search for: identity_key

...f_len); xfree(x1_proof); xfree(x2_proof); -------------- next part -------------- --- ssh.c.orig 2012-12-19 17:30:53.992528775 -0800 +++ ssh.c 2012-12-19 17:32:16.421511581 -0800 @@ -1509,8 +1509,8 @@ #endif /* PKCS11 */ n_ids = 0; - bzero(identity_files, sizeof(identity_files)); - bzero(identity_keys, sizeof(identity_keys)); + memset(identity_files, 0, sizeof(identity_files)); + memset(identity_keys, 0, sizeof(identity_keys)); #ifdef ENABLE_PKCS11 if (options.pkcs11_provider != NULL && @@ -1584,9 +1584,9 @@ memcpy(options.identity_files, identity_files, sizeof(identi...

...memset() calls. The patch file is below in (diff -u) format: --- ssh.c.orig 2012-12-19 17:30:53.992528775 -0800 +++ ssh.c 2012-12-19 17:32:16.421511581 -0800 @@ -1509,8 +1509,8 @@ #endif /* PKCS11 */ n_ids = 0; - bzero(identity_files, sizeof(identity_files)); - bzero(identity_keys, sizeof(identity_keys)); + memset(identity_files, 0, sizeof(identity_files)); + memset(identity_keys, 0, sizeof(identity_keys)); #ifdef ENABLE_PKCS11 if (options.pkcs11_provider != NULL && @@ -1584,9 +1584,9 @@ memcpy(options.identity_files, identity_files,...

...`` Unfortunately, this does _not_ reset the state! - pubkey_cleanup is simple, it just closes the agent connection and delete all keys in authctxt->keys - pubkey_prepare populate authctxt->keys and can create an agent connection. However it cannot be called twice, because it modifies options.identity_keys and leaks options.certificates: * When reading identity_keys, when storing the key in a new 'identity' structure, it runs (https://github.com/openssh/openssh-portable/blob/master/sshconnect2.c#L1287): ```options.identity_keys[i] = NULL;```. As a result, any subsequent run of this functio...

...(keys = sc_get_keys(options.smartcard_device, NULL)) != NULL ) { - int count = 0; + count = 0; for (i = 0; keys[i] != NULL; i++) { count++; memmove(&options.identity_files[1], &options.identity_files[0], @@ -1246,6 +1253,95 @@ options.identity_files[i] = filename; options.identity_keys[i] = public; } + +#ifdef HAVE_LIBKEYUTIL + count = keyctl_read_alloc(KEY_SPEC_USER_SESSION_KEYRING, (void **)&keylist); + if (count < 0) { + fprintf(stderr, "Error in keyctl_read_alloc\n"); + count = 0; + } else { + key_serial_t key, *pk; + char *buf; + int dlen, ret; + +...

...ases. */ - if (try_agent_authentication()) + auth = ssh_get_authentication_connection(); + if (auth != NULL && try_agent_authentication(auth)) goto success; /* Try RSA authentication for each identity. */ for (i = 0; i < options.num_identity_files; i++) if (options.identity_keys[i] != NULL && options.identity_keys[i]->type == KEY_RSA1 && - try_rsa_authentication(i)) + try_rsa_authentication(i, auth)) goto success; } /* Try challenge response authentication if the server supports it. */ @@ -746,5 +753,6 @@ ssh_userauth1(const...

...file() in sshconnect2.c prints this message if its userprovided argument is non-zero. The value comes from a struct identity which is populated in pubkey_prepare() in the same file; userprovided is set to 1 if the keyfile name comes from the client option structure. However, in this case, options.identity_keys is the hardcoded default; I wouldn't say that really qualifies as "user provided". The attached patch adds a flag to the option structure which is set to 1 if and only if the IdentityFile option was encountered either in the configuration file or on the command line. DES -- Dag-Er...

...t;hostname will be set in the main program if appropriate */ --- readconf.h.orig Thu Nov 27 15:19:30 2003 +++ readconf.h Thu Nov 27 15:20:11 2003 @@ -87,6 +87,7 @@ int num_identity_files; /* Number of files for RSA/DSA identities. */ char *identity_files[SSH_MAX_IDENTITY_FILES]; Key *identity_keys[SSH_MAX_IDENTITY_FILES]; + int group_private_key; /* Local TCP/IP forward requests. */ int num_local_forwards; --- ssh.c.orig Thu Nov 27 16:31:08 2003 +++ ssh.c Thu Nov 27 16:30:46 2003 @@ -634,11 +634,13 @@ PRIV_START; sensitive_data.keys[0] = key_load_private_type(KEY_RSA1, -...

...s_files.so.1...done. Reading symbols from /usr/lib/nss_dns.so.1...done. #0 0x24210 in ssh_userauth1 (local_user=0xf7b30 "root", server_user=0xf79e0 "root", host=0xfa790 "pf-i400", sensitive=0xf433c) at sshconnect1.c:1248 1248 if (options.identity_keys[i] != NULL && (gdb) where #0 0x24210 in ssh_userauth1 (local_user=0xf7b30 "root", server_user=0xf79e0 "root", host=0xfa790 "pf-i400", sensitive=0xf433c) at sshconnect1.c:1248 #1 0x217c0 in ssh_login (sensitive=0xf433c, orighost=0xeffffaad "pf-i400&q...

...options->proxy_command = NULL; diff --git a/readconf.h b/readconf.h index bb2d552..f839016 100644 --- a/readconf.h +++ b/readconf.h @@ -94,6 +94,11 @@ typedef struct { char *identity_files[SSH_MAX_IDENTITY_FILES]; int identity_file_userprovided[SSH_MAX_IDENTITY_FILES]; struct sshkey *identity_keys[SSH_MAX_IDENTITY_FILES]; + + int num_certificate_files; /* Number of extra certificates for ssh. */ + char *certificate_files[SSH_MAX_CERTIFICATE_FILES]; + int certificate_file_userprovided[SSH_MAX_CERTIFICATE_FILES]; + struct sshkey *certificates[SSH_MAX_CERTIFICATE_FILES]; /* Local TCP/IP f...