summaryrefslogtreecommitdiff
path: root/authfile.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2020-02-21 11:57:14 +0000
committerColin Watson <cjwatson@debian.org>2020-02-21 11:57:14 +0000
commitf0de78bd4f29fa688c5df116f3f9cd43543a76d0 (patch)
tree856b0dee3f2764c13a32dad5ffe2424fab7fef41 /authfile.c
parent4213eec74e74de6310c27a40c3e9759a08a73996 (diff)
parent8aa3455b16fddea4c0144a7c4a1edb10ec67dcc8 (diff)
Import openssh_8.2p1.orig.tar.gz
Diffstat (limited to 'authfile.c')
-rw-r--r--authfile.c108
1 files changed, 40 insertions, 68 deletions
diff --git a/authfile.c b/authfile.c
index 37341189c..20b66d9bd 100644
--- a/authfile.c
+++ b/authfile.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: authfile.c,v 1.135 2019/09/03 08:30:47 djm Exp $ */ 1/* $OpenBSD: authfile.c,v 1.137 2020/01/25 23:02:13 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved.
4 * 4 *
@@ -55,20 +55,13 @@
55static int 55static int
56sshkey_save_private_blob(struct sshbuf *keybuf, const char *filename) 56sshkey_save_private_blob(struct sshbuf *keybuf, const char *filename)
57{ 57{
58 int fd, oerrno; 58 int r;
59 mode_t omask;
59 60
60 if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600)) == -1) 61 omask = umask(077);
61 return SSH_ERR_SYSTEM_ERROR; 62 r = sshbuf_write_file(filename, keybuf);
62 if (atomicio(vwrite, fd, sshbuf_mutable_ptr(keybuf), 63 umask(omask);
63 sshbuf_len(keybuf)) != sshbuf_len(keybuf)) { 64 return r;
64 oerrno = errno;
65 close(fd);
66 unlink(filename);
67 errno = oerrno;
68 return SSH_ERR_SYSTEM_ERROR;
69 }
70 close(fd);
71 return 0;
72} 65}
73 66
74int 67int
@@ -92,49 +85,6 @@ sshkey_save_private(struct sshkey *key, const char *filename,
92 return r; 85 return r;
93} 86}
94 87
95/* Load a key from a fd into a buffer */
96int
97sshkey_load_file(int fd, struct sshbuf *blob)
98{
99 u_char buf[1024];
100 size_t len;
101 struct stat st;
102 int r;
103
104 if (fstat(fd, &st) == -1)
105 return SSH_ERR_SYSTEM_ERROR;
106 if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
107 st.st_size > MAX_KEY_FILE_SIZE)
108 return SSH_ERR_INVALID_FORMAT;
109 for (;;) {
110 if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) {
111 if (errno == EPIPE)
112 break;
113 r = SSH_ERR_SYSTEM_ERROR;
114 goto out;
115 }
116 if ((r = sshbuf_put(blob, buf, len)) != 0)
117 goto out;
118 if (sshbuf_len(blob) > MAX_KEY_FILE_SIZE) {
119 r = SSH_ERR_INVALID_FORMAT;
120 goto out;
121 }
122 }
123 if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
124 st.st_size != (off_t)sshbuf_len(blob)) {
125 r = SSH_ERR_FILE_CHANGED;
126 goto out;
127 }
128 r = 0;
129
130 out:
131 explicit_bzero(buf, sizeof(buf));
132 if (r != 0)
133 sshbuf_reset(blob);
134 return r;
135}
136
137
138/* XXX remove error() calls from here? */ 88/* XXX remove error() calls from here? */
139int 89int
140sshkey_perm_ok(int fd, const char *filename) 90sshkey_perm_ok(int fd, const char *filename)
@@ -199,11 +149,7 @@ sshkey_load_private_type_fd(int fd, int type, const char *passphrase,
199 149
200 if (keyp != NULL) 150 if (keyp != NULL)
201 *keyp = NULL; 151 *keyp = NULL;
202 if ((buffer = sshbuf_new()) == NULL) { 152 if ((r = sshbuf_load_fd(fd, &buffer)) != 0 ||
203 r = SSH_ERR_ALLOC_FAIL;
204 goto out;
205 }
206 if ((r = sshkey_load_file(fd, buffer)) != 0 ||
207 (r = sshkey_parse_private_fileblob_type(buffer, type, 153 (r = sshkey_parse_private_fileblob_type(buffer, type,
208 passphrase, keyp, commentp)) != 0) 154 passphrase, keyp, commentp)) != 0)
209 goto out; 155 goto out;
@@ -234,12 +180,7 @@ sshkey_load_private(const char *filename, const char *passphrase,
234 r = SSH_ERR_KEY_BAD_PERMISSIONS; 180 r = SSH_ERR_KEY_BAD_PERMISSIONS;
235 goto out; 181 goto out;
236 } 182 }
237 183 if ((r = sshbuf_load_fd(fd, &buffer)) != 0 ||
238 if ((buffer = sshbuf_new()) == NULL) {
239 r = SSH_ERR_ALLOC_FAIL;
240 goto out;
241 }
242 if ((r = sshkey_load_file(fd, buffer)) != 0 ||
243 (r = sshkey_parse_private_fileblob(buffer, passphrase, keyp, 184 (r = sshkey_parse_private_fileblob(buffer, passphrase, keyp,
244 commentp)) != 0) 185 commentp)) != 0)
245 goto out; 186 goto out;
@@ -550,3 +491,34 @@ sshkey_advance_past_options(char **cpp)
550 return (*cp == '\0' && quoted) ? -1 : 0; 491 return (*cp == '\0' && quoted) ? -1 : 0;
551} 492}
552 493
494/* Save a public key */
495int
496sshkey_save_public(const struct sshkey *key, const char *path,
497 const char *comment)
498{
499 int fd, oerrno;
500 FILE *f = NULL;
501 int r = SSH_ERR_INTERNAL_ERROR;
502
503 if ((fd = open(path, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1)
504 return SSH_ERR_SYSTEM_ERROR;
505 if ((f = fdopen(fd, "w")) == NULL) {
506 r = SSH_ERR_SYSTEM_ERROR;
507 goto fail;
508 }
509 if ((r = sshkey_write(key, f)) != 0)
510 goto fail;
511 fprintf(f, " %s\n", comment);
512 if (ferror(f) || fclose(f) != 0) {
513 r = SSH_ERR_SYSTEM_ERROR;
514 fail:
515 oerrno = errno;
516 if (f != NULL)
517 fclose(f);
518 else
519 close(fd);
520 errno = oerrno;
521 return r;
522 }
523 return 0;
524}