[X2Go-Commits] [x2goclient-contrib] 06/07: openssh-server: add 7.7p1-x2go1 binary symlink and source.
git-admin at x2go.org
git-admin at x2go.org
Fri Jun 15 11:11:28 CEST 2018
This is an automated email from the git hooks/post-receive script.
x2go pushed a commit to branch master
in repository x2goclient-contrib.
commit 129ccaf63aa795279bcafba3a677efaf9112284a
Author: Mihai Moldovan <ionic at ionic.de>
Date: Fri Jun 15 10:47:20 2018 +0200
openssh-server: add 7.7p1-x2go1 binary symlink and source.
---
openssh-server/7.7p1-1-x2go1_cygwin-20180615-1_bin | 1 +
.../7.7p1-1-x2go1_src/openssh-7.7p1-1-src.tar.xz | Bin 0 -> 1536228 bytes
.../7.7p1-1-x2go1_src/openssh-7.7p1-1.x2go.patch | 438 +++++++++++++++++++++
3 files changed, 439 insertions(+)
diff --git a/openssh-server/7.7p1-1-x2go1_cygwin-20180615-1_bin b/openssh-server/7.7p1-1-x2go1_cygwin-20180615-1_bin
new file mode 120000
index 0000000..d7f2b95
--- /dev/null
+++ b/openssh-server/7.7p1-1-x2go1_cygwin-20180615-1_bin
@@ -0,0 +1 @@
+../cygwin/20180615-1_bin
\ No newline at end of file
diff --git a/openssh-server/7.7p1-1-x2go1_src/openssh-7.7p1-1-src.tar.xz b/openssh-server/7.7p1-1-x2go1_src/openssh-7.7p1-1-src.tar.xz
new file mode 100644
index 0000000..39fb6a2
Binary files /dev/null and b/openssh-server/7.7p1-1-x2go1_src/openssh-7.7p1-1-src.tar.xz differ
diff --git a/openssh-server/7.7p1-1-x2go1_src/openssh-7.7p1-1.x2go.patch b/openssh-server/7.7p1-1-x2go1_src/openssh-7.7p1-1.x2go.patch
new file mode 100644
index 0000000..445324e
--- /dev/null
+++ b/openssh-server/7.7p1-1-x2go1_src/openssh-7.7p1-1.x2go.patch
@@ -0,0 +1,438 @@
+diff -pur openssh-7.7p1-orig/auth.c openssh-7.7p1/auth.c
+--- openssh-7.7p1-orig/auth.c 2018-04-02 07:38:28.000000000 +0200
++++ openssh-7.7p1/auth.c 2018-06-15 07:39:05.789800000 +0200
+@@ -168,19 +168,34 @@ allowed_user(struct passwd * pw)
+ char *shell = xstrdup((pw->pw_shell[0] == '\0') ?
+ _PATH_BSHELL : pw->pw_shell); /* empty = /bin/sh */
+
++ /* Workaround for X2Go Client
++ * Path to shell is specified in sshd_config file
++ * as "subsystem shell"
++ */
++ int i = 0;
++ for (i = 0; i < options.num_subsystems; ++i) {
++ if (!strcmp("shell", options.subsystem_name[i])) {
++ free(shell);
++ shell = xstrdup(options.subsystem_command[i]);
++ }
++ }
++
+ if (stat(shell, &st) != 0) {
+ logit("User %.100s not allowed because shell %.100s "
+ "does not exist", pw->pw_name, shell);
+ free(shell);
+ return 0;
+ }
++
++ /* Do not check shell attributes */
++ /*
+ if (S_ISREG(st.st_mode) == 0 ||
+ (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) {
+ logit("User %.100s not allowed because shell %.100s "
+ "is not executable", pw->pw_name, shell);
+ free(shell);
+ return 0;
+- }
++ }*/
+ free(shell);
+ }
+
+diff -pur openssh-7.7p1-orig/authfile.c openssh-7.7p1/authfile.c
+--- openssh-7.7p1-orig/authfile.c 2018-04-02 07:38:28.000000000 +0200
++++ openssh-7.7p1/authfile.c 2018-06-15 10:25:23.207400000 +0200
+@@ -167,7 +167,7 @@ sshkey_perm_ok(int fd, const char *filen
+ /* XXX kill perm_ok now that we have SSH_ERR_KEY_BAD_PERMISSIONS? */
+ int
+ sshkey_load_private_type(int type, const char *filename, const char *passphrase,
+- struct sshkey **keyp, char **commentp, int *perm_ok)
++ struct sshkey **keyp, char **commentp, int *perm_ok, int strict_key_modes)
+ {
+ int fd, r;
+
+@@ -181,7 +181,7 @@ sshkey_load_private_type(int type, const
+ *perm_ok = 0;
+ return SSH_ERR_SYSTEM_ERROR;
+ }
+- if (sshkey_perm_ok(fd, filename) != 0) {
++ if (strict_key_modes && sshkey_perm_ok(fd, filename) != 0) {
+ if (perm_ok != NULL)
+ *perm_ok = 0;
+ r = SSH_ERR_KEY_BAD_PERMISSIONS;
+@@ -226,7 +226,7 @@ sshkey_load_private_type_fd(int fd, int
+ /* XXX this is almost identical to sshkey_load_private_type() */
+ int
+ sshkey_load_private(const char *filename, const char *passphrase,
+- struct sshkey **keyp, char **commentp)
++ struct sshkey **keyp, char **commentp, int strict_key_modes)
+ {
+ struct sshbuf *buffer = NULL;
+ int r, fd;
+@@ -238,7 +238,7 @@ sshkey_load_private(const char *filename
+
+ if ((fd = open(filename, O_RDONLY)) < 0)
+ return SSH_ERR_SYSTEM_ERROR;
+- if (sshkey_perm_ok(fd, filename) != 0) {
++ if (strict_key_modes && sshkey_perm_ok(fd, filename) != 0) {
+ r = SSH_ERR_KEY_BAD_PERMISSIONS;
+ goto out;
+ }
+@@ -387,7 +387,7 @@ sshkey_load_cert(const char *filename, s
+ /* Load private key and certificate */
+ int
+ sshkey_load_private_cert(int type, const char *filename, const char *passphrase,
+- struct sshkey **keyp, int *perm_ok)
++ struct sshkey **keyp, int *perm_ok, int strict_key_modes)
+ {
+ struct sshkey *key = NULL, *cert = NULL;
+ int r;
+@@ -410,7 +410,7 @@ sshkey_load_private_cert(int type, const
+ }
+
+ if ((r = sshkey_load_private_type(type, filename,
+- passphrase, &key, NULL, perm_ok)) != 0 ||
++ passphrase, &key, NULL, perm_ok, strict_key_modes)) != 0 ||
+ (r = sshkey_load_cert(filename, &cert)) != 0)
+ goto out;
+
+diff -pur openssh-7.7p1-orig/authfile.h openssh-7.7p1/authfile.h
+--- openssh-7.7p1-orig/authfile.h 2018-04-02 07:38:28.000000000 +0200
++++ openssh-7.7p1/authfile.h 2018-06-15 10:25:45.276400000 +0200
+@@ -38,11 +38,12 @@ int sshkey_save_private(struct sshkey *,
+ int sshkey_load_file(int, struct sshbuf *);
+ int sshkey_load_cert(const char *, struct sshkey **);
+ int sshkey_load_public(const char *, struct sshkey **, char **);
+-int sshkey_load_private(const char *, const char *, struct sshkey **, char **);
++int sshkey_load_private(const char *, const char *, struct sshkey **, char **,
++ int);
+ int sshkey_load_private_cert(int, const char *, const char *,
+- struct sshkey **, int *);
++ struct sshkey **, int *, int);
+ int sshkey_load_private_type(int, const char *, const char *,
+- struct sshkey **, char **, int *);
++ struct sshkey **, char **, int *, int);
+ int sshkey_load_private_type_fd(int fd, int type, const char *passphrase,
+ struct sshkey **keyp, char **commentp);
+ int sshkey_perm_ok(int, const char *);
+diff -pur openssh-7.7p1-orig/key.c openssh-7.7p1/key.c
+--- openssh-7.7p1-orig/key.c 2018-04-02 07:38:28.000000000 +0200
++++ openssh-7.7p1/key.c 2018-06-15 10:27:27.586400000 +0200
+@@ -175,12 +175,13 @@ key_load_public(const char *filename, ch
+
+ Key *
+ key_load_private(const char *path, const char *passphrase,
+- char **commentp)
++ char **commentp, int strict_key_modes)
+ {
+ int r;
+ Key *ret = NULL;
+
+- if ((r = sshkey_load_private(path, passphrase, &ret, commentp)) != 0) {
++ if ((r = sshkey_load_private(path, passphrase, &ret, commentp,
++ strict_key_modes)) != 0) {
+ fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
+ /* Old authfile.c ignored all file errors. */
+ if (r == SSH_ERR_SYSTEM_ERROR ||
+@@ -195,13 +196,13 @@ key_load_private(const char *path, const
+
+ Key *
+ key_load_private_cert(int type, const char *filename, const char *passphrase,
+- int *perm_ok)
++ int *perm_ok, int strict_key_modes)
+ {
+ int r;
+ Key *ret = NULL;
+
+ if ((r = sshkey_load_private_cert(type, filename, passphrase,
+- &ret, perm_ok)) != 0) {
++ &ret, perm_ok, strict_key_modes)) != 0) {
+ fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
+ /* Old authfile.c ignored all file errors. */
+ if (r == SSH_ERR_SYSTEM_ERROR ||
+@@ -216,13 +217,13 @@ key_load_private_cert(int type, const ch
+
+ Key *
+ key_load_private_type(int type, const char *filename, const char *passphrase,
+- char **commentp, int *perm_ok)
++ char **commentp, int *perm_ok, int strict_key_modes)
+ {
+ int r;
+ Key *ret = NULL;
+
+ if ((r = sshkey_load_private_type(type, filename, passphrase,
+- &ret, commentp, perm_ok)) != 0) {
++ &ret, commentp, perm_ok, strict_key_modes)) != 0) {
+ fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
+ /* Old authfile.c ignored all file errors. */
+ if (r == SSH_ERR_SYSTEM_ERROR ||
+diff -pur openssh-7.7p1-orig/key.h openssh-7.7p1/key.h
+--- openssh-7.7p1-orig/key.h 2018-04-02 07:38:28.000000000 +0200
++++ openssh-7.7p1/key.h 2018-06-15 10:27:42.702400000 +0200
+@@ -62,8 +62,9 @@ int key_sign(const Key *, u_char **, u_
+ /* authfile.c */
+ Key *key_load_cert(const char *);
+ Key *key_load_public(const char *, char **);
+-Key *key_load_private(const char *, const char *, char **);
+-Key *key_load_private_cert(int, const char *, const char *, int *);
+-Key *key_load_private_type(int, const char *, const char *, char **, int *);
++Key *key_load_private(const char *, const char *, char **, int);
++Key *key_load_private_cert(int, const char *, const char *, int *, int);
++Key *key_load_private_type(int, const char *, const char *, char **, int *,
++ int);
+
+ #endif
+diff -pur openssh-7.7p1-orig/servconf.c openssh-7.7p1/servconf.c
+--- openssh-7.7p1-orig/servconf.c 2018-04-02 07:38:28.000000000 +0200
++++ openssh-7.7p1/servconf.c 2018-06-15 08:49:53.141600000 +0200
+@@ -109,6 +109,7 @@ initialize_server_options(ServerOptions
+ options->permit_user_rc = -1;
+ options->xauth_location = NULL;
+ options->strict_modes = -1;
++ options->strict_key_modes = -1;
+ options->tcp_keep_alive = -1;
+ options->log_facility = SYSLOG_FACILITY_NOT_SET;
+ options->log_level = SYSLOG_LEVEL_NOT_SET;
+@@ -293,6 +294,8 @@ fill_default_server_options(ServerOption
+ options->permit_user_rc = 1;
+ if (options->strict_modes == -1)
+ options->strict_modes = 1;
++ if (options->strict_key_modes == -1)
++ options->strict_key_modes = 1;
+ if (options->tcp_keep_alive == -1)
+ options->tcp_keep_alive = 1;
+ if (options->log_facility == SYSLOG_FACILITY_NOT_SET)
+@@ -450,7 +453,7 @@ typedef enum {
+ sListenAddress, sAddressFamily,
+ sPrintMotd, sPrintLastLog, sIgnoreRhosts,
+ sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
+- sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive,
++ sPermitTTY, sStrictModes, sStrictKeyModes, sEmptyPasswd, sTCPKeepAlive,
+ sPermitUserEnvironment, sAllowTcpForwarding, sCompression,
+ sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
+ sIgnoreUserKnownHosts, sCiphers, sMacs, sPidFile,
+@@ -561,6 +564,7 @@ static struct {
+ { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL },
+ { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL },
+ { "strictmodes", sStrictModes, SSHCFG_GLOBAL },
++ { "strictkeymodes", sStrictKeyModes, SSHCFG_GLOBAL },
+ { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL },
+ { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL },
+ { "uselogin", sDeprecated, SSHCFG_GLOBAL },
+@@ -1470,6 +1474,10 @@ process_server_config_line(ServerOptions
+ intptr = &options->strict_modes;
+ goto parse_flag;
+
++ case sStrictKeyModes:
++ intptr = &options->strict_key_modes;
++ goto parse_flag;
++
+ case sTCPKeepAlive:
+ intptr = &options->tcp_keep_alive;
+ goto parse_flag;
+@@ -2469,6 +2477,7 @@ dump_config(ServerOptions *o)
+ dump_cfg_fmtint(sPermitTTY, o->permit_tty);
+ dump_cfg_fmtint(sPermitUserRC, o->permit_user_rc);
+ dump_cfg_fmtint(sStrictModes, o->strict_modes);
++ dump_cfg_fmtint(sStrictKeyModes, o->strict_key_modes);
+ dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive);
+ dump_cfg_fmtint(sEmptyPasswd, o->permit_empty_passwd);
+ dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);
+diff -pur openssh-7.7p1-orig/servconf.h openssh-7.7p1/servconf.h
+--- openssh-7.7p1-orig/servconf.h 2018-04-02 07:38:28.000000000 +0200
++++ openssh-7.7p1/servconf.h 2018-06-15 09:01:37.108600000 +0200
+@@ -103,6 +103,7 @@ typedef struct {
+ int permit_tty; /* If false, deny pty allocation */
+ int permit_user_rc; /* If false, deny ~/.ssh/rc execution */
+ int strict_modes; /* If true, require string home dir modes. */
++ int strict_key_modes; /* If true, require strict private key file modes. */
+ int tcp_keep_alive; /* If true, set SO_KEEPALIVE. */
+ int ip_qos_interactive; /* IP ToS/DSCP/class for interactive */
+ int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */
+diff -pur openssh-7.7p1-orig/session.c openssh-7.7p1/session.c
+--- openssh-7.7p1-orig/session.c 2018-04-02 07:38:28.000000000 +0200
++++ openssh-7.7p1/session.c 2018-06-15 07:41:16.592800000 +0200
+@@ -1539,6 +1539,18 @@ do_child(struct ssh *ssh, Session *s, co
+ shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell);
+ #endif
+
++
++ /* Workaround for X2Go Client
++ * Path to shell is specified in sshd_config file
++ * as "subsystem shell"
++ */
++ int i = 0;
++ for (i = 0; i < options.num_subsystems; ++i) {
++ if (!strcmp("shell", options.subsystem_name[i])) {
++ shell = options.subsystem_command[i];
++ }
++ }
++
+ /*
+ * Close the connection descriptors; note that this is the child, and
+ * the server will still have the socket open, and it is important
+diff -pur openssh-7.7p1-orig/ssh.c openssh-7.7p1/ssh.c
+--- openssh-7.7p1-orig/ssh.c 2018-04-02 07:38:28.000000000 +0200
++++ openssh-7.7p1/ssh.c 2018-06-15 10:28:11.513400000 +0200
+@@ -1393,28 +1393,28 @@ main(int ac, char **av)
+ PRIV_START;
+ #ifdef OPENSSL_HAS_ECC
+ sensitive_data.keys[1] = key_load_private_cert(KEY_ECDSA,
+- _PATH_HOST_ECDSA_KEY_FILE, "", NULL);
++ _PATH_HOST_ECDSA_KEY_FILE, "", NULL, 1);
+ #endif
+ sensitive_data.keys[2] = key_load_private_cert(KEY_ED25519,
+- _PATH_HOST_ED25519_KEY_FILE, "", NULL);
++ _PATH_HOST_ED25519_KEY_FILE, "", NULL, 1);
+ sensitive_data.keys[3] = key_load_private_cert(KEY_RSA,
+- _PATH_HOST_RSA_KEY_FILE, "", NULL);
++ _PATH_HOST_RSA_KEY_FILE, "", NULL, 1);
+ sensitive_data.keys[4] = key_load_private_cert(KEY_DSA,
+- _PATH_HOST_DSA_KEY_FILE, "", NULL);
++ _PATH_HOST_DSA_KEY_FILE, "", NULL, 1);
+ #ifdef OPENSSL_HAS_ECC
+ sensitive_data.keys[5] = key_load_private_type(KEY_ECDSA,
+- _PATH_HOST_ECDSA_KEY_FILE, "", NULL, NULL);
++ _PATH_HOST_ECDSA_KEY_FILE, "", NULL, NULL, 1);
+ #endif
+ sensitive_data.keys[6] = key_load_private_type(KEY_ED25519,
+- _PATH_HOST_ED25519_KEY_FILE, "", NULL, NULL);
++ _PATH_HOST_ED25519_KEY_FILE, "", NULL, NULL, 1);
+ sensitive_data.keys[7] = key_load_private_type(KEY_RSA,
+- _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL);
++ _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL, 1);
+ sensitive_data.keys[8] = key_load_private_type(KEY_DSA,
+- _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL);
++ _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL, 1);
+ sensitive_data.keys[9] = key_load_private_cert(KEY_XMSS,
+- _PATH_HOST_XMSS_KEY_FILE, "", NULL);
++ _PATH_HOST_XMSS_KEY_FILE, "", NULL, 1);
+ sensitive_data.keys[10] = key_load_private_type(KEY_XMSS,
+- _PATH_HOST_XMSS_KEY_FILE, "", NULL, NULL);
++ _PATH_HOST_XMSS_KEY_FILE, "", NULL, NULL, 1);
+ PRIV_END;
+
+ if (options.hostbased_authentication == 1 &&
+diff -pur openssh-7.7p1-orig/sshconnect2.c openssh-7.7p1/sshconnect2.c
+--- openssh-7.7p1-orig/sshconnect2.c 2018-04-02 07:38:28.000000000 +0200
++++ openssh-7.7p1/sshconnect2.c 2018-06-15 09:20:24.196600000 +0200
+@@ -1256,7 +1256,7 @@ load_identity_file(Identity *id)
+ }
+ }
+ switch ((r = sshkey_load_private_type(KEY_UNSPEC, id->filename,
+- passphrase, &private, &comment, &perm_ok))) {
++ passphrase, &private, &comment, &perm_ok, 1))) {
+ case 0:
+ break;
+ case SSH_ERR_KEY_WRONG_PASSPHRASE:
+diff -pur openssh-7.7p1-orig/sshd.c openssh-7.7p1/sshd.c
+--- openssh-7.7p1-orig/sshd.c 2018-04-02 07:38:28.000000000 +0200
++++ openssh-7.7p1/sshd.c 2018-06-15 09:44:24.432600000 +0200
+@@ -1714,7 +1714,8 @@ main(int ac, char **av)
+ for (i = 0; i < options.num_host_key_files; i++) {
+ if (options.host_key_files[i] == NULL)
+ continue;
+- key = key_load_private(options.host_key_files[i], "", NULL);
++ key = key_load_private(options.host_key_files[i], "", NULL,
++ options.strict_key_modes);
+ pubkey = key_load_public(options.host_key_files[i], NULL);
+
+ if (pubkey == NULL && key != NULL)
+diff -pur openssh-7.7p1-orig/sshd_config.0 openssh-7.7p1/sshd_config.0
+--- openssh-7.7p1-orig/sshd_config.0 2018-04-02 07:39:27.000000000 +0200
++++ openssh-7.7p1/sshd_config.0 2018-06-15 09:30:05.802600000 +0200
+@@ -856,6 +856,12 @@ DESCRIPTION
+ yes. Note that this does not apply to ChrootDirectory, whose
+ permissions and ownership are checked unconditionally.
+
++ StrictKeyModes
++ Specifies whether sshd(8) should check file modes and ownership
++ of private host keys upon startup. This is normally desirable
++ for private host keys to not to be replaced by malicious third
++ parties. The default is yes.
++
+ Subsystem
+ Configures an external subsystem (e.g. file transfer daemon).
+ Arguments should be a subsystem name and a command (with optional
+diff -pur openssh-7.7p1-orig/sshd_config.5 openssh-7.7p1/sshd_config.5
+--- openssh-7.7p1-orig/sshd_config.5 2018-04-02 07:38:28.000000000 +0200
++++ openssh-7.7p1/sshd_config.5 2018-06-15 09:30:43.520600000 +0200
+@@ -1441,6 +1441,14 @@ The default is
+ Note that this does not apply to
+ .Cm ChrootDirectory ,
+ whose permissions and ownership are checked unconditionally.
++.It Cm StrictKeyModes
++Specifies whether
++.Xr sshd8
++should check file modes and ownership of private host keys upon startup.
++This is normally desirable for private host keys to not to be replaced by
++malicious third parties.
++The default is
++.Cm yes .
+ .It Cm Subsystem
+ Configures an external subsystem (e.g. file transfer daemon).
+ Arguments should be a subsystem name and a command (with optional arguments)
+diff -pur openssh-7.7p1-orig/ssh-keygen.c openssh-7.7p1/ssh-keygen.c
+--- openssh-7.7p1-orig/ssh-keygen.c 2018-04-02 07:38:28.000000000 +0200
++++ openssh-7.7p1/ssh-keygen.c 2018-06-15 09:42:03.452600000 +0200
+@@ -302,7 +302,7 @@ load_identity(char *filename)
+ struct sshkey *prv;
+ int r;
+
+- if ((r = sshkey_load_private(filename, "", &prv, NULL)) == 0)
++ if ((r = sshkey_load_private(filename, "", &prv, NULL, 1)) == 0)
+ return prv;
+ if (r != SSH_ERR_KEY_WRONG_PASSPHRASE)
+ fatal("Load key \"%s\": %s", filename, ssh_err(r));
+@@ -310,7 +310,7 @@ load_identity(char *filename)
+ pass = xstrdup(identity_passphrase);
+ else
+ pass = read_passphrase("Enter passphrase: ", RP_ALLOW_STDIN);
+- r = sshkey_load_private(filename, pass, &prv, NULL);
++ r = sshkey_load_private(filename, pass, &prv, NULL, 1);
+ explicit_bzero(pass, strlen(pass));
+ free(pass);
+ if (r != 0)
+@@ -854,7 +854,7 @@ fingerprint_private(const char *path)
+ if ((r = sshkey_load_public(path, &public, &comment)) != 0) {
+ debug("load public \"%s\": %s", path, ssh_err(r));
+ if ((r = sshkey_load_private(path, NULL,
+- &public, &comment)) != 0) {
++ &public, &comment, 1)) != 0) {
+ debug("load private \"%s\": %s", path, ssh_err(r));
+ fatal("%s is not a key file.", path);
+ }
+@@ -1327,7 +1327,7 @@ do_change_passphrase(struct passwd *pw)
+ if (stat(identity_file, &st) < 0)
+ fatal("%s: %s", identity_file, strerror(errno));
+ /* Try to load the file with empty passphrase. */
+- r = sshkey_load_private(identity_file, "", &private, &comment);
++ r = sshkey_load_private(identity_file, "", &private, &comment, 1);
+ if (r == SSH_ERR_KEY_WRONG_PASSPHRASE) {
+ if (identity_passphrase)
+ old_passphrase = xstrdup(identity_passphrase);
+@@ -1336,7 +1336,7 @@ do_change_passphrase(struct passwd *pw)
+ read_passphrase("Enter old passphrase: ",
+ RP_ALLOW_STDIN);
+ r = sshkey_load_private(identity_file, old_passphrase,
+- &private, &comment);
++ &private, &comment, 1);
+ explicit_bzero(old_passphrase, strlen(old_passphrase));
+ free(old_passphrase);
+ if (r != 0)
+@@ -1439,7 +1439,7 @@ do_change_comment(struct passwd *pw)
+ if (stat(identity_file, &st) < 0)
+ fatal("%s: %s", identity_file, strerror(errno));
+ if ((r = sshkey_load_private(identity_file, "",
+- &private, &comment)) == 0)
++ &private, &comment, 1)) == 0)
+ passphrase = xstrdup("");
+ else if (r != SSH_ERR_KEY_WRONG_PASSPHRASE)
+ fatal("Cannot load private key \"%s\": %s.",
+@@ -1454,7 +1454,7 @@ do_change_comment(struct passwd *pw)
+ RP_ALLOW_STDIN);
+ /* Try to load using the passphrase. */
+ if ((r = sshkey_load_private(identity_file, passphrase,
+- &private, &comment)) != 0) {
++ &private, &comment, 1)) != 0) {
+ explicit_bzero(passphrase, strlen(passphrase));
+ free(passphrase);
+ fatal("Cannot load private key \"%s\": %s.",
--
Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2goclient-contrib.git
More information about the x2go-commits
mailing list