1 files changed, 21 insertions, 17 deletions
diff --git a/sshconnect.c b/sshconnect.c
index 6230dad32..4711af782 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.319 2019/09/13 04:31:19 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.328 2020/01/25 07:17:18 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -39,9 +39,9 @@
 #include <poll.h>
 #endif
 #include <signal.h>
-#include <stdarg.h>
 #include <stdio.h>
 #include <stdlib.h>
+#include <stdarg.h>
 #include <string.h>
 #include <unistd.h>
 #ifdef HAVE_IFADDRS_H
@@ -141,7 +141,7 @@ ssh_proxy_fdpass_connect(struct ssh *ssh, const char *host,
                    "proxy dialer: %.100s", strerror(errno));
        command_string = expand_proxy_command(proxy_command, options.user,
-            host_arg, host, port);
+            host, host_arg, port);
        debug("Executing proxy dialer command: %.500s", command_string);
        /* Fork and execute the proxy command. */
@@ -224,7 +224,7 @@ ssh_proxy_connect(struct ssh *ssh, const char *host, const char *host_arg,
                    strerror(errno));
        command_string = expand_proxy_command(proxy_command, options.user,
-            host_arg, host, port);
+            host, host_arg, port);
        debug("Executing proxy command: %.500s", command_string);
        /* Fork and execute the proxy command. */
@@ -259,7 +259,7 @@ ssh_proxy_connect(struct ssh *ssh, const char *host, const char *host_arg,
                /* Execute the proxy command.  Note that we gave up any
                   extra privileges above. */
-                signal(SIGPIPE, SIG_DFL);
+                ssh_signal(SIGPIPE, SIG_DFL);
                execv(argv[0], argv);
                perror(argv[0]);
                exit(1);
@@ -580,22 +580,23 @@ confirm(const char *prompt, const char *fingerprint)
 {
        const char *msg, *again = "Please type 'yes' or 'no': ";
        const char *again_fp = "Please type 'yes', 'no' or the fingerprint: ";
-        char *p;
+        char *p, *cp;
        int ret = -1;
        if (options.batch_mode)
                return 0;
        for (msg = prompt;;msg = fingerprint ? again_fp : again) {
-                p = read_passphrase(msg, RP_ECHO);
+                cp = p = read_passphrase(msg, RP_ECHO);
                if (p == NULL)
                        return 0;
-                p[strcspn(p, "\n")] = '\0';
+                p += strspn(p, " \t"); /* skip leading whitespace */
+                p[strcspn(p, " \t\n")] = '\0'; /* remove trailing whitespace */
                if (p[0] == '\0' || strcasecmp(p, "no") == 0)
                        ret = 0;
                else if (strcasecmp(p, "yes") == 0 || (fingerprint != NULL &&
                    strcasecmp(p, fingerprint) == 0))
                        ret = 1;
-                free(p);
+                free(cp);
                if (ret != -1)
                        return ret;
        }
@@ -1382,10 +1383,10 @@ ssh_local_cmd(const char *args)
        if ((shell = getenv("SHELL")) == NULL || *shell == '\0')
                shell = _PATH_BSHELL;
-        osighand = signal(SIGCHLD, SIG_DFL);
+        osighand = ssh_signal(SIGCHLD, SIG_DFL);
        pid = fork();
        if (pid == 0) {
-                signal(SIGPIPE, SIG_DFL);
+                ssh_signal(SIGPIPE, SIG_DFL);
                debug3("Executing %s -c \"%s\"", shell, args);
                execl(shell, shell, "-c", args, (char *)NULL);
                error("Couldn't execute %s -c \"%s\": %s",
@@ -1396,7 +1397,7 @@ ssh_local_cmd(const char *args)
        while (waitpid(pid, &status, 0) == -1)
                if (errno != EINTR)
                        fatal("Couldn't wait for child: %s", strerror(errno));
-        signal(SIGCHLD, osighand);
+        ssh_signal(SIGCHLD, osighand);
        if (!WIFEXITED(status))
                return (1);
@@ -1405,10 +1406,11 @@ ssh_local_cmd(const char *args)
 }
 void
-maybe_add_key_to_agent(char *authfile, struct sshkey *private,
+maybe_add_key_to_agent(const char *authfile, struct sshkey *private,
-    char *comment, char *passphrase)
+    const char *comment, const char *passphrase)
 {
        int auth_sock = -1, r;
+        const char *skprovider = NULL;
        if (options.add_keys_to_agent == 0)
                return;
@@ -1424,9 +1426,11 @@ maybe_add_key_to_agent(char *authfile, struct sshkey *private,
                close(auth_sock);
                return;
        }
+        if (sshkey_is_sk(private))
-        if ((r = ssh_add_identity_constrained(auth_sock, private, comment, 0,
+                skprovider = options.sk_provider;
-            (options.add_keys_to_agent == 3), 0)) == 0)
+        if ((r = ssh_add_identity_constrained(auth_sock, private,
+            comment == NULL ? authfile : comment, 0,
+            (options.add_keys_to_agent == 3), 0, skprovider)) == 0)
                debug("identity added to agent: %s", authfile);
        else
                debug("could not add identity to agent: %s (%d)", authfile, r);

diff --git a/sshconnect.c b/sshconnect.c index 6230dad32..4711af782 100644 --- a/sshconnect.c +++ b/sshconnect.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: sshconnect.c,v 1.319 2019/09/13 04:31:19 djm Exp $ */	1	/* $OpenBSD: sshconnect.c,v 1.328 2020/01/25 07:17:18 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -39,9 +39,9 @@
39	#include <poll.h>	39	#include <poll.h>
40	#endif	40	#endif
41	#include <signal.h>	41	#include <signal.h>
42	#include <stdarg.h>
43	#include <stdio.h>	42	#include <stdio.h>
44	#include <stdlib.h>	43	#include <stdlib.h>
		44	#include <stdarg.h>
45	#include <string.h>	45	#include <string.h>
46	#include <unistd.h>	46	#include <unistd.h>
47	#ifdef HAVE_IFADDRS_H	47	#ifdef HAVE_IFADDRS_H
@@ -141,7 +141,7 @@ ssh_proxy_fdpass_connect(struct ssh ssh, const char host,
141	"proxy dialer: %.100s", strerror(errno));	141	"proxy dialer: %.100s", strerror(errno));
142		142
143	command_string = expand_proxy_command(proxy_command, options.user,	143	command_string = expand_proxy_command(proxy_command, options.user,
144	host_arg, host, port);	144	host, host_arg, port);
145	debug("Executing proxy dialer command: %.500s", command_string);	145	debug("Executing proxy dialer command: %.500s", command_string);
146		146
147	/* Fork and execute the proxy command. */	147	/* Fork and execute the proxy command. */
@@ -224,7 +224,7 @@ ssh_proxy_connect(struct ssh ssh, const char host, const char *host_arg,
224	strerror(errno));	224	strerror(errno));
225		225
226	command_string = expand_proxy_command(proxy_command, options.user,	226	command_string = expand_proxy_command(proxy_command, options.user,
227	host_arg, host, port);	227	host, host_arg, port);
228	debug("Executing proxy command: %.500s", command_string);	228	debug("Executing proxy command: %.500s", command_string);
229		229
230	/* Fork and execute the proxy command. */	230	/* Fork and execute the proxy command. */
@@ -259,7 +259,7 @@ ssh_proxy_connect(struct ssh ssh, const char host, const char *host_arg,
259		259
260	/* Execute the proxy command. Note that we gave up any	260	/* Execute the proxy command. Note that we gave up any
261	extra privileges above. */	261	extra privileges above. */
262	signal(SIGPIPE, SIG_DFL);	262	ssh_signal(SIGPIPE, SIG_DFL);
263	execv(argv[0], argv);	263	execv(argv[0], argv);
264	perror(argv[0]);	264	perror(argv[0]);
265	exit(1);	265	exit(1);
@@ -580,22 +580,23 @@ confirm(const char prompt, const char fingerprint)
580	{	580	{
581	const char msg, again = "Please type 'yes' or 'no': ";	581	const char msg, again = "Please type 'yes' or 'no': ";
582	const char *again_fp = "Please type 'yes', 'no' or the fingerprint: ";	582	const char *again_fp = "Please type 'yes', 'no' or the fingerprint: ";
583	char *p;	583	char p, cp;
584	int ret = -1;	584	int ret = -1;
585		585
586	if (options.batch_mode)	586	if (options.batch_mode)
587	return 0;	587	return 0;
588	for (msg = prompt;;msg = fingerprint ? again_fp : again) {	588	for (msg = prompt;;msg = fingerprint ? again_fp : again) {
589	p = read_passphrase(msg, RP_ECHO);	589	cp = p = read_passphrase(msg, RP_ECHO);
590	if (p == NULL)	590	if (p == NULL)
591	return 0;	591	return 0;
592	p[strcspn(p, "\n")] = '\0';	592	p += strspn(p, " \t"); /* skip leading whitespace */
		593	p[strcspn(p, " \t\n")] = '\0'; /* remove trailing whitespace */
593	if (p[0] == '\0' \|\| strcasecmp(p, "no") == 0)	594	if (p[0] == '\0' \|\| strcasecmp(p, "no") == 0)
594	ret = 0;	595	ret = 0;
595	else if (strcasecmp(p, "yes") == 0 \|\| (fingerprint != NULL &&	596	else if (strcasecmp(p, "yes") == 0 \|\| (fingerprint != NULL &&
596	strcasecmp(p, fingerprint) == 0))	597	strcasecmp(p, fingerprint) == 0))
597	ret = 1;	598	ret = 1;
598	free(p);	599	free(cp);
599	if (ret != -1)	600	if (ret != -1)
600	return ret;	601	return ret;
601	}	602	}
@@ -1382,10 +1383,10 @@ ssh_local_cmd(const char *args)
1382	if ((shell = getenv("SHELL")) == NULL \|\| *shell == '\0')	1383	if ((shell = getenv("SHELL")) == NULL \|\| *shell == '\0')
1383	shell = _PATH_BSHELL;	1384	shell = _PATH_BSHELL;
1384		1385
1385	osighand = signal(SIGCHLD, SIG_DFL);	1386	osighand = ssh_signal(SIGCHLD, SIG_DFL);
1386	pid = fork();	1387	pid = fork();
1387	if (pid == 0) {	1388	if (pid == 0) {
1388	signal(SIGPIPE, SIG_DFL);	1389	ssh_signal(SIGPIPE, SIG_DFL);
1389	debug3("Executing %s -c \"%s\"", shell, args);	1390	debug3("Executing %s -c \"%s\"", shell, args);
1390	execl(shell, shell, "-c", args, (char *)NULL);	1391	execl(shell, shell, "-c", args, (char *)NULL);
1391	error("Couldn't execute %s -c \"%s\": %s",	1392	error("Couldn't execute %s -c \"%s\": %s",
@@ -1396,7 +1397,7 @@ ssh_local_cmd(const char *args)
1396	while (waitpid(pid, &status, 0) == -1)	1397	while (waitpid(pid, &status, 0) == -1)
1397	if (errno != EINTR)	1398	if (errno != EINTR)
1398	fatal("Couldn't wait for child: %s", strerror(errno));	1399	fatal("Couldn't wait for child: %s", strerror(errno));
1399	signal(SIGCHLD, osighand);	1400	ssh_signal(SIGCHLD, osighand);
1400		1401
1401	if (!WIFEXITED(status))	1402	if (!WIFEXITED(status))
1402	return (1);	1403	return (1);
@@ -1405,10 +1406,11 @@ ssh_local_cmd(const char *args)
1405	}	1406	}
1406		1407
1407	void	1408	void
1408	maybe_add_key_to_agent(char authfile, struct sshkey private,	1409	maybe_add_key_to_agent(const char authfile, struct sshkey private,
1409	char comment, char passphrase)	1410	const char comment, const char passphrase)
1410	{	1411	{
1411	int auth_sock = -1, r;	1412	int auth_sock = -1, r;
		1413	const char *skprovider = NULL;
1412		1414
1413	if (options.add_keys_to_agent == 0)	1415	if (options.add_keys_to_agent == 0)
1414	return;	1416	return;
@@ -1424,9 +1426,11 @@ maybe_add_key_to_agent(char authfile, struct sshkey private,
1424	close(auth_sock);	1426	close(auth_sock);
1425	return;	1427	return;
1426	}	1428	}
1427		1429	if (sshkey_is_sk(private))
1428	if ((r = ssh_add_identity_constrained(auth_sock, private, comment, 0,	1430	skprovider = options.sk_provider;
1429	(options.add_keys_to_agent == 3), 0)) == 0)	1431	if ((r = ssh_add_identity_constrained(auth_sock, private,
		1432	comment == NULL ? authfile : comment, 0,
		1433	(options.add_keys_to_agent == 3), 0, skprovider)) == 0)
1430	debug("identity added to agent: %s", authfile);	1434	debug("identity added to agent: %s", authfile);
1431	else	1435	else
1432	debug("could not add identity to agent: %s (%d)", authfile, r);	1436	debug("could not add identity to agent: %s (%d)", authfile, r);