From 4d1b125885e469e41c78772bb493f68f66199324 Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Thu, 30 Dec 2021 11:47:58 +0000 Subject: [PATCH] SSH proxying: use CONF_proxy_password if available. I was just writing the documentation for the new proxy type, which caused me to realise that the thing I obviously wanted to write in the documentation was not actually true. Let's make it true, and then I can document it! --- proxy/sshproxy.c | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/proxy/sshproxy.c b/proxy/sshproxy.c index bc514452..ee2bee6e 100644 --- a/proxy/sshproxy.c +++ b/proxy/sshproxy.c @@ -22,6 +22,9 @@ typedef struct SshProxy { Seat *clientseat; Interactor *clientitr; + bool got_proxy_password, tried_proxy_password; + char *proxy_password; + ProxyStderrBuf psb; Plug *plug; @@ -61,6 +64,8 @@ static void sshproxy_close(Socket *s) backend_free(sp->backend); if (sp->logctx) log_free(sp->logctx); + if (sp->proxy_password) + burnstr(sp->proxy_password); bufchain_clear(&sp->ssh_to_socket); delete_callbacks_for_context(sp); @@ -334,6 +339,21 @@ static SeatPromptResult sshproxy_get_userpass_input(Seat *seat, prompts_t *p) { SshProxy *sp = container_of(seat, SshProxy, seat); + /* + * If we have a stored proxy_password, use that, via logic similar + * to cmdline_get_passwd_input: we only try it if we're given a + * prompts_t containing exactly one prompt, and that prompt is set + * to non-echoing. + */ + if (sp->got_proxy_password && !sp->tried_proxy_password && + p->n_prompts == 1 && !p->prompts[0]->echo) { + prompt_set_result(p->prompts[0], sp->proxy_password); + burnstr(sp->proxy_password); + sp->proxy_password = NULL; + sp->tried_proxy_password = true; + return SPR_OK; + } + if (sp->clientseat) { /* * If we have access to the outer Seat, pass this prompt @@ -556,6 +576,12 @@ Socket *sshproxy_new_connection(SockAddr *addr, const char *hostname, if (*proxy_username) conf_set_str(sp->conf, CONF_username, proxy_username); + const char *proxy_password = conf_get_str(clientconf, CONF_proxy_password); + if (*proxy_password) { + sp->proxy_password = dupstr(proxy_password); + sp->got_proxy_password = true; + } + const struct BackendVtable *backvt = backend_vt_from_proto( conf_get_int(sp->conf, CONF_protocol));