Skip to content
This repository was archived by the owner on Jul 19, 2018. It is now read-only.

Export some values as environment variables to the ssh-askpass process #11

Open
martinpaljak wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Export some values as environment variables to the ssh-askpass process #11

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 15 additions & 4 deletions ssh-agent-filter.C
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -305,7 +305,7 @@ void setup_filters () {
}
}

bool confirm (string const & question) {
bool confirm (string const & question, std::map <string, string> & values) {
char const * sap;
if (!(sap = getenv("SSH_ASKPASS")))
sap = "ssh-askpass";
Expand All @@ -318,6 +318,10 @@ bool confirm (string const & question) {
throw runtime_error("fork()");
if (pid == 0) {
// child
// Set environment variables for the askpass script
for (auto iter: values) {
setenv(iter.first.c_str(), iter.second.c_str(), 1);
}
char const * args[3] = { sap, question.c_str(), nullptr };
// see execvp(3p) for cast rationale
execvp(sap, const_cast<char * const *>(args));
Expand All @@ -329,7 +333,7 @@ bool confirm (string const & question) {
}
}

bool dissect_auth_data_ssh (rfc4251::string const & data, string & request_description) try {
bool dissect_auth_data_ssh (rfc4251::string const & data, string & request_description, std::map<string, string> & values) try {
io::stream<io::array_source> datastream{data.data(), data.size()};
arm(datastream);

Expand All @@ -343,6 +347,10 @@ bool dissect_auth_data_ssh (rfc4251::string const & data, string & request_descr
rfc4251::string publickeyalgorithm{datastream};
rfc4251::string publickey{datastream};

// Store the values, to be exported in environment
values["AGENT_FILTER_SERVICENAME"] = servicename;
values["AGENT_FILTER_USERNAME"] = username;

request_description = "The request is for an ssh connection as user '" + string{username} + "' with service name '" + string{servicename} + "'.";

if (string{servicename} == "pam_ssh_agent_auth") try {
Expand Down Expand Up @@ -446,18 +454,21 @@ rfc4251::string handle_request (rfc4251::string const & r) {
auto it = confirmed_pubkeys.find(key);
if (it != confirmed_pubkeys.end()) {
string request_description;
// environment variables available for the ssh-askpass process
std::map<string, string> values;
bool dissect_ok{false};
if (!dissect_ok)
dissect_ok = dissect_auth_data_ssh(data, request_description);
dissect_ok = dissect_auth_data_ssh(data, request_description, values);
if (!dissect_ok)
request_description = "The request format is unknown.";

string question = "Something behind the ssh-agent-filter";
if (saf_name.length())
question += " named '" + saf_name + "'";
question += " requested use of the key named '" + it->second + "'.\n";
values["AGENT_FILTER_KEYNAME"] = it->second;
question += request_description;
allow = confirm(question);
allow = confirm(question, values);
}
}

Expand Down