Bugzilla – Attachment 3468 Details for
Bug 3258
Feature request: Ability to configure password authentication to be automatically read from file
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
My local patch (based on the Fedora 33 repo)
openssh-8.4p1-pw-auth-from-file.patch (text/plain), 4.49 KB, created by
chrislambert@cmu.edu
on 2021-02-02 17:26:40 AEDT
(
hide
)
Description:
My local patch (based on the Fedora 33 repo)
Filename:
MIME Type:
Creator:
chrislambert@cmu.edu
Created:
2021-02-02 17:26:40 AEDT
Size:
4.49 KB
patch
obsolete
>From 543fccc5e4111582ec78bfeec8f9fc5d0f6d5046 Mon Sep 17 00:00:00 2001 >From: Christopher Lambert <chrislambert@cmu.edu> >Date: Tue, 2 Feb 2021 00:18:27 -0500 >Subject: [PATCH] password auth read from file option > >--- > readconf.c | 8 ++++++++ > readconf.h | 1 + > sshconnect2.c | 33 ++++++++++++++++++++++++++------- > 3 files changed, 35 insertions(+), 7 deletions(-) > >diff --git a/readconf.c b/readconf.c >index 8972310..b72a840 100644 >--- a/readconf.c >+++ b/readconf.c >@@ -157,6 +157,7 @@ typedef enum { > oPubkeyAuthentication, > oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, > oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, >+ oPasswordFile, > oHostKeyAlgorithms, oBindAddress, oBindInterface, oPKCS11Provider, > oClearAllForwardings, oNoHostAuthenticationForLocalhost, > oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, >@@ -280,6 +281,7 @@ static struct { > { "loglevel", oLogLevel }, > { "dynamicforward", oDynamicForward }, > { "preferredauthentications", oPreferredAuthentications }, >+ { "passwordfile", oPasswordFile }, > { "hostkeyalgorithms", oHostKeyAlgorithms }, > { "casignaturealgorithms", oCASignatureAlgorithms }, > { "bindaddress", oBindAddress }, >@@ -1261,6 +1263,10 @@ parse_char_array: > case oPreferredAuthentications: > charptr = &options->preferred_authentications; > goto parse_string; >+ >+ case oPasswordFile: >+ charptr = &options->password_file; >+ goto parse_string; > > case oBindAddress: > charptr = &options->bind_address; >@@ -2069,6 +2075,7 @@ initialize_options(Options * options) > options->log_facility = SYSLOG_FACILITY_NOT_SET; > options->log_level = SYSLOG_LEVEL_NOT_SET; > options->preferred_authentications = NULL; >+ options->password_file = NULL; > options->bind_address = NULL; > options->bind_interface = NULL; > options->pkcs11_provider = NULL; >@@ -2901,6 +2908,7 @@ dump_client_config(Options *o, const char *host) > #endif > dump_cfg_string(oSecurityKeyProvider, o->sk_provider); > dump_cfg_string(oPreferredAuthentications, o->preferred_authentications); >+ dump_cfg_string(oPasswordFile, o->password_file); > dump_cfg_string(oPubkeyAcceptedKeyTypes, o->pubkey_key_types); > dump_cfg_string(oRevokedHostKeys, o->revoked_host_keys); > dump_cfg_string(oXAuthLocation, o->xauth_location); >diff --git a/readconf.h b/readconf.h >index 3803eed..19abf87 100644 >--- a/readconf.h >+++ b/readconf.h >@@ -86,6 +86,7 @@ typedef struct { > u_int num_user_hostfiles; /* Path for $HOME/.ssh/known_hosts */ > char *user_hostfiles[SSH_MAX_HOSTS_FILES]; > char *preferred_authentications; >+ char *password_file; > char *bind_address; /* local socket address for connection to sshd */ > char *bind_interface; /* local interface for bind address */ > char *pkcs11_provider; /* PKCS#11 provider */ >diff --git a/sshconnect2.c b/sshconnect2.c >index 2bb70e0..cd5c48b 100644 >--- a/sshconnect2.c >+++ b/sshconnect2.c >@@ -1198,19 +1198,38 @@ static int > userauth_passwd(struct ssh *ssh) > { > Authctxt *authctxt = (Authctxt *)ssh->authctxt; >- char *password, *prompt = NULL; >+ char *password, *prompt = NULL, *pwcp; > const char *host = options.host_key_alias ? options.host_key_alias : > authctxt->host; >+ FILE* pwfile; size_t pwfile_sz = 0; ssize_t pwlen; > int r; > >- if (authctxt->attempt_passwd++ >= options.number_of_password_prompts) >- return 0; >+ if (options.password_file) { >+ if (authctxt->attempt_passwd++) >+ return 0; > >- if (authctxt->attempt_passwd != 1) >- error("Permission denied, please try again."); >+ pwcp = tilde_expand_filename(options.password_file, getuid()); >+ if ((pwfile = fopen(pwcp, "r")) == NULL) >+ fatal("%s: %s: %s", __func__, options.password_file, strerror(errno)); >+ free(pwcp); >+ >+ if ((pwlen = getline(&password, &pwfile_sz, pwfile)) == -1) >+ fatal("%s: %s: %s", __func__, options.password_file, strerror(errno)); >+ >+ if (pwlen && password[pwlen-1] == '\n') >+ password[--pwlen] = '\0'; >+ >+ fclose(pwfile); >+ } else { >+ if (authctxt->attempt_passwd++ >= options.number_of_password_prompts) >+ return 0; > >- xasprintf(&prompt, "%s@%s's password: ", authctxt->server_user, host); >- password = read_passphrase(prompt, 0); >+ if (authctxt->attempt_passwd != 1) >+ error("Permission denied, please try again."); >+ >+ xasprintf(&prompt, "%s@%s's password: ", authctxt->server_user, host); >+ password = read_passphrase(prompt, 0); >+ } > if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 || > (r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 || > (r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 || >-- >2.29.2 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3468">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 3258
: 3468