- markus@cvs.openbsd.org 2001/06/24 05:25:10
[auth-options.c match.c match.h]
move ip+hostname check to match.c
+ - markus@cvs.openbsd.org 2001/06/24 05:35:33
+ [readpass.c readpass.h ssh-add.c sshconnect2.c ssh-keygen.c]
+ switch to readpassphrase(3)
+ 2.7/8-stable needs readpassphrase.[ch] from libc
20010622
- (stevesk) handle systems without pw_expire and pw_change.
*/
#include "includes.h"
-RCSID("$OpenBSD: readpass.c,v 1.18 2001/06/23 15:12:19 itojun Exp $");
+RCSID("$OpenBSD: readpass.c,v 1.19 2001/06/24 05:35:33 markus Exp $");
+
+#include <readpassphrase.h>
#include "xmalloc.h"
-#include "cli.h"
#include "readpass.h"
#include "pathnames.h"
#include "log.h"
return pass;
}
-
/*
- * Reads a passphrase from /dev/tty with echo turned off. Returns the
- * passphrase (allocated with xmalloc), being very careful to ensure that
- * no other userland buffer is storing the password.
- */
-/*
- * Note: the funcationallity of this routing has been moved to
- * cli_read_passphrase(). This routing remains to maintain
- * compatibility with existing code.
+ * Reads a passphrase from /dev/tty with echo turned off/on. Returns the
+ * passphrase (allocated with xmalloc). Exits if EOF is encountered. If
+ * RP_ALLOW_STDIN is set, the passphrase will be read from stdin if no
+ * tty is available
*/
char *
-read_passphrase(const char *prompt, int from_stdin)
+read_passphrase(const char *prompt, int flags)
{
- char *askpass = NULL;
- int use_askpass = 0, ttyfd;
+ char *askpass = NULL, *ret, buf[1024];
+ int rppflags, use_askpass = 0, ttyfd;
- if (from_stdin) {
+ rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF;
+ if (flags & RP_ALLOW_STDIN) {
if (!isatty(STDIN_FILENO))
use_askpass = 1;
} else {
+ rppflags |= RPP_REQUIRE_TTY;
ttyfd = open("/dev/tty", O_RDWR);
if (ttyfd >= 0)
close(ttyfd);
return ssh_askpass(askpass, prompt);
}
- return cli_read_passphrase(prompt, from_stdin, 0);
+ if (readpassphrase(prompt, buf, sizeof buf, rppflags) == NULL)
+ return NULL;
+
+ ret = xstrdup(buf);
+ memset(buf, 'x', sizeof buf);
+ return ret;
}
-/* $OpenBSD: readpass.h,v 1.3 2001/05/06 17:52:08 mouring Exp $ */
+/* $OpenBSD: readpass.h,v 1.4 2001/06/24 05:35:33 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* called by a name other than "ssh" or "Secure Shell".
*/
-/*
- * Reads a passphrase from /dev/tty with echo turned off. Returns the
- * passphrase (allocated with xmalloc). Exits if EOF is encountered. If
- * from_stdin is true, the passphrase will be read from stdin instead.
- */
-char *read_passphrase(const char *prompt, int from_stdin);
+#define RP_ECHO 0x0001
+#define RP_ALLOW_STDIN 0x0002
+char *read_passphrase(const char *prompt, int flags);
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-add.c,v 1.39 2001/06/23 15:12:20 itojun Exp $");
+RCSID("$OpenBSD: ssh-add.c,v 1.40 2001/06/24 05:35:33 markus Exp $");
#include <openssl/evp.h>
snprintf(msg, sizeof msg, "Enter passphrase for %.200s: ",
comment);
for (;;) {
- pass = read_passphrase(msg, 1);
+ pass = read_passphrase(msg, RP_ALLOW_STDIN);
if (strcmp(pass, "") == 0) {
clear_pass();
xfree(comment);
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.64 2001/06/23 17:05:22 markus Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.65 2001/06/24 05:35:33 markus Exp $");
#include <openssl/evp.h>
#include <openssl/pem.h>
if (identity_passphrase)
pass = xstrdup(identity_passphrase);
else
- pass = read_passphrase("Enter passphrase: ", 1);
+ pass = read_passphrase("Enter passphrase: ",
+ RP_ALLOW_STDIN);
prv = key_load_private(filename, pass, NULL);
memset(pass, 0, strlen(pass));
xfree(pass);
if (identity_passphrase)
old_passphrase = xstrdup(identity_passphrase);
else
- old_passphrase = read_passphrase("Enter old passphrase: ", 1);
- private = key_load_private(identity_file, old_passphrase , &comment);
+ old_passphrase =
+ read_passphrase("Enter old passphrase: ",
+ RP_ALLOW_STDIN);
+ private = key_load_private(identity_file, old_passphrase,
+ &comment);
memset(old_passphrase, 0, strlen(old_passphrase));
xfree(old_passphrase);
if (private == NULL) {
passphrase2 = NULL;
} else {
passphrase1 =
- read_passphrase("Enter new passphrase (empty for no passphrase): ", 1);
- passphrase2 = read_passphrase("Enter same passphrase again: ", 1);
+ read_passphrase("Enter new passphrase (empty for no "
+ "passphrase): ", RP_ALLOW_STDIN);
+ passphrase2 = read_passphrase("Enter same passphrase again: ",
+ RP_ALLOW_STDIN);
/* Verify that they are the same. */
if (strcmp(passphrase1, passphrase2) != 0) {
else if (identity_new_passphrase)
passphrase = xstrdup(identity_new_passphrase);
else
- passphrase = read_passphrase("Enter passphrase: ", 1);
+ passphrase = read_passphrase("Enter passphrase: ",
+ RP_ALLOW_STDIN);
/* Try to load using the passphrase. */
private = key_load_private(identity_file, passphrase, &comment);
if (private == NULL) {
else {
passphrase_again:
passphrase1 =
- read_passphrase("Enter passphrase (empty for no passphrase): ", 1);
- passphrase2 = read_passphrase("Enter same passphrase again: ", 1);
+ read_passphrase("Enter passphrase (empty for no "
+ "passphrase): ", RP_ALLOW_STDIN);
+ passphrase2 = read_passphrase("Enter same passphrase again: ",
+ RP_ALLOW_STDIN);
if (strcmp(passphrase1, passphrase2) != 0) {
- /* The passphrases do not match. Clear them and retry. */
+ /*
+ * The passphrases do not match. Clear them and
+ * retry.
+ */
memset(passphrase1, 0, strlen(passphrase1));
memset(passphrase2, 0, strlen(passphrase2));
xfree(passphrase1);
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.76 2001/06/23 15:12:21 itojun Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.77 2001/06/24 05:35:34 markus Exp $");
#include <openssl/bn.h>
#include <openssl/md5.h>
#include "key.h"
#include "sshconnect.h"
#include "authfile.h"
-#include "cli.h"
#include "dh.h"
#include "authfd.h"
#include "log.h"
inst = packet_get_string(NULL);
lang = packet_get_string(NULL);
if (strlen(name) > 0)
- cli_mesg(name);
+ log(name);
if (strlen(inst) > 0)
- cli_mesg(inst);
+ log(inst);
xfree(name);
xfree(inst);
xfree(lang);
prompt = packet_get_string(NULL);
echo = packet_get_char();
- response = cli_prompt(prompt, echo);
+ response = read_passphrase(prompt, echo ? RP_ECHO : 0);
packet_put_cstring(response);
memset(response, 0, strlen(response));