diff options
author | Markus Friedl <markus@cvs.openbsd.org> | 2001-04-09 15:12:24 +0000 |
---|---|---|
committer | Markus Friedl <markus@cvs.openbsd.org> | 2001-04-09 15:12:24 +0000 |
commit | 295f645a9cc7960b5e6911e3852b8bfd697ebd9a (patch) | |
tree | bf53da6fd72282960affe3be8f061a3d38d4268f /usr.bin/ssh | |
parent | 648d41bfb77c17b8c18e45632d70edec2e087c54 (diff) |
passphrase caching: ssh-add tries last passphrase, clears passphrase if
not successful and after last try.
based on discussions with espie@, jakob@, ... and code from jakob@ and
wolfgang@wsrcc.com
Diffstat (limited to 'usr.bin/ssh')
-rw-r--r-- | usr.bin/ssh/ssh-add.c | 25 |
1 files changed, 21 insertions, 4 deletions
diff --git a/usr.bin/ssh/ssh-add.c b/usr.bin/ssh/ssh-add.c index 4831bf6991f..58cc26cfcc6 100644 --- a/usr.bin/ssh/ssh-add.c +++ b/usr.bin/ssh/ssh-add.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-add.c,v 1.32 2001/04/08 13:03:00 markus Exp $"); +RCSID("$OpenBSD: ssh-add.c,v 1.33 2001/04/09 15:12:23 markus Exp $"); #include <openssl/evp.h> @@ -49,6 +49,18 @@ RCSID("$OpenBSD: ssh-add.c,v 1.32 2001/04/08 13:03:00 markus Exp $"); #include "pathnames.h" #include "readpass.h" +/* we keep a cache of one passphrases */ +static char *pass = NULL; +void +clear_pass(void) +{ + if (pass) { + memset(pass, 0, strlen(pass)); + xfree(pass); + pass = NULL; + } +} + void delete_file(AuthenticationConnection *ac, const char *filename) { @@ -130,7 +142,7 @@ add_file(AuthenticationConnection *ac, const char *filename) { struct stat st; Key *private; - char *comment = NULL, *askpass = NULL, *pass; + char *comment = NULL, *askpass = NULL; char buf[1024], msg[1024]; int interactive = isatty(STDIN_FILENO); @@ -149,7 +161,12 @@ add_file(AuthenticationConnection *ac, const char *filename) private = key_load_private(filename, "", &comment); if (comment == NULL) comment = xstrdup(filename); + /* try last */ + if (private == NULL && pass != NULL) + private = key_load_private(filename, pass, NULL); if (private == NULL) { + /* clear passphrase since it did not work */ + clear_pass(); printf("Need passphrase for %.200s\n", filename); if (!interactive && askpass == NULL) { xfree(comment); @@ -169,10 +186,9 @@ add_file(AuthenticationConnection *ac, const char *filename) return; } private = key_load_private(filename, pass, &comment); - memset(pass, 0, strlen(pass)); - xfree(pass); if (private != NULL) break; + clear_pass(); strlcpy(msg, "Bad passphrase, try again", sizeof msg); } } @@ -271,6 +287,7 @@ main(int argc, char **argv) else add_file(ac, buf); } + clear_pass(); ssh_close_authentication_connection(ac); exit(0); } |