upstream: when requesting a security key touch on stderr, inform the

user once the touch has been recorded; requested by claudio@ ok markus@

OpenBSD-Commit-ID: 3b76ee444490e546b9ea7f879e4092ee0d256233

diff --git a/misc.h b/misc.h
index 106539ec3f89a96c3b7b7ceb3e4387c3cdf927ab..8ede6064974106e65b2105c439ac1ea242edbff6 100644 (file)
--- a/misc.h
+++ b/misc.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.h,v 1.88 2020/10/03 09:22:26 djm Exp $ */
+/* $OpenBSD: misc.h,v 1.89 2020/11/08 22:37:24 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -191,7 +191,8 @@ char        *read_passphrase(const char *, int);
 int     ask_permission(const char *, ...) __attribute__((format(printf, 1, 2)));
 struct notifier_ctx *notify_start(int, const char *, ...)
        __attribute__((format(printf, 2, 3)));
-void   notify_complete(struct notifier_ctx *);
+void   notify_complete(struct notifier_ctx *, const char *, ...)
+       __attribute__((format(printf, 2, 3)));
 
 #define MINIMUM(a, b)  (((a) < (b)) ? (a) : (b))
 #define MAXIMUM(a, b)  (((a) > (b)) ? (a) : (b))

diff --git a/readpass.c b/readpass.c
index 1362a49e9d64f4fa0c7ec0597dc44bae1486f9d5..6938d03dc6bb12938fda9d8f1034603d8d009692 100644 (file)
--- a/readpass.c
+++ b/readpass.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readpass.c,v 1.65 2020/10/18 11:32:01 djm Exp $ */
+/* $OpenBSD: readpass.c,v 1.66 2020/11/08 22:37:24 djm Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  *
@@ -222,6 +222,14 @@ ask_permission(const char *fmt, ...)
        return (allowed);
 }
 
+static void
+writemsg(const char *msg)
+{
+       (void)write(STDERR_FILENO, "\r", 1);
+       (void)write(STDERR_FILENO, msg, strlen(msg));
+       (void)write(STDERR_FILENO, "\r\n", 2);
+}
+
 struct notifier_ctx {
        pid_t pid;
        void (*osigchld)(int);
@@ -232,8 +240,8 @@ notify_start(int force_askpass, const char *fmt, ...)
 {
        va_list args;
        char *prompt = NULL;
-       pid_t pid;
-       void (*osigchld)(int);
+       pid_t pid = -1;
+       void (*osigchld)(int) = NULL;
        const char *askpass, *s;
        struct notifier_ctx *ret = NULL;
 
@@ -244,10 +252,8 @@ notify_start(int force_askpass, const char *fmt, ...)
        if (fflush(NULL) != 0)
                error_f("fflush: %s", strerror(errno));
        if (!force_askpass && isatty(STDERR_FILENO)) {
-               (void)write(STDERR_FILENO, "\r", 1);
-               (void)write(STDERR_FILENO, prompt, strlen(prompt));
-               (void)write(STDERR_FILENO, "\r\n", 2);
-               goto out;
+               writemsg(prompt);
+               goto out_ctx;
        }
        if ((askpass = getenv("SSH_ASKPASS")) == NULL)
                askpass = _PATH_SSH_ASKPASS_DEFAULT;
@@ -278,6 +284,7 @@ notify_start(int force_askpass, const char *fmt, ...)
                _exit(1);
                /* NOTREACHED */
        }
+ out_ctx:
        if ((ret = calloc(1, sizeof(*ret))) == NULL) {
                kill(pid, SIGTERM);
                fatal_f("calloc failed");
@@ -290,9 +297,22 @@ notify_start(int force_askpass, const char *fmt, ...)
 }
 
 void
-notify_complete(struct notifier_ctx *ctx)
+notify_complete(struct notifier_ctx *ctx, const char *fmt, ...)
 {
        int ret;
+       char *msg = NULL;
+       va_list args;
+
+       if (fmt != NULL && ctx->pid == -1) {
+               /*
+                * notify_start wrote to stderr, so send conclusion message
+                * there too
+               */
+               va_start(args, fmt);
+               xvasprintf(&msg, fmt, args);
+               va_end(args);
+               writemsg(msg);
+       }
 
        if (ctx == NULL || ctx->pid <= 0) {
                free(ctx);

diff --git a/ssh-agent.c b/ssh-agent.c
index 179f353a3fe83979fd6790beb66d0b4764d0bba1..93f04f265fe012abd2e628f20fe9df0e2c62e818 100644 (file)
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.266 2020/10/18 11:32:02 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.267 2020/11/08 22:37:24 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -416,7 +416,7 @@ process_sign_request2(SocketEntry *e)
        /* Success */
        ok = 0;
  send:
-       notify_complete(notifier);
+       notify_complete(notifier, "User presence confirmed");
        sshkey_free(key);
        free(fp);
        if (ok == 0) {

diff --git a/ssh-keygen.c b/ssh-keygen.c
index 23d273a969316d8ee18ae83650725d8b67e1e7b4..9ce7befa551f80af58405bff44806a55bed05fd4 100644 (file)
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.423 2020/10/29 03:01:18 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.424 2020/11/08 22:37:24 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1854,7 +1854,7 @@ do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent,
                        }
                        r = sshkey_certify(public, ca, key_type_name,
                            sk_provider, pin);
-                       notify_complete(notifier);
+                       notify_complete(notifier, "User presence confirmed");
                        if (r != 0)
                                fatal_r(r, "Couldn't certify key %s", tmp);
                }

diff --git a/sshconnect2.c b/sshconnect2.c
index 46469a3b64016e101e7f649a48a288cc9ca2e25e..f0e62e1425c3b60857831cc79138fe2dbbb457ef 100644 (file)
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.333 2020/10/30 01:50:07 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.334 2020/11/08 22:37:24 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -1279,7 +1279,7 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp,
        free(prompt);
        if (pin != NULL)
                freezero(pin, strlen(pin));
-       notify_complete(notifier);
+       notify_complete(notifier, "User presence confirmed");
        sshkey_free(prv);
        return r;
 }