Attachment #2396 for bug #2191

View | Details | Raw Unified | Return to bug 2191
Collapse All | Expand All

Lines 138-143 Link Here

(-)openssh-6.4p1.orig/readconf.c (+39 lines)
138	oGssTrustDns, oGssKeyEx, oGssClientIdentity, oGssRenewalRekey,	138	oGssTrustDns, oGssKeyEx, oGssClientIdentity, oGssRenewalRekey,
139	oGssServerIdentity,	139	oGssServerIdentity,
140	oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,	140	oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
		141	oIdentityPersist, oIdentityPersistConfirm,
141	oSendEnv, oControlPath, oControlMaster, oControlPersist,	142	oSendEnv, oControlPath, oControlMaster, oControlPersist,
142	oHashKnownHosts,	143	oHashKnownHosts,
143	oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,	144	oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
Lines 245-250 Link Here
245	{ "addressfamily", oAddressFamily },	246	{ "addressfamily", oAddressFamily },
246	{ "serveraliveinterval", oServerAliveInterval },	247	{ "serveraliveinterval", oServerAliveInterval },
247	{ "serveralivecountmax", oServerAliveCountMax },	248	{ "serveralivecountmax", oServerAliveCountMax },
		249	{ "identitypersist", oIdentityPersist },
		250	{ "identitypersistconfirm", oIdentityPersistConfirm },
248	{ "sendenv", oSendEnv },	251	{ "sendenv", oSendEnv },
249	{ "controlpath", oControlPath },	252	{ "controlpath", oControlPath },
250	{ "controlmaster", oControlMaster },	253	{ "controlmaster", oControlMaster },
Lines 953-958 Link Here
953	intptr = &options->server_alive_count_max;	956	intptr = &options->server_alive_count_max;
954	goto parse_int;	957	goto parse_int;
955		958
		959	case oIdentityPersist:
		960	/* no/false/yes/true, or a time spec */
		961	intptr = &options->identity_persist;
		962	arg = strdelim(&s);
		963	if (!arg \|\| *arg == '\0')
		964	fatal("%.200s line %d: Missing IdentityPersist"
		965	" argument.", filename, linenum);
		966	value = 0;
		967	value2 = 0; /* lifetime */
		968	if (strcmp(arg, "no") == 0 \|\| strcmp(arg, "false") == 0)
		969	value = 0;
		970	else if (strcmp(arg, "yes") == 0 \|\| strcmp(arg, "true") == 0)
		971	value = 1;
		972	else if ((value2 = convtime(arg)) >= 0)
		973	value = 1;
		974	else
		975	fatal("%.200s line %d: Bad IdentityPersist argument.",
		976	filename, linenum);
		977	if (activep && intptr == -1) {
		978	*intptr = value;
		979	options->identity_persist_lifetime = value2;
		980	}
		981	break;
		982	case oIdentityPersistConfirm:
		983	intptr = &options->identity_persist_confirm;
		984	goto parse_flag;
		985
956	case oSendEnv:	986	case oSendEnv:
957	while ((arg = strdelim(&s)) != NULL && *arg != '\0') {	987	while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
958	if (strchr(arg, '=') != NULL)	988	if (strchr(arg, '=') != NULL)
Lines 1265-1270 Link Here
1265	options->verify_host_key_dns = -1;	1295	options->verify_host_key_dns = -1;
1266	options->server_alive_interval = -1;	1296	options->server_alive_interval = -1;
1267	options->server_alive_count_max = -1;	1297	options->server_alive_count_max = -1;
		1298	options->identity_persist = -1;
		1299	options->identity_persist_lifetime = -1;
		1300	options->identity_persist_confirm = -1;
1268	options->num_send_env = 0;	1301	options->num_send_env = 0;
1269	options->control_path = NULL;	1302	options->control_path = NULL;
1270	options->control_master = -1;	1303	options->control_master = -1;
Lines 1419-1424 Link Here
1419	}	1452	}
1420	if (options->server_alive_count_max == -1)	1453	if (options->server_alive_count_max == -1)
1421	options->server_alive_count_max = 3;	1454	options->server_alive_count_max = 3;
		1455	if (options->identity_persist == -1)
		1456	options->identity_persist = 0;
		1457	if (options->identity_persist_lifetime == -1)
		1458	options->identity_persist_lifetime = 0;
		1459	if (options->identity_persist_confirm == -1)
		1460	options->identity_persist_confirm = 0;
1422	if (options->control_master == -1)	1461	if (options->control_master == -1)
1423	options->control_master = 0;	1462	options->control_master = 0;
1424	if (options->control_persist == -1) {	1463	if (options->control_persist == -1) {

Lines 122-127 Link Here

(-)openssh-6.4p1.orig/readconf.h (+4 lines)
122	int server_alive_interval;	122	int server_alive_interval;
123	int server_alive_count_max;	123	int server_alive_count_max;
124		124
		125	int identity_persist;
		126	int identity_persist_lifetime;
		127	int identity_persist_confirm;
		128
125	int num_send_env;	129	int num_send_env;
126	char *send_env[MAX_SEND_ENV];	130	char *send_env[MAX_SEND_ENV];
127		131




static int sign_and_send_pubkey(Authctxt *, Identity *);
static void pubkey_prepare(Authctxt *);
static void pubkey_cleanup(Authctxt *);
static Key *load_identity_file(Authctxt *, char *, int);

static Authmethod *authmethod_get(char *authlist);
static Authmethod *authmethod_lookup(const char *name);

#endif /* JPAKE */

static int
identity_sign(Authctxt *authctxt, Identity *id, u_char **sigp, u_int *lenp,
    u_char *data, u_int datalen)
{
	Key *prv;

	if (id->isprivate || (id->key->flags & KEY_FLAG_EXT))
		return (key_sign(id->key, sigp, lenp, data, datalen));
	/* load the private key from the file */
	if ((prv = load_identity_file(authctxt, id->filename, id->userprovided)) == NULL)
		return (-1);
	ret = key_sign(prv, sigp, lenp, data, datalen);
	key_free(prv);

	buffer_put_string(&b, blob, bloblen);

	/* generate signature */
	ret = identity_sign(authctxt, id, &signature, &slen,
	    buffer_ptr(&b), buffer_len(&b));
	if (ret == -1) {
		free(blob);

}

static Key *
load_identity_file(Authctxt *authctxt, char *filename, int userprovided)
{
	Key *private;
	char prompt[300], *passphrase;
 	char *comment = NULL;
	int perm_ok = 0, quit, i;
	struct stat st;


			passphrase = read_passphrase(prompt, 0);
			if (strcmp(passphrase, "") != 0) {
				private = key_load_private_type(KEY_UNSPEC,
				    filename, passphrase, &comment, NULL);
				if (authctxt && authctxt->agent &&
				    private && options.identity_persist) {
					if (comment == NULL)
						comment = xstrdup(filename);
					if (ssh_add_identity_constrained(authctxt->agent,
					    private, comment,
					    options.identity_persist_lifetime,
					    options.identity_persist_confirm)) {
						fprintf(stderr, "Identity added: %s (%s)\n",
						    filename, comment);
					}
					free(comment);
				}
				quit = 0;
			} else {
				debug2("no passphrase given, try next key");

			sent = send_pubkey_test(authctxt, id);
		} else if (id->key == NULL && id->filename) {
			debug("Trying private key: %s", id->filename);
			id->key = load_identity_file(authctxt, id->filename,
			    id->userprovided);
			if (id->key != NULL) {
				id->isprivate = 1;

Return to bug 2191

Lines 371-377 Link Here

(-)openssh-6.4p1.orig/sshconnect2.c (-7 / +21 lines)
371	static int sign_and_send_pubkey(Authctxt , Identity );	371	static int sign_and_send_pubkey(Authctxt , Identity );
372	static void pubkey_prepare(Authctxt *);	372	static void pubkey_prepare(Authctxt *);
373	static void pubkey_cleanup(Authctxt *);	373	static void pubkey_cleanup(Authctxt *);
374	static Key load_identity_file(char , int);	374	static Key load_identity_file(Authctxt , char *, int);
375		375
376	static Authmethod authmethod_get(char authlist);	376	static Authmethod authmethod_get(char authlist);
377	static Authmethod authmethod_lookup(const char name);	377	static Authmethod authmethod_lookup(const char name);
Lines 1283-1289 Link Here
1283	#endif /* JPAKE */	1283	#endif /* JPAKE */
1284		1284
1285	static int	1285	static int
1286	identity_sign(Identity id, u_char sigp, u_int lenp,	1286	identity_sign(Authctxt authctxt, Identity id, u_char *sigp, u_int lenp,
1287	u_char *data, u_int datalen)	1287	u_char *data, u_int datalen)
1288	{	1288	{
1289	Key *prv;	1289	Key *prv;
Lines 1300-1306 Link Here
1300	if (id->isprivate \|\| (id->key->flags & KEY_FLAG_EXT))	1300	if (id->isprivate \|\| (id->key->flags & KEY_FLAG_EXT))
1301	return (key_sign(id->key, sigp, lenp, data, datalen));	1301	return (key_sign(id->key, sigp, lenp, data, datalen));
1302	/* load the private key from the file */	1302	/* load the private key from the file */
1303	if ((prv = load_identity_file(id->filename, id->userprovided)) == NULL)	1303	if ((prv = load_identity_file(authctxt, id->filename, id->userprovided)) == NULL)
1304	return (-1);	1304	return (-1);
1305	ret = key_sign(prv, sigp, lenp, data, datalen);	1305	ret = key_sign(prv, sigp, lenp, data, datalen);
1306	key_free(prv);	1306	key_free(prv);
Lines 1352-1358 Link Here
1352	buffer_put_string(&b, blob, bloblen);	1352	buffer_put_string(&b, blob, bloblen);
1353		1353
1354	/* generate signature */	1354	/* generate signature */
1355	ret = identity_sign(id, &signature, &slen,	1355	ret = identity_sign(authctxt, id, &signature, &slen,
1356	buffer_ptr(&b), buffer_len(&b));	1356	buffer_ptr(&b), buffer_len(&b));
1357	if (ret == -1) {	1357	if (ret == -1) {
1358	free(blob);	1358	free(blob);
Lines 1425-1434 Link Here
1425	}	1425	}
1426		1426
1427	static Key *	1427	static Key *
1428	load_identity_file(char *filename, int userprovided)	1428	load_identity_file(Authctxt authctxt, char filename, int userprovided)
1429	{	1429	{
1430	Key *private;	1430	Key *private;
1431	char prompt[300], *passphrase;	1431	char prompt[300], *passphrase;
		1432	char *comment = NULL;
1432	int perm_ok = 0, quit, i;	1433	int perm_ok = 0, quit, i;
1433	struct stat st;	1434	struct stat st;
1434		1435
Lines 1452-1458 Link Here
1452	passphrase = read_passphrase(prompt, 0);	1453	passphrase = read_passphrase(prompt, 0);
1453	if (strcmp(passphrase, "") != 0) {	1454	if (strcmp(passphrase, "") != 0) {
1454	private = key_load_private_type(KEY_UNSPEC,	1455	private = key_load_private_type(KEY_UNSPEC,
1455	filename, passphrase, NULL, NULL);	1456	filename, passphrase, &comment, NULL);
		1457	if (authctxt && authctxt->agent &&
		1458	private && options.identity_persist) {
		1459	if (comment == NULL)
		1460	comment = xstrdup(filename);
		1461	if (ssh_add_identity_constrained(authctxt->agent,
		1462	private, comment,
		1463	options.identity_persist_lifetime,
		1464	options.identity_persist_confirm)) {
		1465	fprintf(stderr, "Identity added: %s (%s)\n",
		1466	filename, comment);
		1467	}
		1468	free(comment);
		1469	}
1456	quit = 0;	1470	quit = 0;
1457	} else {	1471	} else {
1458	debug2("no passphrase given, try next key");	1472	debug2("no passphrase given, try next key");
Lines 1612-1618 Link Here
1612	sent = send_pubkey_test(authctxt, id);	1626	sent = send_pubkey_test(authctxt, id);
1613	} else if (id->key == NULL && id->filename) {	1627	} else if (id->key == NULL && id->filename) {
1614	debug("Trying private key: %s", id->filename);	1628	debug("Trying private key: %s", id->filename);
1615	id->key = load_identity_file(id->filename,	1629	id->key = load_identity_file(authctxt, id->filename,
1616	id->userprovided);	1630	id->userprovided);
1617	if (id->key != NULL) {	1631	if (id->key != NULL) {
1618	id->isprivate = 1;	1632	id->isprivate = 1;