Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 23f0770a1bf8b0a1aa7c8d4bd78699fa0e9358d0^! / . / clientloop.c
commit23f0770a1bf8b0a1aa7c8d4bd78699fa0e9358d0[log] [tgz]
authorDamien Miller <djm@mindrot.org>Fri Jun 18 01:19:03 2004 +1000
committerDamien Miller <djm@mindrot.org>Fri Jun 18 01:19:03 2004 +1000
treea4011718b766af34f837471c2311e6cd044e2c20
parent3756dcee244f47c20a6590129d99e625169836c6 [diff] [blame]
   - djm@cvs.openbsd.org 2004/06/17 15:10:14
     [clientloop.c misc.h readconf.c readpass.c ssh.c ssh_config.5]
     Add option for confirmation (ControlMaster=ask) via ssh-askpass before
     opening shared connections; ok markus@

diff --git a/clientloop.c b/clientloop.c
index eb32003..8f2f270 100644
--- a/clientloop.c
+++ b/clientloop.c

@@ -59,7 +59,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: clientloop.c,v 1.126 2004/06/17 14:52:48 djm Exp $");
+RCSID("$OpenBSD: clientloop.c,v 1.127 2004/06/17 15:10:13 djm Exp $");
 
 #include "ssh.h"
 #include "ssh1.h"
@@ -549,7 +549,7 @@
 	client_session2_setup(id, cctx->want_tty, cctx->want_subsys, 
 	    cctx->term, &cctx->tio, c->rfd, &cctx->cmd, cctx->env,
 	    client_subsystem_reply);
-	
+
 	c->confirm_ctx = NULL;
 	buffer_free(&cctx->cmd);
 	xfree(cctx->term);
@@ -566,7 +566,7 @@
 {
 	Buffer m;
 	Channel *c;
-	int client_fd, new_fd[3], ver, i;
+	int client_fd, new_fd[3], ver, i, allowed;
 	socklen_t addrlen;
 	struct sockaddr_storage addr;
 	struct confirm_ctx *cctx;
@@ -600,23 +600,52 @@
 		close(client_fd);
 		return;
 	}
-	/* XXX: implement use of ssh-askpass to confirm additional channels */
+
+	allowed = 1;
+	if (options.control_master == 2) {
+		char *p, prompt[1024];
+
+		allowed = 0;
+		snprintf(prompt, sizeof(prompt),
+		    "Allow shared connection to %s? ", host);
+		p = read_passphrase(prompt, RP_USE_ASKPASS|RP_ALLOW_EOF);
+		if (p != NULL) {
+			/*
+			 * Accept empty responses and responses consisting
+			 * of the word "yes" as affirmative.
+			 */
+			if (*p == '\0' || *p == '\n' || 
+			    strcasecmp(p, "yes") == 0)
+				allowed = 1;
+			xfree(p);
+		}
+	}
 
 	unset_nonblock(client_fd);
 
 	buffer_init(&m);
 
+	buffer_put_int(&m, allowed);
 	buffer_put_int(&m, getpid());
 	if (ssh_msg_send(client_fd, /* version */0, &m) == -1) {
 		error("%s: client msg_send failed", __func__);
 		close(client_fd);
+		buffer_free(&m);
 		return;
 	}
 	buffer_clear(&m);
 
+	if (!allowed) {
+		error("Refused control connection");
+		close(client_fd);
+		buffer_free(&m);
+		return;
+	}
+
 	if (ssh_msg_recv(client_fd, &m) == -1) {
 		error("%s: client msg_recv failed", __func__);
 		close(client_fd);
+		buffer_free(&m);
 		return;
 	}
 
@@ -670,6 +699,7 @@
 		close(new_fd[0]);
 		close(new_fd[1]);
 		close(new_fd[2]);
+		buffer_free(&m);
 		return;
 	}
 	buffer_free(&m);