Bugzilla – Attachment 3347 Details for
Bug 69
Generalize SSH_ASKPASS
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
enable always: prefix in SSH_ASKPASS, updated patch for OpenSSH 8.0
enable-always-in-ssh-askpass.patch (text/plain), 3.80 KB, created by
main.haarp
on 2020-01-08 19:13:24 AEDT
(
hide
)
Description:
enable always: prefix in SSH_ASKPASS, updated patch for OpenSSH 8.0
Filename:
MIME Type:
Creator:
main.haarp
Created:
2020-01-08 19:13:24 AEDT
Size:
3.80 KB
patch
obsolete
>https://bugzilla.mindrot.org/show_bug.cgi?id=69 > >--- a/readpass.c 2019-04-18 00:52:57.000000000 +0200 >+++ b/readpass.c 2020-01-08 08:56:36.914975016 +0100 >@@ -117,59 +117,90 @@ > char * > read_passphrase(const char *prompt, int flags) > { >+ static const int askpass_never = 0, askpass_always = 1, askpass_auto = 2; >+ static const char *prefix_never = "never:", *prefix_always = "always:", >+ *prefix_auto = "auto:"; >+ > char cr = '\r', *askpass = NULL, *ret, buf[1024]; >- int rppflags, use_askpass = 0, ttyfd; >+ int rppflags, use_askpass, force_askpass, ttyfd; >+ >+ /* decode $SSH_ASKPASS */ >+ askpass = getenv(SSH_ASKPASS_ENV); >+ >+ if(askpass == NULL) { >+ force_askpass = askpass_auto; >+ askpass = ""; >+ } else if(strncmp(askpass, prefix_never, strlen(prefix_never)) == 0) { >+ force_askpass = askpass_never; >+ askpass += strlen(prefix_never); >+ } else if(strncmp(askpass, prefix_always, strlen(prefix_always)) == 0) { >+ force_askpass = askpass_always; >+ askpass += strlen(prefix_always); >+ } else if(strncmp(askpass, prefix_auto, strlen(prefix_auto)) == 0) { >+ force_askpass = askpass_auto; >+ askpass += strlen(prefix_auto); >+ } else >+ force_askpass = askpass_auto; >+ >+ if(askpass[0] == '\0') >+ askpass = _PATH_SSH_ASKPASS_DEFAULT; > >- rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF; >- if (flags & RP_USE_ASKPASS) >+ if (force_askpass == askpass_always) > use_askpass = 1; >- else if (flags & RP_ALLOW_STDIN) { >- if (!isatty(STDIN_FILENO)) { >- debug("read_passphrase: stdin is not a tty"); >+ else { >+ /* This block has two purposes: >+ 1.) automatic detection of askpass usesage. The result will be stored >+ in use_askpass and may be overridden by force_askpass == never >+ 2.) determine options and print debug warnings for use with the >+ tty/stdin pasphrase reader. >+ */ >+ use_askpass = 0; >+ >+ rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF; >+ if (flags & RP_USE_ASKPASS) > use_askpass = 1; >- } >- } else { >- rppflags |= RPP_REQUIRE_TTY; >- ttyfd = open(_PATH_TTY, O_RDWR); >- if (ttyfd >= 0) { >- /* >- * If we're on a tty, ensure that show the prompt at >- * the beginning of the line. This will hopefully >- * clobber any password characters the user has >- * optimistically typed before echo is disabled. >- */ >- (void)write(ttyfd, &cr, 1); >- close(ttyfd); >+ else if (flags & RP_ALLOW_STDIN) { >+ if (!isatty(STDIN_FILENO)) { >+ debug("read_passphrase: stdin is not a tty"); >+ use_askpass = 1; >+ } > } else { >- debug("read_passphrase: can't open %s: %s", _PATH_TTY, >- strerror(errno)); >- use_askpass = 1; >+ rppflags |= RPP_REQUIRE_TTY; >+ ttyfd = open(_PATH_TTY, O_RDWR); >+ if (ttyfd >= 0) >+ close(ttyfd); >+ else { >+ debug("read_passphrase: can't open %s: %s", _PATH_TTY, >+ strerror(errno)); >+ use_askpass = 1; >+ } > } >+ >+ if(getenv("DISPLAY") == NULL) >+ use_askpass = 0; >+ >+ if(force_askpass == askpass_never) >+ use_askpass = 0; > } > >- if ((flags & RP_USE_ASKPASS) && getenv("DISPLAY") == NULL) >+ if (!use_askpass && (flags & RP_USE_ASKPASS)) > return (flags & RP_ALLOW_EOF) ? NULL : xstrdup(""); > >- if (use_askpass && getenv("DISPLAY")) { >- if (getenv(SSH_ASKPASS_ENV)) >- askpass = getenv(SSH_ASKPASS_ENV); >- else >- askpass = _PATH_SSH_ASKPASS_DEFAULT; >+ if (use_askpass) { > if ((ret = ssh_askpass(askpass, prompt)) == NULL) > if (!(flags & RP_ALLOW_EOF)) > return xstrdup(""); > return ret; >+ } else { >+ if (readpassphrase(prompt, buf, sizeof buf, rppflags) == NULL) { >+ if (flags & RP_ALLOW_EOF) >+ return NULL; >+ return xstrdup(""); >+ } >+ ret = xstrdup(buf); >+ memset(buf, 'x', sizeof buf); >+ return ret; > } >- >- if (readpassphrase(prompt, buf, sizeof buf, rppflags) == NULL) { >- if (flags & RP_ALLOW_EOF) >- return NULL; >- return xstrdup(""); >- } >- >- ret = xstrdup(buf); >- explicit_bzero(buf, sizeof(buf)); >- return ret; > } > > int
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 69
:
12
|
722
|
1599
| 3347