diff options
author | Darren Tucker <dtucker@cvs.openbsd.org> | 2006-04-25 08:02:28 +0000 |
---|---|---|
committer | Darren Tucker <dtucker@cvs.openbsd.org> | 2006-04-25 08:02:28 +0000 |
commit | 6f85adb7207eef7900abad52d0ecd37383b85d4d (patch) | |
tree | 709af228c43be36373a6409af633c5a6aa2bbcfd | |
parent | 9f115d10e59007d168c3dc8fd75e2552bdd88d3f (diff) |
Prevent ssh from trying to open private keys with bad permissions more than
once or prompting for their passphrases (which it subsequently ignores
anyway), similar to a previous change in ssh-add. bz #1186, ok djm@
-rw-r--r-- | usr.bin/ssh/authfile.c | 8 | ||||
-rw-r--r-- | usr.bin/ssh/authfile.h | 4 | ||||
-rw-r--r-- | usr.bin/ssh/ssh.c | 8 | ||||
-rw-r--r-- | usr.bin/ssh/sshconnect1.c | 13 | ||||
-rw-r--r-- | usr.bin/ssh/sshconnect2.c | 12 |
5 files changed, 26 insertions, 19 deletions
diff --git a/usr.bin/ssh/authfile.c b/usr.bin/ssh/authfile.c index afda011a222..2bbb12934e0 100644 --- a/usr.bin/ssh/authfile.c +++ b/usr.bin/ssh/authfile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.66 2006/03/25 13:17:01 djm Exp $ */ +/* $OpenBSD: authfile.c,v 1.67 2006/04/25 08:02:27 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -535,7 +535,7 @@ key_perm_ok(int fd, const char *filename) Key * key_load_private_type(int type, const char *filename, const char *passphrase, - char **commentp) + char **commentp, int *perm_ok) { int fd; @@ -543,10 +543,14 @@ key_load_private_type(int type, const char *filename, const char *passphrase, if (fd < 0) return NULL; if (!key_perm_ok(fd, filename)) { + if (perm_ok != NULL) + *perm_ok = 0; error("bad permissions: ignore key: %s", filename); close(fd); return NULL; } + if (perm_ok != NULL) + *perm_ok = 1; switch (type) { case KEY_RSA1: return key_load_private_rsa1(fd, filename, passphrase, diff --git a/usr.bin/ssh/authfile.h b/usr.bin/ssh/authfile.h index 967f582d4ba..a6c74934d69 100644 --- a/usr.bin/ssh/authfile.h +++ b/usr.bin/ssh/authfile.h @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.h,v 1.12 2006/03/25 22:22:42 djm Exp $ */ +/* $OpenBSD: authfile.h,v 1.13 2006/04/25 08:02:27 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -19,7 +19,7 @@ int key_save_private(Key *, const char *, const char *, const char *); Key *key_load_public(const char *, char **); Key *key_load_public_type(int, const char *, char **); Key *key_load_private(const char *, const char *, char **); -Key *key_load_private_type(int, const char *, const char *, char **); +Key *key_load_private_type(int, const char *, const char *, char **, int *); Key *key_load_private_pem(int, int, const char *, char **); int key_perm_ok(int, const char *); diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index 5652a89b745..a38cb70df66 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.275 2006/03/30 10:41:25 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.276 2006/04/25 08:02:27 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -678,11 +678,11 @@ main(int ac, char **av) PRIV_START; sensitive_data.keys[0] = key_load_private_type(KEY_RSA1, - _PATH_HOST_KEY_FILE, "", NULL); + _PATH_HOST_KEY_FILE, "", NULL, NULL); sensitive_data.keys[1] = key_load_private_type(KEY_DSA, - _PATH_HOST_DSA_KEY_FILE, "", NULL); + _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL); sensitive_data.keys[2] = key_load_private_type(KEY_RSA, - _PATH_HOST_RSA_KEY_FILE, "", NULL); + _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL); PRIV_END; if (options.hostbased_authentication == 1 && diff --git a/usr.bin/ssh/sshconnect1.c b/usr.bin/ssh/sshconnect1.c index 9b86c7ce1c8..5467f04bfab 100644 --- a/usr.bin/ssh/sshconnect1.c +++ b/usr.bin/ssh/sshconnect1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect1.c,v 1.64 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: sshconnect1.c,v 1.65 2006/04/25 08:02:27 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -197,7 +197,7 @@ try_rsa_authentication(int idx) BIGNUM *challenge; Key *public, *private; char buf[300], *passphrase, *comment, *authfile; - int i, type, quit; + int i, perm_ok = 1, type, quit; public = options.identity_keys[idx]; authfile = options.identity_files[idx]; @@ -243,15 +243,16 @@ try_rsa_authentication(int idx) if (public->flags & KEY_FLAG_EXT) private = public; else - private = key_load_private_type(KEY_RSA1, authfile, "", NULL); - if (private == NULL && !options.batch_mode) { + private = key_load_private_type(KEY_RSA1, authfile, "", NULL, + &perm_ok); + if (private == NULL && !options.batch_mode && perm_ok) { snprintf(buf, sizeof(buf), "Enter passphrase for RSA key '%.100s': ", comment); for (i = 0; i < options.number_of_password_prompts; i++) { passphrase = read_passphrase(buf, 0); if (strcmp(passphrase, "") != 0) { private = key_load_private_type(KEY_RSA1, - authfile, passphrase, NULL); + authfile, passphrase, NULL, NULL); quit = 0; } else { debug2("no passphrase given, try next key"); @@ -268,7 +269,7 @@ try_rsa_authentication(int idx) xfree(comment); if (private == NULL) { - if (!options.batch_mode) + if (!options.batch_mode && perm_ok) error("Bad passphrase."); /* Send a dummy response packet to avoid protocol error. */ diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c index 637e2ce50c0..c5e6c490e26 100644 --- a/usr.bin/ssh/sshconnect2.c +++ b/usr.bin/ssh/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.151 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.152 2006/04/25 08:02:27 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -969,14 +969,16 @@ load_identity_file(char *filename) { Key *private; char prompt[300], *passphrase; - int quit, i; + int perm_ok, quit, i; struct stat st; if (stat(filename, &st) < 0) { debug3("no such identity: %s", filename); return NULL; } - private = key_load_private_type(KEY_UNSPEC, filename, "", NULL); + private = key_load_private_type(KEY_UNSPEC, filename, "", NULL, &perm_ok); + if (!perm_ok) + return NULL; if (private == NULL) { if (options.batch_mode) return NULL; @@ -985,8 +987,8 @@ load_identity_file(char *filename) for (i = 0; i < options.number_of_password_prompts; i++) { passphrase = read_passphrase(prompt, 0); if (strcmp(passphrase, "") != 0) { - private = key_load_private_type(KEY_UNSPEC, filename, - passphrase, NULL); + private = key_load_private_type(KEY_UNSPEC, + filename, passphrase, NULL, NULL); quit = 0; } else { debug2("no passphrase given, try next key"); |