[sshconnect1.c]
     consistent with ssh2: skip key if empty passphrase is entered,
     retry num_of_passwd_prompt times if passphrase is wrong. ok fgsch@
This commit is contained in:
Ben Lindstrom 2001-06-25 05:16:02 +00:00
parent 980978639c
commit 0520945179
2 changed files with 41 additions and 38 deletions

View File

@ -88,6 +88,10 @@
- markus@cvs.openbsd.org 2001/06/23 19:12:43
[sshd.c]
pidfile/sigterm race; bbraun@synack.net
- markus@cvs.openbsd.org 2001/06/23 22:37:46
[sshconnect1.c]
consistent with ssh2: skip key if empty passphrase is entered,
retry num_of_passwd_prompt times if passphrase is wrong. ok fgsch@
20010622
- (stevesk) handle systems without pw_expire and pw_change.
@ -5772,4 +5776,4 @@
- Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1
$Id: ChangeLog,v 1.1318 2001/06/25 05:10:20 mouring Exp $
$Id: ChangeLog,v 1.1319 2001/06/25 05:16:02 mouring Exp $

View File

@ -13,7 +13,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: sshconnect1.c,v 1.35 2001/06/23 15:12:21 itojun Exp $");
RCSID("$OpenBSD: sshconnect1.c,v 1.36 2001/06/23 22:37:46 markus Exp $");
#include <openssl/bn.h>
#include <openssl/evp.h>
@ -204,11 +204,9 @@ static int
try_rsa_authentication(const char *authfile)
{
BIGNUM *challenge;
Key *public;
Key *private;
char *passphrase, *comment;
int type, i;
int plen, clen;
Key *public, *private;
char buf[300], *passphrase, *comment;
int i, type, quit, plen, clen;
/* Try to load identification for the authentication key. */
/* XXKEYLOAD */
@ -257,23 +255,31 @@ try_rsa_authentication(const char *authfile)
* fails, ask for a passphrase.
*/
private = key_load_private_type(KEY_RSA1, authfile, "", NULL);
if (private == NULL) {
char buf[300];
snprintf(buf, sizeof buf, "Enter passphrase for RSA key '%.100s': ",
comment);
if (!options.batch_mode)
if (private == NULL && !options.batch_mode) {
snprintf(buf, sizeof(buf),
"Enter passphrase for RSA key '%.100s': ", comment);
for (i = 0; i < options.number_of_password_prompts; i++) {
passphrase = read_passphrase(buf, 0);
else {
debug("Will not query passphrase for %.100s in batch mode.",
comment);
passphrase = xstrdup("");
if (strcmp(passphrase, "") != 0) {
private = key_load_private_type(KEY_RSA1,
authfile, passphrase, NULL);
quit = 0;
} else {
debug2("no passphrase given, try next key");
quit = 1;
}
/* Load the authentication file using the pasphrase. */
private = key_load_private_type(KEY_RSA1, authfile, passphrase, NULL);
if (private == NULL) {
memset(passphrase, 0, strlen(passphrase));
xfree(passphrase);
if (private != NULL || quit)
break;
debug2("bad passphrase given, try again...");
}
}
/* We no longer need the comment. */
xfree(comment);
if (private == NULL) {
if (!options.batch_mode)
error("Bad passphrase.");
/* Send a dummy response packet to avoid protocol error. */
@ -285,16 +291,9 @@ try_rsa_authentication(const char *authfile)
/* Expect the server to reject it... */
packet_read_expect(&plen, SSH_SMSG_FAILURE);
xfree(comment);
BN_clear_free(challenge);
return 0;
}
/* Destroy the passphrase. */
memset(passphrase, 0, strlen(passphrase));
xfree(passphrase);
}
/* We no longer need the comment. */
xfree(comment);
/* Compute and send a response to the challenge. */
respond_to_rsa_challenge(challenge, private->rsa);