Attachment #722 for bug #69




char *
read_passphrase(const char *prompt, int flags)
{
	char *askpass = NULL, *ret, buf[1024], *env_askpass;
	enum {
		NEVER,
		IFAVAILABLE,
		ALWAYS
	};
	int rppflags, use_askpass = NEVER, ttyfd;
	
	rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF;

	env_askpass = getenv("SSH_USE_ASKPASS");

	if (env_askpass && !strcasecmp(env_askpass, "always"))
		use_askpass = ALWAYS;
	else if (env_askpass && !strcasecmp(env_askpass, "never"))
		use_askpass = NEVER;
	else if (env_askpass && !strcasecmp(env_askpass, "prefer") &&
			!(flags & RP_ECHO))
		use_askpass = IFAVAILABLE;
	if (!env_askpass) {
		if (flags & RP_USE_ASKPASS)
			use_askpass = IFAVAILABLE;
		else if (flags & RP_ALLOW_STDIN) {
			if (!isatty(STDIN_FILENO))
				use_askpass = IFAVAILABLE;
		} else {
			rppflags |= RPP_REQUIRE_TTY;
			ttyfd = open(_PATH_TTY, O_RDWR);
			if (ttyfd >= 0)
				close(ttyfd);
			else
				use_askpass = IFAVAILABLE;
		}
	}

	if ((flags & RP_USE_ASKPASS) && (use_askpass == NEVER ||
			(use_askpass == IFAVAILABLE
				&& getenv("DISPLAY") == NULL)))
		return (flags & RP_ALLOW_EOF) ? NULL : xstrdup("");

	if (use_askpass == ALWAYS || (use_askpass == IFAVAILABLE
				&& getenv("DISPLAY"))) {
		if (getenv(SSH_ASKPASS_ENV))
			askpass = getenv(SSH_ASKPASS_ENV);
		else




.It Ev SSH_AUTH_SOCK
Identifies the path of a unix-domain socket used to communicate with the
agent.
.It Ev SSH_USE_ASKPASS
If set to
.Dq always ,
.Nm
will always try to read passwords and passphrases via the program specified in
.Ev SSH_ASKPASS ,
regardless of whether
.Ev DISPLAY
is set.
If set to
.Dq no ,
.Nm
will always try to read from the current terminal. If set to
.Dq prefer ,
passwords and passphrases will be read using
.Ev SSH_ASKPASS
only, when
.Ev DISPLAY
is set.
.El
.Sh FILES
.Bl -tag -width Ds




The file format is described in
.Xr moduli 5 .
.El
.Sh ENVIRONMENT
.Bl -tag -width Ds
.It Ev "DISPLAY" and "SSH_ASKPASS"
If
.Nm
needs a passphrase, it will read the passphrase from the current
terminal if it was run from a terminal.
If
.Nm
does not have a terminal associated with it but
.Ev DISPLAY
and
.Ev SSH_ASKPASS
are set, it will execute the program specified by
.Ev SSH_ASKPASS
and open an X11 window to read the passphrase.
This is particularly useful when calling
.Nm
from a
.Pa .Xsession
or related script.
(Note that on some machines it
may be necessary to redirect the input from
.Pa /dev/null
to make this work.)
.It Ev SSH_USE_ASKPASS
If set to
.Dq always ,
.Nm
will always try to read passwords and passphrases via the program specified in
.Ev SSH_ASKPASS ,
regardless of whether
.Ev DISPLAY
is set.
If set to
.Dq no ,
.Nm
will always try to read from the current terminal. If set to
.Dq prefer ,
passwords and passphrases will be read using
.Ev SSH_ASKPASS
only, when
.Ev DISPLAY
is set.
.El
.Sh SEE ALSO
.Xr ssh 1 ,
.Xr ssh-add 1 ,




with the current shell or command.
If the current session has no tty,
this variable is not set.
.It Ev SSH_USE_ASKPASS
If set to
.Dq always ,
.Nm
will always try to read passwords and passphrases via the program specified in
.Ev SSH_ASKPASS ,
regardless of whether
.Ev DISPLAY
is set.
If set to
.Dq no ,
.Nm
will always try to read from the current terminal. If set to
.Dq prefer ,
passwords and passphrases will be read using
.Ev SSH_ASKPASS
only, when
.Ev DISPLAY
is set.
.It Ev TZ
The timezone variable is set to indicate the present timezone if it
was set when the daemon was started (i.e., the daemon passes the value

Return to bug 69

Lines 99-126 Link Here

(-)readpass.c (-17 / +37 lines)
99	char *	99	char *
100	read_passphrase(const char *prompt, int flags)	100	read_passphrase(const char *prompt, int flags)
101	{	101	{
102	char askpass = NULL, ret, buf[1024];	102	char askpass = NULL, ret, buf[1024], *env_askpass;
103	int rppflags, use_askpass = 0, ttyfd;	103	enum {
104		104	NEVER,
		105	IFAVAILABLE,
		106	ALWAYS
		107	};
		108	int rppflags, use_askpass = NEVER, ttyfd;
		109
105	rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF;	110	rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF;
106	if (flags & RP_USE_ASKPASS)	111
107	use_askpass = 1;	112	env_askpass = getenv("SSH_USE_ASKPASS");
108	else if (flags & RP_ALLOW_STDIN) {	113
109	if (!isatty(STDIN_FILENO))	114	if (env_askpass && !strcasecmp(env_askpass, "always"))
110	use_askpass = 1;	115	use_askpass = ALWAYS;
111	} else {	116	else if (env_askpass && !strcasecmp(env_askpass, "never"))
112	rppflags \|= RPP_REQUIRE_TTY;	117	use_askpass = NEVER;
113	ttyfd = open(_PATH_TTY, O_RDWR);	118	else if (env_askpass && !strcasecmp(env_askpass, "prefer") &&
114	if (ttyfd >= 0)	119	!(flags & RP_ECHO))
115	close(ttyfd);	120	use_askpass = IFAVAILABLE;
116	else	121	if (!env_askpass) {
117	use_askpass = 1;	122	if (flags & RP_USE_ASKPASS)
		123	use_askpass = IFAVAILABLE;
		124	else if (flags & RP_ALLOW_STDIN) {
		125	if (!isatty(STDIN_FILENO))
		126	use_askpass = IFAVAILABLE;
		127	} else {
		128	rppflags \|= RPP_REQUIRE_TTY;
		129	ttyfd = open(_PATH_TTY, O_RDWR);
		130	if (ttyfd >= 0)
		131	close(ttyfd);
		132	else
		133	use_askpass = IFAVAILABLE;
		134	}
118	}	135	}
119		136
120	if ((flags & RP_USE_ASKPASS) && getenv("DISPLAY") == NULL)	137	if ((flags & RP_USE_ASKPASS) && (use_askpass == NEVER \|\|
		138	(use_askpass == IFAVAILABLE
		139	&& getenv("DISPLAY") == NULL)))
121	return (flags & RP_ALLOW_EOF) ? NULL : xstrdup("");	140	return (flags & RP_ALLOW_EOF) ? NULL : xstrdup("");
122		141
123	if (use_askpass && getenv("DISPLAY")) {	142	if (use_askpass == ALWAYS \|\| (use_askpass == IFAVAILABLE
		143	&& getenv("DISPLAY"))) {
124	if (getenv(SSH_ASKPASS_ENV))	144	if (getenv(SSH_ASKPASS_ENV))
125	askpass = getenv(SSH_ASKPASS_ENV);	145	askpass = getenv(SSH_ASKPASS_ENV);
126	else	146	else

Lines 138-143 Link Here

(-)ssh-add.1 (+19 lines)
138	.It Ev SSH_AUTH_SOCK	138	.It Ev SSH_AUTH_SOCK
139	Identifies the path of a unix-domain socket used to communicate with the	139	Identifies the path of a unix-domain socket used to communicate with the
140	agent.	140	agent.
		141	.It Ev SSH_USE_ASKPASS
		142	If set to
		143	.Dq always ,
		144	.Nm
		145	will always try to read passwords and passphrases via the program specified in
		146	.Ev SSH_ASKPASS ,
		147	regardless of whether
		148	.Ev DISPLAY
		149	is set.
		150	If set to
		151	.Dq no ,
		152	.Nm
		153	will always try to read from the current terminal. If set to
		154	.Dq prefer ,
		155	passwords and passphrases will be read using
		156	.Ev SSH_ASKPASS
		157	only, when
		158	.Ev DISPLAY
		159	is set.
141	.El	160	.El
142	.Sh FILES	161	.Sh FILES
143	.Bl -tag -width Ds	162	.Bl -tag -width Ds

Lines 397-402 Link Here

(-)ssh-keygen.1 (+45 lines)
397	The file format is described in	397	The file format is described in
398	.Xr moduli 5 .	398	.Xr moduli 5 .
399	.El	399	.El
		400	.Sh ENVIRONMENT
		401	.Bl -tag -width Ds
		402	.It Ev "DISPLAY" and "SSH_ASKPASS"
		403	If
		404	.Nm
		405	needs a passphrase, it will read the passphrase from the current
		406	terminal if it was run from a terminal.
		407	If
		408	.Nm
		409	does not have a terminal associated with it but
		410	.Ev DISPLAY
		411	and
		412	.Ev SSH_ASKPASS
		413	are set, it will execute the program specified by
		414	.Ev SSH_ASKPASS
		415	and open an X11 window to read the passphrase.
		416	This is particularly useful when calling
		417	.Nm
		418	from a
		419	.Pa .Xsession
		420	or related script.
		421	(Note that on some machines it
		422	may be necessary to redirect the input from
		423	.Pa /dev/null
		424	to make this work.)
		425	.It Ev SSH_USE_ASKPASS
		426	If set to
		427	.Dq always ,
		428	.Nm
		429	will always try to read passwords and passphrases via the program specified in
		430	.Ev SSH_ASKPASS ,
		431	regardless of whether
		432	.Ev DISPLAY
		433	is set.
		434	If set to
		435	.Dq no ,
		436	.Nm
		437	will always try to read from the current terminal. If set to
		438	.Dq prefer ,
		439	passwords and passphrases will be read using
		440	.Ev SSH_ASKPASS
		441	only, when
		442	.Ev DISPLAY
		443	is set.
		444	.El
400	.Sh SEE ALSO	445	.Sh SEE ALSO
401	.Xr ssh 1 ,	446	.Xr ssh 1 ,
402	.Xr ssh-add 1 ,	447	.Xr ssh-add 1 ,

Lines 869-874 Link Here

(-)ssh.1 (+19 lines)
869	with the current shell or command.	869	with the current shell or command.
870	If the current session has no tty,	870	If the current session has no tty,
871	this variable is not set.	871	this variable is not set.
		872	.It Ev SSH_USE_ASKPASS
		873	If set to
		874	.Dq always ,
		875	.Nm
		876	will always try to read passwords and passphrases via the program specified in
		877	.Ev SSH_ASKPASS ,
		878	regardless of whether
		879	.Ev DISPLAY
		880	is set.
		881	If set to
		882	.Dq no ,
		883	.Nm
		884	will always try to read from the current terminal. If set to
		885	.Dq prefer ,
		886	passwords and passphrases will be read using
		887	.Ev SSH_ASKPASS
		888	only, when
		889	.Ev DISPLAY
		890	is set.
872	.It Ev TZ	891	.It Ev TZ
873	The timezone variable is set to indicate the present timezone if it	892	The timezone variable is set to indicate the present timezone if it
874	was set when the daemon was started (i.e., the daemon passes the value	893	was set when the daemon was started (i.e., the daemon passes the value