diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2001-04-10 02:45:32 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2001-04-10 02:45:32 +0000 |
commit | ee61794620e6ce4d40ae0e3a90c2ee90bf5f4719 (patch) | |
tree | cde589dd733f7ba120ebd09a17b5b5c0de45c1c8 | |
parent | 8ffeacfb2d94e13edeb48f53641674ac2788ec13 (diff) |
- markus@cvs.openbsd.org 2001/04/09 15:12:23
[ssh-add.c]
passphrase caching: ssh-add tries last passphrase, clears passphrase if
not successful and after last try.
based on discussions with espie@, jakob@, ... and code from jakob@ and
wolfgang@wsrcc.com
-rw-r--r-- | ChangeLog | 8 | ||||
-rw-r--r-- | ssh-add.c | 25 |
2 files changed, 28 insertions, 5 deletions
@@ -9,6 +9,12 @@ | |||
9 | - stevesk@cvs.openbsd.org 2001/04/09 00:42:05 | 9 | - stevesk@cvs.openbsd.org 2001/04/09 00:42:05 |
10 | [sftp.1] | 10 | [sftp.1] |
11 | spelling | 11 | spelling |
12 | - markus@cvs.openbsd.org 2001/04/09 15:12:23 | ||
13 | [ssh-add.c] | ||
14 | passphrase caching: ssh-add tries last passphrase, clears passphrase if | ||
15 | not successful and after last try. | ||
16 | based on discussions with espie@, jakob@, ... and code from jakob@ and | ||
17 | wolfgang@wsrcc.com | ||
12 | 18 | ||
13 | 20010409 | 19 | 20010409 |
14 | - (stevesk) use setresgid() for setegid() if needed | 20 | - (stevesk) use setresgid() for setegid() if needed |
@@ -4978,4 +4984,4 @@ | |||
4978 | - Wrote replacements for strlcpy and mkdtemp | 4984 | - Wrote replacements for strlcpy and mkdtemp |
4979 | - Released 1.0pre1 | 4985 | - Released 1.0pre1 |
4980 | 4986 | ||
4981 | $Id: ChangeLog,v 1.1090 2001/04/10 02:43:57 mouring Exp $ | 4987 | $Id: ChangeLog,v 1.1091 2001/04/10 02:45:32 mouring Exp $ |
@@ -35,7 +35,7 @@ | |||
35 | */ | 35 | */ |
36 | 36 | ||
37 | #include "includes.h" | 37 | #include "includes.h" |
38 | RCSID("$OpenBSD: ssh-add.c,v 1.32 2001/04/08 13:03:00 markus Exp $"); | 38 | RCSID("$OpenBSD: ssh-add.c,v 1.33 2001/04/09 15:12:23 markus Exp $"); |
39 | 39 | ||
40 | #include <openssl/evp.h> | 40 | #include <openssl/evp.h> |
41 | 41 | ||
@@ -55,6 +55,18 @@ extern char *__progname; | |||
55 | char *__progname; | 55 | char *__progname; |
56 | #endif | 56 | #endif |
57 | 57 | ||
58 | /* we keep a cache of one passphrases */ | ||
59 | static char *pass = NULL; | ||
60 | void | ||
61 | clear_pass(void) | ||
62 | { | ||
63 | if (pass) { | ||
64 | memset(pass, 0, strlen(pass)); | ||
65 | xfree(pass); | ||
66 | pass = NULL; | ||
67 | } | ||
68 | } | ||
69 | |||
58 | void | 70 | void |
59 | delete_file(AuthenticationConnection *ac, const char *filename) | 71 | delete_file(AuthenticationConnection *ac, const char *filename) |
60 | { | 72 | { |
@@ -136,7 +148,7 @@ add_file(AuthenticationConnection *ac, const char *filename) | |||
136 | { | 148 | { |
137 | struct stat st; | 149 | struct stat st; |
138 | Key *private; | 150 | Key *private; |
139 | char *comment = NULL, *askpass = NULL, *pass; | 151 | char *comment = NULL, *askpass = NULL; |
140 | char buf[1024], msg[1024]; | 152 | char buf[1024], msg[1024]; |
141 | int interactive = isatty(STDIN_FILENO); | 153 | int interactive = isatty(STDIN_FILENO); |
142 | 154 | ||
@@ -155,7 +167,12 @@ add_file(AuthenticationConnection *ac, const char *filename) | |||
155 | private = key_load_private(filename, "", &comment); | 167 | private = key_load_private(filename, "", &comment); |
156 | if (comment == NULL) | 168 | if (comment == NULL) |
157 | comment = xstrdup(filename); | 169 | comment = xstrdup(filename); |
170 | /* try last */ | ||
171 | if (private == NULL && pass != NULL) | ||
172 | private = key_load_private(filename, pass, NULL); | ||
158 | if (private == NULL) { | 173 | if (private == NULL) { |
174 | /* clear passphrase since it did not work */ | ||
175 | clear_pass(); | ||
159 | printf("Need passphrase for %.200s\n", filename); | 176 | printf("Need passphrase for %.200s\n", filename); |
160 | if (!interactive && askpass == NULL) { | 177 | if (!interactive && askpass == NULL) { |
161 | xfree(comment); | 178 | xfree(comment); |
@@ -175,10 +192,9 @@ add_file(AuthenticationConnection *ac, const char *filename) | |||
175 | return; | 192 | return; |
176 | } | 193 | } |
177 | private = key_load_private(filename, pass, &comment); | 194 | private = key_load_private(filename, pass, &comment); |
178 | memset(pass, 0, strlen(pass)); | ||
179 | xfree(pass); | ||
180 | if (private != NULL) | 195 | if (private != NULL) |
181 | break; | 196 | break; |
197 | clear_pass(); | ||
182 | strlcpy(msg, "Bad passphrase, try again", sizeof msg); | 198 | strlcpy(msg, "Bad passphrase, try again", sizeof msg); |
183 | } | 199 | } |
184 | } | 200 | } |
@@ -280,6 +296,7 @@ main(int argc, char **argv) | |||
280 | else | 296 | else |
281 | add_file(ac, buf); | 297 | add_file(ac, buf); |
282 | } | 298 | } |
299 | clear_pass(); | ||
283 | ssh_close_authentication_connection(ac); | 300 | ssh_close_authentication_connection(ac); |
284 | exit(0); | 301 | exit(0); |
285 | } | 302 | } |