On Sun, Feb 17, 2013 at 02:30:15PM +1100, Darren Tucker wrote:
> On Sun, Feb 17, 2013 at 01:46:29AM +1100, Darren Tucker wrote:
> > OK that's not intended behaviour. I'll look at it tomorrow and either fix
> > it or revert it.
>
> The problem was I didn't distinguish the default-provided IdentityFiles.
> Please try this.
Works perfect; thanks.
>
> djm: ok?
>
> Index: readconf.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/ssh/readconf.c,v
> retrieving revision 1.194
> diff -u -p -r1.194 readconf.c
> --- readconf.c 23 Sep 2011 07:45:05 -0000 1.194
> +++ readconf.c 17 Feb 2013 03:14:14 -0000
> @@ -322,6 +322,26 @@ clear_forwardings(Options *options)
> options->tun_open = SSH_TUNMODE_NO;
> }
>
> +void
> +add_identity_file(Options *options, const char *dir, const char *filename,
> + int userprovided)
> +{
> + char *path;
> +
> + if (options->num_identity_files >= SSH_MAX_IDENTITY_FILES)
> + fatal("Too many identity files specified (max %d)",
> + SSH_MAX_IDENTITY_FILES);
> +
> + if (dir == NULL) /* no dir, filename is absolute */
> + path = xstrdup(filename);
> + else
> + (void)xasprintf(&path, "%.100s%.100s", dir, filename);
> +
> + options->identity_file_userprovided[options->num_identity_files] =
> + userprovided;
> + options->identity_files[options->num_identity_files++] = path;
> +}
> +
> /*
> * Returns the number of the token pointed to by cp or oBadOption.
> */
> @@ -582,9 +602,7 @@ parse_yesnoask:
> if (*intptr >= SSH_MAX_IDENTITY_FILES)
> fatal("%.200s line %d: Too many identity files
> specified (max %d).",
> filename, linenum, SSH_MAX_IDENTITY_FILES);
> - charptr = &options->identity_files[*intptr];
> - *charptr = xstrdup(arg);
> - *intptr = *intptr + 1;
> + add_identity_file(options, NULL, arg, 1);
> }
> break;
>
> @@ -1276,30 +1294,16 @@ fill_default_options(Options * options)
> options->protocol = SSH_PROTO_2;
> if (options->num_identity_files == 0) {
> if (options->protocol & SSH_PROTO_1) {
> - len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;
> - options->identity_files[options->num_identity_files] =
> - xmalloc(len);
> -
> snprintf(options->identity_files[options->num_identity_files++],
> - len, "~/%.100s", _PATH_SSH_CLIENT_IDENTITY);
> + add_identity_file(options, "~/",
> + _PATH_SSH_CLIENT_IDENTITY, 0);
> }
> if (options->protocol & SSH_PROTO_2) {
> - len = 2 + strlen(_PATH_SSH_CLIENT_ID_RSA) + 1;
> - options->identity_files[options->num_identity_files] =
> - xmalloc(len);
> -
> snprintf(options->identity_files[options->num_identity_files++],
> - len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA);
> -
> - len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1;
> - options->identity_files[options->num_identity_files] =
> - xmalloc(len);
> -
> snprintf(options->identity_files[options->num_identity_files++],
> - len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
> -
> - len = 2 + strlen(_PATH_SSH_CLIENT_ID_ECDSA) + 1;
> - options->identity_files[options->num_identity_files] =
> - xmalloc(len);
> -
> snprintf(options->identity_files[options->num_identity_files++],
> - len, "~/%.100s", _PATH_SSH_CLIENT_ID_ECDSA);
> + add_identity_file(options, "~/",
> + _PATH_SSH_CLIENT_ID_RSA, 0);
> + add_identity_file(options, "~/",
> + _PATH_SSH_CLIENT_ID_DSA, 0);
> + add_identity_file(options, "~/",
> + _PATH_SSH_CLIENT_ID_ECDSA, 0);
> }
> }
> if (options->escape_char == -1)
> Index: readconf.h
> ===================================================================
> RCS file: /cvs/src/usr.bin/ssh/readconf.h,v
> retrieving revision 1.91
> diff -u -p -r1.91 readconf.h
> --- readconf.h 23 Sep 2011 07:45:05 -0000 1.91
> +++ readconf.h 17 Feb 2013 03:14:14 -0000
> @@ -96,6 +96,7 @@ typedef struct {
>
> int num_identity_files; /* Number of files for RSA/DSA
> identities. */
> char *identity_files[SSH_MAX_IDENTITY_FILES];
> + int identity_file_userprovided[SSH_MAX_IDENTITY_FILES];
> Key *identity_keys[SSH_MAX_IDENTITY_FILES];
>
> /* Local TCP/IP forward requests. */
> @@ -158,5 +159,6 @@ process_config_line(Options *, const cha
>
> void add_local_forward(Options *, const Forward *);
> void add_remote_forward(Options *, const Forward *);
> +void add_identity_file(Options *, const char *, const char *, int);
>
> #endif /* READCONF_H */
> Index: ssh.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/ssh/ssh.c,v
> retrieving revision 1.370
> diff -u -p -r1.370 ssh.c
> --- ssh.c 6 Jul 2012 01:47:38 -0000 1.370
> +++ ssh.c 17 Feb 2013 03:14:14 -0000
> @@ -376,12 +376,7 @@ main(int ac, char **av)
> strerror(errno));
> break;
> }
> - if (options.num_identity_files >=
> - SSH_MAX_IDENTITY_FILES)
> - fatal("Too many identity files specified "
> - "(max %d)", SSH_MAX_IDENTITY_FILES);
> - options.identity_files[options.num_identity_files++] =
> - xstrdup(optarg);
> + add_identity_file(&options, NULL, optarg, 1);
> break;
> case 'I':
> #ifdef ENABLE_PKCS11
> Index: sshconnect2.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/ssh/sshconnect2.c,v
> retrieving revision 1.191
> diff -u -p -r1.191 sshconnect2.c
> --- sshconnect2.c 15 Feb 2013 00:21:01 -0000 1.191
> +++ sshconnect2.c 17 Feb 2013 03:14:14 -0000
> @@ -1378,7 +1378,7 @@ pubkey_prepare(Authctxt *authctxt)
> id = xcalloc(1, sizeof(*id));
> id->key = key;
> id->filename = xstrdup(options.identity_files[i]);
> - id->userprovided = 1;
> + id->userprovided = options.identity_file_userprovided[i];
> TAILQ_INSERT_TAIL(&files, id, next);
> }
> /* Prefer PKCS11 keys that are explicitly listed */
>
> --
> Darren Tucker (dtucker at zip.com.au)
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
> Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.
>
--
Antoine
