diff options
Diffstat (limited to 'sshconnect1.c')
-rw-r--r-- | sshconnect1.c | 73 |
1 files changed, 36 insertions, 37 deletions
diff --git a/sshconnect1.c b/sshconnect1.c index a03233f28..ec0a5c96c 100644 --- a/sshconnect1.c +++ b/sshconnect1.c | |||
@@ -13,7 +13,7 @@ | |||
13 | */ | 13 | */ |
14 | 14 | ||
15 | #include "includes.h" | 15 | #include "includes.h" |
16 | RCSID("$OpenBSD: sshconnect1.c,v 1.35 2001/06/23 15:12:21 itojun Exp $"); | 16 | RCSID("$OpenBSD: sshconnect1.c,v 1.36 2001/06/23 22:37:46 markus Exp $"); |
17 | 17 | ||
18 | #include <openssl/bn.h> | 18 | #include <openssl/bn.h> |
19 | #include <openssl/evp.h> | 19 | #include <openssl/evp.h> |
@@ -204,11 +204,9 @@ static int | |||
204 | try_rsa_authentication(const char *authfile) | 204 | try_rsa_authentication(const char *authfile) |
205 | { | 205 | { |
206 | BIGNUM *challenge; | 206 | BIGNUM *challenge; |
207 | Key *public; | 207 | Key *public, *private; |
208 | Key *private; | 208 | char buf[300], *passphrase, *comment; |
209 | char *passphrase, *comment; | 209 | int i, type, quit, plen, clen; |
210 | int type, i; | ||
211 | int plen, clen; | ||
212 | 210 | ||
213 | /* Try to load identification for the authentication key. */ | 211 | /* Try to load identification for the authentication key. */ |
214 | /* XXKEYLOAD */ | 212 | /* XXKEYLOAD */ |
@@ -257,45 +255,46 @@ try_rsa_authentication(const char *authfile) | |||
257 | * fails, ask for a passphrase. | 255 | * fails, ask for a passphrase. |
258 | */ | 256 | */ |
259 | private = key_load_private_type(KEY_RSA1, authfile, "", NULL); | 257 | private = key_load_private_type(KEY_RSA1, authfile, "", NULL); |
260 | if (private == NULL) { | 258 | if (private == NULL && !options.batch_mode) { |
261 | char buf[300]; | 259 | snprintf(buf, sizeof(buf), |
262 | snprintf(buf, sizeof buf, "Enter passphrase for RSA key '%.100s': ", | 260 | "Enter passphrase for RSA key '%.100s': ", comment); |
263 | comment); | 261 | for (i = 0; i < options.number_of_password_prompts; i++) { |
264 | if (!options.batch_mode) | ||
265 | passphrase = read_passphrase(buf, 0); | 262 | passphrase = read_passphrase(buf, 0); |
266 | else { | 263 | if (strcmp(passphrase, "") != 0) { |
267 | debug("Will not query passphrase for %.100s in batch mode.", | 264 | private = key_load_private_type(KEY_RSA1, |
268 | comment); | 265 | authfile, passphrase, NULL); |
269 | passphrase = xstrdup(""); | 266 | quit = 0; |
270 | } | 267 | } else { |
271 | 268 | debug2("no passphrase given, try next key"); | |
272 | /* Load the authentication file using the pasphrase. */ | 269 | quit = 1; |
273 | private = key_load_private_type(KEY_RSA1, authfile, passphrase, NULL); | 270 | } |
274 | if (private == NULL) { | ||
275 | memset(passphrase, 0, strlen(passphrase)); | 271 | memset(passphrase, 0, strlen(passphrase)); |
276 | xfree(passphrase); | 272 | xfree(passphrase); |
277 | error("Bad passphrase."); | 273 | if (private != NULL || quit) |
278 | 274 | break; | |
279 | /* Send a dummy response packet to avoid protocol error. */ | 275 | debug2("bad passphrase given, try again..."); |
280 | packet_start(SSH_CMSG_AUTH_RSA_RESPONSE); | ||
281 | for (i = 0; i < 16; i++) | ||
282 | packet_put_char(0); | ||
283 | packet_send(); | ||
284 | packet_write_wait(); | ||
285 | |||
286 | /* Expect the server to reject it... */ | ||
287 | packet_read_expect(&plen, SSH_SMSG_FAILURE); | ||
288 | xfree(comment); | ||
289 | BN_clear_free(challenge); | ||
290 | return 0; | ||
291 | } | 276 | } |
292 | /* Destroy the passphrase. */ | ||
293 | memset(passphrase, 0, strlen(passphrase)); | ||
294 | xfree(passphrase); | ||
295 | } | 277 | } |
296 | /* We no longer need the comment. */ | 278 | /* We no longer need the comment. */ |
297 | xfree(comment); | 279 | xfree(comment); |
298 | 280 | ||
281 | if (private == NULL) { | ||
282 | if (!options.batch_mode) | ||
283 | error("Bad passphrase."); | ||
284 | |||
285 | /* Send a dummy response packet to avoid protocol error. */ | ||
286 | packet_start(SSH_CMSG_AUTH_RSA_RESPONSE); | ||
287 | for (i = 0; i < 16; i++) | ||
288 | packet_put_char(0); | ||
289 | packet_send(); | ||
290 | packet_write_wait(); | ||
291 | |||
292 | /* Expect the server to reject it... */ | ||
293 | packet_read_expect(&plen, SSH_SMSG_FAILURE); | ||
294 | BN_clear_free(challenge); | ||
295 | return 0; | ||
296 | } | ||
297 | |||
299 | /* Compute and send a response to the challenge. */ | 298 | /* Compute and send a response to the challenge. */ |
300 | respond_to_rsa_challenge(challenge, private->rsa); | 299 | respond_to_rsa_challenge(challenge, private->rsa); |
301 | 300 | ||