]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit
projects / FreeBSD / FreeBSD.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c9c5805) | patch
key_load_private() ignores the passphrase argument if the private key
authorDag-Erling Smørgrav <des@FreeBSD.org>
Sun, 20 Nov 2011 15:18:49 +0000 (15:18 +0000)
committerDag-Erling Smørgrav <des@FreeBSD.org>
Sun, 20 Nov 2011 15:18:49 +0000 (15:18 +0000)
commit4520e72ebf2ab451d5205040bffe406345070154
tree719a4f3c784b1b7ddabd2ea0fc228467ccfd7b38tree | snapshot
parentc9c5805975092e825b46afbfe395a9eb23dbc382commit | diff
key_load_private() ignores the passphrase argument if the private key
is unencrypted.  This defeats the nullok check, because it means a
non-null passphrase will successfully unlock the key.

To address this, try at first to load the key without a passphrase.
If this succeeds and the user provided a non-empty passphrase *or*
nullok is false, reject the key.

MFC after: 1 week
Noticed by: Guy Helmer <guy.helmer@palisadesystems.com>
lib/libpam/modules/pam_ssh/pam_ssh.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.