mirror of
https://github.com/PowerShell/openssh-portable.git
synced 2025-07-27 15:54:22 +02:00
upstream: when requesting a security key touch on stderr, inform the
user once the touch has been recorded; requested by claudio@ ok markus@ OpenBSD-Commit-ID: 3b76ee444490e546b9ea7f879e4092ee0d256233
This commit is contained in:
djm@openbsd.org
Damien Miller
parent
292bcb2479
commit
d5a0cd4fc4
5
misc.h
5
misc.h
@ -1,4 +1,4 @@
|
|||||||
/* $OpenBSD: misc.h,v 1.88 2020/10/03 09:22:26 djm Exp $ */
|
/* $OpenBSD: misc.h,v 1.89 2020/11/08 22:37:24 djm Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
@ -191,7 +191,8 @@ char *read_passphrase(const char *, int);
|
|||||||
int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2)));
|
int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2)));
|
||||||
struct notifier_ctx *notify_start(int, const char *, ...)
|
struct notifier_ctx *notify_start(int, const char *, ...)
|
||||||
__attribute__((format(printf, 2, 3)));
|
__attribute__((format(printf, 2, 3)));
|
||||||
void notify_complete(struct notifier_ctx *);
|
void notify_complete(struct notifier_ctx *, const char *, ...)
|
||||||
|
__attribute__((format(printf, 2, 3)));
|
||||||
|
|
||||||
#define MINIMUM(a, b) (((a) < (b)) ? (a) : (b))
|
#define MINIMUM(a, b) (((a) < (b)) ? (a) : (b))
|
||||||
#define MAXIMUM(a, b) (((a) > (b)) ? (a) : (b))
|
#define MAXIMUM(a, b) (((a) > (b)) ? (a) : (b))
|
||||||
|
|||||||
36
readpass.c
36
readpass.c
@ -1,4 +1,4 @@
|
|||||||
/* $OpenBSD: readpass.c,v 1.65 2020/10/18 11:32:01 djm Exp $ */
|
/* $OpenBSD: readpass.c,v 1.66 2020/11/08 22:37:24 djm Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||||
*
|
*
|
||||||
@ -222,6 +222,14 @@ ask_permission(const char *fmt, ...)
|
|||||||
return (allowed);
|
return (allowed);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
writemsg(const char *msg)
|
||||||
|
{
|
||||||
|
(void)write(STDERR_FILENO, "\r", 1);
|
||||||
|
(void)write(STDERR_FILENO, msg, strlen(msg));
|
||||||
|
(void)write(STDERR_FILENO, "\r\n", 2);
|
||||||
|
}
|
||||||
|
|
||||||
struct notifier_ctx {
|
struct notifier_ctx {
|
||||||
pid_t pid;
|
pid_t pid;
|
||||||
void (*osigchld)(int);
|
void (*osigchld)(int);
|
||||||
@ -232,8 +240,8 @@ notify_start(int force_askpass, const char *fmt, ...)
|
|||||||
{
|
{
|
||||||
va_list args;
|
va_list args;
|
||||||
char *prompt = NULL;
|
char *prompt = NULL;
|
||||||
pid_t pid;
|
pid_t pid = -1;
|
||||||
void (*osigchld)(int);
|
void (*osigchld)(int) = NULL;
|
||||||
const char *askpass, *s;
|
const char *askpass, *s;
|
||||||
struct notifier_ctx *ret = NULL;
|
struct notifier_ctx *ret = NULL;
|
||||||
|
|
||||||
@ -244,10 +252,8 @@ notify_start(int force_askpass, const char *fmt, ...)
|
|||||||
if (fflush(NULL) != 0)
|
if (fflush(NULL) != 0)
|
||||||
error_f("fflush: %s", strerror(errno));
|
error_f("fflush: %s", strerror(errno));
|
||||||
if (!force_askpass && isatty(STDERR_FILENO)) {
|
if (!force_askpass && isatty(STDERR_FILENO)) {
|
||||||
(void)write(STDERR_FILENO, "\r", 1);
|
writemsg(prompt);
|
||||||
(void)write(STDERR_FILENO, prompt, strlen(prompt));
|
goto out_ctx;
|
||||||
(void)write(STDERR_FILENO, "\r\n", 2);
|
|
||||||
goto out;
|
|
||||||
}
|
}
|
||||||
if ((askpass = getenv("SSH_ASKPASS")) == NULL)
|
if ((askpass = getenv("SSH_ASKPASS")) == NULL)
|
||||||
askpass = _PATH_SSH_ASKPASS_DEFAULT;
|
askpass = _PATH_SSH_ASKPASS_DEFAULT;
|
||||||
@ -278,6 +284,7 @@ notify_start(int force_askpass, const char *fmt, ...)
|
|||||||
_exit(1);
|
_exit(1);
|
||||||
/* NOTREACHED */
|
/* NOTREACHED */
|
||||||
}
|
}
|
||||||
|
out_ctx:
|
||||||
if ((ret = calloc(1, sizeof(*ret))) == NULL) {
|
if ((ret = calloc(1, sizeof(*ret))) == NULL) {
|
||||||
kill(pid, SIGTERM);
|
kill(pid, SIGTERM);
|
||||||
fatal_f("calloc failed");
|
fatal_f("calloc failed");
|
||||||
@ -290,9 +297,22 @@ notify_start(int force_askpass, const char *fmt, ...)
|
|||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
notify_complete(struct notifier_ctx *ctx)
|
notify_complete(struct notifier_ctx *ctx, const char *fmt, ...)
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
|
char *msg = NULL;
|
||||||
|
va_list args;
|
||||||
|
|
||||||
|
if (fmt != NULL && ctx->pid == -1) {
|
||||||
|
/*
|
||||||
|
* notify_start wrote to stderr, so send conclusion message
|
||||||
|
* there too
|
||||||
|
*/
|
||||||
|
va_start(args, fmt);
|
||||||
|
xvasprintf(&msg, fmt, args);
|
||||||
|
va_end(args);
|
||||||
|
writemsg(msg);
|
||||||
|
}
|
||||||
|
|
||||||
if (ctx == NULL || ctx->pid <= 0) {
|
if (ctx == NULL || ctx->pid <= 0) {
|
||||||
free(ctx);
|
free(ctx);
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
/* $OpenBSD: ssh-agent.c,v 1.266 2020/10/18 11:32:02 djm Exp $ */
|
/* $OpenBSD: ssh-agent.c,v 1.267 2020/11/08 22:37:24 djm Exp $ */
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
@ -416,7 +416,7 @@ process_sign_request2(SocketEntry *e)
|
|||||||
/* Success */
|
/* Success */
|
||||||
ok = 0;
|
ok = 0;
|
||||||
send:
|
send:
|
||||||
notify_complete(notifier);
|
notify_complete(notifier, "User presence confirmed");
|
||||||
sshkey_free(key);
|
sshkey_free(key);
|
||||||
free(fp);
|
free(fp);
|
||||||
if (ok == 0) {
|
if (ok == 0) {
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
/* $OpenBSD: ssh-keygen.c,v 1.423 2020/10/29 03:01:18 djm Exp $ */
|
/* $OpenBSD: ssh-keygen.c,v 1.424 2020/11/08 22:37:24 djm Exp $ */
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
@ -1854,7 +1854,7 @@ do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent,
|
|||||||
}
|
}
|
||||||
r = sshkey_certify(public, ca, key_type_name,
|
r = sshkey_certify(public, ca, key_type_name,
|
||||||
sk_provider, pin);
|
sk_provider, pin);
|
||||||
notify_complete(notifier);
|
notify_complete(notifier, "User presence confirmed");
|
||||||
if (r != 0)
|
if (r != 0)
|
||||||
fatal_r(r, "Couldn't certify key %s", tmp);
|
fatal_r(r, "Couldn't certify key %s", tmp);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
/* $OpenBSD: sshconnect2.c,v 1.333 2020/10/30 01:50:07 djm Exp $ */
|
/* $OpenBSD: sshconnect2.c,v 1.334 2020/11/08 22:37:24 djm Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||||
* Copyright (c) 2008 Damien Miller. All rights reserved.
|
* Copyright (c) 2008 Damien Miller. All rights reserved.
|
||||||
@ -1279,7 +1279,7 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp,
|
|||||||
free(prompt);
|
free(prompt);
|
||||||
if (pin != NULL)
|
if (pin != NULL)
|
||||||
freezero(pin, strlen(pin));
|
freezero(pin, strlen(pin));
|
||||||
notify_complete(notifier);
|
notify_complete(notifier, "User presence confirmed");
|
||||||
sshkey_free(prv);
|
sshkey_free(prv);
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user