Allow reading dbclient password from an environment var

--HG-- extra : convert_revision : 9a5277c058af96e8fb7a3ade558dd1aeeafa1d3a
2025-02-07 13:21:15 +00:00 · 2007-03-17 06:30:11 +00:00 · 2007-03-17 06:30:11 +00:00 · a4130263bd
commit a4130263bd
parent 0ffc17e481
2 changed files with 17 additions and 0 deletions
--- a/cli-auth.c
+++ b/cli-auth.c
@ -284,6 +284,15 @@ void cli_auth_try() {
 char* getpass_or_cancel(char* prompt)
 {
 	char* password = NULL;
+	
+#ifdef DROPBEAR_PASSWORD_ENV
+    /* Password provided in an environment var */
+    password = getenv(DROPBEAR_PASSWORD_ENV);
+    if (password)
+    {
+        return password;
+    }
+#endif

 	password = getpass(prompt);

--- a/options.h
+++ b/options.h
@ -140,6 +140,14 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
 #define ENABLE_CLI_PUBKEY_AUTH
 #define ENABLE_CLI_INTERACT_AUTH

+/* This variable can be used to set a password for client
+ * authentication on the commandline. Beware of platforms
+ * that don't protect environment variables of processes etc. Also
+ * note that it will be provided for all "hidden" client-interactive
+ * style prompts - if you want something more sophisticated, use 
+ * SSH_ASKPASS instead. Comment out this var to remove this functionality.*/
+#define DROPBEAR_PASSWORD_ENV "DROPBEAR_PASSWORD"
+
 /* Define this (as well as ENABLE_CLI_PASSWORD_AUTH) to allow the use of
 * a helper program for the ssh client. The helper program should be
 * specified in the SSH_ASKPASS environment variable, and dbclient