summaryrefslogtreecommitdiff
path: root/sshconnect.c
diff options
context:
space:
mode:
Diffstat (limited to 'sshconnect.c')
-rw-r--r--sshconnect.c38
1 files changed, 21 insertions, 17 deletions
diff --git a/sshconnect.c b/sshconnect.c
index 6230dad32..4711af782 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect.c,v 1.319 2019/09/13 04:31:19 djm Exp $ */ 1/* $OpenBSD: sshconnect.c,v 1.328 2020/01/25 07:17:18 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -39,9 +39,9 @@
39#include <poll.h> 39#include <poll.h>
40#endif 40#endif
41#include <signal.h> 41#include <signal.h>
42#include <stdarg.h>
43#include <stdio.h> 42#include <stdio.h>
44#include <stdlib.h> 43#include <stdlib.h>
44#include <stdarg.h>
45#include <string.h> 45#include <string.h>
46#include <unistd.h> 46#include <unistd.h>
47#ifdef HAVE_IFADDRS_H 47#ifdef HAVE_IFADDRS_H
@@ -141,7 +141,7 @@ ssh_proxy_fdpass_connect(struct ssh *ssh, const char *host,
141 "proxy dialer: %.100s", strerror(errno)); 141 "proxy dialer: %.100s", strerror(errno));
142 142
143 command_string = expand_proxy_command(proxy_command, options.user, 143 command_string = expand_proxy_command(proxy_command, options.user,
144 host_arg, host, port); 144 host, host_arg, port);
145 debug("Executing proxy dialer command: %.500s", command_string); 145 debug("Executing proxy dialer command: %.500s", command_string);
146 146
147 /* Fork and execute the proxy command. */ 147 /* Fork and execute the proxy command. */
@@ -224,7 +224,7 @@ ssh_proxy_connect(struct ssh *ssh, const char *host, const char *host_arg,
224 strerror(errno)); 224 strerror(errno));
225 225
226 command_string = expand_proxy_command(proxy_command, options.user, 226 command_string = expand_proxy_command(proxy_command, options.user,
227 host_arg, host, port); 227 host, host_arg, port);
228 debug("Executing proxy command: %.500s", command_string); 228 debug("Executing proxy command: %.500s", command_string);
229 229
230 /* Fork and execute the proxy command. */ 230 /* Fork and execute the proxy command. */
@@ -259,7 +259,7 @@ ssh_proxy_connect(struct ssh *ssh, const char *host, const char *host_arg,
259 259
260 /* Execute the proxy command. Note that we gave up any 260 /* Execute the proxy command. Note that we gave up any
261 extra privileges above. */ 261 extra privileges above. */
262 signal(SIGPIPE, SIG_DFL); 262 ssh_signal(SIGPIPE, SIG_DFL);
263 execv(argv[0], argv); 263 execv(argv[0], argv);
264 perror(argv[0]); 264 perror(argv[0]);
265 exit(1); 265 exit(1);
@@ -580,22 +580,23 @@ confirm(const char *prompt, const char *fingerprint)
580{ 580{
581 const char *msg, *again = "Please type 'yes' or 'no': "; 581 const char *msg, *again = "Please type 'yes' or 'no': ";
582 const char *again_fp = "Please type 'yes', 'no' or the fingerprint: "; 582 const char *again_fp = "Please type 'yes', 'no' or the fingerprint: ";
583 char *p; 583 char *p, *cp;
584 int ret = -1; 584 int ret = -1;
585 585
586 if (options.batch_mode) 586 if (options.batch_mode)
587 return 0; 587 return 0;
588 for (msg = prompt;;msg = fingerprint ? again_fp : again) { 588 for (msg = prompt;;msg = fingerprint ? again_fp : again) {
589 p = read_passphrase(msg, RP_ECHO); 589 cp = p = read_passphrase(msg, RP_ECHO);
590 if (p == NULL) 590 if (p == NULL)
591 return 0; 591 return 0;
592 p[strcspn(p, "\n")] = '\0'; 592 p += strspn(p, " \t"); /* skip leading whitespace */
593 p[strcspn(p, " \t\n")] = '\0'; /* remove trailing whitespace */
593 if (p[0] == '\0' || strcasecmp(p, "no") == 0) 594 if (p[0] == '\0' || strcasecmp(p, "no") == 0)
594 ret = 0; 595 ret = 0;
595 else if (strcasecmp(p, "yes") == 0 || (fingerprint != NULL && 596 else if (strcasecmp(p, "yes") == 0 || (fingerprint != NULL &&
596 strcasecmp(p, fingerprint) == 0)) 597 strcasecmp(p, fingerprint) == 0))
597 ret = 1; 598 ret = 1;
598 free(p); 599 free(cp);
599 if (ret != -1) 600 if (ret != -1)
600 return ret; 601 return ret;
601 } 602 }
@@ -1382,10 +1383,10 @@ ssh_local_cmd(const char *args)
1382 if ((shell = getenv("SHELL")) == NULL || *shell == '\0') 1383 if ((shell = getenv("SHELL")) == NULL || *shell == '\0')
1383 shell = _PATH_BSHELL; 1384 shell = _PATH_BSHELL;
1384 1385
1385 osighand = signal(SIGCHLD, SIG_DFL); 1386 osighand = ssh_signal(SIGCHLD, SIG_DFL);
1386 pid = fork(); 1387 pid = fork();
1387 if (pid == 0) { 1388 if (pid == 0) {
1388 signal(SIGPIPE, SIG_DFL); 1389 ssh_signal(SIGPIPE, SIG_DFL);
1389 debug3("Executing %s -c \"%s\"", shell, args); 1390 debug3("Executing %s -c \"%s\"", shell, args);
1390 execl(shell, shell, "-c", args, (char *)NULL); 1391 execl(shell, shell, "-c", args, (char *)NULL);
1391 error("Couldn't execute %s -c \"%s\": %s", 1392 error("Couldn't execute %s -c \"%s\": %s",
@@ -1396,7 +1397,7 @@ ssh_local_cmd(const char *args)
1396 while (waitpid(pid, &status, 0) == -1) 1397 while (waitpid(pid, &status, 0) == -1)
1397 if (errno != EINTR) 1398 if (errno != EINTR)
1398 fatal("Couldn't wait for child: %s", strerror(errno)); 1399 fatal("Couldn't wait for child: %s", strerror(errno));
1399 signal(SIGCHLD, osighand); 1400 ssh_signal(SIGCHLD, osighand);
1400 1401
1401 if (!WIFEXITED(status)) 1402 if (!WIFEXITED(status))
1402 return (1); 1403 return (1);
@@ -1405,10 +1406,11 @@ ssh_local_cmd(const char *args)
1405} 1406}
1406 1407
1407void 1408void
1408maybe_add_key_to_agent(char *authfile, struct sshkey *private, 1409maybe_add_key_to_agent(const char *authfile, struct sshkey *private,
1409 char *comment, char *passphrase) 1410 const char *comment, const char *passphrase)
1410{ 1411{
1411 int auth_sock = -1, r; 1412 int auth_sock = -1, r;
1413 const char *skprovider = NULL;
1412 1414
1413 if (options.add_keys_to_agent == 0) 1415 if (options.add_keys_to_agent == 0)
1414 return; 1416 return;
@@ -1424,9 +1426,11 @@ maybe_add_key_to_agent(char *authfile, struct sshkey *private,
1424 close(auth_sock); 1426 close(auth_sock);
1425 return; 1427 return;
1426 } 1428 }
1427 1429 if (sshkey_is_sk(private))
1428 if ((r = ssh_add_identity_constrained(auth_sock, private, comment, 0, 1430 skprovider = options.sk_provider;
1429 (options.add_keys_to_agent == 3), 0)) == 0) 1431 if ((r = ssh_add_identity_constrained(auth_sock, private,
1432 comment == NULL ? authfile : comment, 0,
1433 (options.add_keys_to_agent == 3), 0, skprovider)) == 0)
1430 debug("identity added to agent: %s", authfile); 1434 debug("identity added to agent: %s", authfile);
1431 else 1435 else
1432 debug("could not add identity to agent: %s (%d)", authfile, r); 1436 debug("could not add identity to agent: %s (%d)", authfile, r);