diff options
author | Markus Friedl <markus@cvs.openbsd.org> | 2001-06-23 22:37:47 +0000 |
---|---|---|
committer | Markus Friedl <markus@cvs.openbsd.org> | 2001-06-23 22:37:47 +0000 |
commit | 01672c3384db5b63dc5148f295f0c0381ffa0387 (patch) | |
tree | 1761c70f5782dae02d80238424bb16b2ec910c03 | |
parent | 5c5ccbb4415b224ce1a1bfcaac7245f363f7678c (diff) |
consistent with ssh2: skip key if empty passphrase is entered,
retry num_of_passwd_prompt times if passphrase is wrong. ok fgsch@
-rw-r--r-- | usr.bin/ssh/sshconnect1.c | 73 |
1 files changed, 36 insertions, 37 deletions
diff --git a/usr.bin/ssh/sshconnect1.c b/usr.bin/ssh/sshconnect1.c index a03233f28e4..ec0a5c96c10 100644 --- a/usr.bin/ssh/sshconnect1.c +++ b/usr.bin/ssh/sshconnect1.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect1.c,v 1.35 2001/06/23 15:12:21 itojun Exp $"); +RCSID("$OpenBSD: sshconnect1.c,v 1.36 2001/06/23 22:37:46 markus Exp $"); #include <openssl/bn.h> #include <openssl/evp.h> @@ -204,11 +204,9 @@ static int try_rsa_authentication(const char *authfile) { BIGNUM *challenge; - Key *public; - Key *private; - char *passphrase, *comment; - int type, i; - int plen, clen; + Key *public, *private; + char buf[300], *passphrase, *comment; + int i, type, quit, plen, clen; /* Try to load identification for the authentication key. */ /* XXKEYLOAD */ @@ -257,45 +255,46 @@ try_rsa_authentication(const char *authfile) * fails, ask for a passphrase. */ private = key_load_private_type(KEY_RSA1, authfile, "", NULL); - if (private == NULL) { - char buf[300]; - snprintf(buf, sizeof buf, "Enter passphrase for RSA key '%.100s': ", - comment); - if (!options.batch_mode) + if (private == NULL && !options.batch_mode) { + snprintf(buf, sizeof(buf), + "Enter passphrase for RSA key '%.100s': ", comment); + for (i = 0; i < options.number_of_password_prompts; i++) { passphrase = read_passphrase(buf, 0); - else { - debug("Will not query passphrase for %.100s in batch mode.", - comment); - passphrase = xstrdup(""); - } - - /* Load the authentication file using the pasphrase. */ - private = key_load_private_type(KEY_RSA1, authfile, passphrase, NULL); - if (private == NULL) { + if (strcmp(passphrase, "") != 0) { + private = key_load_private_type(KEY_RSA1, + authfile, passphrase, NULL); + quit = 0; + } else { + debug2("no passphrase given, try next key"); + quit = 1; + } memset(passphrase, 0, strlen(passphrase)); xfree(passphrase); - error("Bad passphrase."); - - /* Send a dummy response packet to avoid protocol error. */ - packet_start(SSH_CMSG_AUTH_RSA_RESPONSE); - for (i = 0; i < 16; i++) - packet_put_char(0); - packet_send(); - packet_write_wait(); - - /* Expect the server to reject it... */ - packet_read_expect(&plen, SSH_SMSG_FAILURE); - xfree(comment); - BN_clear_free(challenge); - return 0; + if (private != NULL || quit) + break; + debug2("bad passphrase given, try again..."); } - /* Destroy the passphrase. */ - memset(passphrase, 0, strlen(passphrase)); - xfree(passphrase); } /* We no longer need the comment. */ xfree(comment); + if (private == NULL) { + if (!options.batch_mode) + error("Bad passphrase."); + + /* Send a dummy response packet to avoid protocol error. */ + packet_start(SSH_CMSG_AUTH_RSA_RESPONSE); + for (i = 0; i < 16; i++) + packet_put_char(0); + packet_send(); + packet_write_wait(); + + /* Expect the server to reject it... */ + packet_read_expect(&plen, SSH_SMSG_FAILURE); + BN_clear_free(challenge); + return 0; + } + /* Compute and send a response to the challenge. */ respond_to_rsa_challenge(challenge, private->rsa); |