[PATCH] PreferAskpass in ssh_config

Sebastian Schmidt yath at yath.eu.org
Sun Oct 3 21:03:22 EST 2004 

Moin,

attached is a patch, which adds a new configuration option
"PreferAskpass" to the ssh config.
ssh{,-add,-keygen,-agent} will use ssh-askpass to prompt for passwords, if
this option is set to "yes", and if ssh-askpass is available.

Default for "PreferAskpass" is "no".

Pacth is against current CVS.


Sebastian
-- 
signature intentionally left blank.
-------------- next part --------------
Index: Makefile.in
===================================================================
RCS file: /cvs/openssh/Makefile.in,v
retrieving revision 1.265
diff -u -r1.265 Makefile.in
--- Makefile.in	30 Aug 2004 11:33:02 -0000	1.265
+++ Makefile.in	3 Oct 2004 10:58:49 -0000
@@ -70,7 +70,7 @@
 	atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \
 	monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \
 	kexgex.o kexdhc.o kexgexc.o scard.o msg.o progressmeter.o dns.o \
-	entropy.o scard-opensc.o gss-genr.o
+	entropy.o scard-opensc.o gss-genr.o readconf.o
 
 SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
 	sshconnect.o sshconnect1.o sshconnect2.o
Index: readconf.c
===================================================================
RCS file: /cvs/openssh/readconf.c,v
retrieving revision 1.109
diff -u -r1.109 readconf.c
--- readconf.c	17 Jul 2004 06:12:08 -0000	1.109
+++ readconf.c	3 Oct 2004 10:58:52 -0000
@@ -106,7 +106,7 @@
 	oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
 	oAddressFamily, oGssAuthentication, oGssDelegateCreds,
 	oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
-	oSendEnv, oControlPath, oControlMaster,
+	oSendEnv, oControlPath, oControlMaster, oPreferAskpass,
 	oDeprecated, oUnsupported
 } OpCodes;
 
@@ -197,6 +197,7 @@
 	{ "sendenv", oSendEnv },
 	{ "controlpath", oControlPath },
 	{ "controlmaster", oControlMaster },
+	{ "preferaskpass", oPreferAskpass },
 	{ NULL, oBadOption }
 };
 
@@ -774,6 +775,10 @@
 		intptr = &options->control_master;
 		goto parse_yesnoask;
 
+	case oPreferAskpass:
+		intptr = &options->prefer_askpass;
+		goto parse_flag;
+
 	case oDeprecated:
 		debug("%s line %d: Deprecated option \"%s\"",
 		    filename, linenum, keyword);
@@ -917,6 +922,7 @@
 	options->num_send_env = 0;
 	options->control_path = NULL;
 	options->control_master = -1;
+	options->prefer_askpass = -1;
 }
 
 /*
@@ -1039,6 +1045,8 @@
 		options->server_alive_count_max = 3;
 	if (options->control_master == -1)
 		options->control_master = 0;
+	if (options->prefer_askpass == -1)
+		options->prefer_askpass = 0;
 	/* options->proxy_command should not be set by default */
 	/* options->user will be set in the main program if appropriate */
 	/* options->hostname will be set in the main program if appropriate */
Index: readconf.h
===================================================================
RCS file: /cvs/openssh/readconf.h,v
retrieving revision 1.56
diff -u -r1.56 readconf.h
--- readconf.h	17 Jul 2004 06:12:08 -0000	1.56
+++ readconf.h	3 Oct 2004 10:58:52 -0000
@@ -111,6 +111,7 @@
 
 	char	*control_path;
 	int	control_master;
+	int	prefer_askpass;
 }       Options;
 
 
Index: readpass.c
===================================================================
RCS file: /cvs/openssh/readpass.c,v
retrieving revision 1.28
diff -u -r1.28 readpass.c
--- readpass.c	17 Jun 2004 15:19:03 -0000	1.28
+++ readpass.c	3 Oct 2004 10:58:53 -0000
@@ -30,6 +30,9 @@
 #include "pathnames.h"
 #include "log.h"
 #include "ssh.h"
+#include "readconf.h"
+
+extern Options options;
 
 static char *
 ssh_askpass(char *askpass, const char *msg)
@@ -103,7 +106,9 @@
 	int rppflags, use_askpass = 0, ttyfd;
 
 	rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF;
-	if (flags & RP_USE_ASKPASS)
+	if (flags & RP_USE_ASKPASS ||
+			(options.prefer_askpass && getenv(SSH_ASKPASS_ENV) &&
+			 !(flags & RP_ECHO)))
 		use_askpass = 1;
 	else if (flags & RP_ALLOW_STDIN) {
 		if (!isatty(STDIN_FILENO))
Index: ssh-add.c
===================================================================
RCS file: /cvs/openssh/ssh-add.c,v
retrieving revision 1.77
diff -u -r1.77 ssh-add.c
--- ssh-add.c	17 Jul 2004 04:07:42 -0000	1.77
+++ ssh-add.c	3 Oct 2004 10:58:54 -0000
@@ -48,6 +48,7 @@
 #include "authfile.h"
 #include "pathnames.h"
 #include "misc.h"
+#include "readconf.h"
 
 /* argv0 */
 extern char *__progname;
@@ -68,6 +69,11 @@
 
 /* we keep a cache of one passphrases */
 static char *pass = NULL;
+
+Options options;
+
+uid_t original_real_uid;
+
 static void
 clear_pass(void)
 {
@@ -311,12 +317,30 @@
 	AuthenticationConnection *ac = NULL;
 	char *sc_reader_id = NULL;
 	int i, ch, deleting = 0, ret = 0;
+	char buf[256];
+	struct passwd *pw;
 
 	__progname = ssh_get_progname(argv[0]);
 	init_rng();
 	seed_rng();
 
 	SSLeay_add_all_algorithms();
+
+	/* Read options */
+	initialize_options(&options);
+	
+	pw = getpwuid(original_real_uid = getuid());
+	if (!pw) {
+		logit("You don't exist, go away!");
+		exit(1);
+	}
+
+	snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir,
+			_PATH_SSH_USER_CONFFILE);
+	(void)read_config_file(buf, "", &options, 1);
+	(void)read_config_file(_PATH_HOST_CONFIG_FILE, "",
+			       &options, 0);
+	fill_default_options(&options);
 
 	/* At first, get a connection to the authentication agent. */
 	ac = ssh_get_authentication_connection();
Index: ssh-agent.c
===================================================================
RCS file: /cvs/openssh/ssh-agent.c,v
retrieving revision 1.134
diff -u -r1.134 ssh-agent.c
--- ssh-agent.c	11 Sep 2004 05:18:05 -0000	1.134
+++ ssh-agent.c	3 Oct 2004 10:58:56 -0000
@@ -51,6 +51,8 @@
 #include "compat.h"
 #include "log.h"
 #include "misc.h"
+#include "pathnames.h"
+#include "readconf.h"
 
 #ifdef SMARTCARD
 #include "scard.h"
@@ -111,6 +113,11 @@
 /* Default lifetime (0 == forever) */
 static int lifetime = 0;
 
+Options options;
+
+uid_t original_real_uid;
+
+
 static void
 close_socket(SocketEntry *e)
 {
@@ -1015,6 +1022,8 @@
 	extern char *optarg;
 	pid_t pid;
 	char pidstrbuf[1 + 3 * sizeof pid];
+	char buf[256];
+	struct passwd *pw;
 
 	/* drop */
 	setegid(getgid());
@@ -1030,6 +1039,19 @@
 	__progname = ssh_get_progname(av[0]);
 	init_rng();
 	seed_rng();
+
+	initialize_options(&options);
+	pw = getpwuid(original_real_uid = getuid());
+	if (!pw) {
+		logit("You don't exist, go away!");
+		exit(1);
+	}
+	snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir,
+			_PATH_SSH_USER_CONFFILE);
+	(void)read_config_file(buf, "", &options, 1);
+	(void)read_config_file(_PATH_HOST_CONFIG_FILE, "",
+			       &options, 0);
+	fill_default_options(&options);			
 
 	while ((ch = getopt(ac, av, "cdksa:t:")) != -1) {
 		switch (ch) {
Index: ssh-keygen.c
===================================================================
RCS file: /cvs/openssh/ssh-keygen.c,v
retrieving revision 1.122
diff -u -r1.122 ssh-keygen.c
--- ssh-keygen.c	17 Jul 2004 06:12:08 -0000	1.122
+++ ssh-keygen.c	3 Oct 2004 10:58:59 -0000
@@ -17,6 +17,7 @@
 #include <openssl/evp.h>
 #include <openssl/pem.h>
 
+#include "ssh.h"
 #include "xmalloc.h"
 #include "key.h"
 #include "rsa.h"
@@ -27,6 +28,7 @@
 #include "pathnames.h"
 #include "log.h"
 #include "misc.h"
+#include "readconf.h"
 
 #ifdef SMARTCARD
 #include "scard.h"
@@ -84,6 +86,11 @@
 int gen_candidates(FILE *, int, int, BIGNUM *);
 int prime_test(FILE *, FILE *, u_int32_t, u_int32_t);
 
+Options options;
+
+uid_t original_real_uid;
+
+
 static void
 ask_filename(struct passwd *pw, const char *prompt)
 {
@@ -788,7 +795,7 @@
 main(int ac, char **av)
 {
 	char dotsshdir[MAXPATHLEN], comment[1024], *passphrase1, *passphrase2;
-	char out_file[MAXPATHLEN], *reader_id = NULL;
+	char out_file[MAXPATHLEN], *reader_id = NULL, buf[256];
 	char *resource_record_hostname = NULL;
 	Key *private, *public;
 	struct passwd *pw;
@@ -812,7 +819,7 @@
 	seed_rng();
 
 	/* we need this for the home * directory.  */
-	pw = getpwuid(getuid());
+	pw = getpwuid(original_real_uid = getuid());
 	if (!pw) {
 		printf("You don't exist, go away!\n");
 		exit(1);
@@ -821,6 +828,14 @@
 		perror("gethostname");
 		exit(1);
 	}
+
+	snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir,
+			_PATH_SSH_USER_CONFFILE);
+	(void)read_config_file(buf, "", &options, 1);
+	(void)read_config_file(_PATH_HOST_CONFIG_FILE, "",
+		&options, 0);
+	fill_default_options(&options);
+	
 
 	while ((opt = getopt(ac, av,
 	    "degiqpclBRvxXyb:f:t:U:D:P:N:C:r:g:T:G:M:S:a:W:")) != -1) {
Index: ssh_config.5
===================================================================
RCS file: /cvs/openssh/ssh_config.5,v
retrieving revision 1.38
diff -u -r1.38 ssh_config.5
--- ssh_config.5	30 Jun 2004 12:38:52 -0000	1.38
+++ ssh_config.5	3 Oct 2004 10:59:04 -0000
@@ -518,6 +518,12 @@
 .It Cm Port
 Specifies the port number to connect on the remote host.
 Default is 22.
+.It Cm PreferAskpass
+If set to
+.Dq yes ,
+ssh-askpass(1) will be used (if available) instead of prompting for
+passwords on tty. The default is
+.Dq no .
 .It Cm PreferredAuthentications
 Specifies the order in which the client should try protocol 2
 authentication methods.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20041003/620c19f3/attachment.bin

More information about the openssh-unix-dev mailing list