| version 1.20.2.4, 2001/05/07 21:09:26 |
version 1.20.2.5, 2001/09/27 00:15:41 |
|
|
| * passphrase. |
* passphrase. |
| */ |
*/ |
| |
|
| int |
static int |
| key_save_private_rsa1(Key *key, const char *filename, const char *passphrase, |
key_save_private_rsa1(Key *key, const char *filename, const char *passphrase, |
| const char *comment) |
const char *comment) |
| { |
{ |
|
|
| buffer_put_int(&encrypted, BN_num_bits(key->rsa->n)); |
buffer_put_int(&encrypted, BN_num_bits(key->rsa->n)); |
| buffer_put_bignum(&encrypted, key->rsa->n); |
buffer_put_bignum(&encrypted, key->rsa->n); |
| buffer_put_bignum(&encrypted, key->rsa->e); |
buffer_put_bignum(&encrypted, key->rsa->e); |
| buffer_put_string(&encrypted, comment, strlen(comment)); |
buffer_put_cstring(&encrypted, comment); |
| |
|
| /* Allocate space for the private part of the key in the buffer. */ |
/* Allocate space for the private part of the key in the buffer. */ |
| buffer_append_space(&encrypted, &cp, buffer_len(&buffer)); |
buffer_append_space(&encrypted, &cp, buffer_len(&buffer)); |
|
|
| } |
} |
| |
|
| /* save SSH v2 key in OpenSSL PEM format */ |
/* save SSH v2 key in OpenSSL PEM format */ |
| int |
static int |
| key_save_private_pem(Key *key, const char *filename, const char *_passphrase, |
key_save_private_pem(Key *key, const char *filename, const char *_passphrase, |
| const char *comment) |
const char *comment) |
| { |
{ |
|
|
| * otherwise. |
* otherwise. |
| */ |
*/ |
| |
|
| Key * |
static Key * |
| key_load_public_rsa1(int fd, const char *filename, char **commentp) |
key_load_public_rsa1(int fd, const char *filename, char **commentp) |
| { |
{ |
| Buffer buffer; |
Buffer buffer; |
|
|
| * Assumes we are called under uid of the owner of the file. |
* Assumes we are called under uid of the owner of the file. |
| */ |
*/ |
| |
|
| Key * |
static Key * |
| key_load_private_rsa1(int fd, const char *filename, const char *passphrase, |
key_load_private_rsa1(int fd, const char *filename, const char *passphrase, |
| char **commentp) |
char **commentp) |
| { |
{ |
|
|
| return NULL; |
return NULL; |
| } |
} |
| |
|
| Key * |
static Key * |
| key_load_private_pem(int fd, int type, const char *passphrase, |
key_load_private_pem(int fd, int type, const char *passphrase, |
| char **commentp) |
char **commentp) |
| { |
{ |
|
|
| return prv; |
return prv; |
| } |
} |
| |
|
| int |
static int |
| key_perm_ok(int fd, const char *filename) |
key_perm_ok(int fd, const char *filename) |
| { |
{ |
| struct stat st; |
struct stat st; |
| |
|
| /* check owner and modes */ |
if (fstat(fd, &st) < 0) |
| if (fstat(fd, &st) < 0 || |
return 0; |
| (st.st_uid != 0 && getuid() != 0 && st.st_uid != getuid()) || |
/* |
| (st.st_mode & 077) != 0) { |
* if a key owned by the user is accessed, then we check the |
| close(fd); |
* permissions of the file. if the key owned by a different user, |
| |
* then we don't care. |
| |
*/ |
| |
if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) { |
| error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); |
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); |
| error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @"); |
error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @"); |
| error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); |
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); |
| error("Bad ownership or mode(0%3.3o) for '%s'.", |
error("Permissions 0%3.3o for '%s' are too open.", |
| st.st_mode & 0777, filename); |
st.st_mode & 0777, filename); |
| error("It is recommended that your private key files are NOT accessible by others."); |
error("It is recommended that your private key files are NOT accessible by others."); |
| error("This private key will be ignored."); |
error("This private key will be ignored."); |
|
|
| key_load_private(const char *filename, const char *passphrase, |
key_load_private(const char *filename, const char *passphrase, |
| char **commentp) |
char **commentp) |
| { |
{ |
| Key *pub; |
Key *pub, *prv; |
| int fd; |
int fd; |
| |
|
| fd = open(filename, O_RDONLY); |
fd = open(filename, O_RDONLY); |
|
|
| lseek(fd, (off_t) 0, SEEK_SET); /* rewind */ |
lseek(fd, (off_t) 0, SEEK_SET); /* rewind */ |
| if (pub == NULL) { |
if (pub == NULL) { |
| /* closes fd */ |
/* closes fd */ |
| return key_load_private_pem(fd, KEY_UNSPEC, passphrase, NULL); |
prv = key_load_private_pem(fd, KEY_UNSPEC, passphrase, NULL); |
| |
/* use the filename as a comment for PEM */ |
| |
if (commentp && prv) |
| |
*commentp = xstrdup(filename); |
| } else { |
} else { |
| /* it's a SSH v1 key if the public key part is readable */ |
/* it's a SSH v1 key if the public key part is readable */ |
| key_free(pub); |
key_free(pub); |
| /* closes fd */ |
/* closes fd */ |
| return key_load_private_rsa1(fd, filename, passphrase, NULL); |
prv = key_load_private_rsa1(fd, filename, passphrase, NULL); |
| } |
} |
| |
return prv; |
| } |
} |
| |
|
| int |
static int |
| key_try_load_public(Key *k, const char *filename, char **commentp) |
key_try_load_public(Key *k, const char *filename, char **commentp) |
| { |
{ |
| FILE *f; |
FILE *f; |
![[BACK]](/icons/back.gif){kind=icon}
Return to authfile.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh