summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@cvs.openbsd.org>2006-04-25 08:02:28 +0000
committerDarren Tucker <dtucker@cvs.openbsd.org>2006-04-25 08:02:28 +0000
commit6f85adb7207eef7900abad52d0ecd37383b85d4d (patch)
tree709af228c43be36373a6409af633c5a6aa2bbcfd
parent9f115d10e59007d168c3dc8fd75e2552bdd88d3f (diff)
Prevent ssh from trying to open private keys with bad permissions more than
once or prompting for their passphrases (which it subsequently ignores anyway), similar to a previous change in ssh-add. bz #1186, ok djm@
-rw-r--r--usr.bin/ssh/authfile.c8
-rw-r--r--usr.bin/ssh/authfile.h4
-rw-r--r--usr.bin/ssh/ssh.c8
-rw-r--r--usr.bin/ssh/sshconnect1.c13
-rw-r--r--usr.bin/ssh/sshconnect2.c12
5 files changed, 26 insertions, 19 deletions
diff --git a/usr.bin/ssh/authfile.c b/usr.bin/ssh/authfile.c
index afda011a222..2bbb12934e0 100644
--- a/usr.bin/ssh/authfile.c
+++ b/usr.bin/ssh/authfile.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfile.c,v 1.66 2006/03/25 13:17:01 djm Exp $ */
+/* $OpenBSD: authfile.c,v 1.67 2006/04/25 08:02:27 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -535,7 +535,7 @@ key_perm_ok(int fd, const char *filename)
Key *
key_load_private_type(int type, const char *filename, const char *passphrase,
- char **commentp)
+ char **commentp, int *perm_ok)
{
int fd;
@@ -543,10 +543,14 @@ key_load_private_type(int type, const char *filename, const char *passphrase,
if (fd < 0)
return NULL;
if (!key_perm_ok(fd, filename)) {
+ if (perm_ok != NULL)
+ *perm_ok = 0;
error("bad permissions: ignore key: %s", filename);
close(fd);
return NULL;
}
+ if (perm_ok != NULL)
+ *perm_ok = 1;
switch (type) {
case KEY_RSA1:
return key_load_private_rsa1(fd, filename, passphrase,
diff --git a/usr.bin/ssh/authfile.h b/usr.bin/ssh/authfile.h
index 967f582d4ba..a6c74934d69 100644
--- a/usr.bin/ssh/authfile.h
+++ b/usr.bin/ssh/authfile.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfile.h,v 1.12 2006/03/25 22:22:42 djm Exp $ */
+/* $OpenBSD: authfile.h,v 1.13 2006/04/25 08:02:27 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -19,7 +19,7 @@ int key_save_private(Key *, const char *, const char *, const char *);
Key *key_load_public(const char *, char **);
Key *key_load_public_type(int, const char *, char **);
Key *key_load_private(const char *, const char *, char **);
-Key *key_load_private_type(int, const char *, const char *, char **);
+Key *key_load_private_type(int, const char *, const char *, char **, int *);
Key *key_load_private_pem(int, int, const char *, char **);
int key_perm_ok(int, const char *);
diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c
index 5652a89b745..a38cb70df66 100644
--- a/usr.bin/ssh/ssh.c
+++ b/usr.bin/ssh/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.275 2006/03/30 10:41:25 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.276 2006/04/25 08:02:27 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -678,11 +678,11 @@ main(int ac, char **av)
PRIV_START;
sensitive_data.keys[0] = key_load_private_type(KEY_RSA1,
- _PATH_HOST_KEY_FILE, "", NULL);
+ _PATH_HOST_KEY_FILE, "", NULL, NULL);
sensitive_data.keys[1] = key_load_private_type(KEY_DSA,
- _PATH_HOST_DSA_KEY_FILE, "", NULL);
+ _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL);
sensitive_data.keys[2] = key_load_private_type(KEY_RSA,
- _PATH_HOST_RSA_KEY_FILE, "", NULL);
+ _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL);
PRIV_END;
if (options.hostbased_authentication == 1 &&
diff --git a/usr.bin/ssh/sshconnect1.c b/usr.bin/ssh/sshconnect1.c
index 9b86c7ce1c8..5467f04bfab 100644
--- a/usr.bin/ssh/sshconnect1.c
+++ b/usr.bin/ssh/sshconnect1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect1.c,v 1.64 2006/03/25 13:17:02 djm Exp $ */
+/* $OpenBSD: sshconnect1.c,v 1.65 2006/04/25 08:02:27 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -197,7 +197,7 @@ try_rsa_authentication(int idx)
BIGNUM *challenge;
Key *public, *private;
char buf[300], *passphrase, *comment, *authfile;
- int i, type, quit;
+ int i, perm_ok = 1, type, quit;
public = options.identity_keys[idx];
authfile = options.identity_files[idx];
@@ -243,15 +243,16 @@ try_rsa_authentication(int idx)
if (public->flags & KEY_FLAG_EXT)
private = public;
else
- private = key_load_private_type(KEY_RSA1, authfile, "", NULL);
- if (private == NULL && !options.batch_mode) {
+ private = key_load_private_type(KEY_RSA1, authfile, "", NULL,
+ &perm_ok);
+ if (private == NULL && !options.batch_mode && perm_ok) {
snprintf(buf, sizeof(buf),
"Enter passphrase for RSA key '%.100s': ", comment);
for (i = 0; i < options.number_of_password_prompts; i++) {
passphrase = read_passphrase(buf, 0);
if (strcmp(passphrase, "") != 0) {
private = key_load_private_type(KEY_RSA1,
- authfile, passphrase, NULL);
+ authfile, passphrase, NULL, NULL);
quit = 0;
} else {
debug2("no passphrase given, try next key");
@@ -268,7 +269,7 @@ try_rsa_authentication(int idx)
xfree(comment);
if (private == NULL) {
- if (!options.batch_mode)
+ if (!options.batch_mode && perm_ok)
error("Bad passphrase.");
/* Send a dummy response packet to avoid protocol error. */
diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c
index 637e2ce50c0..c5e6c490e26 100644
--- a/usr.bin/ssh/sshconnect2.c
+++ b/usr.bin/ssh/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.151 2006/03/25 13:17:02 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.152 2006/04/25 08:02:27 dtucker Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -969,14 +969,16 @@ load_identity_file(char *filename)
{
Key *private;
char prompt[300], *passphrase;
- int quit, i;
+ int perm_ok, quit, i;
struct stat st;
if (stat(filename, &st) < 0) {
debug3("no such identity: %s", filename);
return NULL;
}
- private = key_load_private_type(KEY_UNSPEC, filename, "", NULL);
+ private = key_load_private_type(KEY_UNSPEC, filename, "", NULL, &perm_ok);
+ if (!perm_ok)
+ return NULL;
if (private == NULL) {
if (options.batch_mode)
return NULL;
@@ -985,8 +987,8 @@ load_identity_file(char *filename)
for (i = 0; i < options.number_of_password_prompts; i++) {
passphrase = read_passphrase(prompt, 0);
if (strcmp(passphrase, "") != 0) {
- private = key_load_private_type(KEY_UNSPEC, filename,
- passphrase, NULL);
+ private = key_load_private_type(KEY_UNSPEC,
+ filename, passphrase, NULL, NULL);
quit = 0;
} else {
debug2("no passphrase given, try next key");