[X2Go-Commits] [x2goclient-contrib] 06/07: openssh-server: add 7.7p1-x2go1 binary symlink and source.

git-admin at x2go.org git-admin at x2go.org
Fri Jun 15 11:11:28 CEST 2018


This is an automated email from the git hooks/post-receive script.

x2go pushed a commit to branch master
in repository x2goclient-contrib.

commit 129ccaf63aa795279bcafba3a677efaf9112284a
Author: Mihai Moldovan <ionic at ionic.de>
Date:   Fri Jun 15 10:47:20 2018 +0200

    openssh-server: add 7.7p1-x2go1 binary symlink and source.
---
 openssh-server/7.7p1-1-x2go1_cygwin-20180615-1_bin |   1 +
 .../7.7p1-1-x2go1_src/openssh-7.7p1-1-src.tar.xz   | Bin 0 -> 1536228 bytes
 .../7.7p1-1-x2go1_src/openssh-7.7p1-1.x2go.patch   | 438 +++++++++++++++++++++
 3 files changed, 439 insertions(+)

diff --git a/openssh-server/7.7p1-1-x2go1_cygwin-20180615-1_bin b/openssh-server/7.7p1-1-x2go1_cygwin-20180615-1_bin
new file mode 120000
index 0000000..d7f2b95
--- /dev/null
+++ b/openssh-server/7.7p1-1-x2go1_cygwin-20180615-1_bin
@@ -0,0 +1 @@
+../cygwin/20180615-1_bin
\ No newline at end of file
diff --git a/openssh-server/7.7p1-1-x2go1_src/openssh-7.7p1-1-src.tar.xz b/openssh-server/7.7p1-1-x2go1_src/openssh-7.7p1-1-src.tar.xz
new file mode 100644
index 0000000..39fb6a2
Binary files /dev/null and b/openssh-server/7.7p1-1-x2go1_src/openssh-7.7p1-1-src.tar.xz differ
diff --git a/openssh-server/7.7p1-1-x2go1_src/openssh-7.7p1-1.x2go.patch b/openssh-server/7.7p1-1-x2go1_src/openssh-7.7p1-1.x2go.patch
new file mode 100644
index 0000000..445324e
--- /dev/null
+++ b/openssh-server/7.7p1-1-x2go1_src/openssh-7.7p1-1.x2go.patch
@@ -0,0 +1,438 @@
+diff -pur openssh-7.7p1-orig/auth.c openssh-7.7p1/auth.c
+--- openssh-7.7p1-orig/auth.c	2018-04-02 07:38:28.000000000 +0200
++++ openssh-7.7p1/auth.c	2018-06-15 07:39:05.789800000 +0200
+@@ -168,19 +168,34 @@ allowed_user(struct passwd * pw)
+ 		char *shell = xstrdup((pw->pw_shell[0] == '\0') ?
+ 		    _PATH_BSHELL : pw->pw_shell); /* empty = /bin/sh */
+ 
++		/* Workaround for X2Go Client
++		* Path to shell is specified in sshd_config file
++		* as "subsystem shell"
++		*/
++		int i = 0;
++		for (i = 0; i < options.num_subsystems; ++i) {
++			if (!strcmp("shell", options.subsystem_name[i])) {
++				free(shell);
++				shell = xstrdup(options.subsystem_command[i]);
++			}
++		}
++
+ 		if (stat(shell, &st) != 0) {
+ 			logit("User %.100s not allowed because shell %.100s "
+ 			    "does not exist", pw->pw_name, shell);
+ 			free(shell);
+ 			return 0;
+ 		}
++		
++		/* Do not check shell attributes */
++		/*
+ 		if (S_ISREG(st.st_mode) == 0 ||
+ 		    (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) {
+ 			logit("User %.100s not allowed because shell %.100s "
+ 			    "is not executable", pw->pw_name, shell);
+ 			free(shell);
+ 			return 0;
+-		}
++		}*/
+ 		free(shell);
+ 	}
+ 
+diff -pur openssh-7.7p1-orig/authfile.c openssh-7.7p1/authfile.c
+--- openssh-7.7p1-orig/authfile.c	2018-04-02 07:38:28.000000000 +0200
++++ openssh-7.7p1/authfile.c	2018-06-15 10:25:23.207400000 +0200
+@@ -167,7 +167,7 @@ sshkey_perm_ok(int fd, const char *filen
+ /* XXX kill perm_ok now that we have SSH_ERR_KEY_BAD_PERMISSIONS? */
+ int
+ sshkey_load_private_type(int type, const char *filename, const char *passphrase,
+-    struct sshkey **keyp, char **commentp, int *perm_ok)
++    struct sshkey **keyp, char **commentp, int *perm_ok, int strict_key_modes)
+ {
+ 	int fd, r;
+ 
+@@ -181,7 +181,7 @@ sshkey_load_private_type(int type, const
+ 			*perm_ok = 0;
+ 		return SSH_ERR_SYSTEM_ERROR;
+ 	}
+-	if (sshkey_perm_ok(fd, filename) != 0) {
++	if (strict_key_modes && sshkey_perm_ok(fd, filename) != 0) {
+ 		if (perm_ok != NULL)
+ 			*perm_ok = 0;
+ 		r = SSH_ERR_KEY_BAD_PERMISSIONS;
+@@ -226,7 +226,7 @@ sshkey_load_private_type_fd(int fd, int
+ /* XXX this is almost identical to sshkey_load_private_type() */
+ int
+ sshkey_load_private(const char *filename, const char *passphrase,
+-    struct sshkey **keyp, char **commentp)
++    struct sshkey **keyp, char **commentp, int strict_key_modes)
+ {
+ 	struct sshbuf *buffer = NULL;
+ 	int r, fd;
+@@ -238,7 +238,7 @@ sshkey_load_private(const char *filename
+ 
+ 	if ((fd = open(filename, O_RDONLY)) < 0)
+ 		return SSH_ERR_SYSTEM_ERROR;
+-	if (sshkey_perm_ok(fd, filename) != 0) {
++	if (strict_key_modes && sshkey_perm_ok(fd, filename) != 0) {
+ 		r = SSH_ERR_KEY_BAD_PERMISSIONS;
+ 		goto out;
+ 	}
+@@ -387,7 +387,7 @@ sshkey_load_cert(const char *filename, s
+ /* Load private key and certificate */
+ int
+ sshkey_load_private_cert(int type, const char *filename, const char *passphrase,
+-    struct sshkey **keyp, int *perm_ok)
++    struct sshkey **keyp, int *perm_ok, int strict_key_modes)
+ {
+ 	struct sshkey *key = NULL, *cert = NULL;
+ 	int r;
+@@ -410,7 +410,7 @@ sshkey_load_private_cert(int type, const
+ 	}
+ 
+ 	if ((r = sshkey_load_private_type(type, filename,
+-	    passphrase, &key, NULL, perm_ok)) != 0 ||
++	    passphrase, &key, NULL, perm_ok, strict_key_modes)) != 0 ||
+ 	    (r = sshkey_load_cert(filename, &cert)) != 0)
+ 		goto out;
+ 
+diff -pur openssh-7.7p1-orig/authfile.h openssh-7.7p1/authfile.h
+--- openssh-7.7p1-orig/authfile.h	2018-04-02 07:38:28.000000000 +0200
++++ openssh-7.7p1/authfile.h	2018-06-15 10:25:45.276400000 +0200
+@@ -38,11 +38,12 @@ int sshkey_save_private(struct sshkey *,
+ int sshkey_load_file(int, struct sshbuf *);
+ int sshkey_load_cert(const char *, struct sshkey **);
+ int sshkey_load_public(const char *, struct sshkey **, char **);
+-int sshkey_load_private(const char *, const char *, struct sshkey **, char **);
++int sshkey_load_private(const char *, const char *, struct sshkey **, char **,
++    int);
+ int sshkey_load_private_cert(int, const char *, const char *,
+-    struct sshkey **, int *);
++    struct sshkey **, int *, int);
+ int sshkey_load_private_type(int, const char *, const char *,
+-    struct sshkey **, char **, int *);
++    struct sshkey **, char **, int *, int);
+ int sshkey_load_private_type_fd(int fd, int type, const char *passphrase,
+     struct sshkey **keyp, char **commentp);
+ int sshkey_perm_ok(int, const char *);
+diff -pur openssh-7.7p1-orig/key.c openssh-7.7p1/key.c
+--- openssh-7.7p1-orig/key.c	2018-04-02 07:38:28.000000000 +0200
++++ openssh-7.7p1/key.c	2018-06-15 10:27:27.586400000 +0200
+@@ -175,12 +175,13 @@ key_load_public(const char *filename, ch
+ 
+ Key *
+ key_load_private(const char *path, const char *passphrase,
+-    char **commentp)
++    char **commentp, int strict_key_modes)
+ {
+ 	int r;
+ 	Key *ret = NULL;
+ 
+-	if ((r = sshkey_load_private(path, passphrase, &ret, commentp)) != 0) {
++	if ((r = sshkey_load_private(path, passphrase, &ret, commentp,
++	    strict_key_modes)) != 0) {
+ 		fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
+ 		/* Old authfile.c ignored all file errors. */
+ 		if (r == SSH_ERR_SYSTEM_ERROR ||
+@@ -195,13 +196,13 @@ key_load_private(const char *path, const
+ 
+ Key *
+ key_load_private_cert(int type, const char *filename, const char *passphrase,
+-    int *perm_ok)
++    int *perm_ok, int strict_key_modes)
+ {
+ 	int r;
+ 	Key *ret = NULL;
+ 
+ 	if ((r = sshkey_load_private_cert(type, filename, passphrase,
+-	    &ret, perm_ok)) != 0) {
++	    &ret, perm_ok, strict_key_modes)) != 0) {
+ 		fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
+ 		/* Old authfile.c ignored all file errors. */
+ 		if (r == SSH_ERR_SYSTEM_ERROR ||
+@@ -216,13 +217,13 @@ key_load_private_cert(int type, const ch
+ 
+ Key *
+ key_load_private_type(int type, const char *filename, const char *passphrase,
+-    char **commentp, int *perm_ok)
++    char **commentp, int *perm_ok, int strict_key_modes)
+ {
+ 	int r;
+ 	Key *ret = NULL;
+ 
+ 	if ((r = sshkey_load_private_type(type, filename, passphrase,
+-	    &ret, commentp, perm_ok)) != 0) {
++	    &ret, commentp, perm_ok, strict_key_modes)) != 0) {
+ 		fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
+ 		/* Old authfile.c ignored all file errors. */
+ 		if (r == SSH_ERR_SYSTEM_ERROR ||
+diff -pur openssh-7.7p1-orig/key.h openssh-7.7p1/key.h
+--- openssh-7.7p1-orig/key.h	2018-04-02 07:38:28.000000000 +0200
++++ openssh-7.7p1/key.h	2018-06-15 10:27:42.702400000 +0200
+@@ -62,8 +62,9 @@ int	 key_sign(const Key *, u_char **, u_
+ /* authfile.c */
+ Key	*key_load_cert(const char *);
+ Key	*key_load_public(const char *, char **);
+-Key	*key_load_private(const char *, const char *, char **);
+-Key	*key_load_private_cert(int, const char *, const char *, int *);
+-Key	*key_load_private_type(int, const char *, const char *, char **, int *);
++Key	*key_load_private(const char *, const char *, char **, int);
++Key	*key_load_private_cert(int, const char *, const char *, int *, int);
++Key	*key_load_private_type(int, const char *, const char *, char **, int *,
++    int);
+ 
+ #endif
+diff -pur openssh-7.7p1-orig/servconf.c openssh-7.7p1/servconf.c
+--- openssh-7.7p1-orig/servconf.c	2018-04-02 07:38:28.000000000 +0200
++++ openssh-7.7p1/servconf.c	2018-06-15 08:49:53.141600000 +0200
+@@ -109,6 +109,7 @@ initialize_server_options(ServerOptions
+ 	options->permit_user_rc = -1;
+ 	options->xauth_location = NULL;
+ 	options->strict_modes = -1;
++	options->strict_key_modes = -1;
+ 	options->tcp_keep_alive = -1;
+ 	options->log_facility = SYSLOG_FACILITY_NOT_SET;
+ 	options->log_level = SYSLOG_LEVEL_NOT_SET;
+@@ -293,6 +294,8 @@ fill_default_server_options(ServerOption
+ 		options->permit_user_rc = 1;
+ 	if (options->strict_modes == -1)
+ 		options->strict_modes = 1;
++	if (options->strict_key_modes == -1)
++		options->strict_key_modes = 1;
+ 	if (options->tcp_keep_alive == -1)
+ 		options->tcp_keep_alive = 1;
+ 	if (options->log_facility == SYSLOG_FACILITY_NOT_SET)
+@@ -450,7 +453,7 @@ typedef enum {
+ 	sListenAddress, sAddressFamily,
+ 	sPrintMotd, sPrintLastLog, sIgnoreRhosts,
+ 	sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
+-	sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive,
++	sPermitTTY, sStrictModes, sStrictKeyModes, sEmptyPasswd, sTCPKeepAlive,
+ 	sPermitUserEnvironment, sAllowTcpForwarding, sCompression,
+ 	sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
+ 	sIgnoreUserKnownHosts, sCiphers, sMacs, sPidFile,
+@@ -561,6 +564,7 @@ static struct {
+ 	{ "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL },
+ 	{ "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL },
+ 	{ "strictmodes", sStrictModes, SSHCFG_GLOBAL },
++	{ "strictkeymodes", sStrictKeyModes, SSHCFG_GLOBAL },
+ 	{ "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL },
+ 	{ "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL },
+ 	{ "uselogin", sDeprecated, SSHCFG_GLOBAL },
+@@ -1470,6 +1474,10 @@ process_server_config_line(ServerOptions
+ 		intptr = &options->strict_modes;
+ 		goto parse_flag;
+ 
++	case sStrictKeyModes:
++		intptr = &options->strict_key_modes;
++		goto parse_flag;
++
+ 	case sTCPKeepAlive:
+ 		intptr = &options->tcp_keep_alive;
+ 		goto parse_flag;
+@@ -2469,6 +2477,7 @@ dump_config(ServerOptions *o)
+ 	dump_cfg_fmtint(sPermitTTY, o->permit_tty);
+ 	dump_cfg_fmtint(sPermitUserRC, o->permit_user_rc);
+ 	dump_cfg_fmtint(sStrictModes, o->strict_modes);
++	dump_cfg_fmtint(sStrictKeyModes, o->strict_key_modes);
+ 	dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive);
+ 	dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);
+ 	dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);
+diff -pur openssh-7.7p1-orig/servconf.h openssh-7.7p1/servconf.h
+--- openssh-7.7p1-orig/servconf.h	2018-04-02 07:38:28.000000000 +0200
++++ openssh-7.7p1/servconf.h	2018-06-15 09:01:37.108600000 +0200
+@@ -103,6 +103,7 @@ typedef struct {
+ 	int	permit_tty;	/* If false, deny pty allocation */
+ 	int	permit_user_rc;	/* If false, deny ~/.ssh/rc execution */
+ 	int     strict_modes;	/* If true, require string home dir modes. */
++	int     strict_key_modes;	/* If true, require strict private key file modes. */
+ 	int     tcp_keep_alive;	/* If true, set SO_KEEPALIVE. */
+ 	int	ip_qos_interactive;	/* IP ToS/DSCP/class for interactive */
+ 	int	ip_qos_bulk;		/* IP ToS/DSCP/class for bulk traffic */
+diff -pur openssh-7.7p1-orig/session.c openssh-7.7p1/session.c
+--- openssh-7.7p1-orig/session.c	2018-04-02 07:38:28.000000000 +0200
++++ openssh-7.7p1/session.c	2018-06-15 07:41:16.592800000 +0200
+@@ -1539,6 +1539,18 @@ do_child(struct ssh *ssh, Session *s, co
+ 	shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell);
+ #endif
+ 
++
++	/* Workaround for X2Go Client
++	 * Path to shell is specified in sshd_config file
++	 * as "subsystem shell"
++	 */
++	int i = 0;
++	for (i = 0; i < options.num_subsystems; ++i) {
++		if (!strcmp("shell", options.subsystem_name[i])) {
++			shell = options.subsystem_command[i];
++		}
++	}
++
+ 	/*
+ 	 * Close the connection descriptors; note that this is the child, and
+ 	 * the server will still have the socket open, and it is important
+diff -pur openssh-7.7p1-orig/ssh.c openssh-7.7p1/ssh.c
+--- openssh-7.7p1-orig/ssh.c	2018-04-02 07:38:28.000000000 +0200
++++ openssh-7.7p1/ssh.c	2018-06-15 10:28:11.513400000 +0200
+@@ -1393,28 +1393,28 @@ main(int ac, char **av)
+ 		PRIV_START;
+ #ifdef OPENSSL_HAS_ECC
+ 		sensitive_data.keys[1] = key_load_private_cert(KEY_ECDSA,
+-		    _PATH_HOST_ECDSA_KEY_FILE, "", NULL);
++		    _PATH_HOST_ECDSA_KEY_FILE, "", NULL, 1);
+ #endif
+ 		sensitive_data.keys[2] = key_load_private_cert(KEY_ED25519,
+-		    _PATH_HOST_ED25519_KEY_FILE, "", NULL);
++		    _PATH_HOST_ED25519_KEY_FILE, "", NULL, 1);
+ 		sensitive_data.keys[3] = key_load_private_cert(KEY_RSA,
+-		    _PATH_HOST_RSA_KEY_FILE, "", NULL);
++		    _PATH_HOST_RSA_KEY_FILE, "", NULL, 1);
+ 		sensitive_data.keys[4] = key_load_private_cert(KEY_DSA,
+-		    _PATH_HOST_DSA_KEY_FILE, "", NULL);
++		    _PATH_HOST_DSA_KEY_FILE, "", NULL, 1);
+ #ifdef OPENSSL_HAS_ECC
+ 		sensitive_data.keys[5] = key_load_private_type(KEY_ECDSA,
+-		    _PATH_HOST_ECDSA_KEY_FILE, "", NULL, NULL);
++		    _PATH_HOST_ECDSA_KEY_FILE, "", NULL, NULL, 1);
+ #endif
+ 		sensitive_data.keys[6] = key_load_private_type(KEY_ED25519,
+-		    _PATH_HOST_ED25519_KEY_FILE, "", NULL, NULL);
++		    _PATH_HOST_ED25519_KEY_FILE, "", NULL, NULL, 1);
+ 		sensitive_data.keys[7] = key_load_private_type(KEY_RSA,
+-		    _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL);
++		    _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL, 1);
+ 		sensitive_data.keys[8] = key_load_private_type(KEY_DSA,
+-		    _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL);
++		    _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL, 1);
+ 		sensitive_data.keys[9] = key_load_private_cert(KEY_XMSS,
+-		    _PATH_HOST_XMSS_KEY_FILE, "", NULL);
++		    _PATH_HOST_XMSS_KEY_FILE, "", NULL, 1);
+ 		sensitive_data.keys[10] = key_load_private_type(KEY_XMSS,
+-		    _PATH_HOST_XMSS_KEY_FILE, "", NULL, NULL);
++		    _PATH_HOST_XMSS_KEY_FILE, "", NULL, NULL, 1);
+ 		PRIV_END;
+ 
+ 		if (options.hostbased_authentication == 1 &&
+diff -pur openssh-7.7p1-orig/sshconnect2.c openssh-7.7p1/sshconnect2.c
+--- openssh-7.7p1-orig/sshconnect2.c	2018-04-02 07:38:28.000000000 +0200
++++ openssh-7.7p1/sshconnect2.c	2018-06-15 09:20:24.196600000 +0200
+@@ -1256,7 +1256,7 @@ load_identity_file(Identity *id)
+ 			}
+ 		}
+ 		switch ((r = sshkey_load_private_type(KEY_UNSPEC, id->filename,
+-		    passphrase, &private, &comment, &perm_ok))) {
++		    passphrase, &private, &comment, &perm_ok, 1))) {
+ 		case 0:
+ 			break;
+ 		case SSH_ERR_KEY_WRONG_PASSPHRASE:
+diff -pur openssh-7.7p1-orig/sshd.c openssh-7.7p1/sshd.c
+--- openssh-7.7p1-orig/sshd.c	2018-04-02 07:38:28.000000000 +0200
++++ openssh-7.7p1/sshd.c	2018-06-15 09:44:24.432600000 +0200
+@@ -1714,7 +1714,8 @@ main(int ac, char **av)
+ 	for (i = 0; i < options.num_host_key_files; i++) {
+ 		if (options.host_key_files[i] == NULL)
+ 			continue;
+-		key = key_load_private(options.host_key_files[i], "", NULL);
++		key = key_load_private(options.host_key_files[i], "", NULL,
++		    options.strict_key_modes);
+ 		pubkey = key_load_public(options.host_key_files[i], NULL);
+ 
+ 		if (pubkey == NULL && key != NULL)
+diff -pur openssh-7.7p1-orig/sshd_config.0 openssh-7.7p1/sshd_config.0
+--- openssh-7.7p1-orig/sshd_config.0	2018-04-02 07:39:27.000000000 +0200
++++ openssh-7.7p1/sshd_config.0	2018-06-15 09:30:05.802600000 +0200
+@@ -856,6 +856,12 @@ DESCRIPTION
+              yes.  Note that this does not apply to ChrootDirectory, whose
+              permissions and ownership are checked unconditionally.
+ 
++     StrictKeyModes
++             Specifies whether sshd(8) should check file modes and ownership
++             of private host keys upon startup.  This is normally desirable
++             for private host keys to not to be replaced by malicious third
++             parties.  The default is yes.
++
+      Subsystem
+              Configures an external subsystem (e.g. file transfer daemon).
+              Arguments should be a subsystem name and a command (with optional
+diff -pur openssh-7.7p1-orig/sshd_config.5 openssh-7.7p1/sshd_config.5
+--- openssh-7.7p1-orig/sshd_config.5	2018-04-02 07:38:28.000000000 +0200
++++ openssh-7.7p1/sshd_config.5	2018-06-15 09:30:43.520600000 +0200
+@@ -1441,6 +1441,14 @@ The default is
+ Note that this does not apply to
+ .Cm ChrootDirectory ,
+ whose permissions and ownership are checked unconditionally.
++.It Cm StrictKeyModes
++Specifies whether
++.Xr sshd8
++should check file modes and ownership of private host keys upon startup.
++This is normally desirable for private host keys to not to be replaced by
++malicious third parties.
++The default is
++.Cm yes .
+ .It Cm Subsystem
+ Configures an external subsystem (e.g. file transfer daemon).
+ Arguments should be a subsystem name and a command (with optional arguments)
+diff -pur openssh-7.7p1-orig/ssh-keygen.c openssh-7.7p1/ssh-keygen.c
+--- openssh-7.7p1-orig/ssh-keygen.c	2018-04-02 07:38:28.000000000 +0200
++++ openssh-7.7p1/ssh-keygen.c	2018-06-15 09:42:03.452600000 +0200
+@@ -302,7 +302,7 @@ load_identity(char *filename)
+ 	struct sshkey *prv;
+ 	int r;
+ 
+-	if ((r = sshkey_load_private(filename, "", &prv, NULL)) == 0)
++	if ((r = sshkey_load_private(filename, "", &prv, NULL, 1)) == 0)
+ 		return prv;
+ 	if (r != SSH_ERR_KEY_WRONG_PASSPHRASE)
+ 		fatal("Load key \"%s\": %s", filename, ssh_err(r));
+@@ -310,7 +310,7 @@ load_identity(char *filename)
+ 		pass = xstrdup(identity_passphrase);
+ 	else
+ 		pass = read_passphrase("Enter passphrase: ", RP_ALLOW_STDIN);
+-	r = sshkey_load_private(filename, pass, &prv, NULL);
++	r = sshkey_load_private(filename, pass, &prv, NULL, 1);
+ 	explicit_bzero(pass, strlen(pass));
+ 	free(pass);
+ 	if (r != 0)
+@@ -854,7 +854,7 @@ fingerprint_private(const char *path)
+ 	if ((r = sshkey_load_public(path, &public, &comment)) != 0) {
+ 		debug("load public \"%s\": %s", path, ssh_err(r));
+ 		if ((r = sshkey_load_private(path, NULL,
+-		    &public, &comment)) != 0) {
++		    &public, &comment, 1)) != 0) {
+ 			debug("load private \"%s\": %s", path, ssh_err(r));
+ 			fatal("%s is not a key file.", path);
+ 		}
+@@ -1327,7 +1327,7 @@ do_change_passphrase(struct passwd *pw)
+ 	if (stat(identity_file, &st) < 0)
+ 		fatal("%s: %s", identity_file, strerror(errno));
+ 	/* Try to load the file with empty passphrase. */
+-	r = sshkey_load_private(identity_file, "", &private, &comment);
++	r = sshkey_load_private(identity_file, "", &private, &comment, 1);
+ 	if (r == SSH_ERR_KEY_WRONG_PASSPHRASE) {
+ 		if (identity_passphrase)
+ 			old_passphrase = xstrdup(identity_passphrase);
+@@ -1336,7 +1336,7 @@ do_change_passphrase(struct passwd *pw)
+ 			    read_passphrase("Enter old passphrase: ",
+ 			    RP_ALLOW_STDIN);
+ 		r = sshkey_load_private(identity_file, old_passphrase,
+-		    &private, &comment);
++		    &private, &comment, 1);
+ 		explicit_bzero(old_passphrase, strlen(old_passphrase));
+ 		free(old_passphrase);
+ 		if (r != 0)
+@@ -1439,7 +1439,7 @@ do_change_comment(struct passwd *pw)
+ 	if (stat(identity_file, &st) < 0)
+ 		fatal("%s: %s", identity_file, strerror(errno));
+ 	if ((r = sshkey_load_private(identity_file, "",
+-	    &private, &comment)) == 0)
++	    &private, &comment, 1)) == 0)
+ 		passphrase = xstrdup("");
+ 	else if (r != SSH_ERR_KEY_WRONG_PASSPHRASE)
+ 		fatal("Cannot load private key \"%s\": %s.",
+@@ -1454,7 +1454,7 @@ do_change_comment(struct passwd *pw)
+ 			    RP_ALLOW_STDIN);
+ 		/* Try to load using the passphrase. */
+ 		if ((r = sshkey_load_private(identity_file, passphrase,
+-		    &private, &comment)) != 0) {
++		    &private, &comment, 1)) != 0) {
+ 			explicit_bzero(passphrase, strlen(passphrase));
+ 			free(passphrase);
+ 			fatal("Cannot load private key \"%s\": %s.",

--
Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2goclient-contrib.git


More information about the x2go-commits mailing list