diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2020-07-14 23:57:01 +0000 |
|---|---|---|
| committer | Darren Tucker <dtucker@dtucker.net> | 2020-07-15 15:08:10 +1000 |
| commit | aaa8b609a7b332be836cd9a3b782422254972777 (patch) | |
| tree | cb4167b3f06a11410d6b82976ddb375ed626abdc /readpass.c | |
| parent | 6368022cd4dd508671c4999a59ec5826df098530 (diff) | |
upstream: allow some additional control over the use of ssh-askpass
via $SSH_ASKPASS_REQUIRE, including force-enable/disable. bz#69 ok markus@
OpenBSD-Commit-ID: 3a1e6cbbf6241ddc4405c4246caa2c249f149eb2
Diffstat (limited to 'readpass.c')
| -rw-r--r-- | readpass.c | 25 |
1 files changed, 20 insertions, 5 deletions
diff --git a/readpass.c b/readpass.c index 974d67f0b..69edce306 100644 --- a/readpass.c +++ b/readpass.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: readpass.c,v 1.61 2020/01/23 07:10:22 dtucker Exp $ */ | 1 | /* $OpenBSD: readpass.c,v 1.62 2020/07/14 23:57:01 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -123,11 +123,26 @@ char * | |||
| 123 | read_passphrase(const char *prompt, int flags) | 123 | read_passphrase(const char *prompt, int flags) |
| 124 | { | 124 | { |
| 125 | char cr = '\r', *askpass = NULL, *ret, buf[1024]; | 125 | char cr = '\r', *askpass = NULL, *ret, buf[1024]; |
| 126 | int rppflags, use_askpass = 0, ttyfd; | 126 | int rppflags, ttyfd, use_askpass = 0, allow_askpass = 0; |
| 127 | const char *askpass_hint = NULL; | 127 | const char *askpass_hint = NULL; |
| 128 | const char *s; | ||
| 129 | |||
| 130 | if ((s = getenv("DISPLAY")) != NULL) | ||
| 131 | allow_askpass = *s != '\0'; | ||
| 132 | if ((s = getenv(SSH_ASKPASS_REQUIRE_ENV)) != NULL) { | ||
| 133 | if (strcasecmp(s, "force") == 0) { | ||
| 134 | use_askpass = 1; | ||
| 135 | allow_askpass = 1; | ||
| 136 | } else if (strcasecmp(s, "prefer") == 0) | ||
| 137 | use_askpass = allow_askpass; | ||
| 138 | else if (strcasecmp(s, "never") == 0) | ||
| 139 | allow_askpass = 0; | ||
| 140 | } | ||
| 128 | 141 | ||
| 129 | rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF; | 142 | rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF; |
| 130 | if (flags & RP_USE_ASKPASS) | 143 | if (use_askpass) |
| 144 | debug("%s: requested to askpass", __func__); | ||
| 145 | else if (flags & RP_USE_ASKPASS) | ||
| 131 | use_askpass = 1; | 146 | use_askpass = 1; |
| 132 | else if (flags & RP_ALLOW_STDIN) { | 147 | else if (flags & RP_ALLOW_STDIN) { |
| 133 | if (!isatty(STDIN_FILENO)) { | 148 | if (!isatty(STDIN_FILENO)) { |
| @@ -153,10 +168,10 @@ read_passphrase(const char *prompt, int flags) | |||
| 153 | } | 168 | } |
| 154 | } | 169 | } |
| 155 | 170 | ||
| 156 | if ((flags & RP_USE_ASKPASS) && getenv("DISPLAY") == NULL) | 171 | if ((flags & RP_USE_ASKPASS) && !allow_askpass) |
| 157 | return (flags & RP_ALLOW_EOF) ? NULL : xstrdup(""); | 172 | return (flags & RP_ALLOW_EOF) ? NULL : xstrdup(""); |
| 158 | 173 | ||
| 159 | if (use_askpass && getenv("DISPLAY")) { | 174 | if (use_askpass && allow_askpass) { |
| 160 | if (getenv(SSH_ASKPASS_ENV)) | 175 | if (getenv(SSH_ASKPASS_ENV)) |
| 161 | askpass = getenv(SSH_ASKPASS_ENV); | 176 | askpass = getenv(SSH_ASKPASS_ENV); |
| 162 | else | 177 | else |