Attachment #2219 for bug #1981




	char	*filename;		/* comment for agent-only keys */
	int	tried;
	int	isprivate;		/* key points to the private key */
	int	userprovided;
};
TAILQ_HEAD(idlist, identity);


static int sign_and_send_pubkey(Authctxt *, Identity *);
static void pubkey_prepare(Authctxt *);
static void pubkey_cleanup(Authctxt *);
static Key *load_identity_file(char *, int);

static Authmethod *authmethod_get(char *authlist);
static Authmethod *authmethod_lookup(const char *name);

	if (id->isprivate || (id->key->flags & KEY_FLAG_EXT))
		return (key_sign(id->key, sigp, lenp, data, datalen));
	/* load the private key from the file */
	if ((prv = load_identity_file(id->filename, id->userprovided)) == NULL)
		return (-1);
	ret = key_sign(prv, sigp, lenp, data, datalen);
	key_free(prv);

}

static Key *
load_identity_file(char *filename, int userprovided)
{
	Key *private;
	char prompt[300], *passphrase;

	struct stat st;

	if (stat(filename, &st) < 0) {
		(userprovided ? logit : debug3)("no such identity: %s: %s",
		    filename, strerror(errno));
		return NULL;
	}
	private = key_load_private_type(KEY_UNSPEC, filename, "", NULL, &perm_ok);

		id = xcalloc(1, sizeof(*id));
		id->key = key;
		id->filename = xstrdup(options.identity_files[i]);
		id->userprovided = 1;
		TAILQ_INSERT_TAIL(&files, id, next);
	}
	/* Prefer PKCS11 keys that are explicitly listed */

		TAILQ_INSERT_TAIL(preferred, id, next);
	}
	TAILQ_FOREACH(id, preferred, next) {
		debug2("key: %s (%p),%s", id->filename, id->key,
		    id->userprovided ? " explicit" : "");
	}
}


			sent = send_pubkey_test(authctxt, id);
		} else if (id->key == NULL) {
			debug("Trying private key: %s", id->filename);
			id->key = load_identity_file(id->filename,
			    id->userprovided);
			if (id->key != NULL) {
				id->isprivate = 1;
				sent = sign_and_send_pubkey(authctxt, id);

Return to bug 1981

Lines 242-247 struct identity { Link Here

(-)sshconnect2.c (-6 / +11 lines)
242	char filename; / comment for agent-only keys */	242	char filename; / comment for agent-only keys */
243	int tried;	243	int tried;
244	int isprivate; /* key points to the private key */	244	int isprivate; /* key points to the private key */
		245	int userprovided;
245	};	246	};
246	TAILQ_HEAD(idlist, identity);	247	TAILQ_HEAD(idlist, identity);
247		248
Lines 306-312 void userauth(Authctxt , char ); Link Here
306	static int sign_and_send_pubkey(Authctxt , Identity );	307	static int sign_and_send_pubkey(Authctxt , Identity );
307	static void pubkey_prepare(Authctxt *);	308	static void pubkey_prepare(Authctxt *);
308	static void pubkey_cleanup(Authctxt *);	309	static void pubkey_cleanup(Authctxt *);
309	static Key load_identity_file(char );	310	static Key load_identity_file(char , int);
310		311
311	static Authmethod authmethod_get(char authlist);	312	static Authmethod authmethod_get(char authlist);
312	static Authmethod authmethod_lookup(const char name);	313	static Authmethod authmethod_lookup(const char name);
Lines 1180-1186 identity_sign(Identity id, u_char *sig Link Here
1180	if (id->isprivate \|\| (id->key->flags & KEY_FLAG_EXT))	1181	if (id->isprivate \|\| (id->key->flags & KEY_FLAG_EXT))
1181	return (key_sign(id->key, sigp, lenp, data, datalen));	1182	return (key_sign(id->key, sigp, lenp, data, datalen));
1182	/* load the private key from the file */	1183	/* load the private key from the file */
1183	if ((prv = load_identity_file(id->filename)) == NULL)	1184	if ((prv = load_identity_file(id->filename, id->userprovided)) == NULL)
1184	return (-1);	1185	return (-1);
1185	ret = key_sign(prv, sigp, lenp, data, datalen);	1186	ret = key_sign(prv, sigp, lenp, data, datalen);
1186	key_free(prv);	1187	key_free(prv);
Lines 1305-1311 send_pubkey_test(Authctxt *authctxt, Ide Link Here
1305	}	1306	}
1306		1307
1307	static Key *	1308	static Key *
1308	load_identity_file(char *filename)	1309	load_identity_file(char *filename, int userprovided)
1309	{	1310	{
1310	Key *private;	1311	Key *private;
1311	char prompt[300], *passphrase;	1312	char prompt[300], *passphrase;
Lines 1313-1319 load_identity_file(char *filename) Link Here
1313	struct stat st;	1314	struct stat st;
1314		1315
1315	if (stat(filename, &st) < 0) {	1316	if (stat(filename, &st) < 0) {
1316	debug3("no such identity: %s", filename);	1317	(userprovided ? logit : debug3)("no such identity: %s: %s",
		1318	filename, strerror(errno));
1317	return NULL;	1319	return NULL;
1318	}	1320	}
1319	private = key_load_private_type(KEY_UNSPEC, filename, "", NULL, &perm_ok);	1321	private = key_load_private_type(KEY_UNSPEC, filename, "", NULL, &perm_ok);
Lines 1376-1381 pubkey_prepare(Authctxt *authctxt) Link Here
1376	id = xcalloc(1, sizeof(*id));	1378	id = xcalloc(1, sizeof(*id));
1377	id->key = key;	1379	id->key = key;
1378	id->filename = xstrdup(options.identity_files[i]);	1380	id->filename = xstrdup(options.identity_files[i]);
		1381	id->userprovided = 1;
1379	TAILQ_INSERT_TAIL(&files, id, next);	1382	TAILQ_INSERT_TAIL(&files, id, next);
1380	}	1383	}
1381	/* Prefer PKCS11 keys that are explicitly listed */	1384	/* Prefer PKCS11 keys that are explicitly listed */
Lines 1440-1446 pubkey_prepare(Authctxt *authctxt) Link Here
1440	TAILQ_INSERT_TAIL(preferred, id, next);	1443	TAILQ_INSERT_TAIL(preferred, id, next);
1441	}	1444	}
1442	TAILQ_FOREACH(id, preferred, next) {	1445	TAILQ_FOREACH(id, preferred, next) {
1443	debug2("key: %s (%p)", id->filename, id->key);	1446	debug2("key: %s (%p),%s", id->filename, id->key,
		1447	id->userprovided ? " explicit" : "");
1444	}	1448	}
1445	}	1449	}
1446		1450
Lines 1485-1491 userauth_pubkey(Authctxt *authctxt) Link Here
1485	sent = send_pubkey_test(authctxt, id);	1489	sent = send_pubkey_test(authctxt, id);
1486	} else if (id->key == NULL) {	1490	} else if (id->key == NULL) {
1487	debug("Trying private key: %s", id->filename);	1491	debug("Trying private key: %s", id->filename);
1488	id->key = load_identity_file(id->filename);	1492	id->key = load_identity_file(id->filename,
		1493	id->userprovided);
1489	if (id->key != NULL) {	1494	if (id->key != NULL) {
1490	id->isprivate = 1;	1495	id->isprivate = 1;
1491	sent = sign_and_send_pubkey(authctxt, id);	1496	sent = sign_and_send_pubkey(authctxt, id);