diff options
| author | Damien Miller <djm@mindrot.org> | 2013-02-15 12:18:32 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2013-02-15 12:18:32 +1100 |
| commit | 5ceddc31cd654303086c81e0b17b73c4c6af5a5c (patch) | |
| tree | 413b4ce346b94c7e2c3db76d6c61e295057afc91 | |
| parent | 8e6fb780e54f484e3dca4f1bf0abcd9bf13f092f (diff) | |
- dtucker@cvs.openbsd.org 2013/02/15 00:21:01
[sshconnect2.c]
Warn more loudly if an IdentityFile provided by the user cannot be read.
bz #1981, ok djm@
| -rw-r--r-- | ChangeLog | 4 | ||||
| -rw-r--r-- | sshconnect2.c | 19 |
2 files changed, 16 insertions, 7 deletions
| @@ -11,6 +11,10 @@ | |||
| 11 | [auth2-pubkey.c] | 11 | [auth2-pubkey.c] |
| 12 | Correct error message that had a typo and was logging the wrong thing; | 12 | Correct error message that had a typo and was logging the wrong thing; |
| 13 | patch from Petr Lautrbach | 13 | patch from Petr Lautrbach |
| 14 | - dtucker@cvs.openbsd.org 2013/02/15 00:21:01 | ||
| 15 | [sshconnect2.c] | ||
| 16 | Warn more loudly if an IdentityFile provided by the user cannot be read. | ||
| 17 | bz #1981, ok djm@ | ||
| 14 | 18 | ||
| 15 | 20130214 | 19 | 20130214 |
| 16 | - (djm) [regress/krl.sh] Don't use ecdsa keys in environment that lack ECC. | 20 | - (djm) [regress/krl.sh] Don't use ecdsa keys in environment that lack ECC. |
diff --git a/sshconnect2.c b/sshconnect2.c index 6791ea344..a306447b3 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sshconnect2.c,v 1.190 2012/12/02 20:26:11 djm Exp $ */ | 1 | /* $OpenBSD: sshconnect2.c,v 1.191 2013/02/15 00:21:01 dtucker Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
| 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. |
| @@ -248,6 +248,7 @@ struct identity { | |||
| 248 | char *filename; /* comment for agent-only keys */ | 248 | char *filename; /* comment for agent-only keys */ |
| 249 | int tried; | 249 | int tried; |
| 250 | int isprivate; /* key points to the private key */ | 250 | int isprivate; /* key points to the private key */ |
| 251 | int userprovided; | ||
| 251 | }; | 252 | }; |
| 252 | TAILQ_HEAD(idlist, identity); | 253 | TAILQ_HEAD(idlist, identity); |
| 253 | 254 | ||
| @@ -312,7 +313,7 @@ void userauth(Authctxt *, char *); | |||
| 312 | static int sign_and_send_pubkey(Authctxt *, Identity *); | 313 | static int sign_and_send_pubkey(Authctxt *, Identity *); |
| 313 | static void pubkey_prepare(Authctxt *); | 314 | static void pubkey_prepare(Authctxt *); |
| 314 | static void pubkey_cleanup(Authctxt *); | 315 | static void pubkey_cleanup(Authctxt *); |
| 315 | static Key *load_identity_file(char *); | 316 | static Key *load_identity_file(char *, int); |
| 316 | 317 | ||
| 317 | static Authmethod *authmethod_get(char *authlist); | 318 | static Authmethod *authmethod_get(char *authlist); |
| 318 | static Authmethod *authmethod_lookup(const char *name); | 319 | static Authmethod *authmethod_lookup(const char *name); |
| @@ -1186,7 +1187,7 @@ identity_sign(Identity *id, u_char **sigp, u_int *lenp, | |||
| 1186 | if (id->isprivate || (id->key->flags & KEY_FLAG_EXT)) | 1187 | if (id->isprivate || (id->key->flags & KEY_FLAG_EXT)) |
| 1187 | return (key_sign(id->key, sigp, lenp, data, datalen)); | 1188 | return (key_sign(id->key, sigp, lenp, data, datalen)); |
| 1188 | /* load the private key from the file */ | 1189 | /* load the private key from the file */ |
| 1189 | if ((prv = load_identity_file(id->filename)) == NULL) | 1190 | if ((prv = load_identity_file(id->filename, id->userprovided)) == NULL) |
| 1190 | return (-1); | 1191 | return (-1); |
| 1191 | ret = key_sign(prv, sigp, lenp, data, datalen); | 1192 | ret = key_sign(prv, sigp, lenp, data, datalen); |
| 1192 | key_free(prv); | 1193 | key_free(prv); |
| @@ -1311,7 +1312,7 @@ send_pubkey_test(Authctxt *authctxt, Identity *id) | |||
| 1311 | } | 1312 | } |
| 1312 | 1313 | ||
| 1313 | static Key * | 1314 | static Key * |
| 1314 | load_identity_file(char *filename) | 1315 | load_identity_file(char *filename, int userprovided) |
| 1315 | { | 1316 | { |
| 1316 | Key *private; | 1317 | Key *private; |
| 1317 | char prompt[300], *passphrase; | 1318 | char prompt[300], *passphrase; |
| @@ -1319,7 +1320,8 @@ load_identity_file(char *filename) | |||
| 1319 | struct stat st; | 1320 | struct stat st; |
| 1320 | 1321 | ||
| 1321 | if (stat(filename, &st) < 0) { | 1322 | if (stat(filename, &st) < 0) { |
| 1322 | debug3("no such identity: %s", filename); | 1323 | (userprovided ? logit : debug3)("no such identity: %s: %s", |
| 1324 | filename, strerror(errno)); | ||
| 1323 | return NULL; | 1325 | return NULL; |
| 1324 | } | 1326 | } |
| 1325 | private = key_load_private_type(KEY_UNSPEC, filename, "", NULL, &perm_ok); | 1327 | private = key_load_private_type(KEY_UNSPEC, filename, "", NULL, &perm_ok); |
| @@ -1382,6 +1384,7 @@ pubkey_prepare(Authctxt *authctxt) | |||
| 1382 | id = xcalloc(1, sizeof(*id)); | 1384 | id = xcalloc(1, sizeof(*id)); |
| 1383 | id->key = key; | 1385 | id->key = key; |
| 1384 | id->filename = xstrdup(options.identity_files[i]); | 1386 | id->filename = xstrdup(options.identity_files[i]); |
| 1387 | id->userprovided = 1; | ||
| 1385 | TAILQ_INSERT_TAIL(&files, id, next); | 1388 | TAILQ_INSERT_TAIL(&files, id, next); |
| 1386 | } | 1389 | } |
| 1387 | /* Prefer PKCS11 keys that are explicitly listed */ | 1390 | /* Prefer PKCS11 keys that are explicitly listed */ |
| @@ -1446,7 +1449,8 @@ pubkey_prepare(Authctxt *authctxt) | |||
| 1446 | TAILQ_INSERT_TAIL(preferred, id, next); | 1449 | TAILQ_INSERT_TAIL(preferred, id, next); |
| 1447 | } | 1450 | } |
| 1448 | TAILQ_FOREACH(id, preferred, next) { | 1451 | TAILQ_FOREACH(id, preferred, next) { |
| 1449 | debug2("key: %s (%p)", id->filename, id->key); | 1452 | debug2("key: %s (%p),%s", id->filename, id->key, |
| 1453 | id->userprovided ? " explicit" : ""); | ||
| 1450 | } | 1454 | } |
| 1451 | } | 1455 | } |
| 1452 | 1456 | ||
| @@ -1491,7 +1495,8 @@ userauth_pubkey(Authctxt *authctxt) | |||
| 1491 | sent = send_pubkey_test(authctxt, id); | 1495 | sent = send_pubkey_test(authctxt, id); |
| 1492 | } else if (id->key == NULL) { | 1496 | } else if (id->key == NULL) { |
| 1493 | debug("Trying private key: %s", id->filename); | 1497 | debug("Trying private key: %s", id->filename); |
| 1494 | id->key = load_identity_file(id->filename); | 1498 | id->key = load_identity_file(id->filename, |
| 1499 | id->userprovided); | ||
| 1495 | if (id->key != NULL) { | 1500 | if (id->key != NULL) { |
| 1496 | id->isprivate = 1; | 1501 | id->isprivate = 1; |
| 1497 | sent = sign_and_send_pubkey(authctxt, id); | 1502 | sent = sign_and_send_pubkey(authctxt, id); |