- djm@cvs.openbsd.org 2004/06/17 15:10:14

[clientloop.c misc.h readconf.c readpass.c ssh.c ssh_config.5] Add option for confirmation (ControlMaster=ask) via ssh-askpass before opening shared connections; ok markus@
2025-02-02 23:21:57 +00:00 · 2004-06-18 01:19:03 +10:00 · 2004-06-18 01:19:03 +10:00 · 23f0770a1b
commit 23f0770a1b
parent 3756dcee24
7 changed files with 65 additions and 13 deletions
--- a/6
+++ b/6
@ -3,6 +3,10 @@
   - djm@cvs.openbsd.org 2004/06/17 14:52:48
     [clientloop.c clientloop.h ssh.c]
     support environment passing over shared connections; ok markus@
+   - djm@cvs.openbsd.org 2004/06/17 15:10:14
+     [clientloop.c misc.h readconf.c readpass.c ssh.c ssh_config.5]
+     Add option for confirmation (ControlMaster=ask) via ssh-askpass before 
+     opening shared connections; ok markus@

 20040617
 - (dtucker) [regress/scp.sh] diff -N is not portable (but needed for some
@ -1276,4 +1280,4 @@
   - (djm) Trim deprecated options from INSTALL. Mention UsePAM
   - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu

-$Id: ChangeLog,v 1.3405 2004/06/17 15:17:29 djm Exp $
+$Id: ChangeLog,v 1.3406 2004/06/17 15:19:03 djm Exp $
--- a/clientloop.c
+++ b/clientloop.c
@ -59,7 +59,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: clientloop.c,v 1.126 2004/06/17 14:52:48 djm Exp $");
+RCSID("$OpenBSD: clientloop.c,v 1.127 2004/06/17 15:10:13 djm Exp $");

 #include "ssh.h"
 #include "ssh1.h"
@ -549,7 +549,7 @@ client_extra_session2_setup(int id, void *arg)
 	client_session2_setup(id, cctx->want_tty, cctx->want_subsys, 
 	    cctx->term, &cctx->tio, c->rfd, &cctx->cmd, cctx->env,
 	    client_subsystem_reply);
-	
+
 	c->confirm_ctx = NULL;
 	buffer_free(&cctx->cmd);
 	xfree(cctx->term);
@ -566,7 +566,7 @@ client_process_control(fd_set * readset)
 {
 	Buffer m;
 	Channel *c;
-	int client_fd, new_fd[3], ver, i;
+	int client_fd, new_fd[3], ver, i, allowed;
 	socklen_t addrlen;
 	struct sockaddr_storage addr;
 	struct confirm_ctx *cctx;
@ -600,23 +600,52 @@ client_process_control(fd_set * readset)
 		close(client_fd);
 		return;
 	}
-	/* XXX: implement use of ssh-askpass to confirm additional channels */
+
+	allowed = 1;
+	if (options.control_master == 2) {
+		char *p, prompt[1024];
+
+		allowed = 0;
+		snprintf(prompt, sizeof(prompt),
+		    "Allow shared connection to %s? ", host);
+		p = read_passphrase(prompt, RP_USE_ASKPASS|RP_ALLOW_EOF);
+		if (p != NULL) {
+			/*
+			 * Accept empty responses and responses consisting
+			 * of the word "yes" as affirmative.
+			 */
+			if (*p == '\0' || *p == '\n' || 
+			    strcasecmp(p, "yes") == 0)
+				allowed = 1;
+			xfree(p);
+		}
+	}

 	unset_nonblock(client_fd);

 	buffer_init(&m);

+	buffer_put_int(&m, allowed);
 	buffer_put_int(&m, getpid());
 	if (ssh_msg_send(client_fd, /* version */0, &m) == -1) {
 		error("%s: client msg_send failed", __func__);
 		close(client_fd);
+		buffer_free(&m);
 		return;
 	}
 	buffer_clear(&m);

+	if (!allowed) {
+		error("Refused control connection");
+		close(client_fd);
+		buffer_free(&m);
+		return;
+	}
+
 	if (ssh_msg_recv(client_fd, &m) == -1) {
 		error("%s: client msg_recv failed", __func__);
 		close(client_fd);
+		buffer_free(&m);
 		return;
 	}

@ -670,6 +699,7 @@ client_process_control(fd_set * readset)
 		close(new_fd[0]);
 		close(new_fd[1]);
 		close(new_fd[2]);
+		buffer_free(&m);
 		return;
 	}
 	buffer_free(&m);
--- a/misc.h
+++ b/misc.h
@ -1,4 +1,4 @@
-/*	$OpenBSD: misc.h,v 1.15 2004/06/14 01:44:39 djm Exp $	*/
+/*	$OpenBSD: misc.h,v 1.16 2004/06/17 15:10:14 djm Exp $	*/

 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -43,5 +43,6 @@ char	*tilde_expand_filename(const char *, uid_t);
 #define RP_ECHO			0x0001
 #define RP_ALLOW_STDIN		0x0002
 #define RP_ALLOW_EOF		0x0004
+#define RP_USE_ASKPASS		0x0008

 char	*read_passphrase(const char *, int);
--- a/readconf.c
+++ b/readconf.c
@ -12,7 +12,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.132 2004/06/13 15:03:02 djm Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.133 2004/06/17 15:10:14 djm Exp $");

 #include "ssh.h"
 #include "xmalloc.h"
@ -772,7 +772,7 @@ parse_int:

 	case oControlMaster:
 		intptr = &options->control_master;
-		goto parse_flag;
+		goto parse_yesnoask;

 	case oDeprecated:
 		debug("%s line %d: Deprecated option \"%s\"",
--- a/readpass.c
+++ b/readpass.c
@ -23,7 +23,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: readpass.c,v 1.29 2004/05/08 00:21:31 djm Exp $");
+RCSID("$OpenBSD: readpass.c,v 1.30 2004/06/17 15:10:14 djm Exp $");

 #include "xmalloc.h"
 #include "misc.h"
@ -103,7 +103,9 @@ read_passphrase(const char *prompt, int flags)
 	int rppflags, use_askpass = 0, ttyfd;

 	rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF;
-	if (flags & RP_ALLOW_STDIN) {
+	if (flags & RP_USE_ASKPASS)
+		use_askpass = 1;
+	else if (flags & RP_ALLOW_STDIN) {
 		if (!isatty(STDIN_FILENO))
 			use_askpass = 1;
 	} else {
@ -115,6 +117,9 @@ read_passphrase(const char *prompt, int flags)
 			use_askpass = 1;
 	}

+	if ((flags & RP_USE_ASKPASS) && getenv("DISPLAY") == NULL)
+		return (flags & RP_ALLOW_EOF) ? NULL : xstrdup("");
+
 	if (use_askpass && getenv("DISPLAY")) {
 		if (getenv(SSH_ASKPASS_ENV))
 			askpass = getenv(SSH_ASKPASS_ENV);
--- a/ssh.c
+++ b/ssh.c
@ -40,7 +40,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.215 2004/06/17 14:52:48 djm Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.216 2004/06/17 15:10:14 djm Exp $");

 #include <openssl/evp.h>
 #include <openssl/err.h>
@ -1044,7 +1044,7 @@ ssh_control_listener(void)
 	mode_t old_umask;
 	int addr_len;

-	if (options.control_path == NULL || options.control_master != 1)
+	if (options.control_path == NULL || options.control_master <= 0)
 		return;

 	memset(&addr, '\0', sizeof(addr));
@ -1266,6 +1266,9 @@ control_client(const char *path)
 		fatal("%s: msg_recv", __func__);
 	if (buffer_get_char(&m) != 0)
 		fatal("%s: wrong version", __func__);
+	/* Connection allowed? */
+	if (buffer_get_int(&m) != 1)
+		fatal("Connection to master denied");
 	control_server_pid = buffer_get_int(&m);

 	buffer_clear(&m);
--- a/ssh_config.5
+++ b/ssh_config.5
@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.36 2004/06/13 15:03:02 djm Exp $
+.\" $OpenBSD: ssh_config.5,v 1.37 2004/06/17 15:10:14 djm Exp $
 .Dd September 25, 1999
 .Dt SSH_CONFIG 5
 .Os
@ -273,6 +273,15 @@ set to
 (the default.)
 These sessions will reuse the master instance's network connection rather
 than initiating new ones.
+Setting this to
+.Dq ask
+will cause
+.Nm ssh
+to listen for control connections, but require confirmation using the
+.Ev SSH_ASKPASS
+program before they are accepted (see
+.Xr ssh-add 1
+for details)
 .It Cm ControlPath
 Specify a the path to the control socket used for connection sharing.
 See