diff options
Diffstat (limited to 'authfile.c')
| -rw-r--r-- | authfile.c | 83 |
1 files changed, 80 insertions, 3 deletions
diff --git a/authfile.c b/authfile.c index 735c64780..224c6aa80 100644 --- a/authfile.c +++ b/authfile.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: authfile.c,v 1.76 2006/08/03 03:34:41 deraadt Exp $ */ | 1 | /* $OpenBSD: authfile.c,v 1.80 2010/03/04 10:36:03 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -47,6 +47,9 @@ | |||
| 47 | #include <openssl/evp.h> | 47 | #include <openssl/evp.h> |
| 48 | #include <openssl/pem.h> | 48 | #include <openssl/pem.h> |
| 49 | 49 | ||
| 50 | /* compatibility with old or broken OpenSSL versions */ | ||
| 51 | #include "openbsd-compat/openssl-compat.h" | ||
| 52 | |||
| 50 | #include <errno.h> | 53 | #include <errno.h> |
| 51 | #include <fcntl.h> | 54 | #include <fcntl.h> |
| 52 | #include <stdarg.h> | 55 | #include <stdarg.h> |
| @@ -184,7 +187,11 @@ key_save_private_pem(Key *key, const char *filename, const char *_passphrase, | |||
| 184 | int success = 0; | 187 | int success = 0; |
| 185 | int len = strlen(_passphrase); | 188 | int len = strlen(_passphrase); |
| 186 | u_char *passphrase = (len > 0) ? (u_char *)_passphrase : NULL; | 189 | u_char *passphrase = (len > 0) ? (u_char *)_passphrase : NULL; |
| 190 | #if (OPENSSL_VERSION_NUMBER < 0x00907000L) | ||
| 187 | const EVP_CIPHER *cipher = (len > 0) ? EVP_des_ede3_cbc() : NULL; | 191 | const EVP_CIPHER *cipher = (len > 0) ? EVP_des_ede3_cbc() : NULL; |
| 192 | #else | ||
| 193 | const EVP_CIPHER *cipher = (len > 0) ? EVP_aes_128_cbc() : NULL; | ||
| 194 | #endif | ||
| 188 | 195 | ||
| 189 | if (len > 0 && len <= 4) { | 196 | if (len > 0 && len <= 4) { |
| 190 | error("passphrase too short: have %d bytes, need > 4", len); | 197 | error("passphrase too short: have %d bytes, need > 4", len); |
| @@ -552,8 +559,13 @@ key_load_private_type(int type, const char *filename, const char *passphrase, | |||
| 552 | int fd; | 559 | int fd; |
| 553 | 560 | ||
| 554 | fd = open(filename, O_RDONLY); | 561 | fd = open(filename, O_RDONLY); |
| 555 | if (fd < 0) | 562 | if (fd < 0) { |
| 563 | debug("could not open key file '%s': %s", filename, | ||
| 564 | strerror(errno)); | ||
| 565 | if (perm_ok != NULL) | ||
| 566 | *perm_ok = 0; | ||
| 556 | return NULL; | 567 | return NULL; |
| 568 | } | ||
| 557 | if (!key_perm_ok(fd, filename)) { | 569 | if (!key_perm_ok(fd, filename)) { |
| 558 | if (perm_ok != NULL) | 570 | if (perm_ok != NULL) |
| 559 | *perm_ok = 0; | 571 | *perm_ok = 0; |
| @@ -588,8 +600,11 @@ key_load_private(const char *filename, const char *passphrase, | |||
| 588 | int fd; | 600 | int fd; |
| 589 | 601 | ||
| 590 | fd = open(filename, O_RDONLY); | 602 | fd = open(filename, O_RDONLY); |
| 591 | if (fd < 0) | 603 | if (fd < 0) { |
| 604 | debug("could not open key file '%s': %s", filename, | ||
| 605 | strerror(errno)); | ||
| 592 | return NULL; | 606 | return NULL; |
| 607 | } | ||
| 593 | if (!key_perm_ok(fd, filename)) { | 608 | if (!key_perm_ok(fd, filename)) { |
| 594 | error("bad permissions: ignore key: %s", filename); | 609 | error("bad permissions: ignore key: %s", filename); |
| 595 | close(fd); | 610 | close(fd); |
| @@ -677,3 +692,65 @@ key_load_public(const char *filename, char **commentp) | |||
| 677 | key_free(pub); | 692 | key_free(pub); |
| 678 | return NULL; | 693 | return NULL; |
| 679 | } | 694 | } |
| 695 | |||
| 696 | /* | ||
| 697 | * Returns 1 if the specified "key" is listed in the file "filename", | ||
| 698 | * 0 if the key is not listed or -1 on error. | ||
| 699 | * If strict_type is set then the key type must match exactly, | ||
| 700 | * otherwise a comparison that ignores certficiate data is performed. | ||
| 701 | */ | ||
| 702 | int | ||
| 703 | key_in_file(Key *key, const char *filename, int strict_type) | ||
| 704 | { | ||
| 705 | FILE *f; | ||
| 706 | char line[SSH_MAX_PUBKEY_BYTES]; | ||
| 707 | char *cp; | ||
| 708 | u_long linenum = 0; | ||
| 709 | int ret = 0; | ||
| 710 | Key *pub; | ||
| 711 | int (*key_compare)(const Key *, const Key *) = strict_type ? | ||
| 712 | key_equal : key_equal_public; | ||
| 713 | |||
| 714 | if ((f = fopen(filename, "r")) == NULL) { | ||
| 715 | if (errno == ENOENT) { | ||
| 716 | debug("%s: keyfile \"%s\" missing", __func__, filename); | ||
| 717 | return 0; | ||
| 718 | } else { | ||
| 719 | error("%s: could not open keyfile \"%s\": %s", __func__, | ||
| 720 | filename, strerror(errno)); | ||
| 721 | return -1; | ||
| 722 | } | ||
| 723 | } | ||
| 724 | |||
| 725 | while (read_keyfile_line(f, filename, line, sizeof(line), | ||
| 726 | &linenum) != -1) { | ||
| 727 | cp = line; | ||
| 728 | |||
| 729 | /* Skip leading whitespace. */ | ||
| 730 | for (; *cp && (*cp == ' ' || *cp == '\t'); cp++) | ||
| 731 | ; | ||
| 732 | |||
| 733 | /* Skip comments and empty lines */ | ||
| 734 | switch (*cp) { | ||
| 735 | case '#': | ||
| 736 | case '\n': | ||
| 737 | case '\0': | ||
| 738 | continue; | ||
| 739 | } | ||
| 740 | |||
| 741 | pub = key_new(KEY_UNSPEC); | ||
| 742 | if (key_read(pub, &cp) != 1) { | ||
| 743 | key_free(pub); | ||
| 744 | continue; | ||
| 745 | } | ||
| 746 | if (key_compare(key, pub)) { | ||
| 747 | ret = 1; | ||
| 748 | key_free(pub); | ||
| 749 | break; | ||
| 750 | } | ||
| 751 | key_free(pub); | ||
| 752 | } | ||
| 753 | fclose(f); | ||
| 754 | return ret; | ||
| 755 | } | ||
| 756 | |||