- markus@cvs.openbsd.org 2001/06/24 05:35:33

     [readpass.c readpass.h ssh-add.c sshconnect2.c ssh-keygen.c]
     switch to readpassphrase(3)
     2.7/8-stable needs readpassphrase.[ch] from libc

6 files changed, 56 insertions, 41 deletions

diff --git a/ChangeLog b/ChangeLog
index 590ac5873..f2d9267c0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -95,6 +95,10 @@
    - markus@cvs.openbsd.org 2001/06/24 05:25:10
      [auth-options.c match.c match.h]
      move ip+hostname check to match.c
+   - markus@cvs.openbsd.org 2001/06/24 05:35:33
+     [readpass.c readpass.h ssh-add.c sshconnect2.c ssh-keygen.c]
+     switch to readpassphrase(3)
+     2.7/8-stable needs readpassphrase.[ch] from libc
 
 20010622
  - (stevesk) handle systems without pw_expire and pw_change.
@@ -5779,4 +5783,4 @@
  - Wrote replacements for strlcpy and mkdtemp
  - Released 1.0pre1
 
-$Id: ChangeLog,v 1.1320 2001/06/25 05:17:53 mouring Exp $
+$Id: ChangeLog,v 1.1321 2001/06/25 05:20:31 mouring Exp $
diff --git a/readpass.c b/readpass.c
index 05883dfcd..3b6ed72ba 100644
--- a/readpass.c
+++ b/readpass.c
@@ -32,10 +32,11 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: readpass.c,v 1.18 2001/06/23 15:12:19 itojun Exp $");
+RCSID("$OpenBSD: readpass.c,v 1.19 2001/06/24 05:35:33 markus Exp $");
+
+#include <readpassphrase.h>
 
 #include "xmalloc.h"
-#include "cli.h"
 #include "readpass.h"
 #include "pathnames.h"
 #include "log.h"
@@ -84,27 +85,24 @@ ssh_askpass(char *askpass, const char *msg)
         return pass;
 }
 
-
 /*
- * Reads a passphrase from /dev/tty with echo turned off.  Returns the
- * passphrase (allocated with xmalloc), being very careful to ensure that
- * no other userland buffer is storing the password.
- */
-/*
- * Note:  the funcationallity of this routing has been moved to
- * cli_read_passphrase().  This routing remains to maintain
- * compatibility with existing code.
+ * Reads a passphrase from /dev/tty with echo turned off/on.  Returns the
+ * passphrase (allocated with xmalloc).  Exits if EOF is encountered. If
+ * RP_ALLOW_STDIN is set, the passphrase will be read from stdin if no
+ * tty is available
  */
 char *
-read_passphrase(const char *prompt, int from_stdin)
+read_passphrase(const char *prompt, int flags)
 {
-        char *askpass = NULL;
-        int use_askpass = 0, ttyfd;
+        char *askpass = NULL, *ret, buf[1024];
+        int rppflags, use_askpass = 0, ttyfd;
 
-        if (from_stdin) {
+        rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF;
+        if (flags & RP_ALLOW_STDIN) {
                 if (!isatty(STDIN_FILENO))
                         use_askpass = 1;
         } else {
+                rppflags |= RPP_REQUIRE_TTY;
                 ttyfd = open("/dev/tty", O_RDWR);
                 if (ttyfd >= 0)
                         close(ttyfd);
@@ -120,5 +118,10 @@ read_passphrase(const char *prompt, int from_stdin)
                 return ssh_askpass(askpass, prompt);
         }
 
-        return cli_read_passphrase(prompt, from_stdin, 0);
+        if (readpassphrase(prompt, buf, sizeof buf, rppflags) == NULL)
+                return NULL;
+
+        ret = xstrdup(buf);
+        memset(buf, 'x', sizeof buf);
+        return ret;
 }
diff --git a/readpass.h b/readpass.h
index 55ed294da..37f85002b 100644
--- a/readpass.h
+++ b/readpass.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: readpass.h,v 1.3 2001/05/06 17:52:08 mouring Exp $    */
+/*      $OpenBSD: readpass.h,v 1.4 2001/06/24 05:35:33 markus Exp $     */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -12,9 +12,6 @@
  * called by a name other than "ssh" or "Secure Shell".
  */
 
-/*
- * Reads a passphrase from /dev/tty with echo turned off.  Returns the
- * passphrase (allocated with xmalloc).  Exits if EOF is encountered. If
- * from_stdin is true, the passphrase will be read from stdin instead.
- */
-char   *read_passphrase(const char *prompt, int from_stdin);
+#define RP_ECHO                 0x0001
+#define RP_ALLOW_STDIN          0x0002
+char    *read_passphrase(const char *prompt, int flags);
diff --git a/ssh-add.c b/ssh-add.c
index f03ce029e..84a8c20f9 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -35,7 +35,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-add.c,v 1.39 2001/06/23 15:12:20 itojun Exp $");
+RCSID("$OpenBSD: ssh-add.c,v 1.40 2001/06/24 05:35:33 markus Exp $");
 
 #include <openssl/evp.h>
 
@@ -128,7 +128,7 @@ add_file(AuthenticationConnection *ac, const char *filename)
                 snprintf(msg, sizeof msg, "Enter passphrase for %.200s: ",
                    comment);
                 for (;;) {
-                        pass = read_passphrase(msg, 1);
+                        pass = read_passphrase(msg, RP_ALLOW_STDIN);
                         if (strcmp(pass, "") == 0) {
                                 clear_pass();
                                 xfree(comment);
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 51b003405..95fcd6521 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.64 2001/06/23 17:05:22 markus Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.65 2001/06/24 05:35:33 markus Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/pem.h>
@@ -123,7 +123,8 @@ load_identity(char *filename)
                 if (identity_passphrase)
                         pass = xstrdup(identity_passphrase);
                 else
-                        pass = read_passphrase("Enter passphrase: ", 1);
+                        pass = read_passphrase("Enter passphrase: ",
+                            RP_ALLOW_STDIN);
                 prv = key_load_private(filename, pass, NULL);
                 memset(pass, 0, strlen(pass));
                 xfree(pass);
@@ -491,8 +492,11 @@ do_change_passphrase(struct passwd *pw)
                 if (identity_passphrase)
                         old_passphrase = xstrdup(identity_passphrase);
                 else
-                        old_passphrase = read_passphrase("Enter old passphrase: ", 1);
-                private = key_load_private(identity_file, old_passphrase , &comment);
+                        old_passphrase =
+                            read_passphrase("Enter old passphrase: ",
+                            RP_ALLOW_STDIN);
+                private = key_load_private(identity_file, old_passphrase,
+                    &comment);
                 memset(old_passphrase, 0, strlen(old_passphrase));
                 xfree(old_passphrase);
                 if (private == NULL) {
@@ -508,8 +512,10 @@ do_change_passphrase(struct passwd *pw)
                 passphrase2 = NULL;
         } else {
                 passphrase1 =
-                        read_passphrase("Enter new passphrase (empty for no passphrase): ", 1);
-                passphrase2 = read_passphrase("Enter same passphrase again: ", 1);
+                        read_passphrase("Enter new passphrase (empty for no "
+                            "passphrase): ", RP_ALLOW_STDIN);
+                passphrase2 = read_passphrase("Enter same passphrase again: ",
+                     RP_ALLOW_STDIN);
 
                 /* Verify that they are the same. */
                 if (strcmp(passphrase1, passphrase2) != 0) {
@@ -570,7 +576,8 @@ do_change_comment(struct passwd *pw)
                 else if (identity_new_passphrase)
                         passphrase = xstrdup(identity_new_passphrase);
                 else
-                        passphrase = read_passphrase("Enter passphrase: ", 1);
+                        passphrase = read_passphrase("Enter passphrase: ",
+                            RP_ALLOW_STDIN);
                 /* Try to load using the passphrase. */
                 private = key_load_private(identity_file, passphrase, &comment);
                 if (private == NULL) {
@@ -830,10 +837,15 @@ main(int ac, char **av)
         else {
 passphrase_again:
                 passphrase1 =
-                        read_passphrase("Enter passphrase (empty for no passphrase): ", 1);
-                passphrase2 = read_passphrase("Enter same passphrase again: ", 1);
+                        read_passphrase("Enter passphrase (empty for no "
+                            "passphrase): ", RP_ALLOW_STDIN);
+                passphrase2 = read_passphrase("Enter same passphrase again: ",
+                    RP_ALLOW_STDIN);
                 if (strcmp(passphrase1, passphrase2) != 0) {
-                        /* The passphrases do not match.  Clear them and retry. */
+                        /*
+                         * The passphrases do not match.  Clear them and
+                         * retry.
+                         */
                         memset(passphrase1, 0, strlen(passphrase1));
                         memset(passphrase2, 0, strlen(passphrase2));
                         xfree(passphrase1);
diff --git a/sshconnect2.c b/sshconnect2.c
index 1f57c3a9f..5f4943ba8 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.76 2001/06/23 15:12:21 itojun Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.77 2001/06/24 05:35:34 markus Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/md5.h>
@@ -45,7 +45,6 @@ RCSID("$OpenBSD: sshconnect2.c,v 1.76 2001/06/23 15:12:21 itojun Exp $");
 #include "key.h"
 #include "sshconnect.h"
 #include "authfile.h"
-#include "cli.h"
 #include "dh.h"
 #include "authfd.h"
 #include "log.h"
@@ -770,9 +769,9 @@ input_userauth_info_req(int type, int plen, void *ctxt)
         inst = packet_get_string(NULL);
         lang = packet_get_string(NULL);
         if (strlen(name) > 0)
-                cli_mesg(name);
+                log(name);
         if (strlen(inst) > 0)
-                cli_mesg(inst);
+                log(inst);
         xfree(name);
         xfree(inst);
         xfree(lang);
@@ -792,7 +791,7 @@ input_userauth_info_req(int type, int plen, void *ctxt)
                 prompt = packet_get_string(NULL);
                 echo = packet_get_char();
 
-                response = cli_prompt(prompt, echo);
+                response = read_passphrase(prompt, echo ? RP_ECHO : 0);
 
                 packet_put_cstring(response);
                 memset(response, 0, strlen(response));