diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2001-06-25 05:20:31 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2001-06-25 05:20:31 +0000 |
commit | 949974bbdb057202a429036a18fe36de5a7b6eac (patch) | |
tree | d5777e395808237422b323998888d1595d62c28b | |
parent | f0c50293dddf8b36e9511fdf1c2f3f443800e51c (diff) |
- markus@cvs.openbsd.org 2001/06/24 05:35:33
[readpass.c readpass.h ssh-add.c sshconnect2.c ssh-keygen.c]
switch to readpassphrase(3)
2.7/8-stable needs readpassphrase.[ch] from libc
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | readpass.c | 35 | ||||
-rw-r--r-- | readpass.h | 11 | ||||
-rw-r--r-- | ssh-add.c | 4 | ||||
-rw-r--r-- | ssh-keygen.c | 32 | ||||
-rw-r--r-- | sshconnect2.c | 9 |
6 files changed, 56 insertions, 41 deletions
@@ -95,6 +95,10 @@ | |||
95 | - markus@cvs.openbsd.org 2001/06/24 05:25:10 | 95 | - markus@cvs.openbsd.org 2001/06/24 05:25:10 |
96 | [auth-options.c match.c match.h] | 96 | [auth-options.c match.c match.h] |
97 | move ip+hostname check to match.c | 97 | move ip+hostname check to match.c |
98 | - markus@cvs.openbsd.org 2001/06/24 05:35:33 | ||
99 | [readpass.c readpass.h ssh-add.c sshconnect2.c ssh-keygen.c] | ||
100 | switch to readpassphrase(3) | ||
101 | 2.7/8-stable needs readpassphrase.[ch] from libc | ||
98 | 102 | ||
99 | 20010622 | 103 | 20010622 |
100 | - (stevesk) handle systems without pw_expire and pw_change. | 104 | - (stevesk) handle systems without pw_expire and pw_change. |
@@ -5779,4 +5783,4 @@ | |||
5779 | - Wrote replacements for strlcpy and mkdtemp | 5783 | - Wrote replacements for strlcpy and mkdtemp |
5780 | - Released 1.0pre1 | 5784 | - Released 1.0pre1 |
5781 | 5785 | ||
5782 | $Id: ChangeLog,v 1.1320 2001/06/25 05:17:53 mouring Exp $ | 5786 | $Id: ChangeLog,v 1.1321 2001/06/25 05:20:31 mouring Exp $ |
diff --git a/readpass.c b/readpass.c index 05883dfcd..3b6ed72ba 100644 --- a/readpass.c +++ b/readpass.c | |||
@@ -32,10 +32,11 @@ | |||
32 | */ | 32 | */ |
33 | 33 | ||
34 | #include "includes.h" | 34 | #include "includes.h" |
35 | RCSID("$OpenBSD: readpass.c,v 1.18 2001/06/23 15:12:19 itojun Exp $"); | 35 | RCSID("$OpenBSD: readpass.c,v 1.19 2001/06/24 05:35:33 markus Exp $"); |
36 | |||
37 | #include <readpassphrase.h> | ||
36 | 38 | ||
37 | #include "xmalloc.h" | 39 | #include "xmalloc.h" |
38 | #include "cli.h" | ||
39 | #include "readpass.h" | 40 | #include "readpass.h" |
40 | #include "pathnames.h" | 41 | #include "pathnames.h" |
41 | #include "log.h" | 42 | #include "log.h" |
@@ -84,27 +85,24 @@ ssh_askpass(char *askpass, const char *msg) | |||
84 | return pass; | 85 | return pass; |
85 | } | 86 | } |
86 | 87 | ||
87 | |||
88 | /* | 88 | /* |
89 | * Reads a passphrase from /dev/tty with echo turned off. Returns the | 89 | * Reads a passphrase from /dev/tty with echo turned off/on. Returns the |
90 | * passphrase (allocated with xmalloc), being very careful to ensure that | 90 | * passphrase (allocated with xmalloc). Exits if EOF is encountered. If |
91 | * no other userland buffer is storing the password. | 91 | * RP_ALLOW_STDIN is set, the passphrase will be read from stdin if no |
92 | */ | 92 | * tty is available |
93 | /* | ||
94 | * Note: the funcationallity of this routing has been moved to | ||
95 | * cli_read_passphrase(). This routing remains to maintain | ||
96 | * compatibility with existing code. | ||
97 | */ | 93 | */ |
98 | char * | 94 | char * |
99 | read_passphrase(const char *prompt, int from_stdin) | 95 | read_passphrase(const char *prompt, int flags) |
100 | { | 96 | { |
101 | char *askpass = NULL; | 97 | char *askpass = NULL, *ret, buf[1024]; |
102 | int use_askpass = 0, ttyfd; | 98 | int rppflags, use_askpass = 0, ttyfd; |
103 | 99 | ||
104 | if (from_stdin) { | 100 | rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF; |
101 | if (flags & RP_ALLOW_STDIN) { | ||
105 | if (!isatty(STDIN_FILENO)) | 102 | if (!isatty(STDIN_FILENO)) |
106 | use_askpass = 1; | 103 | use_askpass = 1; |
107 | } else { | 104 | } else { |
105 | rppflags |= RPP_REQUIRE_TTY; | ||
108 | ttyfd = open("/dev/tty", O_RDWR); | 106 | ttyfd = open("/dev/tty", O_RDWR); |
109 | if (ttyfd >= 0) | 107 | if (ttyfd >= 0) |
110 | close(ttyfd); | 108 | close(ttyfd); |
@@ -120,5 +118,10 @@ read_passphrase(const char *prompt, int from_stdin) | |||
120 | return ssh_askpass(askpass, prompt); | 118 | return ssh_askpass(askpass, prompt); |
121 | } | 119 | } |
122 | 120 | ||
123 | return cli_read_passphrase(prompt, from_stdin, 0); | 121 | if (readpassphrase(prompt, buf, sizeof buf, rppflags) == NULL) |
122 | return NULL; | ||
123 | |||
124 | ret = xstrdup(buf); | ||
125 | memset(buf, 'x', sizeof buf); | ||
126 | return ret; | ||
124 | } | 127 | } |
diff --git a/readpass.h b/readpass.h index 55ed294da..37f85002b 100644 --- a/readpass.h +++ b/readpass.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: readpass.h,v 1.3 2001/05/06 17:52:08 mouring Exp $ */ | 1 | /* $OpenBSD: readpass.h,v 1.4 2001/06/24 05:35:33 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -12,9 +12,6 @@ | |||
12 | * called by a name other than "ssh" or "Secure Shell". | 12 | * called by a name other than "ssh" or "Secure Shell". |
13 | */ | 13 | */ |
14 | 14 | ||
15 | /* | 15 | #define RP_ECHO 0x0001 |
16 | * Reads a passphrase from /dev/tty with echo turned off. Returns the | 16 | #define RP_ALLOW_STDIN 0x0002 |
17 | * passphrase (allocated with xmalloc). Exits if EOF is encountered. If | 17 | char *read_passphrase(const char *prompt, int flags); |
18 | * from_stdin is true, the passphrase will be read from stdin instead. | ||
19 | */ | ||
20 | char *read_passphrase(const char *prompt, int from_stdin); | ||
@@ -35,7 +35,7 @@ | |||
35 | */ | 35 | */ |
36 | 36 | ||
37 | #include "includes.h" | 37 | #include "includes.h" |
38 | RCSID("$OpenBSD: ssh-add.c,v 1.39 2001/06/23 15:12:20 itojun Exp $"); | 38 | RCSID("$OpenBSD: ssh-add.c,v 1.40 2001/06/24 05:35:33 markus Exp $"); |
39 | 39 | ||
40 | #include <openssl/evp.h> | 40 | #include <openssl/evp.h> |
41 | 41 | ||
@@ -128,7 +128,7 @@ add_file(AuthenticationConnection *ac, const char *filename) | |||
128 | snprintf(msg, sizeof msg, "Enter passphrase for %.200s: ", | 128 | snprintf(msg, sizeof msg, "Enter passphrase for %.200s: ", |
129 | comment); | 129 | comment); |
130 | for (;;) { | 130 | for (;;) { |
131 | pass = read_passphrase(msg, 1); | 131 | pass = read_passphrase(msg, RP_ALLOW_STDIN); |
132 | if (strcmp(pass, "") == 0) { | 132 | if (strcmp(pass, "") == 0) { |
133 | clear_pass(); | 133 | clear_pass(); |
134 | xfree(comment); | 134 | xfree(comment); |
diff --git a/ssh-keygen.c b/ssh-keygen.c index 51b003405..95fcd6521 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -12,7 +12,7 @@ | |||
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include "includes.h" | 14 | #include "includes.h" |
15 | RCSID("$OpenBSD: ssh-keygen.c,v 1.64 2001/06/23 17:05:22 markus Exp $"); | 15 | RCSID("$OpenBSD: ssh-keygen.c,v 1.65 2001/06/24 05:35:33 markus Exp $"); |
16 | 16 | ||
17 | #include <openssl/evp.h> | 17 | #include <openssl/evp.h> |
18 | #include <openssl/pem.h> | 18 | #include <openssl/pem.h> |
@@ -123,7 +123,8 @@ load_identity(char *filename) | |||
123 | if (identity_passphrase) | 123 | if (identity_passphrase) |
124 | pass = xstrdup(identity_passphrase); | 124 | pass = xstrdup(identity_passphrase); |
125 | else | 125 | else |
126 | pass = read_passphrase("Enter passphrase: ", 1); | 126 | pass = read_passphrase("Enter passphrase: ", |
127 | RP_ALLOW_STDIN); | ||
127 | prv = key_load_private(filename, pass, NULL); | 128 | prv = key_load_private(filename, pass, NULL); |
128 | memset(pass, 0, strlen(pass)); | 129 | memset(pass, 0, strlen(pass)); |
129 | xfree(pass); | 130 | xfree(pass); |
@@ -491,8 +492,11 @@ do_change_passphrase(struct passwd *pw) | |||
491 | if (identity_passphrase) | 492 | if (identity_passphrase) |
492 | old_passphrase = xstrdup(identity_passphrase); | 493 | old_passphrase = xstrdup(identity_passphrase); |
493 | else | 494 | else |
494 | old_passphrase = read_passphrase("Enter old passphrase: ", 1); | 495 | old_passphrase = |
495 | private = key_load_private(identity_file, old_passphrase , &comment); | 496 | read_passphrase("Enter old passphrase: ", |
497 | RP_ALLOW_STDIN); | ||
498 | private = key_load_private(identity_file, old_passphrase, | ||
499 | &comment); | ||
496 | memset(old_passphrase, 0, strlen(old_passphrase)); | 500 | memset(old_passphrase, 0, strlen(old_passphrase)); |
497 | xfree(old_passphrase); | 501 | xfree(old_passphrase); |
498 | if (private == NULL) { | 502 | if (private == NULL) { |
@@ -508,8 +512,10 @@ do_change_passphrase(struct passwd *pw) | |||
508 | passphrase2 = NULL; | 512 | passphrase2 = NULL; |
509 | } else { | 513 | } else { |
510 | passphrase1 = | 514 | passphrase1 = |
511 | read_passphrase("Enter new passphrase (empty for no passphrase): ", 1); | 515 | read_passphrase("Enter new passphrase (empty for no " |
512 | passphrase2 = read_passphrase("Enter same passphrase again: ", 1); | 516 | "passphrase): ", RP_ALLOW_STDIN); |
517 | passphrase2 = read_passphrase("Enter same passphrase again: ", | ||
518 | RP_ALLOW_STDIN); | ||
513 | 519 | ||
514 | /* Verify that they are the same. */ | 520 | /* Verify that they are the same. */ |
515 | if (strcmp(passphrase1, passphrase2) != 0) { | 521 | if (strcmp(passphrase1, passphrase2) != 0) { |
@@ -570,7 +576,8 @@ do_change_comment(struct passwd *pw) | |||
570 | else if (identity_new_passphrase) | 576 | else if (identity_new_passphrase) |
571 | passphrase = xstrdup(identity_new_passphrase); | 577 | passphrase = xstrdup(identity_new_passphrase); |
572 | else | 578 | else |
573 | passphrase = read_passphrase("Enter passphrase: ", 1); | 579 | passphrase = read_passphrase("Enter passphrase: ", |
580 | RP_ALLOW_STDIN); | ||
574 | /* Try to load using the passphrase. */ | 581 | /* Try to load using the passphrase. */ |
575 | private = key_load_private(identity_file, passphrase, &comment); | 582 | private = key_load_private(identity_file, passphrase, &comment); |
576 | if (private == NULL) { | 583 | if (private == NULL) { |
@@ -830,10 +837,15 @@ main(int ac, char **av) | |||
830 | else { | 837 | else { |
831 | passphrase_again: | 838 | passphrase_again: |
832 | passphrase1 = | 839 | passphrase1 = |
833 | read_passphrase("Enter passphrase (empty for no passphrase): ", 1); | 840 | read_passphrase("Enter passphrase (empty for no " |
834 | passphrase2 = read_passphrase("Enter same passphrase again: ", 1); | 841 | "passphrase): ", RP_ALLOW_STDIN); |
842 | passphrase2 = read_passphrase("Enter same passphrase again: ", | ||
843 | RP_ALLOW_STDIN); | ||
835 | if (strcmp(passphrase1, passphrase2) != 0) { | 844 | if (strcmp(passphrase1, passphrase2) != 0) { |
836 | /* The passphrases do not match. Clear them and retry. */ | 845 | /* |
846 | * The passphrases do not match. Clear them and | ||
847 | * retry. | ||
848 | */ | ||
837 | memset(passphrase1, 0, strlen(passphrase1)); | 849 | memset(passphrase1, 0, strlen(passphrase1)); |
838 | memset(passphrase2, 0, strlen(passphrase2)); | 850 | memset(passphrase2, 0, strlen(passphrase2)); |
839 | xfree(passphrase1); | 851 | xfree(passphrase1); |
diff --git a/sshconnect2.c b/sshconnect2.c index 1f57c3a9f..5f4943ba8 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: sshconnect2.c,v 1.76 2001/06/23 15:12:21 itojun Exp $"); | 26 | RCSID("$OpenBSD: sshconnect2.c,v 1.77 2001/06/24 05:35:34 markus Exp $"); |
27 | 27 | ||
28 | #include <openssl/bn.h> | 28 | #include <openssl/bn.h> |
29 | #include <openssl/md5.h> | 29 | #include <openssl/md5.h> |
@@ -45,7 +45,6 @@ RCSID("$OpenBSD: sshconnect2.c,v 1.76 2001/06/23 15:12:21 itojun Exp $"); | |||
45 | #include "key.h" | 45 | #include "key.h" |
46 | #include "sshconnect.h" | 46 | #include "sshconnect.h" |
47 | #include "authfile.h" | 47 | #include "authfile.h" |
48 | #include "cli.h" | ||
49 | #include "dh.h" | 48 | #include "dh.h" |
50 | #include "authfd.h" | 49 | #include "authfd.h" |
51 | #include "log.h" | 50 | #include "log.h" |
@@ -770,9 +769,9 @@ input_userauth_info_req(int type, int plen, void *ctxt) | |||
770 | inst = packet_get_string(NULL); | 769 | inst = packet_get_string(NULL); |
771 | lang = packet_get_string(NULL); | 770 | lang = packet_get_string(NULL); |
772 | if (strlen(name) > 0) | 771 | if (strlen(name) > 0) |
773 | cli_mesg(name); | 772 | log(name); |
774 | if (strlen(inst) > 0) | 773 | if (strlen(inst) > 0) |
775 | cli_mesg(inst); | 774 | log(inst); |
776 | xfree(name); | 775 | xfree(name); |
777 | xfree(inst); | 776 | xfree(inst); |
778 | xfree(lang); | 777 | xfree(lang); |
@@ -792,7 +791,7 @@ input_userauth_info_req(int type, int plen, void *ctxt) | |||
792 | prompt = packet_get_string(NULL); | 791 | prompt = packet_get_string(NULL); |
793 | echo = packet_get_char(); | 792 | echo = packet_get_char(); |
794 | 793 | ||
795 | response = cli_prompt(prompt, echo); | 794 | response = read_passphrase(prompt, echo ? RP_ECHO : 0); |
796 | 795 | ||
797 | packet_put_cstring(response); | 796 | packet_put_cstring(response); |
798 | memset(response, 0, strlen(response)); | 797 | memset(response, 0, strlen(response)); |