version 1.20.2.4, 2001/05/07 21:09:26 |
version 1.20.2.5, 2001/09/27 00:15:41 |
|
|
* passphrase. |
* passphrase. |
*/ |
*/ |
|
|
int |
static int |
key_save_private_rsa1(Key *key, const char *filename, const char *passphrase, |
key_save_private_rsa1(Key *key, const char *filename, const char *passphrase, |
const char *comment) |
const char *comment) |
{ |
{ |
|
|
buffer_put_int(&encrypted, BN_num_bits(key->rsa->n)); |
buffer_put_int(&encrypted, BN_num_bits(key->rsa->n)); |
buffer_put_bignum(&encrypted, key->rsa->n); |
buffer_put_bignum(&encrypted, key->rsa->n); |
buffer_put_bignum(&encrypted, key->rsa->e); |
buffer_put_bignum(&encrypted, key->rsa->e); |
buffer_put_string(&encrypted, comment, strlen(comment)); |
buffer_put_cstring(&encrypted, comment); |
|
|
/* Allocate space for the private part of the key in the buffer. */ |
/* Allocate space for the private part of the key in the buffer. */ |
buffer_append_space(&encrypted, &cp, buffer_len(&buffer)); |
buffer_append_space(&encrypted, &cp, buffer_len(&buffer)); |
|
|
} |
} |
|
|
/* save SSH v2 key in OpenSSL PEM format */ |
/* save SSH v2 key in OpenSSL PEM format */ |
int |
static int |
key_save_private_pem(Key *key, const char *filename, const char *_passphrase, |
key_save_private_pem(Key *key, const char *filename, const char *_passphrase, |
const char *comment) |
const char *comment) |
{ |
{ |
|
|
* otherwise. |
* otherwise. |
*/ |
*/ |
|
|
Key * |
static Key * |
key_load_public_rsa1(int fd, const char *filename, char **commentp) |
key_load_public_rsa1(int fd, const char *filename, char **commentp) |
{ |
{ |
Buffer buffer; |
Buffer buffer; |
|
|
* Assumes we are called under uid of the owner of the file. |
* Assumes we are called under uid of the owner of the file. |
*/ |
*/ |
|
|
Key * |
static Key * |
key_load_private_rsa1(int fd, const char *filename, const char *passphrase, |
key_load_private_rsa1(int fd, const char *filename, const char *passphrase, |
char **commentp) |
char **commentp) |
{ |
{ |
|
|
return NULL; |
return NULL; |
} |
} |
|
|
Key * |
static Key * |
key_load_private_pem(int fd, int type, const char *passphrase, |
key_load_private_pem(int fd, int type, const char *passphrase, |
char **commentp) |
char **commentp) |
{ |
{ |
|
|
return prv; |
return prv; |
} |
} |
|
|
int |
static int |
key_perm_ok(int fd, const char *filename) |
key_perm_ok(int fd, const char *filename) |
{ |
{ |
struct stat st; |
struct stat st; |
|
|
/* check owner and modes */ |
if (fstat(fd, &st) < 0) |
if (fstat(fd, &st) < 0 || |
return 0; |
(st.st_uid != 0 && getuid() != 0 && st.st_uid != getuid()) || |
/* |
(st.st_mode & 077) != 0) { |
* if a key owned by the user is accessed, then we check the |
close(fd); |
* permissions of the file. if the key owned by a different user, |
|
* then we don't care. |
|
*/ |
|
if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) { |
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); |
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); |
error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @"); |
error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @"); |
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); |
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); |
error("Bad ownership or mode(0%3.3o) for '%s'.", |
error("Permissions 0%3.3o for '%s' are too open.", |
st.st_mode & 0777, filename); |
st.st_mode & 0777, filename); |
error("It is recommended that your private key files are NOT accessible by others."); |
error("It is recommended that your private key files are NOT accessible by others."); |
error("This private key will be ignored."); |
error("This private key will be ignored."); |
|
|
key_load_private(const char *filename, const char *passphrase, |
key_load_private(const char *filename, const char *passphrase, |
char **commentp) |
char **commentp) |
{ |
{ |
Key *pub; |
Key *pub, *prv; |
int fd; |
int fd; |
|
|
fd = open(filename, O_RDONLY); |
fd = open(filename, O_RDONLY); |
|
|
lseek(fd, (off_t) 0, SEEK_SET); /* rewind */ |
lseek(fd, (off_t) 0, SEEK_SET); /* rewind */ |
if (pub == NULL) { |
if (pub == NULL) { |
/* closes fd */ |
/* closes fd */ |
return key_load_private_pem(fd, KEY_UNSPEC, passphrase, NULL); |
prv = key_load_private_pem(fd, KEY_UNSPEC, passphrase, NULL); |
|
/* use the filename as a comment for PEM */ |
|
if (commentp && prv) |
|
*commentp = xstrdup(filename); |
} else { |
} else { |
/* it's a SSH v1 key if the public key part is readable */ |
/* it's a SSH v1 key if the public key part is readable */ |
key_free(pub); |
key_free(pub); |
/* closes fd */ |
/* closes fd */ |
return key_load_private_rsa1(fd, filename, passphrase, NULL); |
prv = key_load_private_rsa1(fd, filename, passphrase, NULL); |
} |
} |
|
return prv; |
} |
} |
|
|
int |
static int |
key_try_load_public(Key *k, const char *filename, char **commentp) |
key_try_load_public(Key *k, const char *filename, char **commentp) |
{ |
{ |
FILE *f; |
FILE *f; |