diff options
-rw-r--r-- | readpass.c | 25 | ||||
-rw-r--r-- | ssh-add.1 | 30 | ||||
-rw-r--r-- | ssh.1 | 23 | ||||
-rw-r--r-- | ssh.h | 7 |
4 files changed, 70 insertions, 15 deletions
diff --git a/readpass.c b/readpass.c index 974d67f0b..69edce306 100644 --- a/readpass.c +++ b/readpass.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: readpass.c,v 1.61 2020/01/23 07:10:22 dtucker Exp $ */ | 1 | /* $OpenBSD: readpass.c,v 1.62 2020/07/14 23:57:01 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -123,11 +123,26 @@ char * | |||
123 | read_passphrase(const char *prompt, int flags) | 123 | read_passphrase(const char *prompt, int flags) |
124 | { | 124 | { |
125 | char cr = '\r', *askpass = NULL, *ret, buf[1024]; | 125 | char cr = '\r', *askpass = NULL, *ret, buf[1024]; |
126 | int rppflags, use_askpass = 0, ttyfd; | 126 | int rppflags, ttyfd, use_askpass = 0, allow_askpass = 0; |
127 | const char *askpass_hint = NULL; | 127 | const char *askpass_hint = NULL; |
128 | const char *s; | ||
129 | |||
130 | if ((s = getenv("DISPLAY")) != NULL) | ||
131 | allow_askpass = *s != '\0'; | ||
132 | if ((s = getenv(SSH_ASKPASS_REQUIRE_ENV)) != NULL) { | ||
133 | if (strcasecmp(s, "force") == 0) { | ||
134 | use_askpass = 1; | ||
135 | allow_askpass = 1; | ||
136 | } else if (strcasecmp(s, "prefer") == 0) | ||
137 | use_askpass = allow_askpass; | ||
138 | else if (strcasecmp(s, "never") == 0) | ||
139 | allow_askpass = 0; | ||
140 | } | ||
128 | 141 | ||
129 | rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF; | 142 | rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF; |
130 | if (flags & RP_USE_ASKPASS) | 143 | if (use_askpass) |
144 | debug("%s: requested to askpass", __func__); | ||
145 | else if (flags & RP_USE_ASKPASS) | ||
131 | use_askpass = 1; | 146 | use_askpass = 1; |
132 | else if (flags & RP_ALLOW_STDIN) { | 147 | else if (flags & RP_ALLOW_STDIN) { |
133 | if (!isatty(STDIN_FILENO)) { | 148 | if (!isatty(STDIN_FILENO)) { |
@@ -153,10 +168,10 @@ read_passphrase(const char *prompt, int flags) | |||
153 | } | 168 | } |
154 | } | 169 | } |
155 | 170 | ||
156 | if ((flags & RP_USE_ASKPASS) && getenv("DISPLAY") == NULL) | 171 | if ((flags & RP_USE_ASKPASS) && !allow_askpass) |
157 | return (flags & RP_ALLOW_EOF) ? NULL : xstrdup(""); | 172 | return (flags & RP_ALLOW_EOF) ? NULL : xstrdup(""); |
158 | 173 | ||
159 | if (use_askpass && getenv("DISPLAY")) { | 174 | if (use_askpass && allow_askpass) { |
160 | if (getenv(SSH_ASKPASS_ENV)) | 175 | if (getenv(SSH_ASKPASS_ENV)) |
161 | askpass = getenv(SSH_ASKPASS_ENV); | 176 | askpass = getenv(SSH_ASKPASS_ENV); |
162 | else | 177 | else |
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-add.1,v 1.80 2020/06/26 05:04:07 djm Exp $ | 1 | .\" $OpenBSD: ssh-add.1,v 1.81 2020/07/14 23:57:01 djm Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -35,7 +35,7 @@ | |||
35 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 35 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
36 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 36 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
37 | .\" | 37 | .\" |
38 | .Dd $Mdocdate: June 26 2020 $ | 38 | .Dd $Mdocdate: July 14 2020 $ |
39 | .Dt SSH-ADD 1 | 39 | .Dt SSH-ADD 1 |
40 | .Os | 40 | .Os |
41 | .Sh NAME | 41 | .Sh NAME |
@@ -174,7 +174,7 @@ Lock the agent with a password. | |||
174 | .El | 174 | .El |
175 | .Sh ENVIRONMENT | 175 | .Sh ENVIRONMENT |
176 | .Bl -tag -width Ds | 176 | .Bl -tag -width Ds |
177 | .It Ev "DISPLAY" and "SSH_ASKPASS" | 177 | .It Ev "DISPLAY", "SSH_ASKPASS" and "SSH_ASKPASS_REQUIRE" |
178 | If | 178 | If |
179 | .Nm | 179 | .Nm |
180 | needs a passphrase, it will read the passphrase from the current | 180 | needs a passphrase, it will read the passphrase from the current |
@@ -195,10 +195,26 @@ This is particularly useful when calling | |||
195 | from a | 195 | from a |
196 | .Pa .xsession | 196 | .Pa .xsession |
197 | or related script. | 197 | or related script. |
198 | (Note that on some machines it | 198 | .Pp |
199 | may be necessary to redirect the input from | 199 | .Ev SSH_ASKPASS_REQUIRE |
200 | .Pa /dev/null | 200 | allows further control over the use of an askpass program. |
201 | to make this work.) | 201 | If this variable is set to |
202 | .Dq never | ||
203 | then | ||
204 | .Nm | ||
205 | will never attempt to use one. | ||
206 | If it is set to | ||
207 | .Dq prefer , | ||
208 | then | ||
209 | .Nm | ||
210 | will prefer to use the askpass program instead of the TTY when requesting | ||
211 | passwords. | ||
212 | Finally, if the variable is set to | ||
213 | .Dq force , | ||
214 | then the askpass program will be used for all passphrase input regardless | ||
215 | of whether | ||
216 | .Ev DISPLAY | ||
217 | is set. | ||
202 | .It Ev SSH_AUTH_SOCK | 218 | .It Ev SSH_AUTH_SOCK |
203 | Identifies the path of a | 219 | Identifies the path of a |
204 | .Ux Ns -domain | 220 | .Ux Ns -domain |
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: ssh.1,v 1.412 2020/04/17 03:34:42 djm Exp $ | 36 | .\" $OpenBSD: ssh.1,v 1.413 2020/07/14 23:57:01 djm Exp $ |
37 | .Dd $Mdocdate: April 17 2020 $ | 37 | .Dd $Mdocdate: July 14 2020 $ |
38 | .Dt SSH 1 | 38 | .Dt SSH 1 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -1409,6 +1409,25 @@ or related script. | |||
1409 | may be necessary to redirect the input from | 1409 | may be necessary to redirect the input from |
1410 | .Pa /dev/null | 1410 | .Pa /dev/null |
1411 | to make this work.) | 1411 | to make this work.) |
1412 | .It Ev SSH_ASKPASS_REQUIRE | ||
1413 | allows further control over the use of an askpass program. | ||
1414 | If this variable is set to | ||
1415 | .Dq never | ||
1416 | then | ||
1417 | .Nm | ||
1418 | will never attempt to use one. | ||
1419 | If it is set to | ||
1420 | .Dq prefer , | ||
1421 | then | ||
1422 | .Nm | ||
1423 | will prefer to use the askpass program instead of the TTY when requesting | ||
1424 | passwords. | ||
1425 | Finally, if the variable is set to | ||
1426 | .Dq force , | ||
1427 | then the askpass program will be used for all passphrase input regardless | ||
1428 | of whether | ||
1429 | .Ev DISPLAY | ||
1430 | is set. | ||
1412 | .It Ev SSH_AUTH_SOCK | 1431 | .It Ev SSH_AUTH_SOCK |
1413 | Identifies the path of a | 1432 | Identifies the path of a |
1414 | .Ux Ns -domain | 1433 | .Ux Ns -domain |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh.h,v 1.89 2018/12/27 03:25:25 djm Exp $ */ | 1 | /* $OpenBSD: ssh.h,v 1.90 2020/07/14 23:57:01 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -68,6 +68,11 @@ | |||
68 | #define SSH_ASKPASS_ENV "SSH_ASKPASS" | 68 | #define SSH_ASKPASS_ENV "SSH_ASKPASS" |
69 | 69 | ||
70 | /* | 70 | /* |
71 | * Environment variable to control whether or not askpass is used. | ||
72 | */ | ||
73 | #define SSH_ASKPASS_REQUIRE_ENV "SSH_ASKPASS_REQUIRE" | ||
74 | |||
75 | /* | ||
71 | * Force host key length and server key length to differ by at least this | 76 | * Force host key length and server key length to differ by at least this |
72 | * many bits. This is to make double encryption with rsaref work. | 77 | * many bits. This is to make double encryption with rsaref work. |
73 | */ | 78 | */ |