search for: num_identity_files

Hello, This change is to get the IdentityFile option processed from the included configuration files. Regards, Oleg Oleg Zhurakivskyy (1): Process the IdentityFile option from the included files readconf.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) -- 2.9.3

...ing to specify a DSA identity file with '-i' doesn't work. Although the man page doesn't indicate that this is supported for DSA keys, it also doesn't indicate very clearly that its _not_. Indeed, in ssh.c:main(), the "-i" only increments and sets: options.options.num_identity_files options.identity_files where it would need to modify: options.options.num_identity_files2 options.identity_files2 for DSA keys. I don't know whether "-i" is supposed to support only RSA keys, but it should probably support passing DSA key file names in some fashion (either w...

...intptr = &options->protocol; arg = strdelim(&s); *************** *** 708,713 **** --- 719,725 ---- options->cipher = -1; options->ciphers = NULL; options->macs = NULL; + options->pkalgorithms = NULL; options->protocol = SSH_PROTO_UNKNOWN; options->num_identity_files = 0; options->hostname = NULL; *************** *** 797,802 **** --- 809,815 ---- options->cipher = SSH_CIPHER_NOT_SET; /* options->ciphers, default set in myproposals.h */ /* options->macs, default set in myproposals.h */ + /* options->pkalgorithms, default set in mypro...

...d.h" #endif @@ -1211,15 +1215,18 @@ load_public_identity_files(void) { char *filename; - int i = 0; + int i = 0, count; Key *public; +#ifdef HAVE_LIBKEYUTIL + key_serial_t *keylist; +#endif #ifdef SMARTCARD Key **keys; if (options.smartcard_device != NULL && options.num_identity_files < SSH_MAX_IDENTITY_FILES && (keys = sc_get_keys(options.smartcard_device, NULL)) != NULL ) { - int count = 0; + count = 0; for (i = 0; keys[i] != NULL; i++) { count++; memmove(&options.identity_files[1], &options.identity_files[0], @@ -1246,6 +1253,95 @@ opt...

...figuration files. See readconf.h. + */ +Options options; +uid_t original_real_uid; + static void ask_filename(struct passwd *pw, const char *prompt) { @@ -103,7 +113,28 @@ break; } - snprintf(identity_file, sizeof(identity_file), "%s/%s", pw->pw_dir, name); + + if(options.num_identity_files > 0) { + char *file=NULL; + char *p=strrchr(name,'/'); + if(p) file = p+1; + + name = tilde_expand_filename(options.identity_files[0], + original_real_uid); + name = expand_filename(name,pw); + p=strrchr(name,'/'); + if(p) *p=0; + + if(file &&am...

...== 0) { @@ -330,12 +331,24 @@ case 'i': if (stat(optarg, &st) < 0) { - fprintf(stderr, "Warning: Identity file %s does not exist.\n", + fprintf(stderr, "Warning: RSA identity file %s does not exist.\n", optarg); break; } if (options.num_identity_files >= SSH_MAX_IDENTITY_FILES) - fatal("Too many identity files specified (max %d)", + fatal("Too many RSA identity files specified (max %d)", SSH_MAX_IDENTITY_FILES); options.identity_files[options.num_identity_files++] = + xstrdup(optarg); + break; +...

...IET, and the above warning message is printed from the -i option: ssh.c line 387 case 'i': if (stat(optarg, &st) < 0) { fprintf(stderr, "Warning: Identity file %s " "not accessible: %s.\n", optarg, strerror(errno)); break; } if (options.num_identity_files >= SSH_MAX_IDENTITY_FILES) fatal("Too many identity files specified " "(max %d)", SSH_MAX_IDENTITY_FILES); options.identity_files[options.num_identity_files++] = xstrdup(optarg); break; So if we can't suppress all warning messages using "-...

...000 -0500 @@ -82,6 +82,7 @@ char *bind_address; /* local socket address for connection to sshd */ char *smartcard_device; /* Smartcard reader device */ int verify_host_key_dns; /* Verify host key using DNS */ + int server_lies_warning; /* display warning about server lying */ int num_identity_files; /* Number of files for RSA/DSA identities. */ char *identity_files[SSH_MAX_IDENTITY_FILES]; diff -Nur openssh-3.7.1p2/ssh_config.5 openssh-3.7.1p2-serverlieswarning/ssh_config.5 --- openssh-3.7.1p2/ssh_config.5 2003-09-02 22:13:30.000000000 -0400 +++ openssh-3.7.1p2-serverlieswarning/ssh_confi...

...t=0xbffffc10 "sun4", hostaddr=0x338b0, original_real_uid=917696) at sshconnect.c:774 #2 0x00003574 in main (ac=4, av=0xbffffb44) at ssh.c:698 #3 0x00002060 in _start () #4 0x00001ea0 in start () #5 0x00000000 in ?? () It seems that options has total garbage in it; in particular the num_identity_files is > 1 when I have only one identity file. options is getting corrupted in arc4random_stir () at bsd-arc4random.c:73 It's actually corrupted in RC4_set_key(). I can't see anything obvious wrong here. Before this function is called, everything seems fine, after, the stack is corrupt...

...c Sun Nov 11 16:52:04 2001 +++ openssh-3.0.2p1I/ssh.c Sun Jan 27 12:05:14 2002 @@ -1212,9 +1212,13 @@ key_free(public); } #endif /* SMARTCARD */ + struct passwd *pw; + pw=getpwuid(original_real_uid); + if (!pw) fatal("Unknown user id: %d", original_real_uid); for (; i < options.num_identity_files; i++) { filename = tilde_expand_filename(options.identity_files[i], original_real_uid); + filename = expand_filename(filename,pw); public = key_load_public(filename, NULL); debug("identity file %s type %d", filename, public ? public->type : -1); diff -ur openssh...

...ocol: intptr = &options->protocol; arg = strdelim(&s); *************** *** 708,713 **** --- 721,727 ---- options->cipher = -1; options->ciphers = NULL; options->macs = NULL; + options->pkalg = NULL; options->protocol = SSH_PROTO_UNKNOWN; options->num_identity_files = 0; options->hostname = NULL; diff -c3 -r orig/openssh-2.5.1p1/readconf.h openssh-2.5.1p1/readconf.h *** orig/openssh-2.5.1p1/readconf.h Thu Feb 15 03:02:00 2001 --- openssh-2.5.1p1/readconf.h Sun Mar 11 22:50:23 2001 *************** *** 69,74 **** --- 69,75 ---- int cipher; /* Ciphe...

http://bugzilla.mindrot.org/show_bug.cgi?id=1159 Summary: %u and %h not handled in IdentityFile Product: Portable OpenSSH Version: 4.3p2 Platform: All URL: http://www.math.ualberta.ca/imaging/snfs/openssh.html OS/Version: Linux Status: NEW Keywords: patch Severity: normal Priority: P2

...c Sun Nov 11 16:52:04 2001 +++ openssh-3.0.2p1I/ssh.c Sun Jan 27 12:05:14 2002 @@ -1212,9 +1212,13 @@ key_free(public); } #endif /* SMARTCARD */ + struct passwd *pw; + pw=getpwuid(original_real_uid); + if (!pw) fatal("Unknown user id: %d", original_real_uid); for (; i < options.num_identity_files; i++) { filename = tilde_expand_filename(options.identity_files[i], original_real_uid); + filename = expand_filename(filename,pw); public = key_load_public(filename, NULL); debug("identity file %s type %d", filename, public ? public->type : -1); diff -ur openssh...

...hereas identity files may require passphrases. */ - if (try_agent_authentication()) + auth = ssh_get_authentication_connection(); + if (auth != NULL && try_agent_authentication(auth)) goto success; /* Try RSA authentication for each identity. */ for (i = 0; i < options.num_identity_files; i++) if (options.identity_keys[i] != NULL && options.identity_keys[i]->type == KEY_RSA1 && - try_rsa_authentication(i)) + try_rsa_authentication(i, auth)) goto success; } /* Try challenge response authentication if the server supports it. */ @@ -...

...ommand should not be set by default */ /* options->user will be set in the main program if appropriate */ /* options->hostname will be set in the main program if appropriate */ --- readconf.h.orig Thu Nov 27 15:19:30 2003 +++ readconf.h Thu Nov 27 15:20:11 2003 @@ -87,6 +87,7 @@ int num_identity_files; /* Number of files for RSA/DSA identities. */ char *identity_files[SSH_MAX_IDENTITY_FILES]; Key *identity_keys[SSH_MAX_IDENTITY_FILES]; + int group_private_key; /* Local TCP/IP forward requests. */ int num_local_forwards; --- ssh.c.orig Thu Nov 27 16:31:08 2003 +++ ssh.c Thu Nov...

...case oCloseCommand: + charptr = &options->close_command; + break; + default: + charptr = &options->proxy_command; + } len = strspn(s, WHITESPACE "="); if (*activep && *charptr == NULL) *charptr = xstrdup(s + len); @@ -853,6 +867,8 @@ options->num_identity_files = 0; options->hostname = NULL; options->host_key_alias = NULL; + options->open_command = NULL; + options->close_command = NULL; options->proxy_command = NULL; options->user = NULL; options->escape_char = -1; Index: sshconnect.c --- openssh-3.8p1.orig/sshconnect.c (.....

...arg, flags & SSHCONF_USERCONF); + } + break; + case oXAuthLocation: charptr=&options->xauth_location; goto parse_string; @@ -1625,6 +1672,7 @@ initialize_options(Options * options) options->hostkeyalgorithms = NULL; options->protocol = SSH_PROTO_UNKNOWN; options->num_identity_files = 0; + options->num_certificate_files = 0; options->hostname = NULL; options->host_key_alias = NULL; options->proxy_command = NULL; diff --git a/readconf.h b/readconf.h index bb2d552..f839016 100644 --- a/readconf.h +++ b/readconf.h @@ -94,6 +94,11 @@ typedef struct { char *i...

Hi, OpenSSH 7.7p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a bugfix release. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at

...*/ + /* options->ciphers, default set in myproposal.h */ + /* options->macs, default set in myproposal.h */ + /* options->hostkeyalgorithms, default set in myproposal.h */ if (options->protocol == SSH_PROTO_UNKNOWN) options->protocol = SSH_PROTO_1|SSH_PROTO_2; if (options->num_identity_files == 0) { @@ -1199,6 +1206,10 @@ options->tun_remote = SSH_TUNID_ANY; if (options->permit_local_command == -1) options->permit_local_command = 0; + if (options->fips_mode == -1) + options->fips_mode = 0; + if (options->fips_mode && options->macs == NULL) + optio...