b4b221104b6ae2fca442b7edbf31698ca5d02b62e4cbb0f9b2204f30db1a51d pam_ssh-1.91.ebuild 825
diff --git a/sys-auth/pam_ssh/files/digest-pam_ssh-1.91-r2 b/sys-auth/pam_ssh/files/digest-pam_ssh-1.91-r2
new file mode 100644
index 000000000000..73184ea4beef
--- /dev/null
+++ b/sys-auth/pam_ssh/files/digest-pam_ssh-1.91-r2
@@ -0,0 +1,3 @@
+MD5 57a3aa476394efa219a8a99f527d4e4b pam_ssh-1.91.tar.bz2 193705
+RMD160 59be70cd4ef4f33ae9d78593e331e5eb3ed84669 pam_ssh-1.91.tar.bz2 193705
+SHA256 dde623585c2942fc079657e061ca47f3380850da5ac2dca708e98f8dd1ea18d0 pam_ssh-1.91.tar.bz2 193705
diff --git a/sys-auth/pam_ssh/files/pam_ssh-1.91-debian.patch b/sys-auth/pam_ssh/files/pam_ssh-1.91-debian.patch
new file mode 100644
index 000000000000..b1e49e23f4b8
--- /dev/null
+++ b/sys-auth/pam_ssh/files/pam_ssh-1.91-debian.patch
@@ -0,0 +1,487 @@
+--- libpam-ssh-1.91.0.orig/pam_ssh.c	2004-04-12 08:55:08.000000000 -0500
++++ libpam-ssh-1.91.0/pam_ssh.c	2005-04-03 21:18:58.140936716 -0500
+@@ -279,9 +279,8 @@
+  */
+ 
+ static int
+-add_keys(pam_handle_t *pamh, char *socket)
++add_keys(pam_handle_t *pamh, AuthenticationConnection *ac)
+ {
+-	AuthenticationConnection *ac;	/* connection to ssh-agent */
+ 	char *comment;			/* private key comment */
+ 	char *data_name;		/* PAM state */
+ 	int final;			/* final return value */
+@@ -289,13 +288,6 @@
+ 	Key *key;			/* user's private key */
+ 	int retval;			/* from calls */
+ 
+-	/* connect to the agent */
+-
+-	if (!(ac = ssh_get_authentication_connection(socket))) {
+-		pam_ssh_log(LOG_ERR, "%s: %m", socket);
+-		return PAM_SESSION_ERR;
+-	}
+-
+ 	/* hand off each private key to the agent */
+ 
+ 	final = 0;
+@@ -324,11 +316,177 @@
+ 		if (!final)
+ 			final = retval;
+ 	}
+-	ssh_close_authentication_connection(ac);
+ 
+ 	return final ? PAM_SUCCESS : PAM_SESSION_ERR;
+ }
+ 
++static int
++start_ssh_agent(pam_handle_t *pamh, uid_t uid, FILE **env_read)
++{
++	pid_t child_pid;		/* child process that spawns agent */
++	int child_pipe[2];		/* pipe to child process */
++	int child_status;		/* child process status */
++	char *arg[3], *env[1];		/* to pass to execve() */
++
++	if (pipe(child_pipe) < 0) {
++		pam_ssh_log(LOG_ERR, "pipe: %m");
++		return PAM_SERVICE_ERR;
++	}
++	switch (child_pid = fork()) {
++	case -1:	/* error */
++		pam_ssh_log(LOG_ERR, "fork: %m");
++		close(child_pipe[0]);
++		close(child_pipe[1]);
++		return PAM_SERVICE_ERR;
++		/* NOTREACHED */
++	case 0:		/* child */
++
++		/* Permanently drop privileges using setuid()
++			 before executing ssh-agent so that root
++			 privileges can't possibly be regained (some
++			 ssh-agents insist that euid == ruid
++			 anyway).  System V won't let us use
++			 setuid() unless euid == 0, so we
++			 temporarily regain root privileges first
++			 with openpam_restore_cred() (which calls
++			 seteuid()). */
++
++		switch (openpam_restore_cred(pamh)) {
++		case PAM_SYSTEM_ERR:
++			pam_ssh_log(LOG_ERR,
++			            "can't restore privileges: %m");
++			_exit(EX_OSERR);
++			/* NOTREACHED */
++		case PAM_SUCCESS:
++			if (setuid(uid) == -1) {
++				pam_ssh_log(LOG_ERR,
++				            "can't drop privileges: %m",
++				            uid);
++				_exit(EX_NOPERM);
++			}
++			break;
++		}
++
++		if (close(child_pipe[0]) == -1) {
++			pam_ssh_log(LOG_ERR, "close: %m");
++			_exit(EX_OSERR);
++		}
++		if (child_pipe[1] != STDOUT_FILENO) {
++			if (dup2(child_pipe[1], STDOUT_FILENO) == -1) {
++				pam_ssh_log(LOG_ERR, "dup: %m");
++				_exit(EX_OSERR);
++			}
++			if (close(child_pipe[1]) == -1) {
++				pam_ssh_log(LOG_ERR, "close: %m");
++				_exit(EX_OSERR);
++			}
++		}
++		arg[0] = "ssh-agent";
++		arg[1] = "-s";
++		arg[2] = NULL;
++		env[0] = NULL;
++		execve(PATH_SSH_AGENT, arg, env);
++		pam_ssh_log(LOG_ERR, "%s: %m", PATH_SSH_AGENT);
++		_exit(127);
++		/* NOTREACHED */
++	}
++	if (close(child_pipe[1]) == -1) {
++		pam_ssh_log(LOG_ERR, "close: %m");
++		return PAM_SESSION_ERR;
++	}
++	if (!(*env_read = fdopen(child_pipe[0], "r"))) {
++		pam_ssh_log(LOG_ERR, "%s: %m", PATH_SSH_AGENT);
++		return PAM_SESSION_ERR;
++	}
++
++	child_status = 0;
++	if (waitpid_intr(child_pid, &child_status, 0) == -1 &&
++			errno != ECHILD) {
++		pam_ssh_log(LOG_ERR, "%s: %m", PATH_SSH_AGENT);
++		return PAM_SESSION_ERR;
++	}
++
++	if (child_status != 0) {
++		if (WIFSIGNALED(child_status))
++			pam_ssh_log(LOG_ERR, "%s exited on signal %d",
++									PATH_SSH_AGENT, WTERMSIG(child_status));
++		else
++			if (WEXITSTATUS(child_status) == 127)
++				pam_ssh_log(LOG_ERR,
++				            "cannot execute %s",
++				            PATH_SSH_AGENT);
++			else
++				pam_ssh_log(LOG_ERR,
++				            "%s exited with status %d",
++				            PATH_SSH_AGENT,
++				            WEXITSTATUS(child_status));
++		return PAM_SESSION_ERR;
++	}
++
++	return PAM_SUCCESS;
++}
++
++static int
++read_write_agent_env(pam_handle_t *pamh,
++                     FILE *env_read,
++                     int env_write,
++                     char **agent_socket)
++{
++	char *agent_pid;		/* copy of agent PID */
++	char *env_end;			/* end of env */
++	char env_string[BUFSIZ];	/* environment string */
++	char *env_value;		/* envariable value */
++	int retval;			/* from calls */
++
++	while (fgets(env_string, sizeof env_string, env_read)) {
++
++		/* parse environment definitions */
++
++		if (env_write >= 0)
++			write(env_write, env_string, strlen(env_string));
++		if (!(env_value = strchr(env_string, '=')) ||
++		    !(env_end = strchr(env_value, ';')))
++			continue;
++		*env_end = '\0';
++
++		/* pass to the application */
++
++		if ((retval = pam_putenv(pamh, env_string)) != PAM_SUCCESS)
++			return retval;
++
++		*env_value++ = '\0';
++
++		/* save the agent socket so we can connect to it and add
++                   the keys as well as the PID so we can kill the agent on
++                   session close. */
++
++		agent_pid = NULL;
++		if (strcmp(&env_string[strlen(env_string) -
++		    strlen(ENV_SOCKET_SUFFIX)], ENV_SOCKET_SUFFIX) == 0 &&
++		    !(*agent_socket = strdup(env_value))) {
++			pam_ssh_log(LOG_CRIT, "out of memory");
++			return PAM_SERVICE_ERR;
++		} else if (strcmp(&env_string[strlen(env_string) -
++		    strlen(ENV_PID_SUFFIX)], ENV_PID_SUFFIX) == 0 &&
++		    (!(agent_pid = strdup(env_value)) ||
++		    (retval = pam_set_data(pamh, "ssh_agent_pid",
++		    agent_pid, ssh_cleanup)) != PAM_SUCCESS)) {
++			if (agent_pid)
++				free(agent_pid);
++			else {
++				pam_ssh_log(LOG_CRIT, "out of memory");
++				return PAM_SERVICE_ERR;
++			}
++			if (agent_socket)
++				free(agent_socket);
++			return retval;
++		}
++
++	}
++
++	return PAM_SUCCESS;
++}
++
+ 
+ PAM_EXTERN int
+ pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, int argc,
+@@ -494,17 +652,10 @@
+ pam_sm_open_session(pam_handle_t *pamh, int flags __unused,
+     int argc __unused, const char **argv __unused)
+ {
+-	char *agent_pid;		/* copy of agent PID */
++	AuthenticationConnection *ac;	/* connection to ssh-agent */
+ 	char *agent_socket;		/* agent socket */
+-	char *arg[3], *env[1];		/* to pass to execve() */
+-	pid_t child_pid;		/* child process that spawns agent */
+-	int child_pipe[2];		/* pipe to child process */
+-	int child_status;		/* child process status */
+ 	char *cp;			/* scratch */
+-	char *env_end;			/* end of env */
+ 	FILE *env_read;			/* env data source */
+-	char env_string[BUFSIZ];	/* environment string */
+-	char *env_value;		/* envariable value */
+ 	int env_write;			/* env file descriptor */
+ 	char hname[MAXHOSTNAMELEN];	/* local hostname */
+ 	int no_link;			/* link per-agent file? */
+@@ -515,6 +666,7 @@
+ 	int start_agent;		/* start agent? */
+ 	const char *tty_raw;		/* raw tty or display name */
+ 	char *tty_nodir;		/* tty without / chars */
++	int attempt;			/* No. of attempt to contact agent */
+ 
+ 	log_init(MODULE_NAME, SYSLOG_LEVEL_ERROR, SYSLOG_FACILITY_AUTHPRIV, 0);
+ 
+@@ -568,215 +720,70 @@
+            per-session filename later.  Start the agent if we can't open
+ 	   the file for reading. */
+ 
+-	env_write = child_pid = no_link = start_agent = 0;
+-	env_read = NULL;
+-	if ((env_write = open(per_agent, O_CREAT | O_EXCL | O_WRONLY, S_IRUSR))
+-	    < 0 && !(env_read = fopen(per_agent, "r")))
+-		no_link = 1;
+-	if (!env_read) {
+-		start_agent = 1;
+-		if (pipe(child_pipe) < 0) {
+-			pam_ssh_log(LOG_ERR, "pipe: %m");
+-			close(env_write);
+-			openpam_restore_cred(pamh);
+-			return PAM_SERVICE_ERR;
+-		}
+-		switch (child_pid = fork()) {
+-		case -1:	/* error */
+-			pam_ssh_log(LOG_ERR, "fork: %m");
+-			close(child_pipe[0]);
+-			close(child_pipe[1]);
+-			close(env_write);
+-			openpam_restore_cred(pamh);
+-			return PAM_SERVICE_ERR;
+-			/* NOTREACHED */
+-		case 0:		/* child */
+-
+-			/* Permanently drop privileges using setuid()
+-			   before executing ssh-agent so that root
+-			   privileges can't possibly be regained (some
+-			   ssh-agents insist that euid == ruid
+-			   anyway).  System V won't let us use
+-			   setuid() unless euid == 0, so we
+-			   temporarily regain root privileges first
+-			   with openpam_restore_cred() (which calls
+-			   seteuid()). */
+-
+-			switch (openpam_restore_cred(pamh)) {
+-			case PAM_SYSTEM_ERR:
+-				pam_ssh_log(LOG_ERR,
+-				    "can't restore privileges: %m");
+-				_exit(EX_OSERR);
+-				/* NOTREACHED */
+-			case PAM_SUCCESS:
+-				if (setuid(pwent->pw_uid) == -1) {
+-					pam_ssh_log(LOG_ERR,
+-					    "can't drop privileges: %m",
+-					    pwent->pw_uid);
+-					_exit(EX_NOPERM);
+-				}
+-				break;
+-			}
+-
+-			if (close(child_pipe[0]) == -1) {
+-				pam_ssh_log(LOG_ERR, "close: %m");
+-				_exit(EX_OSERR);
+-			}
+-			if (child_pipe[1] != STDOUT_FILENO) {
+-				if (dup2(child_pipe[1], STDOUT_FILENO) == -1) {
+-					pam_ssh_log(LOG_ERR, "dup: %m");
+-					_exit(EX_OSERR);
+-				}
+-				if (close(child_pipe[1]) == -1) {
+-					pam_ssh_log(LOG_ERR, "close: %m");
+-					_exit(EX_OSERR);
+-				}
++	for ( attempt = 0; attempt < 2; ++attempt ) {
++		env_write = no_link = start_agent = 0;
++		env_read = NULL;
++		if ((env_write = open(per_agent, O_CREAT | O_EXCL | O_WRONLY, S_IRUSR))
++				< 0 && !(env_read = fopen(per_agent, "r")))
++			no_link = 1;
++		if (!env_read) {
++			start_agent = 1;
++			if ((retval = start_ssh_agent(pamh, pwent->pw_uid, &env_read))
++					!= PAM_SUCCESS) {
++				close(env_write);
++				openpam_restore_cred(pamh);
++				return retval;
+ 			}
+-			arg[0] = "ssh-agent";
+-			arg[1] = "-s";
+-			arg[2] = NULL;
+-			env[0] = NULL;
+-			execve(PATH_SSH_AGENT, arg, env);
+-			pam_ssh_log(LOG_ERR, "%s: %m", PATH_SSH_AGENT);
+-			_exit(127);
+-			/* NOTREACHED */
+-		}
+-		if (close(child_pipe[1]) == -1) {
+-			pam_ssh_log(LOG_ERR, "close: %m");
+-			openpam_restore_cred(pamh);
+-			return PAM_SESSION_ERR;
+-		}
+-		if (!(env_read = fdopen(child_pipe[0], "r"))) {
+-			pam_ssh_log(LOG_ERR, "%s: %m", PATH_SSH_AGENT);
+-			close(env_write);
+-			openpam_restore_cred(pamh);
+-			return PAM_SESSION_ERR;
+-		}
+-	}
+-
+-	/* save environment for application with pam_putenv() */
+-
+-	agent_socket = NULL;
+-	while (fgets(env_string, sizeof env_string, env_read)) {
+-
+-		/* parse environment definitions */
+-
+-		if (env_write >= 0)
+-			write(env_write, env_string, strlen(env_string));
+-		if (!(env_value = strchr(env_string, '=')) ||
+-		    !(env_end = strchr(env_value, ';')))
+-			continue;
+-		*env_end = '\0';
+-
+-		/* pass to the application */
+-
+-		if ((retval = pam_putenv(pamh, env_string)) != PAM_SUCCESS) {
+-			fclose(env_read);
+-			if (start_agent)
+-				waitpid_intr(child_pid, &child_status, 0);
+-			close(env_write);
+-			if (agent_socket)
+-				free(agent_socket);
+-			openpam_restore_cred(pamh);
+-			return retval;
+ 		}
+ 
+-		*env_value++ = '\0';
+-
+-		/* save the agent socket so we can connect to it and add
+-                   the keys as well as the PID so we can kill the agent on
+-                   session close. */
+-
+-		agent_pid = NULL;
+-		if (strcmp(&env_string[strlen(env_string) -
+-		    strlen(ENV_SOCKET_SUFFIX)], ENV_SOCKET_SUFFIX) == 0 &&
+-		    !(agent_socket = strdup(env_value))) {
+-			pam_ssh_log(LOG_CRIT, "out of memory");
+-			fclose(env_read);
+-			if (start_agent)
+-				waitpid_intr(child_pid, &child_status, 0);
+-			close(env_write);
++		agent_socket = NULL;
++		retval = read_write_agent_env(pamh, env_read, env_write, &agent_socket);
++		close(env_write);
++		if (retval != PAM_SUCCESS) {
+ 			if (agent_socket)
+ 				free(agent_socket);
+-			openpam_restore_cred(pamh);
+-			return PAM_SERVICE_ERR;
+-		} else if (strcmp(&env_string[strlen(env_string) -
+-		    strlen(ENV_PID_SUFFIX)], ENV_PID_SUFFIX) == 0 &&
+-		    (!(agent_pid = strdup(env_value)) ||
+-		    (retval = pam_set_data(pamh, "ssh_agent_pid",
+-		    agent_pid, ssh_cleanup)) != PAM_SUCCESS)) {
+ 			fclose(env_read);
+-			if (start_agent)
+-				waitpid_intr(child_pid, &child_status, 0);
+-			close(env_write);
+-			if (agent_pid)
+-				free(agent_pid);
+-			else {
+-				pam_ssh_log(LOG_CRIT, "out of memory");
+-				openpam_restore_cred(pamh);
+-				return PAM_SERVICE_ERR;
+-			}
+-			if (agent_socket)
+-				free(agent_socket);
+ 			openpam_restore_cred(pamh);
+ 			return retval;
+ 		}
+ 
+-	}
+-	close(env_write);
+-
+-	if (fclose(env_read) != 0) {
+-		pam_ssh_log(LOG_ERR, "fclose: %m");
+-		openpam_restore_cred(pamh);
+-		return PAM_SESSION_ERR;
+-	}
+-
+-	if (start_agent) {
+-
+-		/* Ignore ECHILD in case a SIGCHLD handler is installed. */
+-
+-		child_status = 0;
+-		if (waitpid_intr(child_pid, &child_status, 0) == -1 &&
+-		    errno != ECHILD) {
+-			pam_ssh_log(LOG_ERR, "%s: %m", PATH_SSH_AGENT);
++		if (fclose(env_read) != 0) {
++			pam_ssh_log(LOG_ERR, "fclose: %m");
+ 			if (agent_socket)
+ 				free(agent_socket);
+ 			openpam_restore_cred(pamh);
+ 			return PAM_SESSION_ERR;
+ 		}
+ 
+-		if (child_status != 0) {
+-			if (WIFSIGNALED(child_status))
+-				pam_ssh_log(LOG_ERR, "%s exited on signal %d",
+-				    PATH_SSH_AGENT, WTERMSIG(child_status));
+-			else
+-				if (WEXITSTATUS(retval) == 127)
+-					pam_ssh_log(LOG_ERR,
+-					    "cannot execute %s",
+-					    PATH_SSH_AGENT);
+-				else
+-					pam_ssh_log(LOG_ERR,
+-					    "%s exited with status %d",
+-					    PATH_SSH_AGENT,
+-					    WEXITSTATUS(child_status));
+-			if (agent_socket)
+-				free(agent_socket);
++		if (!agent_socket) {
+ 			openpam_restore_cred(pamh);
+ 			return PAM_SESSION_ERR;
+ 		}
++
++		ac = ssh_get_authentication_connection(agent_socket);
++		if (ac) {
++			free(agent_socket);
++			break;
++		}
++		pam_ssh_log(LOG_ERR, "%s: %m", agent_socket);
++		free(agent_socket);
++		if (start_agent)
++			break;
++		unlink(per_agent);
+ 	}
+ 
+-	if (!agent_socket) {
+-		openpam_restore_cred(pamh);
++	if (!ac)
+ 		return PAM_SESSION_ERR;
+-	}
+ 
+-	if (start_agent && (retval = add_keys(pamh, agent_socket))
+-	    != PAM_SUCCESS) {
++	if (start_agent)
++		retval = add_keys(pamh, ac);
++
++	ssh_close_authentication_connection(ac);
++
++	if (start_agent && retval != PAM_SUCCESS) {
+ 		openpam_restore_cred(pamh);
+ 		return retval;
+ 	}
+-	free(agent_socket);
+ 
+ 	/* if we couldn't access the per-agent file, don't link a
+            per-session filename to it */
diff --git a/sys-auth/pam_ssh/files/pam_ssh-1.91-syslog.patch b/sys-auth/pam_ssh/files/pam_ssh-1.91-syslog.patch
new file mode 100644
index 000000000000..0289d0828510
--- /dev/null
+++ b/sys-auth/pam_ssh/files/pam_ssh-1.91-syslog.patch
@@ -0,0 +1,12 @@
+Index: pam_ssh-1.91/pam_ssh.c
+===================================================================
+--- pam_ssh-1.91.orig/pam_ssh.c
++++ pam_ssh-1.91/pam_ssh.c
+@@ -63,6 +63,7 @@
+ #include <string.h>
+ #include <sysexits.h>
+ #include <unistd.h>
++#include <syslog.h>
+ 
+ #define PAM_SM_AUTH
+ #define PAM_SM_SESSION
diff --git a/sys-auth/pam_ssh/pam_ssh-1.91-r2.ebuild b/sys-auth/pam_ssh/pam_ssh-1.91-r2.ebuild
new file mode 100644
index 000000000000..66e6bdd5a45d
--- /dev/null
+++ b/sys-auth/pam_ssh/pam_ssh-1.91-r2.ebuild
@@ -0,0 +1,48 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/pam_ssh/pam_ssh-1.91-r2.ebuild,v 1.1 2006/04/21 11:41:25 flameeyes Exp $
+
+inherit pam eutils
+
+DESCRIPTION="Uses ssh-agent to provide single sign-on"
+HOMEPAGE="http://pam-ssh.sourceforge.net/"
+SRC_URI="mirror://sourceforge/pam-ssh/${P}.tar.bz2"
+
+RESTRICT="nomirror confcache"
+LICENSE="BSD as-is"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~x86"
+IUSE=""
+
+# Doesn't work on OpenPAM.
+DEPEND="sys-libs/pam
+	sys-devel/libtool"
+
+RDEPEND="sys-libs/pam
+	virtual/ssh"
+
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+
+	epatch "${FILESDIR}/${P}-debian.patch" #105546
+	epatch "${FILESDIR}/${P}-syslog.patch" # glibc-2.4
+}
+
+src_compile() {
+	econf \
+		"--with-pam-dir=$(getpam_mod_dir)" \
+		|| die "econf failed"
+
+	emake || die "emake failed"
+}
+
+src_install() {
+	make install DESTDIR=${D} || die "install failed"
+	dodoc AUTHORS ChangeLog NEWS README TODO "${FILESDIR}/system-auth.example"
+}
+
+pkg_postinst() {
+	einfo "You can find an example system-auth file that uses this"
+	einfo "library in /usr/share/doc/${PF}"
+}