- dtucker@cvs.openbsd.org 2006/04/25 08:02:27

     [authfile.c authfile.h sshconnect2.c ssh.c sshconnect1.c]
     Prevent ssh from trying to open private keys with bad permissions more than
     once or prompting for their passphrases (which it subsequently ignores
     anyway), similar to a previous change in ssh-add.  bz #1186, ok djm@

diff --git a/ChangeLog b/ChangeLog
index fb97ef12c055f6df731f062b309ceafc484ecbe8..04e60d0899f0db14e7584b2ca0e84ceb9b6916b8 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+20050506
+ - (dtucker) OpenBSD CVS Syn
+   - dtucker@cvs.openbsd.org 2006/04/25 08:02:27
+     [authfile.c authfile.h sshconnect2.c ssh.c sshconnect1.c]
+     Prevent ssh from trying to open private keys with bad permissions more than
+     once or prompting for their passphrases (which it subsequently ignores
+     anyway), similar to a previous change in ssh-add.  bz #1186, ok djm@
+
 20060504
  - (dtucker) [auth-pam.c groupaccess.c monitor.c monitor_wrap.c scard-opensc.c
    session.c ssh-rand-helper.c sshd.c openbsd-compat/bsd-cygwin_util.c

diff --git a/authfile.c b/authfile.c
index b95b9470bbbe3544bb7ce1b976b0e27ba4e1eb25..b1a28528fcc65cd5645cdfaf71f17dd6c5f7d97f 100644 (file)
--- a/authfile.c
+++ b/authfile.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfile.c,v 1.66 2006/03/25 13:17:01 djm Exp $ */
+/* $OpenBSD: authfile.c,v 1.67 2006/04/25 08:02:27 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -538,7 +538,7 @@ key_perm_ok(int fd, const char *filename)
 
 Key *
 key_load_private_type(int type, const char *filename, const char *passphrase,
-    char **commentp)
+    char **commentp, int *perm_ok)
 {
        int fd;
 
@@ -546,10 +546,14 @@ key_load_private_type(int type, const char *filename, const char *passphrase,
        if (fd < 0)
                return NULL;
        if (!key_perm_ok(fd, filename)) {
+               if (perm_ok != NULL)
+                       *perm_ok = 0;
                error("bad permissions: ignore key: %s", filename);
                close(fd);
                return NULL;
        }
+       if (perm_ok != NULL)
+               *perm_ok = 1;
        switch (type) {
        case KEY_RSA1:
                return key_load_private_rsa1(fd, filename, passphrase,

diff --git a/authfile.h b/authfile.h
index 967f582d4ba51c015dc9cb6b850820246fbe5e16..a6c74934d69ad1583a5eb73626cb7d0ecd4318cb 100644 (file)
--- a/authfile.h
+++ b/authfile.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfile.h,v 1.12 2006/03/25 22:22:42 djm Exp $ */
+/* $OpenBSD: authfile.h,v 1.13 2006/04/25 08:02:27 dtucker Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -19,7 +19,7 @@ int    key_save_private(Key *, const char *, const char *, const char *);
 Key    *key_load_public(const char *, char **);
 Key    *key_load_public_type(int, const char *, char **);
 Key    *key_load_private(const char *, const char *, char **);
-Key    *key_load_private_type(int, const char *, const char *, char **);
+Key    *key_load_private_type(int, const char *, const char *, char **, int *);
 Key    *key_load_private_pem(int, int, const char *, char **);
 int     key_perm_ok(int, const char *);
 

diff --git a/ssh.c b/ssh.c
index 5eddd41d5d4ad2d178d41e1f6e51365cc847b53a..01303dc9731f6262912b5ce16b16cade7ba8a243 100644 (file)
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.275 2006/03/30 10:41:25 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.276 2006/04/25 08:02:27 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -693,11 +693,11 @@ main(int ac, char **av)
 
                PRIV_START;
                sensitive_data.keys[0] = key_load_private_type(KEY_RSA1,
-                   _PATH_HOST_KEY_FILE, "", NULL);
+                   _PATH_HOST_KEY_FILE, "", NULL, NULL);
                sensitive_data.keys[1] = key_load_private_type(KEY_DSA,
-                   _PATH_HOST_DSA_KEY_FILE, "", NULL);
+                   _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL);
                sensitive_data.keys[2] = key_load_private_type(KEY_RSA,
-                   _PATH_HOST_RSA_KEY_FILE, "", NULL);
+                   _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL);
                PRIV_END;
 
                if (options.hostbased_authentication == 1 &&

diff --git a/sshconnect1.c b/sshconnect1.c
index 9b86c7ce1c832b1892e0d8f1c020b4e3c2c1a0c6..5467f04bfabdcc657b12de3189c71d316ad3e271 100644 (file)
--- a/sshconnect1.c
+++ b/sshconnect1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect1.c,v 1.64 2006/03/25 13:17:02 djm Exp $ */
+/* $OpenBSD: sshconnect1.c,v 1.65 2006/04/25 08:02:27 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -197,7 +197,7 @@ try_rsa_authentication(int idx)
        BIGNUM *challenge;
        Key *public, *private;
        char buf[300], *passphrase, *comment, *authfile;
-       int i, type, quit;
+       int i, perm_ok = 1, type, quit;
 
        public = options.identity_keys[idx];
        authfile = options.identity_files[idx];
@@ -243,15 +243,16 @@ try_rsa_authentication(int idx)
        if (public->flags & KEY_FLAG_EXT)
                private = public;
        else
-               private = key_load_private_type(KEY_RSA1, authfile, "", NULL);
-       if (private == NULL && !options.batch_mode) {
+               private = key_load_private_type(KEY_RSA1, authfile, "", NULL,
+                   &perm_ok);
+       if (private == NULL && !options.batch_mode && perm_ok) {
                snprintf(buf, sizeof(buf),
                    "Enter passphrase for RSA key '%.100s': ", comment);
                for (i = 0; i < options.number_of_password_prompts; i++) {
                        passphrase = read_passphrase(buf, 0);
                        if (strcmp(passphrase, "") != 0) {
                                private = key_load_private_type(KEY_RSA1,
-                                   authfile, passphrase, NULL);
+                                   authfile, passphrase, NULL, NULL);
                                quit = 0;
                        } else {
                                debug2("no passphrase given, try next key");
@@ -268,7 +269,7 @@ try_rsa_authentication(int idx)
        xfree(comment);
 
        if (private == NULL) {
-               if (!options.batch_mode)
+               if (!options.batch_mode && perm_ok)
                        error("Bad passphrase.");
 
                /* Send a dummy response packet to avoid protocol error. */

diff --git a/sshconnect2.c b/sshconnect2.c
index a826ad0f4e249268f9ea74feca23fde047bb003f..6fdcf8a1c6d726f130a8c825b42a0203de1da024 100644 (file)
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.151 2006/03/25 13:17:02 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.152 2006/04/25 08:02:27 dtucker Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -970,14 +970,16 @@ load_identity_file(char *filename)
 {
        Key *private;
        char prompt[300], *passphrase;
-       int quit, i;
+       int perm_ok, quit, i;
        struct stat st;
 
        if (stat(filename, &st) < 0) {
                debug3("no such identity: %s", filename);
                return NULL;
        }
-       private = key_load_private_type(KEY_UNSPEC, filename, "", NULL);
+       private = key_load_private_type(KEY_UNSPEC, filename, "", NULL, &perm_ok);
+       if (!perm_ok)
+               return NULL;
        if (private == NULL) {
                if (options.batch_mode)
                        return NULL;
@@ -986,8 +988,8 @@ load_identity_file(char *filename)
                for (i = 0; i < options.number_of_password_prompts; i++) {
                        passphrase = read_passphrase(prompt, 0);
                        if (strcmp(passphrase, "") != 0) {
-                               private = key_load_private_type(KEY_UNSPEC, filename,
-                                   passphrase, NULL);
+                               private = key_load_private_type(KEY_UNSPEC,
+                                   filename, passphrase, NULL, NULL);
                                quit = 0;
                        } else {
                                debug2("no passphrase given, try next key");