summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBen Lindstrom <mouring@eviladmin.org>2001-04-10 02:45:32 +0000
committerBen Lindstrom <mouring@eviladmin.org>2001-04-10 02:45:32 +0000
commitee61794620e6ce4d40ae0e3a90c2ee90bf5f4719 (patch)
treecde589dd733f7ba120ebd09a17b5b5c0de45c1c8
parent8ffeacfb2d94e13edeb48f53641674ac2788ec13 (diff)
- markus@cvs.openbsd.org 2001/04/09 15:12:23
[ssh-add.c] passphrase caching: ssh-add tries last passphrase, clears passphrase if not successful and after last try. based on discussions with espie@, jakob@, ... and code from jakob@ and wolfgang@wsrcc.com
-rw-r--r--ChangeLog8
-rw-r--r--ssh-add.c25
2 files changed, 28 insertions, 5 deletions
diff --git a/ChangeLog b/ChangeLog
index ff1cf8c79..51c38fd5f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -9,6 +9,12 @@
9 - stevesk@cvs.openbsd.org 2001/04/09 00:42:05 9 - stevesk@cvs.openbsd.org 2001/04/09 00:42:05
10 [sftp.1] 10 [sftp.1]
11 spelling 11 spelling
12 - markus@cvs.openbsd.org 2001/04/09 15:12:23
13 [ssh-add.c]
14 passphrase caching: ssh-add tries last passphrase, clears passphrase if
15 not successful and after last try.
16 based on discussions with espie@, jakob@, ... and code from jakob@ and
17 wolfgang@wsrcc.com
12 18
1320010409 1920010409
14 - (stevesk) use setresgid() for setegid() if needed 20 - (stevesk) use setresgid() for setegid() if needed
@@ -4978,4 +4984,4 @@
4978 - Wrote replacements for strlcpy and mkdtemp 4984 - Wrote replacements for strlcpy and mkdtemp
4979 - Released 1.0pre1 4985 - Released 1.0pre1
4980 4986
4981$Id: ChangeLog,v 1.1090 2001/04/10 02:43:57 mouring Exp $ 4987$Id: ChangeLog,v 1.1091 2001/04/10 02:45:32 mouring Exp $
diff --git a/ssh-add.c b/ssh-add.c
index eaa773816..f887455bf 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -35,7 +35,7 @@
35 */ 35 */
36 36
37#include "includes.h" 37#include "includes.h"
38RCSID("$OpenBSD: ssh-add.c,v 1.32 2001/04/08 13:03:00 markus Exp $"); 38RCSID("$OpenBSD: ssh-add.c,v 1.33 2001/04/09 15:12:23 markus Exp $");
39 39
40#include <openssl/evp.h> 40#include <openssl/evp.h>
41 41
@@ -55,6 +55,18 @@ extern char *__progname;
55char *__progname; 55char *__progname;
56#endif 56#endif
57 57
58/* we keep a cache of one passphrases */
59static char *pass = NULL;
60void
61clear_pass(void)
62{
63 if (pass) {
64 memset(pass, 0, strlen(pass));
65 xfree(pass);
66 pass = NULL;
67 }
68}
69
58void 70void
59delete_file(AuthenticationConnection *ac, const char *filename) 71delete_file(AuthenticationConnection *ac, const char *filename)
60{ 72{
@@ -136,7 +148,7 @@ add_file(AuthenticationConnection *ac, const char *filename)
136{ 148{
137 struct stat st; 149 struct stat st;
138 Key *private; 150 Key *private;
139 char *comment = NULL, *askpass = NULL, *pass; 151 char *comment = NULL, *askpass = NULL;
140 char buf[1024], msg[1024]; 152 char buf[1024], msg[1024];
141 int interactive = isatty(STDIN_FILENO); 153 int interactive = isatty(STDIN_FILENO);
142 154
@@ -155,7 +167,12 @@ add_file(AuthenticationConnection *ac, const char *filename)
155 private = key_load_private(filename, "", &comment); 167 private = key_load_private(filename, "", &comment);
156 if (comment == NULL) 168 if (comment == NULL)
157 comment = xstrdup(filename); 169 comment = xstrdup(filename);
170 /* try last */
171 if (private == NULL && pass != NULL)
172 private = key_load_private(filename, pass, NULL);
158 if (private == NULL) { 173 if (private == NULL) {
174 /* clear passphrase since it did not work */
175 clear_pass();
159 printf("Need passphrase for %.200s\n", filename); 176 printf("Need passphrase for %.200s\n", filename);
160 if (!interactive && askpass == NULL) { 177 if (!interactive && askpass == NULL) {
161 xfree(comment); 178 xfree(comment);
@@ -175,10 +192,9 @@ add_file(AuthenticationConnection *ac, const char *filename)
175 return; 192 return;
176 } 193 }
177 private = key_load_private(filename, pass, &comment); 194 private = key_load_private(filename, pass, &comment);
178 memset(pass, 0, strlen(pass));
179 xfree(pass);
180 if (private != NULL) 195 if (private != NULL)
181 break; 196 break;
197 clear_pass();
182 strlcpy(msg, "Bad passphrase, try again", sizeof msg); 198 strlcpy(msg, "Bad passphrase, try again", sizeof msg);
183 } 199 }
184 } 200 }
@@ -280,6 +296,7 @@ main(int argc, char **argv)
280 else 296 else
281 add_file(ac, buf); 297 add_file(ac, buf);
282 } 298 }
299 clear_pass();
283 ssh_close_authentication_connection(ac); 300 ssh_close_authentication_connection(ac);
284 exit(0); 301 exit(0);
285} 302}