upstream: Remove now-redundant perm_ok arg since

sshkey_load_private_type will now return SSH_ERR_KEY_BAD_PERMISSIONS in that case. Patch from jitendra.sharma at intel.com, ok djm@ OpenBSD-Commit-ID: 07916a17ed0a252591b71e7fb4be2599cb5b0c77
author: dtucker@openbsd.org <dtucker@openbsd.org> 2019-08-05 11:50:33 +0000
committer: Damien Miller <djm@mindrot.org> 2019-08-08 16:40:09 +1000
commit: 6b39a7b49ebacec4e70e24bfc8ea2f11057aac22 (patch)
tree: 5b43a6b0e136280a269f1161fad9a07b8a2af827
parent: d46075b923bf25e6f25959a3f5b458852161cb3e (diff)
3 files changed, 14 insertions, 22 deletions
diff --git a/authfile.c b/authfile.c
index 851c1a8a1..5e335ce43 100644
--- a/authfile.c
+++ b/authfile.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfile.c,v 1.133 2019/07/15 13:16:29 djm Exp $ */
+/* $OpenBSD: authfile.c,v 1.134 2019/08/05 11:50:33 dtucker Exp $ */
 /*
 * Copyright (c) 2000, 2013 Markus Friedl.  All rights reserved.
 *
@@ -164,10 +164,9 @@ sshkey_perm_ok(int fd, const char *filename)
        return 0;
 }
-/* XXX kill perm_ok now that we have SSH_ERR_KEY_BAD_PERMISSIONS? */
 int
 sshkey_load_private_type(int type, const char *filename, const char *passphrase,
-    struct sshkey **keyp, char **commentp, int *perm_ok)
+    struct sshkey **keyp, char **commentp)
 {
        int fd, r;
@@ -176,19 +175,12 @@ sshkey_load_private_type(int type, const char *filename, const char *passphrase,
        if (commentp != NULL)
                *commentp = NULL;
-        if ((fd = open(filename, O_RDONLY)) == -1) {
+        if ((fd = open(filename, O_RDONLY)) == -1)
-                if (perm_ok != NULL)
-                        *perm_ok = 0;
                return SSH_ERR_SYSTEM_ERROR;
-        }
-        if (sshkey_perm_ok(fd, filename) != 0) {
+        r = sshkey_perm_ok(fd, filename);
-                if (perm_ok != NULL)
+        if (r != 0)
-                        *perm_ok = 0;
-                r = SSH_ERR_KEY_BAD_PERMISSIONS;
                goto out;
-        }
-        if (perm_ok != NULL)
-                *perm_ok = 1;
        r = sshkey_load_private_type_fd(fd, type, passphrase, keyp, commentp);
        if (r == 0 && keyp && *keyp)
@@ -387,7 +379,7 @@ sshkey_load_cert(const char *filename, struct sshkey **keyp)
 /* Load private key and certificate */
 int
 sshkey_load_private_cert(int type, const char *filename, const char *passphrase,
-    struct sshkey **keyp, int *perm_ok)
+    struct sshkey **keyp)
 {
        struct sshkey *key = NULL, *cert = NULL;
        int r;
@@ -410,7 +402,7 @@ sshkey_load_private_cert(int type, const char *filename, const char *passphrase,
        }
        if ((r = sshkey_load_private_type(type, filename,
-            passphrase, &key, NULL, perm_ok)) != 0 ||
+            passphrase, &key, NULL)) != 0 ||
            (r = sshkey_load_cert(filename, &cert)) != 0)
                goto out;
diff --git a/authfile.h b/authfile.h
index 624d269f1..54df169b3 100644
--- a/authfile.h
+++ b/authfile.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfile.h,v 1.21 2015/01/08 10:14:08 djm Exp $ */
+/* $OpenBSD: authfile.h,v 1.22 2019/08/05 11:50:33 dtucker Exp $ */
 /*
 * Copyright (c) 2000, 2013 Markus Friedl.  All rights reserved.
@@ -40,9 +40,9 @@ int sshkey_load_cert(const char *, struct sshkey **);
 int sshkey_load_public(const char *, struct sshkey **, char **);
 int sshkey_load_private(const char *, const char *, struct sshkey **, char **);
 int sshkey_load_private_cert(int, const char *, const char *,
-    struct sshkey **, int *);
+    struct sshkey **);
 int sshkey_load_private_type(int, const char *, const char *,
-    struct sshkey **, char **, int *);
+    struct sshkey **, char **);
 int sshkey_load_private_type_fd(int fd, int type, const char *passphrase,
    struct sshkey **keyp, char **commentp);
 int sshkey_perm_ok(int, const char *);
diff --git a/sshconnect2.c b/sshconnect2.c
index cb8d2193d..87fa70a40 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.307 2019/07/07 01:05:00 dtucker Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.308 2019/08/05 11:50:33 dtucker Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -1404,7 +1404,7 @@ load_identity_file(Identity *id)
 {
        struct sshkey *private = NULL;
        char prompt[300], *passphrase, *comment;
-        int r, perm_ok = 0, quit = 0, i;
+        int r, quit = 0, i;
        struct stat st;
        if (stat(id->filename, &st) == -1) {
@@ -1426,7 +1426,7 @@ load_identity_file(Identity *id)
                        }
                }
                switch ((r = sshkey_load_private_type(KEY_UNSPEC, id->filename,
-                    passphrase, &private, &comment, &perm_ok))) {
+                    passphrase, &private, &comment))) {
                case 0:
                        break;
                case SSH_ERR_KEY_WRONG_PASSPHRASE:
author	dtucker@openbsd.org <dtucker@openbsd.org>	2019-08-05 11:50:33 +0000
committer	Damien Miller <djm@mindrot.org>	2019-08-08 16:40:09 +1000
commit	6b39a7b49ebacec4e70e24bfc8ea2f11057aac22 (patch)
tree	5b43a6b0e136280a269f1161fad9a07b8a2af827
parent	d46075b923bf25e6f25959a3f5b458852161cb3e (diff)

diff --git a/authfile.c b/authfile.c index 851c1a8a1..5e335ce43 100644 --- a/authfile.c +++ b/authfile.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: authfile.c,v 1.133 2019/07/15 13:16:29 djm Exp $ */	1	/* $OpenBSD: authfile.c,v 1.134 2019/08/05 11:50:33 dtucker Exp $ */
2	/*	2	/*
3	* Copyright (c) 2000, 2013 Markus Friedl. All rights reserved.	3	* Copyright (c) 2000, 2013 Markus Friedl. All rights reserved.
4	*	4	*
@@ -164,10 +164,9 @@ sshkey_perm_ok(int fd, const char *filename)
164	return 0;	164	return 0;
165	}	165	}
166		166
167	/* XXX kill perm_ok now that we have SSH_ERR_KEY_BAD_PERMISSIONS? */
168	int	167	int
169	sshkey_load_private_type(int type, const char filename, const char passphrase,	168	sshkey_load_private_type(int type, const char filename, const char passphrase,
170	struct sshkey keyp, char commentp, int *perm_ok)	169	struct sshkey keyp, char commentp)
171	{	170	{
172	int fd, r;	171	int fd, r;
173		172
@@ -176,19 +175,12 @@ sshkey_load_private_type(int type, const char filename, const char passphrase,
176	if (commentp != NULL)	175	if (commentp != NULL)
177	*commentp = NULL;	176	*commentp = NULL;
178		177
179	if ((fd = open(filename, O_RDONLY)) == -1) {	178	if ((fd = open(filename, O_RDONLY)) == -1)
180	if (perm_ok != NULL)
181	*perm_ok = 0;
182	return SSH_ERR_SYSTEM_ERROR;	179	return SSH_ERR_SYSTEM_ERROR;
183	}	180
184	if (sshkey_perm_ok(fd, filename) != 0) {	181	r = sshkey_perm_ok(fd, filename);
185	if (perm_ok != NULL)	182	if (r != 0)
186	*perm_ok = 0;
187	r = SSH_ERR_KEY_BAD_PERMISSIONS;
188	goto out;	183	goto out;
189	}
190	if (perm_ok != NULL)
191	*perm_ok = 1;
192		184
193	r = sshkey_load_private_type_fd(fd, type, passphrase, keyp, commentp);	185	r = sshkey_load_private_type_fd(fd, type, passphrase, keyp, commentp);
194	if (r == 0 && keyp && *keyp)	186	if (r == 0 && keyp && *keyp)
@@ -387,7 +379,7 @@ sshkey_load_cert(const char filename, struct sshkey *keyp)
387	/* Load private key and certificate */	379	/* Load private key and certificate */
388	int	380	int
389	sshkey_load_private_cert(int type, const char filename, const char passphrase,	381	sshkey_load_private_cert(int type, const char filename, const char passphrase,
390	struct sshkey *keyp, int perm_ok)	382	struct sshkey **keyp)
391	{	383	{
392	struct sshkey key = NULL, cert = NULL;	384	struct sshkey key = NULL, cert = NULL;
393	int r;	385	int r;
@@ -410,7 +402,7 @@ sshkey_load_private_cert(int type, const char filename, const char passphrase,
410	}	402	}
411		403
412	if ((r = sshkey_load_private_type(type, filename,	404	if ((r = sshkey_load_private_type(type, filename,
413	passphrase, &key, NULL, perm_ok)) != 0 \|\|	405	passphrase, &key, NULL)) != 0 \|\|
414	(r = sshkey_load_cert(filename, &cert)) != 0)	406	(r = sshkey_load_cert(filename, &cert)) != 0)
415	goto out;	407	goto out;
416		408


diff --git a/authfile.h b/authfile.h index 624d269f1..54df169b3 100644 --- a/authfile.h +++ b/authfile.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: authfile.h,v 1.21 2015/01/08 10:14:08 djm Exp $ */	1	/* $OpenBSD: authfile.h,v 1.22 2019/08/05 11:50:33 dtucker Exp $ */
2		2
3	/*	3	/*
4	* Copyright (c) 2000, 2013 Markus Friedl. All rights reserved.	4	* Copyright (c) 2000, 2013 Markus Friedl. All rights reserved.
@@ -40,9 +40,9 @@ int sshkey_load_cert(const char , struct sshkey *);
40	int sshkey_load_public(const char , struct sshkey , char *);	40	int sshkey_load_public(const char , struct sshkey , char *);
41	int sshkey_load_private(const char , const char , struct sshkey , char );	41	int sshkey_load_private(const char , const char , struct sshkey , char );
42	int sshkey_load_private_cert(int, const char , const char ,	42	int sshkey_load_private_cert(int, const char , const char ,
43	struct sshkey *, int );	43	struct sshkey **);
44	int sshkey_load_private_type(int, const char , const char ,	44	int sshkey_load_private_type(int, const char , const char ,
45	struct sshkey , char , int *);	45	struct sshkey , char );
46	int sshkey_load_private_type_fd(int fd, int type, const char *passphrase,	46	int sshkey_load_private_type_fd(int fd, int type, const char *passphrase,
47	struct sshkey keyp, char commentp);	47	struct sshkey keyp, char commentp);
48	int sshkey_perm_ok(int, const char *);	48	int sshkey_perm_ok(int, const char *);


diff --git a/sshconnect2.c b/sshconnect2.c index cb8d2193d..87fa70a40 100644 --- a/sshconnect2.c +++ b/sshconnect2.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: sshconnect2.c,v 1.307 2019/07/07 01:05:00 dtucker Exp $ */	1	/* $OpenBSD: sshconnect2.c,v 1.308 2019/08/05 11:50:33 dtucker Exp $ */
2	/*	2	/*
3	* Copyright (c) 2000 Markus Friedl. All rights reserved.	3	* Copyright (c) 2000 Markus Friedl. All rights reserved.
4	* Copyright (c) 2008 Damien Miller. All rights reserved.	4	* Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -1404,7 +1404,7 @@ load_identity_file(Identity *id)
1404	{	1404	{
1405	struct sshkey *private = NULL;	1405	struct sshkey *private = NULL;
1406	char prompt[300], passphrase, comment;	1406	char prompt[300], passphrase, comment;
1407	int r, perm_ok = 0, quit = 0, i;	1407	int r, quit = 0, i;
1408	struct stat st;	1408	struct stat st;
1409		1409
1410	if (stat(id->filename, &st) == -1) {	1410	if (stat(id->filename, &st) == -1) {
@@ -1426,7 +1426,7 @@ load_identity_file(Identity *id)
1426	}	1426	}
1427	}	1427	}
1428	switch ((r = sshkey_load_private_type(KEY_UNSPEC, id->filename,	1428	switch ((r = sshkey_load_private_type(KEY_UNSPEC, id->filename,
1429	passphrase, &private, &comment, &perm_ok))) {	1429	passphrase, &private, &comment))) {
1430	case 0:	1430	case 0:
1431	break;	1431	break;
1432	case SSH_ERR_KEY_WRONG_PASSPHRASE:	1432	case SSH_ERR_KEY_WRONG_PASSPHRASE: