diff options
author | djm@openbsd.org <djm@openbsd.org> | 2019-12-06 03:06:08 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-12-11 19:08:22 +1100 |
commit | 59175a350fe1091af7528b2971e3273aa7ca7295 (patch) | |
tree | be00759eb4d0f719644a8432c24b25dfdda30f9c /readpass.c | |
parent | 36eaa356d391a23a2d4e3a8aaa0223abc70b9822 (diff) |
upstream: fix setting of $SSH_ASKPASS_PROMPT - it shouldn't be set
when asking passphrases, only when confirming the use of a key (i.e. for
ssh-agent keys added with "ssh-add -c keyfile")
OpenBSD-Commit-ID: 6643c82960d9427d5972eb702c917b3b838ecf89
Diffstat (limited to 'readpass.c')
-rw-r--r-- | readpass.c | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/readpass.c b/readpass.c index 03197a0af..4172bbc56 100644 --- a/readpass.c +++ b/readpass.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: readpass.c,v 1.59 2019/12/06 02:55:21 djm Exp $ */ | 1 | /* $OpenBSD: readpass.c,v 1.60 2019/12/06 03:06:08 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -48,7 +48,7 @@ | |||
48 | #include "uidswap.h" | 48 | #include "uidswap.h" |
49 | 49 | ||
50 | static char * | 50 | static char * |
51 | ssh_askpass(char *askpass, const char *msg) | 51 | ssh_askpass(char *askpass, const char *msg, const char *env_hint) |
52 | { | 52 | { |
53 | pid_t pid, ret; | 53 | pid_t pid, ret; |
54 | size_t len; | 54 | size_t len; |
@@ -75,7 +75,8 @@ ssh_askpass(char *askpass, const char *msg) | |||
75 | close(p[0]); | 75 | close(p[0]); |
76 | if (dup2(p[1], STDOUT_FILENO) == -1) | 76 | if (dup2(p[1], STDOUT_FILENO) == -1) |
77 | fatal("%s: dup2: %s", __func__, strerror(errno)); | 77 | fatal("%s: dup2: %s", __func__, strerror(errno)); |
78 | setenv("SSH_ASKPASS_PROMPT", "confirm", 1); /* hint to UI */ | 78 | if (env_hint != NULL) |
79 | setenv("SSH_ASKPASS_PROMPT", env_hint, 1); | ||
79 | execlp(askpass, askpass, msg, (char *)NULL); | 80 | execlp(askpass, askpass, msg, (char *)NULL); |
80 | fatal("%s: exec(%s): %s", __func__, askpass, strerror(errno)); | 81 | fatal("%s: exec(%s): %s", __func__, askpass, strerror(errno)); |
81 | } | 82 | } |
@@ -109,6 +110,9 @@ ssh_askpass(char *askpass, const char *msg) | |||
109 | return pass; | 110 | return pass; |
110 | } | 111 | } |
111 | 112 | ||
113 | /* private/internal read_passphrase flags */ | ||
114 | #define RP_ASK_PERMISSION 0x8000 /* pass hint to askpass for confirm UI */ | ||
115 | |||
112 | /* | 116 | /* |
113 | * Reads a passphrase from /dev/tty with echo turned off/on. Returns the | 117 | * Reads a passphrase from /dev/tty with echo turned off/on. Returns the |
114 | * passphrase (allocated with xmalloc). Exits if EOF is encountered. If | 118 | * passphrase (allocated with xmalloc). Exits if EOF is encountered. If |
@@ -120,6 +124,7 @@ read_passphrase(const char *prompt, int flags) | |||
120 | { | 124 | { |
121 | char cr = '\r', *askpass = NULL, *ret, buf[1024]; | 125 | char cr = '\r', *askpass = NULL, *ret, buf[1024]; |
122 | int rppflags, use_askpass = 0, ttyfd; | 126 | int rppflags, use_askpass = 0, ttyfd; |
127 | const char *askpass_hint = NULL; | ||
123 | 128 | ||
124 | rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF; | 129 | rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF; |
125 | if (flags & RP_USE_ASKPASS) | 130 | if (flags & RP_USE_ASKPASS) |
@@ -156,7 +161,9 @@ read_passphrase(const char *prompt, int flags) | |||
156 | askpass = getenv(SSH_ASKPASS_ENV); | 161 | askpass = getenv(SSH_ASKPASS_ENV); |
157 | else | 162 | else |
158 | askpass = _PATH_SSH_ASKPASS_DEFAULT; | 163 | askpass = _PATH_SSH_ASKPASS_DEFAULT; |
159 | if ((ret = ssh_askpass(askpass, prompt)) == NULL) | 164 | if ((flags & RP_ASK_PERMISSION) != 0) |
165 | askpass_hint = "confirm"; | ||
166 | if ((ret = ssh_askpass(askpass, prompt, askpass_hint)) == NULL) | ||
160 | if (!(flags & RP_ALLOW_EOF)) | 167 | if (!(flags & RP_ALLOW_EOF)) |
161 | return xstrdup(""); | 168 | return xstrdup(""); |
162 | return ret; | 169 | return ret; |
@@ -184,7 +191,8 @@ ask_permission(const char *fmt, ...) | |||
184 | vsnprintf(prompt, sizeof(prompt), fmt, args); | 191 | vsnprintf(prompt, sizeof(prompt), fmt, args); |
185 | va_end(args); | 192 | va_end(args); |
186 | 193 | ||
187 | p = read_passphrase(prompt, RP_USE_ASKPASS|RP_ALLOW_EOF); | 194 | p = read_passphrase(prompt, |
195 | RP_USE_ASKPASS|RP_ALLOW_EOF|RP_ASK_PERMISSION); | ||
188 | if (p != NULL) { | 196 | if (p != NULL) { |
189 | /* | 197 | /* |
190 | * Accept empty responses and responses consisting | 198 | * Accept empty responses and responses consisting |