Main Page | Namespace List | Class List | Directories | File List | Class Members | File Members

authfile.c

Go to the documentation of this file.
00001 /*
00002  * Author: Tatu Ylonen <ylo@cs.hut.fi>
00003  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
00004  *                    All rights reserved
00005  * This file contains functions for reading and writing identity files, and
00006  * for reading the passphrase from the user.
00007  *
00008  * As far as I am concerned, the code I have written for this software
00009  * can be used freely for any purpose.  Any derived versions of this
00010  * software must be clearly marked as such, and if the derived work is
00011  * incompatible with the protocol description in the RFC file, it must be
00012  * called by a name other than "ssh" or "Secure Shell".
00013  *
00014  *
00015  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
00016  *
00017  * Redistribution and use in source and binary forms, with or without
00018  * modification, are permitted provided that the following conditions
00019  * are met:
00020  * 1. Redistributions of source code must retain the above copyright
00021  *    notice, this list of conditions and the following disclaimer.
00022  * 2. Redistributions in binary form must reproduce the above copyright
00023  *    notice, this list of conditions and the following disclaimer in the
00024  *    documentation and/or other materials provided with the distribution.
00025  *
00026  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
00027  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
00028  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
00029  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
00030  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
00031  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
00032  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
00033  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
00034  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
00035  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
00036  */
00037 
00038 #include "includes.h"
00039 RCSID("$OpenBSD: authfile.c,v 1.61 2005/06/17 02:44:32 djm Exp $");
00040 
00041 #include <openssl/err.h>
00042 #include <openssl/evp.h>
00043 #include <openssl/pem.h>
00044 
00045 #include "cipher.h"
00046 #include "xmalloc.h"
00047 #include "buffer.h"
00048 #include "bufaux.h"
00049 #include "key.h"
00050 #include "ssh.h"
00051 #include "log.h"
00052 #include "authfile.h"
00053 #include "rsa.h"
00054 #include "misc.h"
00055 #include "atomicio.h"
00056 
00057 /* Version identification string for SSH v1 identity files. */
00058 static const char authfile_id_string[] =
00059     "SSH PRIVATE KEY FILE FORMAT 1.1\n";
00060 
00061 /*
00062  * Saves the authentication (private) key in a file, encrypting it with
00063  * passphrase.  The identification of the file (lowest 64 bits of n) will
00064  * precede the key to provide identification of the key without needing a
00065  * passphrase.
00066  */
00067 
00068 static int
00069 key_save_private_rsa1(Key *key, const char *filename, const char *passphrase,
00070     const char *comment)
00071 {
00072         Buffer buffer, encrypted;
00073         u_char buf[100], *cp;
00074         int fd, i, cipher_num;
00075         CipherContext ciphercontext;
00076         Cipher *cipher;
00077         u_int32_t rnd;
00078 
00079         /*
00080          * If the passphrase is empty, use SSH_CIPHER_NONE to ease converting
00081          * to another cipher; otherwise use SSH_AUTHFILE_CIPHER.
00082          */
00083         cipher_num = (strcmp(passphrase, "") == 0) ?
00084             SSH_CIPHER_NONE : SSH_AUTHFILE_CIPHER;
00085         if ((cipher = cipher_by_number(cipher_num)) == NULL)
00086                 fatal("save_private_key_rsa: bad cipher");
00087 
00088         /* This buffer is used to built the secret part of the private key. */
00089         buffer_init(&buffer);
00090 
00091         /* Put checkbytes for checking passphrase validity. */
00092         rnd = arc4random();
00093         buf[0] = rnd & 0xff;
00094         buf[1] = (rnd >> 8) & 0xff;
00095         buf[2] = buf[0];
00096         buf[3] = buf[1];
00097         buffer_append(&buffer, buf, 4);
00098 
00099         /*
00100          * Store the private key (n and e will not be stored because they
00101          * will be stored in plain text, and storing them also in encrypted
00102          * format would just give known plaintext).
00103          */
00104         buffer_put_bignum(&buffer, key->rsa->d);
00105         buffer_put_bignum(&buffer, key->rsa->iqmp);
00106         buffer_put_bignum(&buffer, key->rsa->q);        /* reverse from SSL p */
00107         buffer_put_bignum(&buffer, key->rsa->p);        /* reverse from SSL q */
00108 
00109         /* Pad the part to be encrypted until its size is a multiple of 8. */
00110         while (buffer_len(&buffer) % 8 != 0)
00111                 buffer_put_char(&buffer, 0);
00112 
00113         /* This buffer will be used to contain the data in the file. */
00114         buffer_init(&encrypted);
00115 
00116         /* First store keyfile id string. */
00117         for (i = 0; authfile_id_string[i]; i++)
00118                 buffer_put_char(&encrypted, authfile_id_string[i]);
00119         buffer_put_char(&encrypted, 0);
00120 
00121         /* Store cipher type. */
00122         buffer_put_char(&encrypted, cipher_num);
00123         buffer_put_int(&encrypted, 0);  /* For future extension */
00124 
00125         /* Store public key.  This will be in plain text. */
00126         buffer_put_int(&encrypted, BN_num_bits(key->rsa->n));
00127         buffer_put_bignum(&encrypted, key->rsa->n);
00128         buffer_put_bignum(&encrypted, key->rsa->e);
00129         buffer_put_cstring(&encrypted, comment);
00130 
00131         /* Allocate space for the private part of the key in the buffer. */
00132         cp = buffer_append_space(&encrypted, buffer_len(&buffer));
00133 
00134         cipher_set_key_string(&ciphercontext, cipher, passphrase,
00135             CIPHER_ENCRYPT);
00136         cipher_crypt(&ciphercontext, cp,
00137             buffer_ptr(&buffer), buffer_len(&buffer));
00138         cipher_cleanup(&ciphercontext);
00139         memset(&ciphercontext, 0, sizeof(ciphercontext));
00140 
00141         /* Destroy temporary data. */
00142         memset(buf, 0, sizeof(buf));
00143         buffer_free(&buffer);
00144 
00145         fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600);
00146         if (fd < 0) {
00147                 error("open %s failed: %s.", filename, strerror(errno));
00148                 buffer_free(&encrypted);
00149                 return 0;
00150         }
00151         if (atomicio(vwrite, fd, buffer_ptr(&encrypted),
00152             buffer_len(&encrypted)) != buffer_len(&encrypted)) {
00153                 error("write to key file %s failed: %s", filename,
00154                     strerror(errno));
00155                 buffer_free(&encrypted);
00156                 close(fd);
00157                 unlink(filename);
00158                 return 0;
00159         }
00160         close(fd);
00161         buffer_free(&encrypted);
00162         return 1;
00163 }
00164 
00165 /* save SSH v2 key in OpenSSL PEM format */
00166 static int
00167 key_save_private_pem(Key *key, const char *filename, const char *_passphrase,
00168     const char *comment)
00169 {
00170         FILE *fp;
00171         int fd;
00172         int success = 0;
00173         int len = strlen(_passphrase);
00174         u_char *passphrase = (len > 0) ? (u_char *)_passphrase : NULL;
00175         const EVP_CIPHER *cipher = (len > 0) ? EVP_des_ede3_cbc() : NULL;
00176 
00177         if (len > 0 && len <= 4) {
00178                 error("passphrase too short: have %d bytes, need > 4", len);
00179                 return 0;
00180         }
00181         fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600);
00182         if (fd < 0) {
00183                 error("open %s failed: %s.", filename, strerror(errno));
00184                 return 0;
00185         }
00186         fp = fdopen(fd, "w");
00187         if (fp == NULL ) {
00188                 error("fdopen %s failed: %s.", filename, strerror(errno));
00189                 close(fd);
00190                 return 0;
00191         }
00192         switch (key->type) {
00193         case KEY_DSA:
00194                 success = PEM_write_DSAPrivateKey(fp, key->dsa,
00195                     cipher, passphrase, len, NULL, NULL);
00196                 break;
00197         case KEY_RSA:
00198                 success = PEM_write_RSAPrivateKey(fp, key->rsa,
00199                     cipher, passphrase, len, NULL, NULL);
00200                 break;
00201         }
00202         fclose(fp);
00203         return success;
00204 }
00205 
00206 int
00207 key_save_private(Key *key, const char *filename, const char *passphrase,
00208     const char *comment)
00209 {
00210         switch (key->type) {
00211         case KEY_RSA1:
00212                 return key_save_private_rsa1(key, filename, passphrase,
00213                     comment);
00214                 break;
00215         case KEY_DSA:
00216         case KEY_RSA:
00217                 return key_save_private_pem(key, filename, passphrase,
00218                     comment);
00219                 break;
00220         default:
00221                 break;
00222         }
00223         error("key_save_private: cannot save key type %d", key->type);
00224         return 0;
00225 }
00226 
00227 /*
00228  * Loads the public part of the ssh v1 key file.  Returns NULL if an error was
00229  * encountered (the file does not exist or is not readable), and the key
00230  * otherwise.
00231  */
00232 
00233 static Key *
00234 key_load_public_rsa1(int fd, const char *filename, char **commentp)
00235 {
00236         Buffer buffer;
00237         Key *pub;
00238         struct stat st;
00239         char *cp;
00240         u_int i;
00241         size_t len;
00242 
00243         if (fstat(fd, &st) < 0) {
00244                 error("fstat for key file %.200s failed: %.100s",
00245                     filename, strerror(errno));
00246                 return NULL;
00247         }
00248         if (st.st_size > 1*1024*1024) {
00249                 error("key file %.200s too large", filename);
00250                 return NULL;
00251         }
00252         len = (size_t)st.st_size;               /* truncated */
00253 
00254         buffer_init(&buffer);
00255         cp = buffer_append_space(&buffer, len);
00256 
00257         if (atomicio(read, fd, cp, len) != len) {
00258                 debug("Read from key file %.200s failed: %.100s", filename,
00259                     strerror(errno));
00260                 buffer_free(&buffer);
00261                 return NULL;
00262         }
00263 
00264         /* Check that it is at least big enough to contain the ID string. */
00265         if (len < sizeof(authfile_id_string)) {
00266                 debug3("Not a RSA1 key file %.200s.", filename);
00267                 buffer_free(&buffer);
00268                 return NULL;
00269         }
00270         /*
00271          * Make sure it begins with the id string.  Consume the id string
00272          * from the buffer.
00273          */
00274         for (i = 0; i < sizeof(authfile_id_string); i++)
00275                 if (buffer_get_char(&buffer) != authfile_id_string[i]) {
00276                         debug3("Not a RSA1 key file %.200s.", filename);
00277                         buffer_free(&buffer);
00278                         return NULL;
00279                 }
00280         /* Skip cipher type and reserved data. */
00281         (void) buffer_get_char(&buffer);        /* cipher type */
00282         (void) buffer_get_int(&buffer);         /* reserved */
00283 
00284         /* Read the public key from the buffer. */
00285         (void) buffer_get_int(&buffer);
00286         pub = key_new(KEY_RSA1);
00287         buffer_get_bignum(&buffer, pub->rsa->n);
00288         buffer_get_bignum(&buffer, pub->rsa->e);
00289         if (commentp)
00290                 *commentp = buffer_get_string(&buffer, NULL);
00291         /* The encrypted private part is not parsed by this function. */
00292 
00293         buffer_free(&buffer);
00294         return pub;
00295 }
00296 
00297 /* load public key from private-key file, works only for SSH v1 */
00298 Key *
00299 key_load_public_type(int type, const char *filename, char **commentp)
00300 {
00301         Key *pub;
00302         int fd;
00303 
00304         if (type == KEY_RSA1) {
00305                 fd = open(filename, O_RDONLY);
00306                 if (fd < 0)
00307                         return NULL;
00308                 pub = key_load_public_rsa1(fd, filename, commentp);
00309                 close(fd);
00310                 return pub;
00311         }
00312         return NULL;
00313 }
00314 
00315 /*
00316  * Loads the private key from the file.  Returns 0 if an error is encountered
00317  * (file does not exist or is not readable, or passphrase is bad). This
00318  * initializes the private key.
00319  * Assumes we are called under uid of the owner of the file.
00320  */
00321 
00322 static Key *
00323 key_load_private_rsa1(int fd, const char *filename, const char *passphrase,
00324     char **commentp)
00325 {
00326         u_int i;
00327         int check1, check2, cipher_type;
00328         size_t len;
00329         Buffer buffer, decrypted;
00330         u_char *cp;
00331         CipherContext ciphercontext;
00332         Cipher *cipher;
00333         Key *prv = NULL;
00334         struct stat st;
00335 
00336         if (fstat(fd, &st) < 0) {
00337                 error("fstat for key file %.200s failed: %.100s",
00338                     filename, strerror(errno));
00339                 close(fd);
00340                 return NULL;
00341         }
00342         if (st.st_size > 1*1024*1024) {
00343                 error("key file %.200s too large", filename);
00344                 close(fd);
00345                 return (NULL);
00346         }
00347         len = (size_t)st.st_size;               /* truncated */
00348 
00349         buffer_init(&buffer);
00350         cp = buffer_append_space(&buffer, len);
00351 
00352         if (atomicio(read, fd, cp, len) != len) {
00353                 debug("Read from key file %.200s failed: %.100s", filename,
00354                     strerror(errno));
00355                 buffer_free(&buffer);
00356                 close(fd);
00357                 return NULL;
00358         }
00359 
00360         /* Check that it is at least big enough to contain the ID string. */
00361         if (len < sizeof(authfile_id_string)) {
00362                 debug3("Not a RSA1 key file %.200s.", filename);
00363                 buffer_free(&buffer);
00364                 close(fd);
00365                 return NULL;
00366         }
00367         /*
00368          * Make sure it begins with the id string.  Consume the id string
00369          * from the buffer.
00370          */
00371         for (i = 0; i < sizeof(authfile_id_string); i++)
00372                 if (buffer_get_char(&buffer) != authfile_id_string[i]) {
00373                         debug3("Not a RSA1 key file %.200s.", filename);
00374                         buffer_free(&buffer);
00375                         close(fd);
00376                         return NULL;
00377                 }
00378 
00379         /* Read cipher type. */
00380         cipher_type = buffer_get_char(&buffer);
00381         (void) buffer_get_int(&buffer); /* Reserved data. */
00382 
00383         /* Read the public key from the buffer. */
00384         (void) buffer_get_int(&buffer);
00385         prv = key_new_private(KEY_RSA1);
00386 
00387         buffer_get_bignum(&buffer, prv->rsa->n);
00388         buffer_get_bignum(&buffer, prv->rsa->e);
00389         if (commentp)
00390                 *commentp = buffer_get_string(&buffer, NULL);
00391         else
00392                 xfree(buffer_get_string(&buffer, NULL));
00393 
00394         /* Check that it is a supported cipher. */
00395         cipher = cipher_by_number(cipher_type);
00396         if (cipher == NULL) {
00397                 debug("Unsupported cipher %d used in key file %.200s.",
00398                     cipher_type, filename);
00399                 buffer_free(&buffer);
00400                 goto fail;
00401         }
00402         /* Initialize space for decrypted data. */
00403         buffer_init(&decrypted);
00404         cp = buffer_append_space(&decrypted, buffer_len(&buffer));
00405 
00406         /* Rest of the buffer is encrypted.  Decrypt it using the passphrase. */
00407         cipher_set_key_string(&ciphercontext, cipher, passphrase,
00408             CIPHER_DECRYPT);
00409         cipher_crypt(&ciphercontext, cp,
00410             buffer_ptr(&buffer), buffer_len(&buffer));
00411         cipher_cleanup(&ciphercontext);
00412         memset(&ciphercontext, 0, sizeof(ciphercontext));
00413         buffer_free(&buffer);
00414 
00415         check1 = buffer_get_char(&decrypted);
00416         check2 = buffer_get_char(&decrypted);
00417         if (check1 != buffer_get_char(&decrypted) ||
00418             check2 != buffer_get_char(&decrypted)) {
00419                 if (strcmp(passphrase, "") != 0)
00420                         debug("Bad passphrase supplied for key file %.200s.",
00421                             filename);
00422                 /* Bad passphrase. */
00423                 buffer_free(&decrypted);
00424                 goto fail;
00425         }
00426         /* Read the rest of the private key. */
00427         buffer_get_bignum(&decrypted, prv->rsa->d);
00428         buffer_get_bignum(&decrypted, prv->rsa->iqmp);          /* u */
00429         /* in SSL and SSH v1 p and q are exchanged */
00430         buffer_get_bignum(&decrypted, prv->rsa->q);             /* p */
00431         buffer_get_bignum(&decrypted, prv->rsa->p);             /* q */
00432 
00433         /* calculate p-1 and q-1 */
00434         rsa_generate_additional_parameters(prv->rsa);
00435 
00436         buffer_free(&decrypted);
00437 
00438         /* enable blinding */
00439         if (RSA_blinding_on(prv->rsa, NULL) != 1) {
00440                 error("key_load_private_rsa1: RSA_blinding_on failed");
00441                 goto fail;
00442         }
00443         close(fd);
00444         return prv;
00445 
00446 fail:
00447         if (commentp)
00448                 xfree(*commentp);
00449         close(fd);
00450         key_free(prv);
00451         return NULL;
00452 }
00453 
00454 Key *
00455 key_load_private_pem(int fd, int type, const char *passphrase,
00456     char **commentp)
00457 {
00458         FILE *fp;
00459         EVP_PKEY *pk = NULL;
00460         Key *prv = NULL;
00461         char *name = "<no key>";
00462 
00463         fp = fdopen(fd, "r");
00464         if (fp == NULL) {
00465                 error("fdopen failed: %s", strerror(errno));
00466                 close(fd);
00467                 return NULL;
00468         }
00469         pk = PEM_read_PrivateKey(fp, NULL, NULL, (char *)passphrase);
00470         if (pk == NULL) {
00471                 debug("PEM_read_PrivateKey failed");
00472                 (void)ERR_get_error();
00473         } else if (pk->type == EVP_PKEY_RSA &&
00474             (type == KEY_UNSPEC||type==KEY_RSA)) {
00475                 prv = key_new(KEY_UNSPEC);
00476                 prv->rsa = EVP_PKEY_get1_RSA(pk);
00477                 prv->type = KEY_RSA;
00478                 name = "rsa w/o comment";
00479 #ifdef DEBUG_PK
00480                 RSA_print_fp(stderr, prv->rsa, 8);
00481 #endif
00482                 if (RSA_blinding_on(prv->rsa, NULL) != 1) {
00483                         error("key_load_private_pem: RSA_blinding_on failed");
00484                         key_free(prv);
00485                         prv = NULL;
00486                 }
00487         } else if (pk->type == EVP_PKEY_DSA &&
00488             (type == KEY_UNSPEC||type==KEY_DSA)) {
00489                 prv = key_new(KEY_UNSPEC);
00490                 prv->dsa = EVP_PKEY_get1_DSA(pk);
00491                 prv->type = KEY_DSA;
00492                 name = "dsa w/o comment";
00493 #ifdef DEBUG_PK
00494                 DSA_print_fp(stderr, prv->dsa, 8);
00495 #endif
00496         } else {
00497                 error("PEM_read_PrivateKey: mismatch or "
00498                     "unknown EVP_PKEY save_type %d", pk->save_type);
00499         }
00500         fclose(fp);
00501         if (pk != NULL)
00502                 EVP_PKEY_free(pk);
00503         if (prv != NULL && commentp)
00504                 *commentp = xstrdup(name);
00505         debug("read PEM private key done: type %s",
00506             prv ? key_type(prv) : "<unknown>");
00507         return prv;
00508 }
00509 
00510 static int
00511 key_perm_ok(int fd, const char *filename)
00512 {
00513         struct stat st;
00514 
00515         if (fstat(fd, &st) < 0)
00516                 return 0;
00517         /*
00518          * if a key owned by the user is accessed, then we check the
00519          * permissions of the file. if the key owned by a different user,
00520          * then we don't care.
00521          */
00522 #ifdef HAVE_CYGWIN
00523         if (check_ntsec(filename))
00524 #endif
00525         if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) {
00526                 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
00527                 error("@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @");
00528                 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
00529                 error("Permissions 0%3.3o for '%s' are too open.",
00530                     (u_int)st.st_mode & 0777, filename);
00531                 error("It is recommended that your private key files are NOT accessible by others.");
00532                 error("This private key will be ignored.");
00533                 return 0;
00534         }
00535         return 1;
00536 }
00537 
00538 Key *
00539 key_load_private_type(int type, const char *filename, const char *passphrase,
00540     char **commentp)
00541 {
00542         int fd;
00543 
00544         fd = open(filename, O_RDONLY);
00545         if (fd < 0)
00546                 return NULL;
00547         if (!key_perm_ok(fd, filename)) {
00548                 error("bad permissions: ignore key: %s", filename);
00549                 close(fd);
00550                 return NULL;
00551         }
00552         switch (type) {
00553         case KEY_RSA1:
00554                 return key_load_private_rsa1(fd, filename, passphrase,
00555                     commentp);
00556                 /* closes fd */
00557                 break;
00558         case KEY_DSA:
00559         case KEY_RSA:
00560         case KEY_UNSPEC:
00561                 return key_load_private_pem(fd, type, passphrase, commentp);
00562                 /* closes fd */
00563                 break;
00564         default:
00565                 close(fd);
00566                 break;
00567         }
00568         return NULL;
00569 }
00570 
00571 Key *
00572 key_load_private(const char *filename, const char *passphrase,
00573     char **commentp)
00574 {
00575         Key *pub, *prv;
00576         int fd;
00577 
00578         fd = open(filename, O_RDONLY);
00579         if (fd < 0)
00580                 return NULL;
00581         if (!key_perm_ok(fd, filename)) {
00582                 error("bad permissions: ignore key: %s", filename);
00583                 close(fd);
00584                 return NULL;
00585         }
00586         pub = key_load_public_rsa1(fd, filename, commentp);
00587         lseek(fd, (off_t) 0, SEEK_SET);         /* rewind */
00588         if (pub == NULL) {
00589                 /* closes fd */
00590                 prv = key_load_private_pem(fd, KEY_UNSPEC, passphrase, NULL);
00591                 /* use the filename as a comment for PEM */
00592                 if (commentp && prv)
00593                         *commentp = xstrdup(filename);
00594         } else {
00595                 /* it's a SSH v1 key if the public key part is readable */
00596                 key_free(pub);
00597                 /* closes fd */
00598                 prv = key_load_private_rsa1(fd, filename, passphrase, NULL);
00599         }
00600         return prv;
00601 }
00602 
00603 static int
00604 key_try_load_public(Key *k, const char *filename, char **commentp)
00605 {
00606         FILE *f;
00607         char line[SSH_MAX_PUBKEY_BYTES];
00608         char *cp;
00609         u_long linenum = 0;
00610 
00611         f = fopen(filename, "r");
00612         if (f != NULL) {
00613                 while (read_keyfile_line(f, filename, line, sizeof(line),
00614                             &linenum) != -1) {
00615                         cp = line;
00616                         switch (*cp) {
00617                         case '#':
00618                         case '\n':
00619                         case '\0':
00620                                 continue;
00621                         }
00622                         /* Skip leading whitespace. */
00623                         for (; *cp && (*cp == ' ' || *cp == '\t'); cp++)
00624                                 ;
00625                         if (*cp) {
00626                                 if (key_read(k, &cp) == 1) {
00627                                         if (commentp)
00628                                                 *commentp=xstrdup(filename);
00629                                         fclose(f);
00630                                         return 1;
00631                                 }
00632                         }
00633                 }
00634                 fclose(f);
00635         }
00636         return 0;
00637 }
00638 
00639 /* load public key from ssh v1 private or any pubkey file */
00640 Key *
00641 key_load_public(const char *filename, char **commentp)
00642 {
00643         Key *pub;
00644         char file[MAXPATHLEN];
00645 
00646         /* try rsa1 private key */
00647         pub = key_load_public_type(KEY_RSA1, filename, commentp);
00648         if (pub != NULL)
00649                 return pub;
00650 
00651         /* try rsa1 public key */
00652         pub = key_new(KEY_RSA1);
00653         if (key_try_load_public(pub, filename, commentp) == 1)
00654                 return pub;
00655         key_free(pub);
00656 
00657         /* try ssh2 public key */
00658         pub = key_new(KEY_UNSPEC);
00659         if (key_try_load_public(pub, filename, commentp) == 1)
00660                 return pub;
00661         if ((strlcpy(file, filename, sizeof file) < sizeof(file)) &&
00662             (strlcat(file, ".pub", sizeof file) < sizeof(file)) &&
00663             (key_try_load_public(pub, file, commentp) == 1))
00664                 return pub;
00665         key_free(pub);
00666         return NULL;
00667 }
© sourcejam.com 2005-2008