ssh-add -c, prompt user for confirmation (using ssh-askpass) when

private agent key is used; with djm@; test by dugsong@, djm@; ok deraadt@

1 files changed, 12 insertions, 4 deletions

diff --git a/usr.bin/ssh/readpass.c b/usr.bin/ssh/readpass.c
index dc1b11f3f5f..0e1fd78073f 100644
--- a/usr.bin/ssh/readpass.c
+++ b/usr.bin/ssh/readpass.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: readpass.c,v 1.27 2002/03/26 15:58:46 markus Exp $");
+RCSID("$OpenBSD: readpass.c,v 1.28 2003/01/23 13:50:27 markus Exp $");
 
 #include <readpassphrase.h>
 
@@ -48,11 +48,11 @@ ssh_askpass(char *askpass, const char *msg)
 		fatal("internal error: askpass undefined");
 	if (pipe(p) < 0) {
 		error("ssh_askpass: pipe: %s", strerror(errno));
-		return xstrdup("");
+		return NULL;
 	}
 	if ((pid = fork()) < 0) {
 		error("ssh_askpass: fork: %s", strerror(errno));
-		return xstrdup("");
+		return NULL;
 	}
 	if (pid == 0) {
 		seteuid(getuid());
@@ -81,6 +81,11 @@ ssh_askpass(char *askpass, const char *msg)
 		if (errno != EINTR)
 			break;
 
+	if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) {
+		memset(buf, 0, sizeof(buf));
+		return NULL;
+	}
+
 	buf[strcspn(buf, "\r\n")] = '\0';
 	pass = xstrdup(buf);
 	memset(buf, 0, sizeof(buf));
@@ -117,7 +122,10 @@ read_passphrase(const char *prompt, int flags)
 			askpass = getenv(SSH_ASKPASS_ENV);
 		else
 			askpass = _PATH_SSH_ASKPASS_DEFAULT;
-		return ssh_askpass(askpass, prompt);
+		if ((ret = ssh_askpass(askpass, prompt)) == NULL)
+			if (!(flags & RP_ALLOW_EOF))
+				return xstrdup("");
+		return ret;
 	}
 
 	if (readpassphrase(prompt, buf, sizeof buf, rppflags) == NULL) {