Allow reading dbclient password from an environment var

2 files changed, 17 insertions, 0 deletions

diff --git a/cli-auth.c b/cli-auth.c
index 4c17a21..1024538 100644
--- a/cli-auth.c
+++ b/cli-auth.c
@@ -284,6 +284,15 @@ void cli_auth_try() {
 char* getpass_or_cancel(char* prompt)
 {
 	char* password = NULL;
+	
+#ifdef DROPBEAR_PASSWORD_ENV
+    /* Password provided in an environment var */
+    password = getenv(DROPBEAR_PASSWORD_ENV);
+    if (password)
+    {
+        return password;
+    }
+#endif
 
 	password = getpass(prompt);
 
diff --git a/options.h b/options.h
index cd6f7ca..c6fc71c 100644
--- a/options.h
+++ b/options.h
@@ -140,6 +140,14 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
 #define ENABLE_CLI_PUBKEY_AUTH
 #define ENABLE_CLI_INTERACT_AUTH
 
+/* This variable can be used to set a password for client
+ * authentication on the commandline. Beware of platforms
+ * that don't protect environment variables of processes etc. Also
+ * note that it will be provided for all "hidden" client-interactive
+ * style prompts - if you want something more sophisticated, use 
+ * SSH_ASKPASS instead. Comment out this var to remove this functionality.*/
+#define DROPBEAR_PASSWORD_ENV "DROPBEAR_PASSWORD"
+
 /* Define this (as well as ENABLE_CLI_PASSWORD_AUTH) to allow the use of
  * a helper program for the ssh client. The helper program should be
  * specified in the SSH_ASKPASS environment variable, and dbclient