Attachment #1125 for bug #1186

View | Details | Raw Unified | Return to bug 1186
Collapse All | Expand All

Lines 538-544 key_perm_ok(int fd, const char *filename Link Here

(-)authfile.c (-1 / +5 lines)
538		538
539	Key *	539	Key *
540	key_load_private_type(int type, const char filename, const char passphrase,	540	key_load_private_type(int type, const char filename, const char passphrase,
541	char **commentp)	541	char *commentp, int perm_ok)
542	{	542	{
543	int fd;	543	int fd;
544		544
Lines 546-555 key_load_private_type(int type, const ch Link Here
546	if (fd < 0)	546	if (fd < 0)
547	return NULL;	547	return NULL;
548	if (!key_perm_ok(fd, filename)) {	548	if (!key_perm_ok(fd, filename)) {
		549	if (perm_ok != NULL)
		550	*perm_ok = 0;
549	error("bad permissions: ignore key: %s", filename);	551	error("bad permissions: ignore key: %s", filename);
550	close(fd);	552	close(fd);
551	return NULL;	553	return NULL;
552	}	554	}
		555	if (perm_ok != NULL)
		556	*perm_ok = 1;
553	switch (type) {	557	switch (type) {
554	case KEY_RSA1:	558	case KEY_RSA1:
555	return key_load_private_rsa1(fd, filename, passphrase,	559	return key_load_private_rsa1(fd, filename, passphrase,

Lines 19-25 int key_save_private(Key *, const char Link Here

(-)authfile.h (-1 / +1 lines)
19	Key key_load_public(const char , char **);	19	Key key_load_public(const char , char **);
20	Key key_load_public_type(int, const char , char **);	20	Key key_load_public_type(int, const char , char **);
21	Key key_load_private(const char , const char , char *);	21	Key key_load_private(const char , const char , char *);
22	Key key_load_private_type(int, const char , const char , char *);	22	Key key_load_private_type(int, const char , const char , char , int );
23	Key key_load_private_pem(int, int, const char , char **);	23	Key key_load_private_pem(int, int, const char , char **);
24	int key_perm_ok(int, const char *);	24	int key_perm_ok(int, const char *);
25		25

Lines 693-703 main(int ac, char **av) Link Here

(-)ssh.c (-3 / +3 lines)
693		693
694	PRIV_START;	694	PRIV_START;
695	sensitive_data.keys[0] = key_load_private_type(KEY_RSA1,	695	sensitive_data.keys[0] = key_load_private_type(KEY_RSA1,
696	_PATH_HOST_KEY_FILE, "", NULL);	696	_PATH_HOST_KEY_FILE, "", NULL, NULL);
697	sensitive_data.keys[1] = key_load_private_type(KEY_DSA,	697	sensitive_data.keys[1] = key_load_private_type(KEY_DSA,
698	_PATH_HOST_DSA_KEY_FILE, "", NULL);	698	_PATH_HOST_DSA_KEY_FILE, "", NULL, NULL);
699	sensitive_data.keys[2] = key_load_private_type(KEY_RSA,	699	sensitive_data.keys[2] = key_load_private_type(KEY_RSA,
700	_PATH_HOST_RSA_KEY_FILE, "", NULL);	700	_PATH_HOST_RSA_KEY_FILE, "", NULL, NULL);
701	PRIV_END;	701	PRIV_END;
702		702
703	if (options.hostbased_authentication == 1 &&	703	if (options.hostbased_authentication == 1 &&




	BIGNUM *challenge;
	Key *public, *private;
	char buf[300], *passphrase, *comment, *authfile;
	int i, perm_ok = 1, type, quit;

	public = options.identity_keys[idx];
	authfile = options.identity_files[idx];

	if (public->flags & KEY_FLAG_EXT)
		private = public;
	else
		private = key_load_private_type(KEY_RSA1, authfile, "", NULL,
		    &perm_ok);
	if (private == NULL && !options.batch_mode && perm_ok) {
		snprintf(buf, sizeof(buf),
		    "Enter passphrase for RSA key '%.100s': ", comment);
		for (i = 0; i < options.number_of_password_prompts; i++) {
			passphrase = read_passphrase(buf, 0);
			if (strcmp(passphrase, "") != 0) {
				private = key_load_private_type(KEY_RSA1,
				    authfile, passphrase, NULL, NULL);
				quit = 0;
			} else {
				debug2("no passphrase given, try next key");

	xfree(comment);

	if (private == NULL) {
		if (!options.batch_mode && perm_ok)
			error("Bad passphrase.");

		/* Send a dummy response packet to avoid protocol error. */




{
	Key *private;
	char prompt[300], *passphrase;
	int perm_ok, quit, i;
	struct stat st;

	if (stat(filename, &st) < 0) {
		debug3("no such identity: %s", filename);
		return NULL;
	}
	private = key_load_private_type(KEY_UNSPEC, filename, "", NULL, &perm_ok);
	if (!perm_ok)
		return NULL;
	if (private == NULL) {
		if (options.batch_mode)
			return NULL;

		for (i = 0; i < options.number_of_password_prompts; i++) {
			passphrase = read_passphrase(prompt, 0);
			if (strcmp(passphrase, "") != 0) {
				private = key_load_private_type(KEY_UNSPEC,
				    filename, passphrase, NULL, NULL);
				quit = 0;
			} else {
				debug2("no passphrase given, try next key");

Return to bug 1186

Lines 197-203 try_rsa_authentication(int idx) Link Here

(-)sshconnect1.c (-5 / +6 lines)
197	BIGNUM *challenge;	197	BIGNUM *challenge;
198	Key public, private;	198	Key public, private;
199	char buf[300], passphrase, comment, *authfile;	199	char buf[300], passphrase, comment, *authfile;
200	int i, type, quit;	200	int i, perm_ok = 1, type, quit;
201		201
202	public = options.identity_keys[idx];	202	public = options.identity_keys[idx];
203	authfile = options.identity_files[idx];	203	authfile = options.identity_files[idx];
Lines 243-257 try_rsa_authentication(int idx) Link Here
243	if (public->flags & KEY_FLAG_EXT)	243	if (public->flags & KEY_FLAG_EXT)
244	private = public;	244	private = public;
245	else	245	else
246	private = key_load_private_type(KEY_RSA1, authfile, "", NULL);	246	private = key_load_private_type(KEY_RSA1, authfile, "", NULL,
247	if (private == NULL && !options.batch_mode) {	247	&perm_ok);
		248	if (private == NULL && !options.batch_mode && perm_ok) {
248	snprintf(buf, sizeof(buf),	249	snprintf(buf, sizeof(buf),
249	"Enter passphrase for RSA key '%.100s': ", comment);	250	"Enter passphrase for RSA key '%.100s': ", comment);
250	for (i = 0; i < options.number_of_password_prompts; i++) {	251	for (i = 0; i < options.number_of_password_prompts; i++) {
251	passphrase = read_passphrase(buf, 0);	252	passphrase = read_passphrase(buf, 0);
252	if (strcmp(passphrase, "") != 0) {	253	if (strcmp(passphrase, "") != 0) {
253	private = key_load_private_type(KEY_RSA1,	254	private = key_load_private_type(KEY_RSA1,
254	authfile, passphrase, NULL);	255	authfile, passphrase, NULL, NULL);
255	quit = 0;	256	quit = 0;
256	} else {	257	} else {
257	debug2("no passphrase given, try next key");	258	debug2("no passphrase given, try next key");
Lines 268-274 try_rsa_authentication(int idx) Link Here
268	xfree(comment);	269	xfree(comment);
269		270
270	if (private == NULL) {	271	if (private == NULL) {
271	if (!options.batch_mode)	272	if (!options.batch_mode && perm_ok)
272	error("Bad passphrase.");	273	error("Bad passphrase.");
273		274
274	/* Send a dummy response packet to avoid protocol error. */	275	/* Send a dummy response packet to avoid protocol error. */

Lines 970-983 load_identity_file(char *filename) Link Here

(-)sshconnect2.c (-4 / +6 lines)
970	{	970	{
971	Key *private;	971	Key *private;
972	char prompt[300], *passphrase;	972	char prompt[300], *passphrase;
973	int quit, i;	973	int perm_ok, quit, i;
974	struct stat st;	974	struct stat st;
975		975
976	if (stat(filename, &st) < 0) {	976	if (stat(filename, &st) < 0) {
977	debug3("no such identity: %s", filename);	977	debug3("no such identity: %s", filename);
978	return NULL;	978	return NULL;
979	}	979	}
980	private = key_load_private_type(KEY_UNSPEC, filename, "", NULL);	980	private = key_load_private_type(KEY_UNSPEC, filename, "", NULL, &perm_ok);
		981	if (!perm_ok)
		982	return NULL;
981	if (private == NULL) {	983	if (private == NULL) {
982	if (options.batch_mode)	984	if (options.batch_mode)
983	return NULL;	985	return NULL;
Lines 986-993 load_identity_file(char *filename) Link Here
986	for (i = 0; i < options.number_of_password_prompts; i++) {	988	for (i = 0; i < options.number_of_password_prompts; i++) {
987	passphrase = read_passphrase(prompt, 0);	989	passphrase = read_passphrase(prompt, 0);
988	if (strcmp(passphrase, "") != 0) {	990	if (strcmp(passphrase, "") != 0) {
989	private = key_load_private_type(KEY_UNSPEC, filename,	991	private = key_load_private_type(KEY_UNSPEC,
990	passphrase, NULL);	992	filename, passphrase, NULL, NULL);
991	quit = 0;	993	quit = 0;
992	} else {	994	} else {
993	debug2("no passphrase given, try next key");	995	debug2("no passphrase given, try next key");