version 1.100, 2010/08/31 12:33:38 |
version 1.101, 2011/05/04 21:15:29 |
|
|
char *comment = NULL; |
char *comment = NULL; |
char msg[1024], *certpath; |
char msg[1024], *certpath; |
int fd, perms_ok, ret = -1; |
int fd, perms_ok, ret = -1; |
|
Buffer keyblob; |
|
|
if ((fd = open(filename, O_RDONLY)) < 0) { |
if (strcmp(filename, "-") == 0) { |
|
fd = STDIN_FILENO; |
|
filename = "(stdin)"; |
|
} else if ((fd = open(filename, O_RDONLY)) < 0) { |
perror(filename); |
perror(filename); |
return -1; |
return -1; |
} |
} |
|
|
* Since we'll try to load a keyfile multiple times, permission errors |
* Since we'll try to load a keyfile multiple times, permission errors |
* will occur multiple times, so check perms first and bail if wrong. |
* will occur multiple times, so check perms first and bail if wrong. |
*/ |
*/ |
perms_ok = key_perm_ok(fd, filename); |
if (fd != STDIN_FILENO) { |
close(fd); |
perms_ok = key_perm_ok(fd, filename); |
if (!perms_ok) |
if (!perms_ok) { |
|
close(fd); |
|
return -1; |
|
} |
|
} |
|
buffer_init(&keyblob); |
|
if (!key_load_file(fd, filename, &keyblob)) { |
|
buffer_free(&keyblob); |
|
close(fd); |
return -1; |
return -1; |
|
} |
|
close(fd); |
|
|
/* At first, try empty passphrase */ |
/* At first, try empty passphrase */ |
private = key_load_private(filename, "", &comment); |
private = key_parse_private(&keyblob, filename, "", &comment); |
if (comment == NULL) |
if (comment == NULL) |
comment = xstrdup(filename); |
comment = xstrdup(filename); |
/* try last */ |
/* try last */ |
if (private == NULL && pass != NULL) |
if (private == NULL && pass != NULL) |
private = key_load_private(filename, pass, NULL); |
private = key_parse_private(&keyblob, filename, pass, NULL); |
if (private == NULL) { |
if (private == NULL) { |
/* clear passphrase since it did not work */ |
/* clear passphrase since it did not work */ |
clear_pass(); |
clear_pass(); |
|
|
if (strcmp(pass, "") == 0) { |
if (strcmp(pass, "") == 0) { |
clear_pass(); |
clear_pass(); |
xfree(comment); |
xfree(comment); |
|
buffer_free(&keyblob); |
return -1; |
return -1; |
} |
} |
private = key_load_private(filename, pass, &comment); |
private = key_parse_private(&keyblob, filename, pass, |
|
&comment); |
if (private != NULL) |
if (private != NULL) |
break; |
break; |
clear_pass(); |
clear_pass(); |
|
|
"Bad passphrase, try again for %.200s: ", comment); |
"Bad passphrase, try again for %.200s: ", comment); |
} |
} |
} |
} |
|
buffer_free(&keyblob); |
|
|
if (ssh_add_identity_constrained(ac, private, comment, lifetime, |
if (ssh_add_identity_constrained(ac, private, comment, lifetime, |
confirm)) { |
confirm)) { |