Attachment #3468 for bug #3258

View | Details | Raw Unified | Return to bug 3258
Collapse All | Expand All

Lines 157-162 typedef enum { Link Here

(-)a/readconf.c (+8 lines)
157	oPubkeyAuthentication,	157	oPubkeyAuthentication,
158	oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,	158	oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
159	oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,	159	oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
		160	oPasswordFile,
160	oHostKeyAlgorithms, oBindAddress, oBindInterface, oPKCS11Provider,	161	oHostKeyAlgorithms, oBindAddress, oBindInterface, oPKCS11Provider,
161	oClearAllForwardings, oNoHostAuthenticationForLocalhost,	162	oClearAllForwardings, oNoHostAuthenticationForLocalhost,
162	oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,	163	oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
Lines 280-285 static struct { Link Here
280	{ "loglevel", oLogLevel },	281	{ "loglevel", oLogLevel },
281	{ "dynamicforward", oDynamicForward },	282	{ "dynamicforward", oDynamicForward },
282	{ "preferredauthentications", oPreferredAuthentications },	283	{ "preferredauthentications", oPreferredAuthentications },
		284	{ "passwordfile", oPasswordFile },
283	{ "hostkeyalgorithms", oHostKeyAlgorithms },	285	{ "hostkeyalgorithms", oHostKeyAlgorithms },
284	{ "casignaturealgorithms", oCASignatureAlgorithms },	286	{ "casignaturealgorithms", oCASignatureAlgorithms },
285	{ "bindaddress", oBindAddress },	287	{ "bindaddress", oBindAddress },
Lines 1261-1266 parse_char_array: Link Here
1261	case oPreferredAuthentications:	1263	case oPreferredAuthentications:
1262	charptr = &options->preferred_authentications;	1264	charptr = &options->preferred_authentications;
1263	goto parse_string;	1265	goto parse_string;
		1266
		1267	case oPasswordFile:
		1268	charptr = &options->password_file;
		1269	goto parse_string;
1264		1270
1265	case oBindAddress:	1271	case oBindAddress:
1266	charptr = &options->bind_address;	1272	charptr = &options->bind_address;
Lines 2069-2074 initialize_options(Options * options) Link Here
2069	options->log_facility = SYSLOG_FACILITY_NOT_SET;	2075	options->log_facility = SYSLOG_FACILITY_NOT_SET;
2070	options->log_level = SYSLOG_LEVEL_NOT_SET;	2076	options->log_level = SYSLOG_LEVEL_NOT_SET;
2071	options->preferred_authentications = NULL;	2077	options->preferred_authentications = NULL;
		2078	options->password_file = NULL;
2072	options->bind_address = NULL;	2079	options->bind_address = NULL;
2073	options->bind_interface = NULL;	2080	options->bind_interface = NULL;
2074	options->pkcs11_provider = NULL;	2081	options->pkcs11_provider = NULL;
Lines 2901-2906 dump_client_config(Options o, const char host) Link Here
2901	#endif	2908	#endif
2902	dump_cfg_string(oSecurityKeyProvider, o->sk_provider);	2909	dump_cfg_string(oSecurityKeyProvider, o->sk_provider);
2903	dump_cfg_string(oPreferredAuthentications, o->preferred_authentications);	2910	dump_cfg_string(oPreferredAuthentications, o->preferred_authentications);
		2911	dump_cfg_string(oPasswordFile, o->password_file);
2904	dump_cfg_string(oPubkeyAcceptedKeyTypes, o->pubkey_key_types);	2912	dump_cfg_string(oPubkeyAcceptedKeyTypes, o->pubkey_key_types);
2905	dump_cfg_string(oRevokedHostKeys, o->revoked_host_keys);	2913	dump_cfg_string(oRevokedHostKeys, o->revoked_host_keys);
2906	dump_cfg_string(oXAuthLocation, o->xauth_location);	2914	dump_cfg_string(oXAuthLocation, o->xauth_location);

Lines 86-91 typedef struct { Link Here

(-)a/readconf.h (+1 lines)
86	u_int num_user_hostfiles; /* Path for $HOME/.ssh/known_hosts */	86	u_int num_user_hostfiles; /* Path for $HOME/.ssh/known_hosts */
87	char *user_hostfiles[SSH_MAX_HOSTS_FILES];	87	char *user_hostfiles[SSH_MAX_HOSTS_FILES];
88	char *preferred_authentications;	88	char *preferred_authentications;
		89	char *password_file;
89	char bind_address; / local socket address for connection to sshd */	90	char bind_address; / local socket address for connection to sshd */
90	char bind_interface; / local interface for bind address */	91	char bind_interface; / local interface for bind address */
91	char pkcs11_provider; / PKCS#11 provider */	92	char pkcs11_provider; / PKCS#11 provider */




userauth_passwd(struct ssh *ssh)
{
	Authctxt *authctxt = (Authctxt *)ssh->authctxt;
	char *password, *prompt = NULL, *pwcp;
	const char *host = options.host_key_alias ?  options.host_key_alias :
	    authctxt->host;
	FILE* pwfile; size_t pwfile_sz = 0; ssize_t pwlen;
	int r;

	if (options.password_file) {
		if (authctxt->attempt_passwd++)
			return 0;

		pwcp = tilde_expand_filename(options.password_file, getuid());		
		if ((pwfile = fopen(pwcp, "r")) == NULL)
			fatal("%s: %s: %s", __func__, options.password_file, strerror(errno));
		free(pwcp);
		
		if ((pwlen = getline(&password, &pwfile_sz, pwfile)) == -1)
			fatal("%s: %s: %s", __func__, options.password_file, strerror(errno));
		
		if (pwlen && password[pwlen-1] == '\n')
			password[--pwlen] = '\0';
		
		fclose(pwfile);
	} else {
		if (authctxt->attempt_passwd++ >= options.number_of_password_prompts)
			return 0;

		if (authctxt->attempt_passwd != 1)
			error("Permission denied, please try again.");

		xasprintf(&prompt, "%s@%s's password: ", authctxt->server_user, host);
		password = read_passphrase(prompt, 0);
	}
	if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
	    (r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 ||
	    (r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 ||
- 

Return to bug 3258

Lines 1198-1216 static int Link Here

(-)a/sshconnect2.c (-8 / +26 lines)
1198	userauth_passwd(struct ssh *ssh)	1198	userauth_passwd(struct ssh *ssh)
1199	{	1199	{
1200	Authctxt authctxt = (Authctxt )ssh->authctxt;	1200	Authctxt authctxt = (Authctxt )ssh->authctxt;
1201	char password, prompt = NULL;	1201	char password, prompt = NULL, *pwcp;
1202	const char *host = options.host_key_alias ? options.host_key_alias :	1202	const char *host = options.host_key_alias ? options.host_key_alias :
1203	authctxt->host;	1203	authctxt->host;
		1204	FILE* pwfile; size_t pwfile_sz = 0; ssize_t pwlen;
1204	int r;	1205	int r;
1205		1206
1206	if (authctxt->attempt_passwd++ >= options.number_of_password_prompts)	1207	if (options.password_file) {
1207	return 0;	1208	if (authctxt->attempt_passwd++)
		1209	return 0;
1208		1210
1209	if (authctxt->attempt_passwd != 1)	1211	pwcp = tilde_expand_filename(options.password_file, getuid());
1210	error("Permission denied, please try again.");	1212	if ((pwfile = fopen(pwcp, "r")) == NULL)
		1213	fatal("%s: %s: %s", __func__, options.password_file, strerror(errno));
		1214	free(pwcp);
		1215
		1216	if ((pwlen = getline(&password, &pwfile_sz, pwfile)) == -1)
		1217	fatal("%s: %s: %s", __func__, options.password_file, strerror(errno));
		1218
		1219	if (pwlen && password[pwlen-1] == '\n')
		1220	password[--pwlen] = '\0';
		1221
		1222	fclose(pwfile);
		1223	} else {
		1224	if (authctxt->attempt_passwd++ >= options.number_of_password_prompts)
		1225	return 0;
1211		1226
1212	xasprintf(&prompt, "%s@%s's password: ", authctxt->server_user, host);	1227	if (authctxt->attempt_passwd != 1)
1213	password = read_passphrase(prompt, 0);	1228	error("Permission denied, please try again.");
		1229
		1230	xasprintf(&prompt, "%s@%s's password: ", authctxt->server_user, host);
		1231	password = read_passphrase(prompt, 0);
		1232	}
1214	if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 \|\|	1233	if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 \|\|
1215	(r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 \|\|	1234	(r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 \|\|
1216	(r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 \|\|	1235	(r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 \|\|
1217	-