- markus@cvs.openbsd.org 2001/06/24 05:35:33
[readpass.c readpass.h ssh-add.c sshconnect2.c ssh-keygen.c]
switch to readpassphrase(3)
2.7/8-stable needs readpassphrase.[ch] from libc
diff --git a/ChangeLog b/ChangeLog
index 590ac58..f2d9267 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -95,6 +95,10 @@
- markus@cvs.openbsd.org 2001/06/24 05:25:10
[auth-options.c match.c match.h]
move ip+hostname check to match.c
+ - markus@cvs.openbsd.org 2001/06/24 05:35:33
+ [readpass.c readpass.h ssh-add.c sshconnect2.c ssh-keygen.c]
+ switch to readpassphrase(3)
+ 2.7/8-stable needs readpassphrase.[ch] from libc
20010622
- (stevesk) handle systems without pw_expire and pw_change.
@@ -5779,4 +5783,4 @@
- Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1
-$Id: ChangeLog,v 1.1320 2001/06/25 05:17:53 mouring Exp $
+$Id: ChangeLog,v 1.1321 2001/06/25 05:20:31 mouring Exp $
diff --git a/readpass.c b/readpass.c
index 05883df..3b6ed72 100644
--- a/readpass.c
+++ b/readpass.c
@@ -32,10 +32,11 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: readpass.c,v 1.18 2001/06/23 15:12:19 itojun Exp $");
+RCSID("$OpenBSD: readpass.c,v 1.19 2001/06/24 05:35:33 markus Exp $");
+
+#include <readpassphrase.h>
#include "xmalloc.h"
-#include "cli.h"
#include "readpass.h"
#include "pathnames.h"
#include "log.h"
@@ -84,27 +85,24 @@
return pass;
}
-
/*
- * Reads a passphrase from /dev/tty with echo turned off. Returns the
- * passphrase (allocated with xmalloc), being very careful to ensure that
- * no other userland buffer is storing the password.
- */
-/*
- * Note: the funcationallity of this routing has been moved to
- * cli_read_passphrase(). This routing remains to maintain
- * compatibility with existing code.
+ * Reads a passphrase from /dev/tty with echo turned off/on. Returns the
+ * passphrase (allocated with xmalloc). Exits if EOF is encountered. If
+ * RP_ALLOW_STDIN is set, the passphrase will be read from stdin if no
+ * tty is available
*/
char *
-read_passphrase(const char *prompt, int from_stdin)
+read_passphrase(const char *prompt, int flags)
{
- char *askpass = NULL;
- int use_askpass = 0, ttyfd;
+ char *askpass = NULL, *ret, buf[1024];
+ int rppflags, use_askpass = 0, ttyfd;
- if (from_stdin) {
+ rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF;
+ if (flags & RP_ALLOW_STDIN) {
if (!isatty(STDIN_FILENO))
use_askpass = 1;
} else {
+ rppflags |= RPP_REQUIRE_TTY;
ttyfd = open("/dev/tty", O_RDWR);
if (ttyfd >= 0)
close(ttyfd);
@@ -120,5 +118,10 @@
return ssh_askpass(askpass, prompt);
}
- return cli_read_passphrase(prompt, from_stdin, 0);
+ if (readpassphrase(prompt, buf, sizeof buf, rppflags) == NULL)
+ return NULL;
+
+ ret = xstrdup(buf);
+ memset(buf, 'x', sizeof buf);
+ return ret;
}
diff --git a/readpass.h b/readpass.h
index 55ed294..37f8500 100644
--- a/readpass.h
+++ b/readpass.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: readpass.h,v 1.3 2001/05/06 17:52:08 mouring Exp $ */
+/* $OpenBSD: readpass.h,v 1.4 2001/06/24 05:35:33 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -12,9 +12,6 @@
* called by a name other than "ssh" or "Secure Shell".
*/
-/*
- * Reads a passphrase from /dev/tty with echo turned off. Returns the
- * passphrase (allocated with xmalloc). Exits if EOF is encountered. If
- * from_stdin is true, the passphrase will be read from stdin instead.
- */
-char *read_passphrase(const char *prompt, int from_stdin);
+#define RP_ECHO 0x0001
+#define RP_ALLOW_STDIN 0x0002
+char *read_passphrase(const char *prompt, int flags);
diff --git a/ssh-add.c b/ssh-add.c
index f03ce02..84a8c20 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -35,7 +35,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-add.c,v 1.39 2001/06/23 15:12:20 itojun Exp $");
+RCSID("$OpenBSD: ssh-add.c,v 1.40 2001/06/24 05:35:33 markus Exp $");
#include <openssl/evp.h>
@@ -128,7 +128,7 @@
snprintf(msg, sizeof msg, "Enter passphrase for %.200s: ",
comment);
for (;;) {
- pass = read_passphrase(msg, 1);
+ pass = read_passphrase(msg, RP_ALLOW_STDIN);
if (strcmp(pass, "") == 0) {
clear_pass();
xfree(comment);
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 51b0034..95fcd65 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -12,7 +12,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.64 2001/06/23 17:05:22 markus Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.65 2001/06/24 05:35:33 markus Exp $");
#include <openssl/evp.h>
#include <openssl/pem.h>
@@ -123,7 +123,8 @@
if (identity_passphrase)
pass = xstrdup(identity_passphrase);
else
- pass = read_passphrase("Enter passphrase: ", 1);
+ pass = read_passphrase("Enter passphrase: ",
+ RP_ALLOW_STDIN);
prv = key_load_private(filename, pass, NULL);
memset(pass, 0, strlen(pass));
xfree(pass);
@@ -491,8 +492,11 @@
if (identity_passphrase)
old_passphrase = xstrdup(identity_passphrase);
else
- old_passphrase = read_passphrase("Enter old passphrase: ", 1);
- private = key_load_private(identity_file, old_passphrase , &comment);
+ old_passphrase =
+ read_passphrase("Enter old passphrase: ",
+ RP_ALLOW_STDIN);
+ private = key_load_private(identity_file, old_passphrase,
+ &comment);
memset(old_passphrase, 0, strlen(old_passphrase));
xfree(old_passphrase);
if (private == NULL) {
@@ -508,8 +512,10 @@
passphrase2 = NULL;
} else {
passphrase1 =
- read_passphrase("Enter new passphrase (empty for no passphrase): ", 1);
- passphrase2 = read_passphrase("Enter same passphrase again: ", 1);
+ read_passphrase("Enter new passphrase (empty for no "
+ "passphrase): ", RP_ALLOW_STDIN);
+ passphrase2 = read_passphrase("Enter same passphrase again: ",
+ RP_ALLOW_STDIN);
/* Verify that they are the same. */
if (strcmp(passphrase1, passphrase2) != 0) {
@@ -570,7 +576,8 @@
else if (identity_new_passphrase)
passphrase = xstrdup(identity_new_passphrase);
else
- passphrase = read_passphrase("Enter passphrase: ", 1);
+ passphrase = read_passphrase("Enter passphrase: ",
+ RP_ALLOW_STDIN);
/* Try to load using the passphrase. */
private = key_load_private(identity_file, passphrase, &comment);
if (private == NULL) {
@@ -830,10 +837,15 @@
else {
passphrase_again:
passphrase1 =
- read_passphrase("Enter passphrase (empty for no passphrase): ", 1);
- passphrase2 = read_passphrase("Enter same passphrase again: ", 1);
+ read_passphrase("Enter passphrase (empty for no "
+ "passphrase): ", RP_ALLOW_STDIN);
+ passphrase2 = read_passphrase("Enter same passphrase again: ",
+ RP_ALLOW_STDIN);
if (strcmp(passphrase1, passphrase2) != 0) {
- /* The passphrases do not match. Clear them and retry. */
+ /*
+ * The passphrases do not match. Clear them and
+ * retry.
+ */
memset(passphrase1, 0, strlen(passphrase1));
memset(passphrase2, 0, strlen(passphrase2));
xfree(passphrase1);
diff --git a/sshconnect2.c b/sshconnect2.c
index 1f57c3a..5f4943b 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.76 2001/06/23 15:12:21 itojun Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.77 2001/06/24 05:35:34 markus Exp $");
#include <openssl/bn.h>
#include <openssl/md5.h>
@@ -45,7 +45,6 @@
#include "key.h"
#include "sshconnect.h"
#include "authfile.h"
-#include "cli.h"
#include "dh.h"
#include "authfd.h"
#include "log.h"
@@ -770,9 +769,9 @@
inst = packet_get_string(NULL);
lang = packet_get_string(NULL);
if (strlen(name) > 0)
- cli_mesg(name);
+ log(name);
if (strlen(inst) > 0)
- cli_mesg(inst);
+ log(inst);
xfree(name);
xfree(inst);
xfree(lang);
@@ -792,7 +791,7 @@
prompt = packet_get_string(NULL);
echo = packet_get_char();
- response = cli_prompt(prompt, echo);
+ response = read_passphrase(prompt, echo ? RP_ECHO : 0);
packet_put_cstring(response);
memset(response, 0, strlen(response));