From nobody@FreeBSD.org  Sat Aug  4 16:56:57 2012
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C9C491065670
	for <freebsd-gnats-submit@FreeBSD.org>; Sat,  4 Aug 2012 16:56:57 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id B487A8FC08
	for <freebsd-gnats-submit@FreeBSD.org>; Sat,  4 Aug 2012 16:56:57 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id q74Guvqr038189
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 4 Aug 2012 16:56:57 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id q74GuuM1038188;
	Sat, 4 Aug 2012 16:56:56 GMT
	(envelope-from nobody)
Message-Id: <201208041656.q74GuuM1038188@red.freebsd.org>
Date: Sat, 4 Aug 2012 16:56:56 GMT
From: Dmitry Kazarov <d.y.kazarov@mail.ru>
To: freebsd-gnats-submit@FreeBSD.org
Subject: after FreeBSD-SA-11:09.pam_ssh patch the pam_ssh module now requests for PAM key
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         170373
>Category:       bin
>Synopsis:       [patch] pam_ssh(8): after FreeBSD-SA-11:09.pam_ssh patch the pam_ssh module now requests for PAM key
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Aug 04 17:00:19 UTC 2012
>Closed-Date:    
>Last-Modified:  Tue Aug  7 14:40:03 UTC 2012
>Originator:     Dmitry Kazarov
>Release:        9.1-PRERELEASE
>Organization:
>Environment:
FreeBSD Trudiaga.localdomain 9.1-PRERELEASE FreeBSD 9.1-PRERELEASE #0: Sun Jul 29 04:54:44 MSK 2012     root@Trudiaga.localdomain:/var/obj/usr/src/sys/GENERIC  amd64
>Description:
Since revision 1.47.2.2 pam_ssh began to request for PEM password after SSH passphrase:

FreeBSD/amd64 (Trudiaga.localdomain) (ttyv4)

login: user
SSH passphrase:
Enter PEM pass phrase:
Last login: Sat Aug  4 13:29:36 on ttyv4

And any key sequence could be specified for successful login.

This behavior breaks xscreensaver - it no more capable to unlock screen since request for PEM pass is not handled by it.
>How-To-Repeat:

>Fix:
--- pam_ssh.c.orig	2011-12-11 20:57:27.000000000 +0400
+++ pam_ssh.c	2012-08-04 20:56:18.000000000 +0400
@@ -110,7 +110,7 @@
 	 * with an empty passphrase, and if the key is not encrypted,
 	 * accept only an empty passphrase.
 	 */
-	key = key_load_private(fn, NULL, &comment);
+	key = key_load_private(fn, "", &comment);
 	if (key != NULL && !(*passphrase == '\0' && nullok)) {
 		key_free(key);
 		return (NULL);


>Release-Note:
>Audit-Trail:

From: Dimitry Andric <dim@FreeBSD.org>
To: bug-followup@FreeBSD.org, d.y.kazarov@mail.ru
Cc:  
Subject: Re: bin/170373: [patch] pam_ssh(8): after FreeBSD-SA-11:09.pam_ssh
 patch the pam_ssh module now requests for PAM key
Date: Tue, 07 Aug 2012 16:39:43 +0200

 Yes, your patch looks exactly like r236106, which should be merged to
 stable/9.  This must first be approved by re@ though, since stable/9 is
 in code freeze now.
 
>Unformatted:
