let the "Confirm user presence for key ..." ssh-askpass notification

respect $SSH_ASKPASS_REQUIRE; ok markus@

1 files changed, 14 insertions, 9 deletions

diff --git a/usr.bin/ssh/readpass.c b/usr.bin/ssh/readpass.c
index 1df058e45ff..1e41eb7233b 100644
--- a/usr.bin/ssh/readpass.c
+++ b/usr.bin/ssh/readpass.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readpass.c,v 1.62 2020/07/14 23:57:01 djm Exp $ */
+/* $OpenBSD: readpass.c,v 1.63 2020/08/11 09:45:54 djm Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  *
@@ -232,8 +232,8 @@ notify_start(int force_askpass, const char *fmt, ...)
 	int devnull;
 	pid_t pid;
 	void (*osigchld)(int);
-	const char *askpass;
-	struct notifier_ctx *ret;
+	const char *askpass, *s;
+	struct notifier_ctx *ret = NULL;
 
 	va_start(args, fmt);
 	xvasprintf(&prompt, fmt, args);
@@ -245,15 +245,19 @@ notify_start(int force_askpass, const char *fmt, ...)
 		(void)write(STDERR_FILENO, "\r", 1);
 		(void)write(STDERR_FILENO, prompt, strlen(prompt));
 		(void)write(STDERR_FILENO, "\r\n", 2);
-		free(prompt);
-		return NULL;
+		goto out;
 	}
 	if ((askpass = getenv("SSH_ASKPASS")) == NULL)
 		askpass = _PATH_SSH_ASKPASS_DEFAULT;
-	if (getenv("DISPLAY") == NULL || *askpass == '\0') {
-		debug3("%s: cannot notify", __func__);
-		free(prompt);
-		return NULL;
+	if (*askpass == '\0') {
+		debug3("%s: cannot notify: no askpass", __func__);
+		goto out;
+	}
+	if (getenv("DISPLAY") == NULL &&
+	    ((s = getenv(SSH_ASKPASS_REQUIRE_ENV)) == NULL ||
+	    strcmp(s, "force") != 0)) {
+		debug3("%s: cannot notify: no display", __func__);
+		goto out;
 	}
 	osigchld = ssh_signal(SIGCHLD, SIG_DFL);
 	if ((pid = fork()) == -1) {
@@ -281,6 +285,7 @@ notify_start(int force_askpass, const char *fmt, ...)
 	}
 	ret->pid = pid;
 	ret->osigchld = osigchld;
+ out:
 	free(prompt);
 	return ret;
 }