switch to readpassphrase(3)

2.7/8-stable needs readpassphrase.[ch] from libc

8 files changed, 53 insertions, 319 deletions

diff --git a/usr.bin/ssh/cli.c b/usr.bin/ssh/cli.c
deleted file mode 100644
index 7b7d24da403..00000000000
--- a/usr.bin/ssh/cli.c
+++ /dev/null
@@ -1,235 +0,0 @@
-/*	$OpenBSD: cli.c,v 1.14 2001/06/23 15:12:18 itojun Exp $	*/
-
-/*
- * Copyright (c) 2000 Markus Friedl.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "includes.h"
-RCSID("$OpenBSD: cli.c,v 1.14 2001/06/23 15:12:18 itojun Exp $");
-
-#include "xmalloc.h"
-#include "log.h"
-#include "cli.h"
-
-#include <vis.h>
-
-static int cli_input = -1;
-static int cli_output = -1;
-static int cli_from_stdin = 0;
-
-sigset_t oset;
-sigset_t nset;
-struct sigaction nsa;
-struct sigaction osa;
-struct termios ntio;
-struct termios otio;
-int echo_modified;
-
-volatile int intr;
-
-static int
-cli_open(int from_stdin)
-{
-	if (cli_input >= 0 && cli_output >= 0 && cli_from_stdin == from_stdin)
-		return 1;
-
-	if (from_stdin) {
-		if (!cli_from_stdin && cli_input >= 0) {
-			(void)close(cli_input);
-		}
-		cli_input = STDIN_FILENO;
-		cli_output = STDERR_FILENO;
-	} else {
-		cli_input = cli_output = open(_PATH_TTY, O_RDWR);
-		if (cli_input < 0)
-			fatal("You have no controlling tty.  Cannot read passphrase.");
-	}
-
-	cli_from_stdin = from_stdin;
-
-	return cli_input >= 0 && cli_output >= 0 && cli_from_stdin == from_stdin;
-}
-
-static void
-cli_close(void)
-{
-	if (!cli_from_stdin && cli_input >= 0)
-		close(cli_input);
-	cli_input = -1;
-	cli_output = -1;
-	cli_from_stdin = 0;
-	return;
-}
-
-static void
-intrcatch(int sig)
-{
-	intr = 1;
-}
-
-static void
-cli_echo_disable(void)
-{
-	sigemptyset(&nset);
-	sigaddset(&nset, SIGTSTP);
-	(void) sigprocmask(SIG_BLOCK, &nset, &oset);
-
-	intr = 0;
-
-	memset(&nsa, 0, sizeof(nsa));
-	nsa.sa_handler = intrcatch;
-	(void) sigaction(SIGINT, &nsa, &osa);
-
-	echo_modified = 0;
-	if (tcgetattr(cli_input, &otio) == 0 && (otio.c_lflag & ECHO)) {
-		echo_modified = 1;
-		ntio = otio;
-		ntio.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL);
-		(void) tcsetattr(cli_input, TCSANOW, &ntio);
-	}
-	return;
-}
-
-static void
-cli_echo_restore(void)
-{
-	if (echo_modified != 0) {
-		tcsetattr(cli_input, TCSANOW, &otio);
-		echo_modified = 0;
-	}
-
-	(void) sigprocmask(SIG_SETMASK, &oset, NULL);
-	(void) sigaction(SIGINT, &osa, NULL);
-
-	if (intr != 0) {
-		kill(getpid(), SIGINT);
-		sigemptyset(&nset);
-		/* XXX tty has not neccessarily drained by now? */
-		sigsuspend(&nset);
-		intr = 0;
-	}
-	return;
-}
-
-static int
-cli_read(char* buf, int size, int echo)
-{
-	char ch = 0;
-	int i = 0;
-	int n;
-
-	if (!echo)
-		cli_echo_disable();
-
-	while (ch != '\n') {
-		n = read(cli_input, &ch, 1);
-		if (intr)
-			break;
-		if (n == -1 && (errno == EAGAIN || errno == EINTR))
-			continue;
-		if (n != 1)
-			break;
-		if (ch == '\n')
-			break;
-		if (i < size - 1)
-			buf[i++] = ch;
-	}
-	if (intr)
-		i = 0;
-	buf[i] = '\0';
-
-	if (!echo)
-		cli_echo_restore();
-	if (!intr && !echo)
-		(void) write(cli_output, "\n", 1);
-	return i;
-}
-
-static int
-cli_write(const char* buf, int size)
-{
-	int i, len, pos, ret = 0;
-	char *output, *p;
-
-	output = xmalloc(4*size);
-	for (p = output, i = 0; i < size; i++) {
-		if (buf[i] == '\n' || buf[i] == '\r')
-			*p++ = buf[i];
-		else
-			p = vis(p, buf[i], 0, 0);
-	}
-	len = p - output;
-
-	for (pos = 0; pos < len; pos += ret) {
-		ret = write(cli_output, output + pos, len - pos);
-		if (ret == -1) {
-			xfree(output);
-			return -1;
-		}
-	}
-	xfree(output);
-	return 0;
-}
-
-/*
- * Presents a prompt and returns the response allocated with xmalloc().
- * Uses /dev/tty or stdin/out depending on arg.  Optionally disables echo
- * of response depending on arg.  Tries to ensure that no other userland
- * buffer is storing the response.
- */
-char*
-cli_read_passphrase(const char* prompt, int from_stdin, int echo_enable)
-{
-	char	buf[BUFSIZ];
-	char*	p;
-
-	if (!cli_open(from_stdin))
-		fatal("Cannot read passphrase.");
-
-	fflush(stdout);
-
-	cli_write(prompt, strlen(prompt));
-	cli_read(buf, sizeof buf, echo_enable);
-
-	cli_close();
-
-	p = xstrdup(buf);
-	memset(buf, 0, sizeof(buf));
-	return (p);
-}
-
-char*
-cli_prompt(char* prompt, int echo_enable)
-{
-	return cli_read_passphrase(prompt, 0, echo_enable);
-}
-
-void
-cli_mesg(char* mesg)
-{
-	cli_open(0);
-	cli_write(mesg, strlen(mesg));
-	cli_write("\n", strlen("\n"));
-	cli_close();
-	return;
-}
diff --git a/usr.bin/ssh/cli.h b/usr.bin/ssh/cli.h
deleted file mode 100644
index 59d93549919..00000000000
--- a/usr.bin/ssh/cli.h
+++ /dev/null
@@ -1,42 +0,0 @@
-/*	$OpenBSD: cli.h,v 1.5 2001/05/06 17:52:07 mouring Exp $	*/
-
-/*
- * Copyright (c) 2000 Markus Friedl.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/* $OpenBSD: cli.h,v 1.5 2001/05/06 17:52:07 mouring Exp $ */
-
-#ifndef CLI_H
-#define CLI_H
-
-/*
- * Presents a prompt and returns the response allocated with xmalloc().
- * Uses /dev/tty or stdin/out depending on arg.  Optionally disables echo
- * of response depending on arg.  Tries to ensure that no other userland
- * buffer is storing the response.
- */
-char*  cli_read_passphrase(const char* prompt, int from_stdin, int echo_enable);
-char*  cli_prompt(char* prompt, int echo_enable);
-void	cli_mesg(char * mesg);
-
-#endif /* CLI_H */
diff --git a/usr.bin/ssh/lib/Makefile b/usr.bin/ssh/lib/Makefile
index f8a87163ec6..0a0b0343171 100644
--- a/usr.bin/ssh/lib/Makefile
+++ b/usr.bin/ssh/lib/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.24 2001/05/31 10:30:18 markus Exp $
+#	$OpenBSD: Makefile,v 1.25 2001/06/24 05:35:34 markus Exp $
 
 .PATH:		${.CURDIR}/..
 
@@ -8,7 +8,7 @@ SRCS=   authfd.c authfile.c bufaux.c buffer.c canohost.c \
 	hostfile.c log.c match.c mpaux.c nchan.c packet.c readpass.c \
 	rsa.c tildexpand.c ttymodes.c uidswap.c xmalloc.c atomicio.c \
 	key.c dispatch.c kex.c mac.c uuencode.c misc.c \
-	cli.c rijndael.c ssh-dss.c ssh-rsa.c dh.c kexdh.c kexgex.c \
+	rijndael.c ssh-dss.c ssh-rsa.c dh.c kexdh.c kexgex.c \
 
 NOPROFILE= yes
 NOPIC=	yes
diff --git a/usr.bin/ssh/readpass.c b/usr.bin/ssh/readpass.c
index 05883dfcd28..3b6ed72babc 100644
--- a/usr.bin/ssh/readpass.c
+++ b/usr.bin/ssh/readpass.c
@@ -32,10 +32,11 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: readpass.c,v 1.18 2001/06/23 15:12:19 itojun Exp $");
+RCSID("$OpenBSD: readpass.c,v 1.19 2001/06/24 05:35:33 markus Exp $");
+
+#include <readpassphrase.h>
 
 #include "xmalloc.h"
-#include "cli.h"
 #include "readpass.h"
 #include "pathnames.h"
 #include "log.h"
@@ -84,27 +85,24 @@ ssh_askpass(char *askpass, const char *msg)
 	return pass;
 }
 
-
 /*
- * Reads a passphrase from /dev/tty with echo turned off.  Returns the
- * passphrase (allocated with xmalloc), being very careful to ensure that
- * no other userland buffer is storing the password.
- */
-/*
- * Note:  the funcationallity of this routing has been moved to
- * cli_read_passphrase().  This routing remains to maintain
- * compatibility with existing code.
+ * Reads a passphrase from /dev/tty with echo turned off/on.  Returns the
+ * passphrase (allocated with xmalloc).  Exits if EOF is encountered. If
+ * RP_ALLOW_STDIN is set, the passphrase will be read from stdin if no
+ * tty is available
  */
 char *
-read_passphrase(const char *prompt, int from_stdin)
+read_passphrase(const char *prompt, int flags)
 {
-	char *askpass = NULL;
-	int use_askpass = 0, ttyfd;
+	char *askpass = NULL, *ret, buf[1024];
+	int rppflags, use_askpass = 0, ttyfd;
 
-	if (from_stdin) {
+	rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF;
+	if (flags & RP_ALLOW_STDIN) {
 		if (!isatty(STDIN_FILENO))
 			use_askpass = 1;
 	} else {
+		rppflags |= RPP_REQUIRE_TTY;
 		ttyfd = open("/dev/tty", O_RDWR);
 		if (ttyfd >= 0)
 			close(ttyfd);
@@ -120,5 +118,10 @@ read_passphrase(const char *prompt, int from_stdin)
 		return ssh_askpass(askpass, prompt);
 	}
 
-	return cli_read_passphrase(prompt, from_stdin, 0);
+	if (readpassphrase(prompt, buf, sizeof buf, rppflags) == NULL)
+		return NULL;
+
+	ret = xstrdup(buf);
+	memset(buf, 'x', sizeof buf);
+	return ret;
 }
diff --git a/usr.bin/ssh/readpass.h b/usr.bin/ssh/readpass.h
index 55ed294da76..37f85002b40 100644
--- a/usr.bin/ssh/readpass.h
+++ b/usr.bin/ssh/readpass.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: readpass.h,v 1.3 2001/05/06 17:52:08 mouring Exp $	*/
+/*	$OpenBSD: readpass.h,v 1.4 2001/06/24 05:35:33 markus Exp $	*/
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -12,9 +12,6 @@
  * called by a name other than "ssh" or "Secure Shell".
  */
 
-/*
- * Reads a passphrase from /dev/tty with echo turned off.  Returns the
- * passphrase (allocated with xmalloc).  Exits if EOF is encountered. If
- * from_stdin is true, the passphrase will be read from stdin instead.
- */
-char   *read_passphrase(const char *prompt, int from_stdin);
+#define RP_ECHO			0x0001
+#define RP_ALLOW_STDIN		0x0002
+char	*read_passphrase(const char *prompt, int flags);
diff --git a/usr.bin/ssh/ssh-add.c b/usr.bin/ssh/ssh-add.c
index 4c2db31703d..a69c72764d2 100644
--- a/usr.bin/ssh/ssh-add.c
+++ b/usr.bin/ssh/ssh-add.c
@@ -35,7 +35,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-add.c,v 1.39 2001/06/23 15:12:20 itojun Exp $");
+RCSID("$OpenBSD: ssh-add.c,v 1.40 2001/06/24 05:35:33 markus Exp $");
 
 #include <openssl/evp.h>
 
@@ -122,7 +122,7 @@ add_file(AuthenticationConnection *ac, const char *filename)
 		snprintf(msg, sizeof msg, "Enter passphrase for %.200s: ",
 		   comment);
 		for (;;) {
-			pass = read_passphrase(msg, 1);
+			pass = read_passphrase(msg, RP_ALLOW_STDIN);
 			if (strcmp(pass, "") == 0) {
 				clear_pass();
 				xfree(comment);
diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c
index b407dbe12e4..710b6775cde 100644
--- a/usr.bin/ssh/ssh-keygen.c
+++ b/usr.bin/ssh/ssh-keygen.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.64 2001/06/23 17:05:22 markus Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.65 2001/06/24 05:35:33 markus Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/pem.h>
@@ -119,7 +119,8 @@ load_identity(char *filename)
 		if (identity_passphrase)
 			pass = xstrdup(identity_passphrase);
 		else
-			pass = read_passphrase("Enter passphrase: ", 1);
+			pass = read_passphrase("Enter passphrase: ",
+			    RP_ALLOW_STDIN);
 		prv = key_load_private(filename, pass, NULL);
 		memset(pass, 0, strlen(pass));
 		xfree(pass);
@@ -487,8 +488,11 @@ do_change_passphrase(struct passwd *pw)
 		if (identity_passphrase)
 			old_passphrase = xstrdup(identity_passphrase);
 		else
-			old_passphrase = read_passphrase("Enter old passphrase: ", 1);
-		private = key_load_private(identity_file, old_passphrase , &comment);
+			old_passphrase =
+			    read_passphrase("Enter old passphrase: ",
+			    RP_ALLOW_STDIN);
+		private = key_load_private(identity_file, old_passphrase,
+		    &comment);
 		memset(old_passphrase, 0, strlen(old_passphrase));
 		xfree(old_passphrase);
 		if (private == NULL) {
@@ -504,8 +508,10 @@ do_change_passphrase(struct passwd *pw)
 		passphrase2 = NULL;
 	} else {
 		passphrase1 =
-			read_passphrase("Enter new passphrase (empty for no passphrase): ", 1);
-		passphrase2 = read_passphrase("Enter same passphrase again: ", 1);
+			read_passphrase("Enter new passphrase (empty for no "
+			    "passphrase): ", RP_ALLOW_STDIN);
+		passphrase2 = read_passphrase("Enter same passphrase again: ",
+		     RP_ALLOW_STDIN);
 
 		/* Verify that they are the same. */
 		if (strcmp(passphrase1, passphrase2) != 0) {
@@ -566,7 +572,8 @@ do_change_comment(struct passwd *pw)
 		else if (identity_new_passphrase)
 			passphrase = xstrdup(identity_new_passphrase);
 		else
-			passphrase = read_passphrase("Enter passphrase: ", 1);
+			passphrase = read_passphrase("Enter passphrase: ",
+			    RP_ALLOW_STDIN);
 		/* Try to load using the passphrase. */
 		private = key_load_private(identity_file, passphrase, &comment);
 		if (private == NULL) {
@@ -822,10 +829,15 @@ main(int ac, char **av)
 	else {
 passphrase_again:
 		passphrase1 =
-			read_passphrase("Enter passphrase (empty for no passphrase): ", 1);
-		passphrase2 = read_passphrase("Enter same passphrase again: ", 1);
+			read_passphrase("Enter passphrase (empty for no "
+			    "passphrase): ", RP_ALLOW_STDIN);
+		passphrase2 = read_passphrase("Enter same passphrase again: ",
+		    RP_ALLOW_STDIN);
 		if (strcmp(passphrase1, passphrase2) != 0) {
-			/* The passphrases do not match.  Clear them and retry. */
+			/*
+			 * The passphrases do not match.  Clear them and
+			 * retry.
+			 */
 			memset(passphrase1, 0, strlen(passphrase1));
 			memset(passphrase2, 0, strlen(passphrase2));
 			xfree(passphrase1);
diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c
index 1f57c3a9f5d..5f4943ba80f 100644
--- a/usr.bin/ssh/sshconnect2.c
+++ b/usr.bin/ssh/sshconnect2.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.76 2001/06/23 15:12:21 itojun Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.77 2001/06/24 05:35:34 markus Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/md5.h>
@@ -45,7 +45,6 @@ RCSID("$OpenBSD: sshconnect2.c,v 1.76 2001/06/23 15:12:21 itojun Exp $");
 #include "key.h"
 #include "sshconnect.h"
 #include "authfile.h"
-#include "cli.h"
 #include "dh.h"
 #include "authfd.h"
 #include "log.h"
@@ -770,9 +769,9 @@ input_userauth_info_req(int type, int plen, void *ctxt)
 	inst = packet_get_string(NULL);
 	lang = packet_get_string(NULL);
 	if (strlen(name) > 0)
-		cli_mesg(name);
+		log(name);
 	if (strlen(inst) > 0)
-		cli_mesg(inst);
+		log(inst);
 	xfree(name);
 	xfree(inst);
 	xfree(lang);
@@ -792,7 +791,7 @@ input_userauth_info_req(int type, int plen, void *ctxt)
 		prompt = packet_get_string(NULL);
 		echo = packet_get_char();
 
-		response = cli_prompt(prompt, echo);
+		response = read_passphrase(prompt, echo ? RP_ECHO : 0);
 
 		packet_put_cstring(response);
 		memset(response, 0, strlen(response));