diff options
| author | dtucker <dtucker> | 2006-05-06 07:41:51 +0000 |
|---|---|---|
| committer | dtucker <dtucker> | 2006-05-06 07:41:51 +0000 |
| commit | 81e4c29ccb5f321821016ca74c4d8f6297d1ff3d (patch) | |
| tree | d79435c4bf4222e12000946c347ac1f500d267c6 /sshconnect1.c | |
| parent | 15ba8859398aa73b274026121fe00b5a5f358195 (diff) | |
| download | openssh-81e4c29ccb5f321821016ca74c4d8f6297d1ff3d.tar.gz | |
- dtucker@cvs.openbsd.org 2006/04/25 08:02:27
[authfile.c authfile.h sshconnect2.c ssh.c sshconnect1.c]
Prevent ssh from trying to open private keys with bad permissions more than
once or prompting for their passphrases (which it subsequently ignores
anyway), similar to a previous change in ssh-add. bz #1186, ok djm@
Diffstat (limited to 'sshconnect1.c')
| -rw-r--r-- | sshconnect1.c | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/sshconnect1.c b/sshconnect1.c index 9b86c7ce..5467f04b 100644 --- a/sshconnect1.c +++ b/sshconnect1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect1.c,v 1.64 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: sshconnect1.c,v 1.65 2006/04/25 08:02:27 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -197,7 +197,7 @@ try_rsa_authentication(int idx) BIGNUM *challenge; Key *public, *private; char buf[300], *passphrase, *comment, *authfile; - int i, type, quit; + int i, perm_ok = 1, type, quit; public = options.identity_keys[idx]; authfile = options.identity_files[idx]; @@ -243,15 +243,16 @@ try_rsa_authentication(int idx) if (public->flags & KEY_FLAG_EXT) private = public; else - private = key_load_private_type(KEY_RSA1, authfile, "", NULL); - if (private == NULL && !options.batch_mode) { + private = key_load_private_type(KEY_RSA1, authfile, "", NULL, + &perm_ok); + if (private == NULL && !options.batch_mode && perm_ok) { snprintf(buf, sizeof(buf), "Enter passphrase for RSA key '%.100s': ", comment); for (i = 0; i < options.number_of_password_prompts; i++) { passphrase = read_passphrase(buf, 0); if (strcmp(passphrase, "") != 0) { private = key_load_private_type(KEY_RSA1, - authfile, passphrase, NULL); + authfile, passphrase, NULL, NULL); quit = 0; } else { debug2("no passphrase given, try next key"); @@ -268,7 +269,7 @@ try_rsa_authentication(int idx) xfree(comment); if (private == NULL) { - if (!options.batch_mode) + if (!options.batch_mode && perm_ok) error("Bad passphrase."); /* Send a dummy response packet to avoid protocol error. */ |