7 files changed, 65 insertions, 13 deletions
diff --git a/ChangeLog b/ChangeLog
index ae4897e6d..7b74a0bf7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,10 @@
   - djm@cvs.openbsd.org 2004/06/17 14:52:48
     [clientloop.c clientloop.h ssh.c]
     support environment passing over shared connections; ok markus@
+   - djm@cvs.openbsd.org 2004/06/17 15:10:14
+     [clientloop.c misc.h readconf.c readpass.c ssh.c ssh_config.5]
+     Add option for confirmation (ControlMaster=ask) via ssh-askpass before 
+     opening shared connections; ok markus@
 20040617
 - (dtucker) [regress/scp.sh] diff -N is not portable (but needed for some
@@ -1276,4 +1280,4 @@
   - (djm) Trim deprecated options from INSTALL. Mention UsePAM
   - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
-$Id: ChangeLog,v 1.3405 2004/06/17 15:17:29 djm Exp $
+$Id: ChangeLog,v 1.3406 2004/06/17 15:19:03 djm Exp $
diff --git a/clientloop.c b/clientloop.c
index eb3200331..8f2f270d7 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -59,7 +59,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: clientloop.c,v 1.126 2004/06/17 14:52:48 djm Exp $");
+RCSID("$OpenBSD: clientloop.c,v 1.127 2004/06/17 15:10:13 djm Exp $");
 #include "ssh.h"
 #include "ssh1.h"
@@ -549,7 +549,7 @@ client_extra_session2_setup(int id, void *arg)
        client_session2_setup(id, cctx->want_tty, cctx->want_subsys, 
            cctx->term, &cctx->tio, c->rfd, &cctx->cmd, cctx->env,
            client_subsystem_reply);
-        
        c->confirm_ctx = NULL;
        buffer_free(&cctx->cmd);
        xfree(cctx->term);
@@ -566,7 +566,7 @@ client_process_control(fd_set * readset)
 {
        Buffer m;
        Channel *c;
-        int client_fd, new_fd[3], ver, i;
+        int client_fd, new_fd[3], ver, i, allowed;
        socklen_t addrlen;
        struct sockaddr_storage addr;
        struct confirm_ctx *cctx;
@@ -600,23 +600,52 @@ client_process_control(fd_set * readset)
                close(client_fd);
                return;
        }
-        /* XXX: implement use of ssh-askpass to confirm additional channels */
+        allowed = 1;
+        if (options.control_master == 2) {
+                char *p, prompt[1024];
+                allowed = 0;
+                snprintf(prompt, sizeof(prompt),
+                    "Allow shared connection to %s? ", host);
+                p = read_passphrase(prompt, RP_USE_ASKPASS|RP_ALLOW_EOF);
+                if (p != NULL) {
+                        /*
+                         * Accept empty responses and responses consisting
+                         * of the word "yes" as affirmative.
+                         */
+                        if (*p == '\0' || *p == '\n' || 
+                            strcasecmp(p, "yes") == 0)
+                                allowed = 1;
+                        xfree(p);
+                }
+        }
        unset_nonblock(client_fd);
        buffer_init(&m);
+        buffer_put_int(&m, allowed);
        buffer_put_int(&m, getpid());
        if (ssh_msg_send(client_fd, /* version */0, &m) == -1) {
                error("%s: client msg_send failed", __func__);
                close(client_fd);
+                buffer_free(&m);
                return;
        }
        buffer_clear(&m);
+        if (!allowed) {
+                error("Refused control connection");
+                close(client_fd);
+                buffer_free(&m);
+                return;
+        }
        if (ssh_msg_recv(client_fd, &m) == -1) {
                error("%s: client msg_recv failed", __func__);
                close(client_fd);
+                buffer_free(&m);
                return;
        }
@@ -670,6 +699,7 @@ client_process_control(fd_set * readset)
                close(new_fd[0]);
                close(new_fd[1]);
                close(new_fd[2]);
+                buffer_free(&m);
                return;
        }
        buffer_free(&m);
diff --git a/misc.h b/misc.h
index 6a4eff136..ffa8d8f27 100644
--- a/misc.h
+++ b/misc.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: misc.h,v 1.15 2004/06/14 01:44:39 djm Exp $   */
+/*      $OpenBSD: misc.h,v 1.16 2004/06/17 15:10:14 djm Exp $   */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -43,5 +43,6 @@ char	*tilde_expand_filename(const char *, uid_t);
 #define RP_ECHO                 0x0001
 #define RP_ALLOW_STDIN          0x0002
 #define RP_ALLOW_EOF            0x0004
+#define RP_USE_ASKPASS          0x0008
 char    *read_passphrase(const char *, int);
diff --git a/readconf.c b/readconf.c
index 2b1d7cc46..429f69129 100644
--- a/readconf.c
+++ b/readconf.c
@@ -12,7 +12,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.132 2004/06/13 15:03:02 djm Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.133 2004/06/17 15:10:14 djm Exp $");
 #include "ssh.h"
 #include "xmalloc.h"
@@ -772,7 +772,7 @@ parse_int:
        case oControlMaster:
                intptr = &options->control_master;
-                goto parse_flag;
+                goto parse_yesnoask;
        case oDeprecated:
                debug("%s line %d: Deprecated option \"%s\"",
diff --git a/readpass.c b/readpass.c
index fc7629c37..eb4f6fdb6 100644
--- a/readpass.c
+++ b/readpass.c
@@ -23,7 +23,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: readpass.c,v 1.29 2004/05/08 00:21:31 djm Exp $");
+RCSID("$OpenBSD: readpass.c,v 1.30 2004/06/17 15:10:14 djm Exp $");
 #include "xmalloc.h"
 #include "misc.h"
@@ -103,7 +103,9 @@ read_passphrase(const char *prompt, int flags)
        int rppflags, use_askpass = 0, ttyfd;
        rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF;
-        if (flags & RP_ALLOW_STDIN) {
+        if (flags & RP_USE_ASKPASS)
+                use_askpass = 1;
+        else if (flags & RP_ALLOW_STDIN) {
                if (!isatty(STDIN_FILENO))
                        use_askpass = 1;
        } else {
@@ -115,6 +117,9 @@ read_passphrase(const char *prompt, int flags)
                        use_askpass = 1;
        }
+        if ((flags & RP_USE_ASKPASS) && getenv("DISPLAY") == NULL)
+                return (flags & RP_ALLOW_EOF) ? NULL : xstrdup("");
        if (use_askpass && getenv("DISPLAY")) {
                if (getenv(SSH_ASKPASS_ENV))
                        askpass = getenv(SSH_ASKPASS_ENV);
diff --git a/ssh.c b/ssh.c
index 9b434b93e..6f8114d53 100644
--- a/ssh.c
+++ b/ssh.c
@@ -40,7 +40,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.215 2004/06/17 14:52:48 djm Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.216 2004/06/17 15:10:14 djm Exp $");
 #include <openssl/evp.h>
 #include <openssl/err.h>
@@ -1044,7 +1044,7 @@ ssh_control_listener(void)
        mode_t old_umask;
        int addr_len;
-        if (options.control_path == NULL || options.control_master != 1)
+        if (options.control_path == NULL || options.control_master <= 0)
                return;
        memset(&addr, '\0', sizeof(addr));
@@ -1266,6 +1266,9 @@ control_client(const char *path)
                fatal("%s: msg_recv", __func__);
        if (buffer_get_char(&m) != 0)
                fatal("%s: wrong version", __func__);
+        /* Connection allowed? */
+        if (buffer_get_int(&m) != 1)
+                fatal("Connection to master denied");
        control_server_pid = buffer_get_int(&m);
        buffer_clear(&m);
diff --git a/ssh_config.5 b/ssh_config.5
index bab11d313..3e8c1db06 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.36 2004/06/13 15:03:02 djm Exp $
+.\" $OpenBSD: ssh_config.5,v 1.37 2004/06/17 15:10:14 djm Exp $
 .Dd September 25, 1999
 .Dt SSH_CONFIG 5
 .Os
@@ -273,6 +273,15 @@ set to
 (the default.)
 These sessions will reuse the master instance's network connection rather
 than initiating new ones.
+Setting this to
+.Dq ask
+will cause
+.Nm ssh
+to listen for control connections, but require confirmation using the
+.Ev SSH_ASKPASS
+program before they are accepted (see
+.Xr ssh-add 1
+for details)
 .It Cm ControlPath
 Specify a the path to the control socket used for connection sharing.
 See

diff --git a/ChangeLog b/ChangeLog index ae4897e6d..7b74a0bf7 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -3,6 +3,10 @@
3	- djm@cvs.openbsd.org 2004/06/17 14:52:48	3	- djm@cvs.openbsd.org 2004/06/17 14:52:48
4	[clientloop.c clientloop.h ssh.c]	4	[clientloop.c clientloop.h ssh.c]
5	support environment passing over shared connections; ok markus@	5	support environment passing over shared connections; ok markus@
		6	- djm@cvs.openbsd.org 2004/06/17 15:10:14
		7	[clientloop.c misc.h readconf.c readpass.c ssh.c ssh_config.5]
		8	Add option for confirmation (ControlMaster=ask) via ssh-askpass before
		9	opening shared connections; ok markus@
6		10
7	20040617	11	20040617
8	- (dtucker) [regress/scp.sh] diff -N is not portable (but needed for some	12	- (dtucker) [regress/scp.sh] diff -N is not portable (but needed for some
@@ -1276,4 +1280,4 @@
1276	- (djm) Trim deprecated options from INSTALL. Mention UsePAM	1280	- (djm) Trim deprecated options from INSTALL. Mention UsePAM
1277	- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu	1281	- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
1278		1282
1279	$Id: ChangeLog,v 1.3405 2004/06/17 15:17:29 djm Exp $	1283	$Id: ChangeLog,v 1.3406 2004/06/17 15:19:03 djm Exp $


diff --git a/clientloop.c b/clientloop.c index eb3200331..8f2f270d7 100644 --- a/clientloop.c +++ b/clientloop.c
@@ -59,7 +59,7 @@
59	*/	59	*/
60		60
61	#include "includes.h"	61	#include "includes.h"
62	RCSID("$OpenBSD: clientloop.c,v 1.126 2004/06/17 14:52:48 djm Exp $");	62	RCSID("$OpenBSD: clientloop.c,v 1.127 2004/06/17 15:10:13 djm Exp $");
63		63
64	#include "ssh.h"	64	#include "ssh.h"
65	#include "ssh1.h"	65	#include "ssh1.h"
@@ -549,7 +549,7 @@ client_extra_session2_setup(int id, void *arg)
549	client_session2_setup(id, cctx->want_tty, cctx->want_subsys,	549	client_session2_setup(id, cctx->want_tty, cctx->want_subsys,
550	cctx->term, &cctx->tio, c->rfd, &cctx->cmd, cctx->env,	550	cctx->term, &cctx->tio, c->rfd, &cctx->cmd, cctx->env,
551	client_subsystem_reply);	551	client_subsystem_reply);
552		552
553	c->confirm_ctx = NULL;	553	c->confirm_ctx = NULL;
554	buffer_free(&cctx->cmd);	554	buffer_free(&cctx->cmd);
555	xfree(cctx->term);	555	xfree(cctx->term);
@@ -566,7 +566,7 @@ client_process_control(fd_set * readset)
566	{	566	{
567	Buffer m;	567	Buffer m;
568	Channel *c;	568	Channel *c;
569	int client_fd, new_fd[3], ver, i;	569	int client_fd, new_fd[3], ver, i, allowed;
570	socklen_t addrlen;	570	socklen_t addrlen;
571	struct sockaddr_storage addr;	571	struct sockaddr_storage addr;
572	struct confirm_ctx *cctx;	572	struct confirm_ctx *cctx;
@@ -600,23 +600,52 @@ client_process_control(fd_set * readset)
600	close(client_fd);	600	close(client_fd);
601	return;	601	return;
602	}	602	}
603	/* XXX: implement use of ssh-askpass to confirm additional channels */	603
		604	allowed = 1;
		605	if (options.control_master == 2) {
		606	char *p, prompt[1024];
		607
		608	allowed = 0;
		609	snprintf(prompt, sizeof(prompt),
		610	"Allow shared connection to %s? ", host);
		611	p = read_passphrase(prompt, RP_USE_ASKPASS\|RP_ALLOW_EOF);
		612	if (p != NULL) {
		613	/*
		614	* Accept empty responses and responses consisting
		615	* of the word "yes" as affirmative.
		616	*/
		617	if (p == '\0' \|\| p == '\n' \|\|
		618	strcasecmp(p, "yes") == 0)
		619	allowed = 1;
		620	xfree(p);
		621	}
		622	}
604		623
605	unset_nonblock(client_fd);	624	unset_nonblock(client_fd);
606		625
607	buffer_init(&m);	626	buffer_init(&m);
608		627
		628	buffer_put_int(&m, allowed);
609	buffer_put_int(&m, getpid());	629	buffer_put_int(&m, getpid());
610	if (ssh_msg_send(client_fd, /* version */0, &m) == -1) {	630	if (ssh_msg_send(client_fd, /* version */0, &m) == -1) {
611	error("%s: client msg_send failed", __func__);	631	error("%s: client msg_send failed", __func__);
612	close(client_fd);	632	close(client_fd);
		633	buffer_free(&m);
613	return;	634	return;
614	}	635	}
615	buffer_clear(&m);	636	buffer_clear(&m);
616		637
		638	if (!allowed) {
		639	error("Refused control connection");
		640	close(client_fd);
		641	buffer_free(&m);
		642	return;
		643	}
		644
617	if (ssh_msg_recv(client_fd, &m) == -1) {	645	if (ssh_msg_recv(client_fd, &m) == -1) {
618	error("%s: client msg_recv failed", __func__);	646	error("%s: client msg_recv failed", __func__);
619	close(client_fd);	647	close(client_fd);
		648	buffer_free(&m);
620	return;	649	return;
621	}	650	}
622		651
@@ -670,6 +699,7 @@ client_process_control(fd_set * readset)
670	close(new_fd[0]);	699	close(new_fd[0]);
671	close(new_fd[1]);	700	close(new_fd[1]);
672	close(new_fd[2]);	701	close(new_fd[2]);
		702	buffer_free(&m);
673	return;	703	return;
674	}	704	}
675	buffer_free(&m);	705	buffer_free(&m);


diff --git a/misc.h b/misc.h index 6a4eff136..ffa8d8f27 100644 --- a/misc.h +++ b/misc.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: misc.h,v 1.15 2004/06/14 01:44:39 djm Exp $ */	1	/* $OpenBSD: misc.h,v 1.16 2004/06/17 15:10:14 djm Exp $ */
2		2
3	/*	3	/*
4	* Author: Tatu Ylonen <ylo@cs.hut.fi>	4	* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -43,5 +43,6 @@ char tilde_expand_filename(const char , uid_t);
43	#define RP_ECHO 0x0001	43	#define RP_ECHO 0x0001
44	#define RP_ALLOW_STDIN 0x0002	44	#define RP_ALLOW_STDIN 0x0002
45	#define RP_ALLOW_EOF 0x0004	45	#define RP_ALLOW_EOF 0x0004
		46	#define RP_USE_ASKPASS 0x0008
46		47
47	char read_passphrase(const char , int);	48	char read_passphrase(const char , int);


diff --git a/readconf.c b/readconf.c index 2b1d7cc46..429f69129 100644 --- a/readconf.c +++ b/readconf.c
@@ -12,7 +12,7 @@
12	*/	12	*/
13		13
14	#include "includes.h"	14	#include "includes.h"
15	RCSID("$OpenBSD: readconf.c,v 1.132 2004/06/13 15:03:02 djm Exp $");	15	RCSID("$OpenBSD: readconf.c,v 1.133 2004/06/17 15:10:14 djm Exp $");
16		16
17	#include "ssh.h"	17	#include "ssh.h"
18	#include "xmalloc.h"	18	#include "xmalloc.h"
@@ -772,7 +772,7 @@ parse_int:
772		772
773	case oControlMaster:	773	case oControlMaster:
774	intptr = &options->control_master;	774	intptr = &options->control_master;
775	goto parse_flag;	775	goto parse_yesnoask;
776		776
777	case oDeprecated:	777	case oDeprecated:
778	debug("%s line %d: Deprecated option \"%s\"",	778	debug("%s line %d: Deprecated option \"%s\"",


diff --git a/readpass.c b/readpass.c index fc7629c37..eb4f6fdb6 100644 --- a/readpass.c +++ b/readpass.c
@@ -23,7 +23,7 @@
23	*/	23	*/
24		24
25	#include "includes.h"	25	#include "includes.h"
26	RCSID("$OpenBSD: readpass.c,v 1.29 2004/05/08 00:21:31 djm Exp $");	26	RCSID("$OpenBSD: readpass.c,v 1.30 2004/06/17 15:10:14 djm Exp $");
27		27
28	#include "xmalloc.h"	28	#include "xmalloc.h"
29	#include "misc.h"	29	#include "misc.h"
@@ -103,7 +103,9 @@ read_passphrase(const char *prompt, int flags)
103	int rppflags, use_askpass = 0, ttyfd;	103	int rppflags, use_askpass = 0, ttyfd;
104		104
105	rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF;	105	rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF;
106	if (flags & RP_ALLOW_STDIN) {	106	if (flags & RP_USE_ASKPASS)
		107	use_askpass = 1;
		108	else if (flags & RP_ALLOW_STDIN) {
107	if (!isatty(STDIN_FILENO))	109	if (!isatty(STDIN_FILENO))
108	use_askpass = 1;	110	use_askpass = 1;
109	} else {	111	} else {
@@ -115,6 +117,9 @@ read_passphrase(const char *prompt, int flags)
115	use_askpass = 1;	117	use_askpass = 1;
116	}	118	}
117		119
		120	if ((flags & RP_USE_ASKPASS) && getenv("DISPLAY") == NULL)
		121	return (flags & RP_ALLOW_EOF) ? NULL : xstrdup("");
		122
118	if (use_askpass && getenv("DISPLAY")) {	123	if (use_askpass && getenv("DISPLAY")) {
119	if (getenv(SSH_ASKPASS_ENV))	124	if (getenv(SSH_ASKPASS_ENV))
120	askpass = getenv(SSH_ASKPASS_ENV);	125	askpass = getenv(SSH_ASKPASS_ENV);


diff --git a/ssh.c b/ssh.c index 9b434b93e..6f8114d53 100644 --- a/ssh.c +++ b/ssh.c
@@ -40,7 +40,7 @@
40	*/	40	*/
41		41
42	#include "includes.h"	42	#include "includes.h"
43	RCSID("$OpenBSD: ssh.c,v 1.215 2004/06/17 14:52:48 djm Exp $");	43	RCSID("$OpenBSD: ssh.c,v 1.216 2004/06/17 15:10:14 djm Exp $");
44		44
45	#include <openssl/evp.h>	45	#include <openssl/evp.h>
46	#include <openssl/err.h>	46	#include <openssl/err.h>
@@ -1044,7 +1044,7 @@ ssh_control_listener(void)
1044	mode_t old_umask;	1044	mode_t old_umask;
1045	int addr_len;	1045	int addr_len;
1046		1046
1047	if (options.control_path == NULL \|\| options.control_master != 1)	1047	if (options.control_path == NULL \|\| options.control_master <= 0)
1048	return;	1048	return;
1049		1049
1050	memset(&addr, '\0', sizeof(addr));	1050	memset(&addr, '\0', sizeof(addr));
@@ -1266,6 +1266,9 @@ control_client(const char *path)
1266	fatal("%s: msg_recv", __func__);	1266	fatal("%s: msg_recv", __func__);
1267	if (buffer_get_char(&m) != 0)	1267	if (buffer_get_char(&m) != 0)
1268	fatal("%s: wrong version", __func__);	1268	fatal("%s: wrong version", __func__);
		1269	/* Connection allowed? */
		1270	if (buffer_get_int(&m) != 1)
		1271	fatal("Connection to master denied");
1269	control_server_pid = buffer_get_int(&m);	1272	control_server_pid = buffer_get_int(&m);
1270		1273
1271	buffer_clear(&m);	1274	buffer_clear(&m);


diff --git a/ssh_config.5 b/ssh_config.5 index bab11d313..3e8c1db06 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -34,7 +34,7 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: ssh_config.5,v 1.36 2004/06/13 15:03:02 djm Exp $	37	.\" $OpenBSD: ssh_config.5,v 1.37 2004/06/17 15:10:14 djm Exp $
38	.Dd September 25, 1999	38	.Dd September 25, 1999
39	.Dt SSH_CONFIG 5	39	.Dt SSH_CONFIG 5
40	.Os	40	.Os
@@ -273,6 +273,15 @@ set to
273	(the default.)	273	(the default.)
274	These sessions will reuse the master instance's network connection rather	274	These sessions will reuse the master instance's network connection rather
275	than initiating new ones.	275	than initiating new ones.
		276	Setting this to
		277	.Dq ask
		278	will cause
		279	.Nm ssh
		280	to listen for control connections, but require confirmation using the
		281	.Ev SSH_ASKPASS
		282	program before they are accepted (see
		283	.Xr ssh-add 1
		284	for details)
276	.It Cm ControlPath	285	.It Cm ControlPath
277	Specify a the path to the control socket used for connection sharing.	286	Specify a the path to the control socket used for connection sharing.
278	See	287	See