diff options
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | readpass.c | 35 | ||||
| -rw-r--r-- | readpass.h | 11 | ||||
| -rw-r--r-- | ssh-add.c | 4 | ||||
| -rw-r--r-- | ssh-keygen.c | 32 | ||||
| -rw-r--r-- | sshconnect2.c | 9 |
6 files changed, 56 insertions, 41 deletions
@@ -95,6 +95,10 @@ - markus@cvs.openbsd.org 2001/06/24 05:25:10 [auth-options.c match.c match.h] move ip+hostname check to match.c + - markus@cvs.openbsd.org 2001/06/24 05:35:33 + [readpass.c readpass.h ssh-add.c sshconnect2.c ssh-keygen.c] + switch to readpassphrase(3) + 2.7/8-stable needs readpassphrase.[ch] from libc 20010622 - (stevesk) handle systems without pw_expire and pw_change. @@ -5779,4 +5783,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.1320 2001/06/25 05:17:53 mouring Exp $ +$Id: ChangeLog,v 1.1321 2001/06/25 05:20:31 mouring Exp $ @@ -32,10 +32,11 @@ */ #include "includes.h" -RCSID("$OpenBSD: readpass.c,v 1.18 2001/06/23 15:12:19 itojun Exp $"); +RCSID("$OpenBSD: readpass.c,v 1.19 2001/06/24 05:35:33 markus Exp $"); + +#include <readpassphrase.h> #include "xmalloc.h" -#include "cli.h" #include "readpass.h" #include "pathnames.h" #include "log.h" @@ -84,27 +85,24 @@ ssh_askpass(char *askpass, const char *msg) return pass; } - /* - * Reads a passphrase from /dev/tty with echo turned off. Returns the - * passphrase (allocated with xmalloc), being very careful to ensure that - * no other userland buffer is storing the password. - */ -/* - * Note: the funcationallity of this routing has been moved to - * cli_read_passphrase(). This routing remains to maintain - * compatibility with existing code. + * Reads a passphrase from /dev/tty with echo turned off/on. Returns the + * passphrase (allocated with xmalloc). Exits if EOF is encountered. If + * RP_ALLOW_STDIN is set, the passphrase will be read from stdin if no + * tty is available */ char * -read_passphrase(const char *prompt, int from_stdin) +read_passphrase(const char *prompt, int flags) { - char *askpass = NULL; - int use_askpass = 0, ttyfd; + char *askpass = NULL, *ret, buf[1024]; + int rppflags, use_askpass = 0, ttyfd; - if (from_stdin) { + rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF; + if (flags & RP_ALLOW_STDIN) { if (!isatty(STDIN_FILENO)) use_askpass = 1; } else { + rppflags |= RPP_REQUIRE_TTY; ttyfd = open("/dev/tty", O_RDWR); if (ttyfd >= 0) close(ttyfd); @@ -120,5 +118,10 @@ read_passphrase(const char *prompt, int from_stdin) return ssh_askpass(askpass, prompt); } - return cli_read_passphrase(prompt, from_stdin, 0); + if (readpassphrase(prompt, buf, sizeof buf, rppflags) == NULL) + return NULL; + + ret = xstrdup(buf); + memset(buf, 'x', sizeof buf); + return ret; } @@ -1,4 +1,4 @@ -/* $OpenBSD: readpass.h,v 1.3 2001/05/06 17:52:08 mouring Exp $ */ +/* $OpenBSD: readpass.h,v 1.4 2001/06/24 05:35:33 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -12,9 +12,6 @@ * called by a name other than "ssh" or "Secure Shell". */ -/* - * Reads a passphrase from /dev/tty with echo turned off. Returns the - * passphrase (allocated with xmalloc). Exits if EOF is encountered. If - * from_stdin is true, the passphrase will be read from stdin instead. - */ -char *read_passphrase(const char *prompt, int from_stdin); +#define RP_ECHO 0x0001 +#define RP_ALLOW_STDIN 0x0002 +char *read_passphrase(const char *prompt, int flags); @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-add.c,v 1.39 2001/06/23 15:12:20 itojun Exp $"); +RCSID("$OpenBSD: ssh-add.c,v 1.40 2001/06/24 05:35:33 markus Exp $"); #include <openssl/evp.h> @@ -128,7 +128,7 @@ add_file(AuthenticationConnection *ac, const char *filename) snprintf(msg, sizeof msg, "Enter passphrase for %.200s: ", comment); for (;;) { - pass = read_passphrase(msg, 1); + pass = read_passphrase(msg, RP_ALLOW_STDIN); if (strcmp(pass, "") == 0) { clear_pass(); xfree(comment); diff --git a/ssh-keygen.c b/ssh-keygen.c index 51b00340..95fcd652 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keygen.c,v 1.64 2001/06/23 17:05:22 markus Exp $"); +RCSID("$OpenBSD: ssh-keygen.c,v 1.65 2001/06/24 05:35:33 markus Exp $"); #include <openssl/evp.h> #include <openssl/pem.h> @@ -123,7 +123,8 @@ load_identity(char *filename) if (identity_passphrase) pass = xstrdup(identity_passphrase); else - pass = read_passphrase("Enter passphrase: ", 1); + pass = read_passphrase("Enter passphrase: ", + RP_ALLOW_STDIN); prv = key_load_private(filename, pass, NULL); memset(pass, 0, strlen(pass)); xfree(pass); @@ -491,8 +492,11 @@ do_change_passphrase(struct passwd *pw) if (identity_passphrase) old_passphrase = xstrdup(identity_passphrase); else - old_passphrase = read_passphrase("Enter old passphrase: ", 1); - private = key_load_private(identity_file, old_passphrase , &comment); + old_passphrase = + read_passphrase("Enter old passphrase: ", + RP_ALLOW_STDIN); + private = key_load_private(identity_file, old_passphrase, + &comment); memset(old_passphrase, 0, strlen(old_passphrase)); xfree(old_passphrase); if (private == NULL) { @@ -508,8 +512,10 @@ do_change_passphrase(struct passwd *pw) passphrase2 = NULL; } else { passphrase1 = - read_passphrase("Enter new passphrase (empty for no passphrase): ", 1); - passphrase2 = read_passphrase("Enter same passphrase again: ", 1); + read_passphrase("Enter new passphrase (empty for no " + "passphrase): ", RP_ALLOW_STDIN); + passphrase2 = read_passphrase("Enter same passphrase again: ", + RP_ALLOW_STDIN); /* Verify that they are the same. */ if (strcmp(passphrase1, passphrase2) != 0) { @@ -570,7 +576,8 @@ do_change_comment(struct passwd *pw) else if (identity_new_passphrase) passphrase = xstrdup(identity_new_passphrase); else - passphrase = read_passphrase("Enter passphrase: ", 1); + passphrase = read_passphrase("Enter passphrase: ", + RP_ALLOW_STDIN); /* Try to load using the passphrase. */ private = key_load_private(identity_file, passphrase, &comment); if (private == NULL) { @@ -830,10 +837,15 @@ main(int ac, char **av) else { passphrase_again: passphrase1 = - read_passphrase("Enter passphrase (empty for no passphrase): ", 1); - passphrase2 = read_passphrase("Enter same passphrase again: ", 1); + read_passphrase("Enter passphrase (empty for no " + "passphrase): ", RP_ALLOW_STDIN); + passphrase2 = read_passphrase("Enter same passphrase again: ", + RP_ALLOW_STDIN); if (strcmp(passphrase1, passphrase2) != 0) { - /* The passphrases do not match. Clear them and retry. */ + /* + * The passphrases do not match. Clear them and + * retry. + */ memset(passphrase1, 0, strlen(passphrase1)); memset(passphrase2, 0, strlen(passphrase2)); xfree(passphrase1); diff --git a/sshconnect2.c b/sshconnect2.c index 1f57c3a9..5f4943ba 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.76 2001/06/23 15:12:21 itojun Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.77 2001/06/24 05:35:34 markus Exp $"); #include <openssl/bn.h> #include <openssl/md5.h> @@ -45,7 +45,6 @@ RCSID("$OpenBSD: sshconnect2.c,v 1.76 2001/06/23 15:12:21 itojun Exp $"); #include "key.h" #include "sshconnect.h" #include "authfile.h" -#include "cli.h" #include "dh.h" #include "authfd.h" #include "log.h" @@ -770,9 +769,9 @@ input_userauth_info_req(int type, int plen, void *ctxt) inst = packet_get_string(NULL); lang = packet_get_string(NULL); if (strlen(name) > 0) - cli_mesg(name); + log(name); if (strlen(inst) > 0) - cli_mesg(inst); + log(inst); xfree(name); xfree(inst); xfree(lang); @@ -792,7 +791,7 @@ input_userauth_info_req(int type, int plen, void *ctxt) prompt = packet_get_string(NULL); echo = packet_get_char(); - response = cli_prompt(prompt, echo); + response = read_passphrase(prompt, echo ? RP_ECHO : 0); packet_put_cstring(response); memset(response, 0, strlen(response)); |