1 files changed, 34 insertions, 4 deletions
diff --git a/clientloop.c b/clientloop.c
index eb3200331..8f2f270d7 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -59,7 +59,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: clientloop.c,v 1.126 2004/06/17 14:52:48 djm Exp $");
+RCSID("$OpenBSD: clientloop.c,v 1.127 2004/06/17 15:10:13 djm Exp $");
 #include "ssh.h"
 #include "ssh1.h"
@@ -549,7 +549,7 @@ client_extra_session2_setup(int id, void *arg)
        client_session2_setup(id, cctx->want_tty, cctx->want_subsys, 
            cctx->term, &cctx->tio, c->rfd, &cctx->cmd, cctx->env,
            client_subsystem_reply);
-        
        c->confirm_ctx = NULL;
        buffer_free(&cctx->cmd);
        xfree(cctx->term);
@@ -566,7 +566,7 @@ client_process_control(fd_set * readset)
 {
        Buffer m;
        Channel *c;
-        int client_fd, new_fd[3], ver, i;
+        int client_fd, new_fd[3], ver, i, allowed;
        socklen_t addrlen;
        struct sockaddr_storage addr;
        struct confirm_ctx *cctx;
@@ -600,23 +600,52 @@ client_process_control(fd_set * readset)
                close(client_fd);
                return;
        }
-        /* XXX: implement use of ssh-askpass to confirm additional channels */
+        allowed = 1;
+        if (options.control_master == 2) {
+                char *p, prompt[1024];
+                allowed = 0;
+                snprintf(prompt, sizeof(prompt),
+                    "Allow shared connection to %s? ", host);
+                p = read_passphrase(prompt, RP_USE_ASKPASS|RP_ALLOW_EOF);
+                if (p != NULL) {
+                        /*
+                         * Accept empty responses and responses consisting
+                         * of the word "yes" as affirmative.
+                         */
+                        if (*p == '\0' || *p == '\n' || 
+                            strcasecmp(p, "yes") == 0)
+                                allowed = 1;
+                        xfree(p);
+                }
+        }
        unset_nonblock(client_fd);
        buffer_init(&m);
+        buffer_put_int(&m, allowed);
        buffer_put_int(&m, getpid());
        if (ssh_msg_send(client_fd, /* version */0, &m) == -1) {
                error("%s: client msg_send failed", __func__);
                close(client_fd);
+                buffer_free(&m);
                return;
        }
        buffer_clear(&m);
+        if (!allowed) {
+                error("Refused control connection");
+                close(client_fd);
+                buffer_free(&m);
+                return;
+        }
        if (ssh_msg_recv(client_fd, &m) == -1) {
                error("%s: client msg_recv failed", __func__);
                close(client_fd);
+                buffer_free(&m);
                return;
        }
@@ -670,6 +699,7 @@ client_process_control(fd_set * readset)
                close(new_fd[0]);
                close(new_fd[1]);
                close(new_fd[2]);
+                buffer_free(&m);
                return;
        }
        buffer_free(&m);

diff --git a/clientloop.c b/clientloop.c index eb3200331..8f2f270d7 100644 --- a/clientloop.c +++ b/clientloop.c
@@ -59,7 +59,7 @@
59	*/	59	*/
60		60
61	#include "includes.h"	61	#include "includes.h"
62	RCSID("$OpenBSD: clientloop.c,v 1.126 2004/06/17 14:52:48 djm Exp $");	62	RCSID("$OpenBSD: clientloop.c,v 1.127 2004/06/17 15:10:13 djm Exp $");
63		63
64	#include "ssh.h"	64	#include "ssh.h"
65	#include "ssh1.h"	65	#include "ssh1.h"
@@ -549,7 +549,7 @@ client_extra_session2_setup(int id, void *arg)
549	client_session2_setup(id, cctx->want_tty, cctx->want_subsys,	549	client_session2_setup(id, cctx->want_tty, cctx->want_subsys,
550	cctx->term, &cctx->tio, c->rfd, &cctx->cmd, cctx->env,	550	cctx->term, &cctx->tio, c->rfd, &cctx->cmd, cctx->env,
551	client_subsystem_reply);	551	client_subsystem_reply);
552		552
553	c->confirm_ctx = NULL;	553	c->confirm_ctx = NULL;
554	buffer_free(&cctx->cmd);	554	buffer_free(&cctx->cmd);
555	xfree(cctx->term);	555	xfree(cctx->term);
@@ -566,7 +566,7 @@ client_process_control(fd_set * readset)
566	{	566	{
567	Buffer m;	567	Buffer m;
568	Channel *c;	568	Channel *c;
569	int client_fd, new_fd[3], ver, i;	569	int client_fd, new_fd[3], ver, i, allowed;
570	socklen_t addrlen;	570	socklen_t addrlen;
571	struct sockaddr_storage addr;	571	struct sockaddr_storage addr;
572	struct confirm_ctx *cctx;	572	struct confirm_ctx *cctx;
@@ -600,23 +600,52 @@ client_process_control(fd_set * readset)
600	close(client_fd);	600	close(client_fd);
601	return;	601	return;
602	}	602	}
603	/* XXX: implement use of ssh-askpass to confirm additional channels */	603
		604	allowed = 1;
		605	if (options.control_master == 2) {
		606	char *p, prompt[1024];
		607
		608	allowed = 0;
		609	snprintf(prompt, sizeof(prompt),
		610	"Allow shared connection to %s? ", host);
		611	p = read_passphrase(prompt, RP_USE_ASKPASS\|RP_ALLOW_EOF);
		612	if (p != NULL) {
		613	/*
		614	* Accept empty responses and responses consisting
		615	* of the word "yes" as affirmative.
		616	*/
		617	if (p == '\0' \|\| p == '\n' \|\|
		618	strcasecmp(p, "yes") == 0)
		619	allowed = 1;
		620	xfree(p);
		621	}
		622	}
604		623
605	unset_nonblock(client_fd);	624	unset_nonblock(client_fd);
606		625
607	buffer_init(&m);	626	buffer_init(&m);
608		627
		628	buffer_put_int(&m, allowed);
609	buffer_put_int(&m, getpid());	629	buffer_put_int(&m, getpid());
610	if (ssh_msg_send(client_fd, /* version */0, &m) == -1) {	630	if (ssh_msg_send(client_fd, /* version */0, &m) == -1) {
611	error("%s: client msg_send failed", __func__);	631	error("%s: client msg_send failed", __func__);
612	close(client_fd);	632	close(client_fd);
		633	buffer_free(&m);
613	return;	634	return;
614	}	635	}
615	buffer_clear(&m);	636	buffer_clear(&m);
616		637
		638	if (!allowed) {
		639	error("Refused control connection");
		640	close(client_fd);
		641	buffer_free(&m);
		642	return;
		643	}
		644
617	if (ssh_msg_recv(client_fd, &m) == -1) {	645	if (ssh_msg_recv(client_fd, &m) == -1) {
618	error("%s: client msg_recv failed", __func__);	646	error("%s: client msg_recv failed", __func__);
619	close(client_fd);	647	close(client_fd);
		648	buffer_free(&m);
620	return;	649	return;
621	}	650	}
622		651
@@ -670,6 +699,7 @@ client_process_control(fd_set * readset)
670	close(new_fd[0]);	699	close(new_fd[0]);
671	close(new_fd[1]);	700	close(new_fd[1]);
672	close(new_fd[2]);	701	close(new_fd[2]);
		702	buffer_free(&m);
673	return;	703	return;
674	}	704	}
675	buffer_free(&m);	705	buffer_free(&m);