[openssh-commits] [openssh] 01/01: upstream: when requesting a security key touch on stderr, inform the

git+noreply at mindrot.org git+noreply at mindrot.org
Mon Nov 9 09:39:29 AEDT 2020 

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit d5a0cd4fc430c8eda213a4010a612d4778867cd9
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Sun Nov 8 22:37:24 2020 +0000

    upstream: when requesting a security key touch on stderr, inform the
    
    user once the touch has been recorded; requested by claudio@ ok markus@
    
    OpenBSD-Commit-ID: 3b76ee444490e546b9ea7f879e4092ee0d256233
---
 misc.h        |  5 +++--
 readpass.c    | 36 ++++++++++++++++++++++++++++--------
 ssh-agent.c   |  4 ++--
 ssh-keygen.c  |  4 ++--
 sshconnect2.c |  4 ++--
 5 files changed, 37 insertions(+), 16 deletions(-)

diff --git a/misc.h b/misc.h
index 106539ec..8ede6064 100644
--- a/misc.h
+++ b/misc.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.h,v 1.88 2020/10/03 09:22:26 djm Exp $ */
+/* $OpenBSD: misc.h,v 1.89 2020/11/08 22:37:24 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
@@ -191,7 +191,8 @@ char	*read_passphrase(const char *, int);
 int	 ask_permission(const char *, ...) __attribute__((format(printf, 1, 2)));
 struct notifier_ctx *notify_start(int, const char *, ...)
 	__attribute__((format(printf, 2, 3)));
-void	notify_complete(struct notifier_ctx *);
+void	notify_complete(struct notifier_ctx *, const char *, ...)
+	__attribute__((format(printf, 2, 3)));
 
 #define MINIMUM(a, b)	(((a) < (b)) ? (a) : (b))
 #define MAXIMUM(a, b)	(((a) > (b)) ? (a) : (b))
diff --git a/readpass.c b/readpass.c
index 1362a49e..6938d03d 100644
--- a/readpass.c
+++ b/readpass.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readpass.c,v 1.65 2020/10/18 11:32:01 djm Exp $ */
+/* $OpenBSD: readpass.c,v 1.66 2020/11/08 22:37:24 djm Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  *
@@ -222,6 +222,14 @@ ask_permission(const char *fmt, ...)
 	return (allowed);
 }
 
+static void
+writemsg(const char *msg)
+{
+	(void)write(STDERR_FILENO, "\r", 1);
+	(void)write(STDERR_FILENO, msg, strlen(msg));
+	(void)write(STDERR_FILENO, "\r\n", 2);
+}
+
 struct notifier_ctx {
 	pid_t pid;
 	void (*osigchld)(int);
@@ -232,8 +240,8 @@ notify_start(int force_askpass, const char *fmt, ...)
 {
 	va_list args;
 	char *prompt = NULL;
-	pid_t pid;
-	void (*osigchld)(int);
+	pid_t pid = -1;
+	void (*osigchld)(int) = NULL;
 	const char *askpass, *s;
 	struct notifier_ctx *ret = NULL;
 
@@ -244,10 +252,8 @@ notify_start(int force_askpass, const char *fmt, ...)
 	if (fflush(NULL) != 0)
 		error_f("fflush: %s", strerror(errno));
 	if (!force_askpass && isatty(STDERR_FILENO)) {
-		(void)write(STDERR_FILENO, "\r", 1);
-		(void)write(STDERR_FILENO, prompt, strlen(prompt));
-		(void)write(STDERR_FILENO, "\r\n", 2);
-		goto out;
+		writemsg(prompt);
+		goto out_ctx;
 	}
 	if ((askpass = getenv("SSH_ASKPASS")) == NULL)
 		askpass = _PATH_SSH_ASKPASS_DEFAULT;
@@ -278,6 +284,7 @@ notify_start(int force_askpass, const char *fmt, ...)
 		_exit(1);
 		/* NOTREACHED */
 	}
+ out_ctx:
 	if ((ret = calloc(1, sizeof(*ret))) == NULL) {
 		kill(pid, SIGTERM);
 		fatal_f("calloc failed");
@@ -290,9 +297,22 @@ notify_start(int force_askpass, const char *fmt, ...)
 }
 
 void
-notify_complete(struct notifier_ctx *ctx)
+notify_complete(struct notifier_ctx *ctx, const char *fmt, ...)
 {
 	int ret;
+	char *msg = NULL;
+	va_list args;
+
+	if (fmt != NULL && ctx->pid == -1) {
+		/*
+		 * notify_start wrote to stderr, so send conclusion message
+		 * there too
+		*/
+		va_start(args, fmt);
+		xvasprintf(&msg, fmt, args);
+		va_end(args);
+		writemsg(msg);
+	}
 
 	if (ctx == NULL || ctx->pid <= 0) {
 		free(ctx);
diff --git a/ssh-agent.c b/ssh-agent.c
index 179f353a..93f04f26 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.266 2020/10/18 11:32:02 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.267 2020/11/08 22:37:24 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -416,7 +416,7 @@ process_sign_request2(SocketEntry *e)
 	/* Success */
 	ok = 0;
  send:
-	notify_complete(notifier);
+	notify_complete(notifier, "User presence confirmed");
 	sshkey_free(key);
 	free(fp);
 	if (ok == 0) {
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 23d273a9..9ce7befa 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.423 2020/10/29 03:01:18 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.424 2020/11/08 22:37:24 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -1854,7 +1854,7 @@ do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent,
 			}
 			r = sshkey_certify(public, ca, key_type_name,
 			    sk_provider, pin);
-			notify_complete(notifier);
+			notify_complete(notifier, "User presence confirmed");
 			if (r != 0)
 				fatal_r(r, "Couldn't certify key %s", tmp);
 		}
diff --git a/sshconnect2.c b/sshconnect2.c
index 46469a3b..f0e62e14 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.333 2020/10/30 01:50:07 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.334 2020/11/08 22:37:24 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -1279,7 +1279,7 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp,
 	free(prompt);
 	if (pin != NULL)
 		freezero(pin, strlen(pin));
-	notify_complete(notifier);
+	notify_complete(notifier, "User presence confirmed");
 	sshkey_free(prv);
 	return r;
 }

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list