search for: ask_filenam

...rsion: 6.2p1 Hardware: All OS: FreeBSD Status: NEW Severity: minor Priority: P5 Component: ssh-keygen Assignee: unassigned-bugs at mindrot.org Reporter: arthurmesh at gmail.com Line 1304 seems incorrect. Call to ask_filename() doesn't modify fname, and hence is of no use. 1293 /* 1294 * Print the SSHFP RR. 1295 */ 1296 static int 1297 do_print_resource_record(struct passwd *pw, char *fname, char *hname) 1298 { 1299 Key *public; 1300 char *comment = NULL; 1301 struct stat st; 1302 1303...

...en.c --- openssh-2.2.0p1-/ssh-keygen.c Wed Aug 23 02:46:24 2000 +++ openssh-2.2.0p1/ssh-keygen.c Sun Oct 29 16:44:50 2000 @@ -68,7 +68,7 @@ static const char *__progname = "ssh-keygen"; #endif /* HAVE___PROGNAME */ -char hostname[MAXHOSTNAMELEN]; +char *hostname; void ask_filename(struct passwd *pw, const char *prompt) @@ -525,10 +525,24 @@ printf("You don't exist, go away!\n"); exit(1); } - if (gethostname(hostname, sizeof(hostname)) < 0) { - perror("gethostname"); - exit(1...

...an issue in this code. Turns out there was a trailing blank in > my host key file name. I'll look at ssh-keygen.c and see if I can rectify that. Is there a particular reason to allow leading/trailing blanks in the key file name? If there is no such reason, then buf should be trimmed in ask_filename(), around line 250 (OpenSSH 6.6p1). ScottN

...+ r = sshkey_load_private_type(KEY_UNSPEC, identity_file, + old_passphrase, &private, &comment); explicit_bzero(old_passphrase, strlen(old_passphrase)); free(old_passphrase); if (r != 0) @@ -1461,7 +1463,7 @@ do_change_comment(struct passwd *pw, const char *identity_comment) ask_filename(pw, "Enter file in which the key is"); if (stat(identity_file, &st) == -1) fatal("%s: %s", identity_file, strerror(errno)); - if ((r = sshkey_load_private(identity_file, "", + if ((r = sshkey_load_private_type(KEY_UNSPEC, identity_file, "", &a...

...endif -#ifdef WITH_OPENSSL -# define DEFAULT_KEY_TYPE_NAME "rsa" -#else -# define DEFAULT_KEY_TYPE_NAME "ed25519" -#endif +#define DEFAULT_KEY_TYPE_NAME "ed25519" /* * Default number of bits in the RSA, DSA and ECDSA keys. These value can be @@ -252,7 +248,7 @@ ask_filename(struct passwd *pw, const ch char *name = NULL; if (key_type_name == NULL) - name = _PATH_SSH_CLIENT_ID_RSA; + name = _PATH_SSH_CLIENT_ID_ED25519; else { switch (sshkey_type_from_name(key_type_name)) { case KEY_DSA_CERT:

...{ + *blobp = xmalloc(len); + memcpy(*blobp, pb, len); + } + memset(pb, 0, len); + buffer_free(&b); + return len; +} + static void do_convert_to_ssh2(struct passwd *pw) { @@ -161,6 +258,7 @@ u_int len; u_char *blob; struct stat st; + int private = 0; if (!have_identity) ask_filename(pw, "Enter file in which the key is"); @@ -168,27 +266,39 @@ perror(identity_file); exit(1); } - if ((k = key_load_public(identity_file, NULL)) == NULL) { + k = key_new(KEY_UNSPEC); + if (key_try_load_public(k, identity_file, NULL) != 1) { if ((k = load_identity(identity_f...

Hi, I don't see any way to view the details of a certificate once it is generated. Having such a capability would be very handy for debugging purposes to check what constraints, principals, and validity interval are associated with a given cert. -- Iain Morgan

...ot; #ifdef SMARTCARD #include "scard.h" @@ -78,6 +81,13 @@ char hostname[MAXHOSTNAMELEN]; +/* + * General data structure for command line options and options configurable + * in configuration files. See readconf.h. + */ +Options options; +uid_t original_real_uid; + static void ask_filename(struct passwd *pw, const char *prompt) { @@ -103,7 +113,28 @@ break; } - snprintf(identity_file, sizeof(identity_file), "%s/%s", pw->pw_dir, name); + + if(options.num_identity_files > 0) { + char *file=NULL; + char *p=strrchr(name,'/'); + if(p) file = p+1;...

...+27,7 @@ #include "pathnames.h" #include "log.h" #include "readpass.h" +#include "xgethostname.h" #ifdef SMARTCARD #include <sectok.h> @@ -82,7 +83,7 @@ char *__progname; #endif -char hostname[MAXHOSTNAMELEN]; +char *hostname; static void ask_filename(struct passwd *pw, const char *prompt) @@ -860,7 +861,7 @@ printf("You don't exist, go away!\n"); exit(1); } - if (gethostname(hostname, sizeof(hostname)) < 0) { + if (!(hostname = xgethostname())) { perror("gethostname"); exit(1); } diff -urN openssh-3.1...

...#include "misc.h" +#include "readconf.h" #ifdef SMARTCARD #include "scard.h" @@ -84,6 +86,11 @@ int gen_candidates(FILE *, int, int, BIGNUM *); int prime_test(FILE *, FILE *, u_int32_t, u_int32_t); +Options options; + +uid_t original_real_uid; + + static void ask_filename(struct passwd *pw, const char *prompt) { @@ -788,7 +795,7 @@ main(int ac, char **av) { char dotsshdir[MAXPATHLEN], comment[1024], *passphrase1, *passphrase2; - char out_file[MAXPATHLEN], *reader_id = NULL; + char out_file[MAXPATHLEN], *reader_id = NULL, buf[256]; char *resource_record_hostn...

...mt}" "${comment}" "${secret}" "${rounds}" +?? ??? ??? ??? ?rm -f $OBJ/$t-key* +?? ??? ??? ?done +?? ??? ?done +?? ?done +done diff --git a/ssh-keygen.c b/ssh-keygen.c index d50ca5f28c51..6dd17c48be5e 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -310,7 +310,7 @@ ask_filename(struct passwd *pw, const char *prompt) ?} ? ?static struct sshkey * -load_identity(const char *filename, char **commentp) +load_identity(const char *filename, char **commentp, struct sshkey_vault **vault_infop) ?{ ??? ?char *pass; ??? ?struct sshkey *prv; @@ -318,7 +318,9 @@ load_identity(const ch...

...(struct passwd *pw) +{ + struct stat st; + u_char ca_name[128], ca_id[128], ca_opts[512]; + u_char dat[8192], sig[8192], key_fn[1024], cert_fn[1024]; + unsigned long valid_from, valid_to; + u_int slen; + Key *ca_key, *host_key; + char *ca_fp, *host_fp; + FILE *f; + int i; + + if (!have_identity) + ask_filename(pw, "Enter file in which the CA key is"); + if (stat(identity_file, &st) < 0) { + perror(identity_file); + exit(1); + } + ca_key = load_identity(identity_file); + if (ca_key == NULL) { + error("load failed"); + exit(1); + } + if (ca_key->type != KEY_RSA || ca_key-...