- djm@cvs.openbsd.org 2005/11/04 05:15:59

[openssh.git] / ssh-agent.c

diff --git a/ssh-agent.c b/ssh-agent.c
index bc4d8d33a2875da09cfe30b799dc5209eeb61893..a69c25eec6bef2548081e54ec1273562b859f0d3 100644 (file)
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -35,7 +35,7 @@
 
 #include "includes.h"
 #include "openbsd-compat/sys-queue.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.120 2004/08/11 21:43:05 avsm Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.124 2005/10/30 08:52:18 djm Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/md5.h>
@@ -168,23 +168,15 @@ lookup_identity(Key *key, int version)
 static int
 confirm_key(Identity *id)
 {
-       char *p, prompt[1024];
+       char *p;
        int ret = -1;
 
        p = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX);
-       snprintf(prompt, sizeof(prompt), "Allow use of key %s?\n"
-           "Key fingerprint %s.", id->comment, p);
+       if (ask_permission("Allow use of key %s?\nKey fingerprint %s.",
+           id->comment, p))
+               ret = 0;
        xfree(p);
-       p = read_passphrase(prompt, RP_ALLOW_EOF);
-       if (p != NULL) {
-               /*
-                * Accept empty responses and responses consisting
-                * of the word "yes" as affirmative.
-                */
-               if (*p == '\0' || *p == '\n' || strcasecmp(p, "yes") == 0)
-                       ret = 0;
-               xfree(p);
-       }
+
        return (ret);
 }
 
@@ -363,7 +355,7 @@ process_remove_identity(SocketEntry *e, int version)
                if (id != NULL) {
                        /*
                         * We have this key.  Free the old key.  Since we
-                        * don\'t want to leave empty slots in the middle of
+                        * don't want to leave empty slots in the middle of
                         * the array, we actually free the key there and move
                         * all the entries between the empty slot and the end
                         * of the array.
@@ -1010,14 +1002,15 @@ main(int ac, char **av)
 #ifdef HAVE_SETRLIMIT
        struct rlimit rlim;
 #endif
-#ifdef HAVE_CYGWIN
        int prev_mask;
-#endif
        extern int optind;
        extern char *optarg;
        pid_t pid;
        char pidstrbuf[1 + 3 * sizeof pid];
 
+       /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+       sanitise_stdfd();
+
        /* drop */
        setegid(getgid());
        setgid(getgid());
@@ -1124,24 +1117,20 @@ main(int ac, char **av)
        sock = socket(AF_UNIX, SOCK_STREAM, 0);
        if (sock < 0) {
                perror("socket");
+               *socket_name = '\0'; /* Don't unlink any existing file */
                cleanup_exit(1);
        }
        memset(&sunaddr, 0, sizeof(sunaddr));
        sunaddr.sun_family = AF_UNIX;
        strlcpy(sunaddr.sun_path, socket_name, sizeof(sunaddr.sun_path));
-#ifdef HAVE_CYGWIN
        prev_mask = umask(0177);
-#endif
        if (bind(sock, (struct sockaddr *) & sunaddr, sizeof(sunaddr)) < 0) {
                perror("bind");
-#ifdef HAVE_CYGWIN
+               *socket_name = '\0'; /* Don't unlink any existing file */
                umask(prev_mask);
-#endif
                cleanup_exit(1);
        }
-#ifdef HAVE_CYGWIN
        umask(prev_mask);
-#endif
        if (listen(sock, SSH_LISTEN_BACKLOG) < 0) {
                perror("listen");
                cleanup_exit(1);