authfile.c (149753) | authfile.c (162856) |
---|---|
1/* $OpenBSD: authfile.c,v 1.76 2006/08/03 03:34:41 deraadt Exp $ */ |
|
1/* 2 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * All rights reserved 5 * This file contains functions for reading and writing identity files, and 6 * for reading the passphrase from the user. 7 * 8 * As far as I am concerned, the code I have written for this software --- 22 unchanged lines hidden (view full) --- 31 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 32 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 33 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 34 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 35 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 36 */ 37 38#include "includes.h" | 2/* 3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5 * All rights reserved 6 * This file contains functions for reading and writing identity files, and 7 * for reading the passphrase from the user. 8 * 9 * As far as I am concerned, the code I have written for this software --- 22 unchanged lines hidden (view full) --- 32 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 33 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 34 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 35 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 36 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 37 */ 38 39#include "includes.h" |
39RCSID("$OpenBSD: authfile.c,v 1.61 2005/06/17 02:44:32 djm Exp $"); | |
40 | 40 |
41#include <sys/types.h> 42#include <sys/stat.h> 43#include <sys/param.h> 44#include <sys/uio.h> 45 |
|
41#include <openssl/err.h> 42#include <openssl/evp.h> 43#include <openssl/pem.h> 44 | 46#include <openssl/err.h> 47#include <openssl/evp.h> 48#include <openssl/pem.h> 49 |
45#include "cipher.h" | 50#include <errno.h> 51#include <fcntl.h> 52#include <stdarg.h> 53#include <stdio.h> 54#include <stdlib.h> 55#include <string.h> 56#include <unistd.h> 57 |
46#include "xmalloc.h" | 58#include "xmalloc.h" |
59#include "cipher.h" |
|
47#include "buffer.h" | 60#include "buffer.h" |
48#include "bufaux.h" | |
49#include "key.h" 50#include "ssh.h" 51#include "log.h" 52#include "authfile.h" 53#include "rsa.h" 54#include "misc.h" 55#include "atomicio.h" 56 --- 122 unchanged lines hidden (view full) --- 179 return 0; 180 } 181 fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600); 182 if (fd < 0) { 183 error("open %s failed: %s.", filename, strerror(errno)); 184 return 0; 185 } 186 fp = fdopen(fd, "w"); | 61#include "key.h" 62#include "ssh.h" 63#include "log.h" 64#include "authfile.h" 65#include "rsa.h" 66#include "misc.h" 67#include "atomicio.h" 68 --- 122 unchanged lines hidden (view full) --- 191 return 0; 192 } 193 fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600); 194 if (fd < 0) { 195 error("open %s failed: %s.", filename, strerror(errno)); 196 return 0; 197 } 198 fp = fdopen(fd, "w"); |
187 if (fp == NULL ) { | 199 if (fp == NULL) { |
188 error("fdopen %s failed: %s.", filename, strerror(errno)); 189 close(fd); 190 return 0; 191 } 192 switch (key->type) { 193 case KEY_DSA: 194 success = PEM_write_DSAPrivateKey(fp, key->dsa, 195 cipher, passphrase, len, NULL, NULL); --- 10 unchanged lines hidden (view full) --- 206int 207key_save_private(Key *key, const char *filename, const char *passphrase, 208 const char *comment) 209{ 210 switch (key->type) { 211 case KEY_RSA1: 212 return key_save_private_rsa1(key, filename, passphrase, 213 comment); | 200 error("fdopen %s failed: %s.", filename, strerror(errno)); 201 close(fd); 202 return 0; 203 } 204 switch (key->type) { 205 case KEY_DSA: 206 success = PEM_write_DSAPrivateKey(fp, key->dsa, 207 cipher, passphrase, len, NULL, NULL); --- 10 unchanged lines hidden (view full) --- 218int 219key_save_private(Key *key, const char *filename, const char *passphrase, 220 const char *comment) 221{ 222 switch (key->type) { 223 case KEY_RSA1: 224 return key_save_private_rsa1(key, filename, passphrase, 225 comment); |
214 break; | |
215 case KEY_DSA: 216 case KEY_RSA: 217 return key_save_private_pem(key, filename, passphrase, 218 comment); | 226 case KEY_DSA: 227 case KEY_RSA: 228 return key_save_private_pem(key, filename, passphrase, 229 comment); |
219 break; | |
220 default: 221 break; 222 } 223 error("key_save_private: cannot save key type %d", key->type); 224 return 0; 225} 226 227/* --- 274 unchanged lines hidden (view full) --- 502 EVP_PKEY_free(pk); 503 if (prv != NULL && commentp) 504 *commentp = xstrdup(name); 505 debug("read PEM private key done: type %s", 506 prv ? key_type(prv) : "<unknown>"); 507 return prv; 508} 509 | 230 default: 231 break; 232 } 233 error("key_save_private: cannot save key type %d", key->type); 234 return 0; 235} 236 237/* --- 274 unchanged lines hidden (view full) --- 512 EVP_PKEY_free(pk); 513 if (prv != NULL && commentp) 514 *commentp = xstrdup(name); 515 debug("read PEM private key done: type %s", 516 prv ? key_type(prv) : "<unknown>"); 517 return prv; 518} 519 |
510static int | 520int |
511key_perm_ok(int fd, const char *filename) 512{ 513 struct stat st; 514 515 if (fstat(fd, &st) < 0) 516 return 0; 517 /* 518 * if a key owned by the user is accessed, then we check the --- 13 unchanged lines hidden (view full) --- 532 error("This private key will be ignored."); 533 return 0; 534 } 535 return 1; 536} 537 538Key * 539key_load_private_type(int type, const char *filename, const char *passphrase, | 521key_perm_ok(int fd, const char *filename) 522{ 523 struct stat st; 524 525 if (fstat(fd, &st) < 0) 526 return 0; 527 /* 528 * if a key owned by the user is accessed, then we check the --- 13 unchanged lines hidden (view full) --- 542 error("This private key will be ignored."); 543 return 0; 544 } 545 return 1; 546} 547 548Key * 549key_load_private_type(int type, const char *filename, const char *passphrase, |
540 char **commentp) | 550 char **commentp, int *perm_ok) |
541{ 542 int fd; 543 544 fd = open(filename, O_RDONLY); 545 if (fd < 0) 546 return NULL; 547 if (!key_perm_ok(fd, filename)) { | 551{ 552 int fd; 553 554 fd = open(filename, O_RDONLY); 555 if (fd < 0) 556 return NULL; 557 if (!key_perm_ok(fd, filename)) { |
558 if (perm_ok != NULL) 559 *perm_ok = 0; |
|
548 error("bad permissions: ignore key: %s", filename); 549 close(fd); 550 return NULL; 551 } | 560 error("bad permissions: ignore key: %s", filename); 561 close(fd); 562 return NULL; 563 } |
564 if (perm_ok != NULL) 565 *perm_ok = 1; |
|
552 switch (type) { 553 case KEY_RSA1: 554 return key_load_private_rsa1(fd, filename, passphrase, 555 commentp); 556 /* closes fd */ | 566 switch (type) { 567 case KEY_RSA1: 568 return key_load_private_rsa1(fd, filename, passphrase, 569 commentp); 570 /* closes fd */ |
557 break; | |
558 case KEY_DSA: 559 case KEY_RSA: 560 case KEY_UNSPEC: 561 return key_load_private_pem(fd, type, passphrase, commentp); 562 /* closes fd */ | 571 case KEY_DSA: 572 case KEY_RSA: 573 case KEY_UNSPEC: 574 return key_load_private_pem(fd, type, passphrase, commentp); 575 /* closes fd */ |
563 break; | |
564 default: 565 close(fd); 566 break; 567 } 568 return NULL; 569} 570 571Key * --- 96 unchanged lines hidden --- | 576 default: 577 close(fd); 578 break; 579 } 580 return NULL; 581} 582 583Key * --- 96 unchanged lines hidden --- |