- (djm) [ssh-rand-helper.c] Needs a bunch of headers

[openssh.git] / ssh-agent.c

diff --git a/ssh-agent.c b/ssh-agent.c
index bc4d8d33a2875da09cfe30b799dc5209eeb61893..b45087629cfe646d4ad828ea357c84bfd47f829c 100644 (file)
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -34,8 +34,18 @@
  */
 
 #include "includes.h"
+RCSID("$OpenBSD: ssh-agent.c,v 1.129 2006/02/20 17:02:44 stevesk Exp $");
+
+#include <sys/types.h>
+#ifdef HAVE_SYS_UN_H
+# include <sys/un.h>
+#endif
 #include "openbsd-compat/sys-queue.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.120 2004/08/11 21:43:05 avsm Exp $");
+#include <sys/resource.h>
+#ifdef HAVE_PATHS_H
+# include <paths.h>
+#endif
+#include <signal.h>
 
 #include <openssl/evp.h>
 #include <openssl/md5.h>
@@ -168,23 +178,15 @@ lookup_identity(Key *key, int version)
 static int
 confirm_key(Identity *id)
 {
-       char *p, prompt[1024];
+       char *p;
        int ret = -1;
 
        p = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX);
-       snprintf(prompt, sizeof(prompt), "Allow use of key %s?\n"
-           "Key fingerprint %s.", id->comment, p);
+       if (ask_permission("Allow use of key %s?\nKey fingerprint %s.",
+           id->comment, p))
+               ret = 0;
        xfree(p);
-       p = read_passphrase(prompt, RP_ALLOW_EOF);
-       if (p != NULL) {
-               /*
-                * Accept empty responses and responses consisting
-                * of the word "yes" as affirmative.
-                */
-               if (*p == '\0' || *p == '\n' || strcasecmp(p, "yes") == 0)
-                       ret = 0;
-               xfree(p);
-       }
+
        return (ret);
 }
 
@@ -363,7 +365,7 @@ process_remove_identity(SocketEntry *e, int version)
                if (id != NULL) {
                        /*
                         * We have this key.  Free the old key.  Since we
-                        * don\'t want to leave empty slots in the middle of
+                        * don't want to leave empty slots in the middle of
                         * the array, we actually free the key there and move
                         * all the entries between the empty slot and the end
                         * of the array.
@@ -1010,14 +1012,15 @@ main(int ac, char **av)
 #ifdef HAVE_SETRLIMIT
        struct rlimit rlim;
 #endif
-#ifdef HAVE_CYGWIN
        int prev_mask;
-#endif
        extern int optind;
        extern char *optarg;
        pid_t pid;
        char pidstrbuf[1 + 3 * sizeof pid];
 
+       /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+       sanitise_stdfd();
+
        /* drop */
        setegid(getgid());
        setgid(getgid());
@@ -1124,24 +1127,20 @@ main(int ac, char **av)
        sock = socket(AF_UNIX, SOCK_STREAM, 0);
        if (sock < 0) {
                perror("socket");
+               *socket_name = '\0'; /* Don't unlink any existing file */
                cleanup_exit(1);
        }
        memset(&sunaddr, 0, sizeof(sunaddr));
        sunaddr.sun_family = AF_UNIX;
        strlcpy(sunaddr.sun_path, socket_name, sizeof(sunaddr.sun_path));
-#ifdef HAVE_CYGWIN
        prev_mask = umask(0177);
-#endif
        if (bind(sock, (struct sockaddr *) & sunaddr, sizeof(sunaddr)) < 0) {
                perror("bind");
-#ifdef HAVE_CYGWIN
+               *socket_name = '\0'; /* Don't unlink any existing file */
                umask(prev_mask);
-#endif
                cleanup_exit(1);
        }
-#ifdef HAVE_CYGWIN
        umask(prev_mask);
-#endif
        if (listen(sock, SSH_LISTEN_BACKLOG) < 0) {
                perror("listen");
                cleanup_exit(1);