From 3a55c8c87458ea7988be376c7e0ca408b1c1409a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 17 Jun 2004 15:10:15 +0000 Subject: Add option for confirmation (ControlMaster=ask) via ssh-askpass before opening shared connections; ok markus@ --- usr.bin/ssh/clientloop.c | 38 ++++++++++++++++++++++++++++++++++---- usr.bin/ssh/misc.h | 3 ++- usr.bin/ssh/readconf.c | 4 ++-- usr.bin/ssh/readpass.c | 9 +++++++-- usr.bin/ssh/ssh.c | 7 +++++-- usr.bin/ssh/ssh_config.5 | 11 ++++++++++- 6 files changed, 60 insertions(+), 12 deletions(-) diff --git a/usr.bin/ssh/clientloop.c b/usr.bin/ssh/clientloop.c index eb320033130..8f2f270d7d9 100644 --- a/usr.bin/ssh/clientloop.c +++ b/usr.bin/ssh/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.126 2004/06/17 14:52:48 djm Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.127 2004/06/17 15:10:13 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -549,7 +549,7 @@ client_extra_session2_setup(int id, void *arg) client_session2_setup(id, cctx->want_tty, cctx->want_subsys, cctx->term, &cctx->tio, c->rfd, &cctx->cmd, cctx->env, client_subsystem_reply); - + c->confirm_ctx = NULL; buffer_free(&cctx->cmd); xfree(cctx->term); @@ -566,7 +566,7 @@ client_process_control(fd_set * readset) { Buffer m; Channel *c; - int client_fd, new_fd[3], ver, i; + int client_fd, new_fd[3], ver, i, allowed; socklen_t addrlen; struct sockaddr_storage addr; struct confirm_ctx *cctx; @@ -600,23 +600,52 @@ client_process_control(fd_set * readset) close(client_fd); return; } - /* XXX: implement use of ssh-askpass to confirm additional channels */ + + allowed = 1; + if (options.control_master == 2) { + char *p, prompt[1024]; + + allowed = 0; + snprintf(prompt, sizeof(prompt), + "Allow shared connection to %s? ", host); + p = read_passphrase(prompt, RP_USE_ASKPASS|RP_ALLOW_EOF); + if (p != NULL) { + /* + * Accept empty responses and responses consisting + * of the word "yes" as affirmative. + */ + if (*p == '\0' || *p == '\n' || + strcasecmp(p, "yes") == 0) + allowed = 1; + xfree(p); + } + } unset_nonblock(client_fd); buffer_init(&m); + buffer_put_int(&m, allowed); buffer_put_int(&m, getpid()); if (ssh_msg_send(client_fd, /* version */0, &m) == -1) { error("%s: client msg_send failed", __func__); close(client_fd); + buffer_free(&m); return; } buffer_clear(&m); + if (!allowed) { + error("Refused control connection"); + close(client_fd); + buffer_free(&m); + return; + } + if (ssh_msg_recv(client_fd, &m) == -1) { error("%s: client msg_recv failed", __func__); close(client_fd); + buffer_free(&m); return; } @@ -670,6 +699,7 @@ client_process_control(fd_set * readset) close(new_fd[0]); close(new_fd[1]); close(new_fd[2]); + buffer_free(&m); return; } buffer_free(&m); diff --git a/usr.bin/ssh/misc.h b/usr.bin/ssh/misc.h index 6a4eff13697..ffa8d8f27bd 100644 --- a/usr.bin/ssh/misc.h +++ b/usr.bin/ssh/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.15 2004/06/14 01:44:39 djm Exp $ */ +/* $OpenBSD: misc.h,v 1.16 2004/06/17 15:10:14 djm Exp $ */ /* * Author: Tatu Ylonen @@ -43,5 +43,6 @@ char *tilde_expand_filename(const char *, uid_t); #define RP_ECHO 0x0001 #define RP_ALLOW_STDIN 0x0002 #define RP_ALLOW_EOF 0x0004 +#define RP_USE_ASKPASS 0x0008 char *read_passphrase(const char *, int); diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c index f39fe35d8ae..199c7becac9 100644 --- a/usr.bin/ssh/readconf.c +++ b/usr.bin/ssh/readconf.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.132 2004/06/13 15:03:02 djm Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.133 2004/06/17 15:10:14 djm Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -770,7 +770,7 @@ parse_int: case oControlMaster: intptr = &options->control_master; - goto parse_flag; + goto parse_yesnoask; case oDeprecated: debug("%s line %d: Deprecated option \"%s\"", diff --git a/usr.bin/ssh/readpass.c b/usr.bin/ssh/readpass.c index 3cc94be0399..1a8397c4a8c 100644 --- a/usr.bin/ssh/readpass.c +++ b/usr.bin/ssh/readpass.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readpass.c,v 1.29 2004/05/08 00:21:31 djm Exp $"); +RCSID("$OpenBSD: readpass.c,v 1.30 2004/06/17 15:10:14 djm Exp $"); #include @@ -105,7 +105,9 @@ read_passphrase(const char *prompt, int flags) int rppflags, use_askpass = 0, ttyfd; rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF; - if (flags & RP_ALLOW_STDIN) { + if (flags & RP_USE_ASKPASS) + use_askpass = 1; + else if (flags & RP_ALLOW_STDIN) { if (!isatty(STDIN_FILENO)) use_askpass = 1; } else { @@ -117,6 +119,9 @@ read_passphrase(const char *prompt, int flags) use_askpass = 1; } + if ((flags & RP_USE_ASKPASS) && getenv("DISPLAY") == NULL) + return (flags & RP_ALLOW_EOF) ? NULL : xstrdup(""); + if (use_askpass && getenv("DISPLAY")) { if (getenv(SSH_ASKPASS_ENV)) askpass = getenv(SSH_ASKPASS_ENV); diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index 7a1376bf425..f34818916ce 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.215 2004/06/17 14:52:48 djm Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.216 2004/06/17 15:10:14 djm Exp $"); #include #include @@ -1028,7 +1028,7 @@ ssh_control_listener(void) struct sockaddr_un addr; mode_t old_umask; - if (options.control_path == NULL || options.control_master != 1) + if (options.control_path == NULL || options.control_master <= 0) return; memset(&addr, '\0', sizeof(addr)); @@ -1250,6 +1250,9 @@ control_client(const char *path) fatal("%s: msg_recv", __func__); if (buffer_get_char(&m) != 0) fatal("%s: wrong version", __func__); + /* Connection allowed? */ + if (buffer_get_int(&m) != 1) + fatal("Connection to master denied"); control_server_pid = buffer_get_int(&m); buffer_clear(&m); diff --git a/usr.bin/ssh/ssh_config.5 b/usr.bin/ssh/ssh_config.5 index bab11d313a9..3e8c1db069e 100644 --- a/usr.bin/ssh/ssh_config.5 +++ b/usr.bin/ssh/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.36 2004/06/13 15:03:02 djm Exp $ +.\" $OpenBSD: ssh_config.5,v 1.37 2004/06/17 15:10:14 djm Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -273,6 +273,15 @@ set to (the default.) These sessions will reuse the master instance's network connection rather than initiating new ones. +Setting this to +.Dq ask +will cause +.Nm ssh +to listen for control connections, but require confirmation using the +.Ev SSH_ASKPASS +program before they are accepted (see +.Xr ssh-add 1 +for details) .It Cm ControlPath Specify a the path to the control socket used for connection sharing. See -- cgit v1.2.3