===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/readpass.c,v
retrieving revision 1.59
retrieving revision 1.60
diff -u -r1.59 -r1.60
--- src/usr.bin/ssh/readpass.c	2019/12/06 02:55:21	1.59
+++ src/usr.bin/ssh/readpass.c	2019/12/06 03:06:08	1.60
@@ -1,4 +1,4 @@
-/* $OpenBSD: readpass.c,v 1.59 2019/12/06 02:55:21 djm Exp $ */
+/* $OpenBSD: readpass.c,v 1.60 2019/12/06 03:06:08 djm Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  *
@@ -45,7 +45,7 @@
 #include "uidswap.h"
 
 static char *
-ssh_askpass(char *askpass, const char *msg)
+ssh_askpass(char *askpass, const char *msg, const char *env_hint)
 {
 	pid_t pid, ret;
 	size_t len;
@@ -72,7 +72,8 @@
 		close(p[0]);
 		if (dup2(p[1], STDOUT_FILENO) == -1)
 			fatal("%s: dup2: %s", __func__, strerror(errno));
-		setenv("SSH_ASKPASS_PROMPT", "confirm", 1); /* hint to UI */
+		if (env_hint != NULL)
+			setenv("SSH_ASKPASS_PROMPT", env_hint, 1);
 		execlp(askpass, askpass, msg, (char *)NULL);
 		fatal("%s: exec(%s): %s", __func__, askpass, strerror(errno));
 	}
@@ -106,6 +107,9 @@
 	return pass;
 }
 
+/* private/internal read_passphrase flags */
+#define RP_ASK_PERMISSION	0x8000 /* pass hint to askpass for confirm UI */
+
 /*
  * Reads a passphrase from /dev/tty with echo turned off/on.  Returns the
  * passphrase (allocated with xmalloc).  Exits if EOF is encountered. If
@@ -117,6 +121,7 @@
 {
 	char cr = '\r', *askpass = NULL, *ret, buf[1024];
 	int rppflags, use_askpass = 0, ttyfd;
+	const char *askpass_hint = NULL;
 
 	rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF;
 	if (flags & RP_USE_ASKPASS)
@@ -153,7 +158,9 @@
 			askpass = getenv(SSH_ASKPASS_ENV);
 		else
 			askpass = _PATH_SSH_ASKPASS_DEFAULT;
-		if ((ret = ssh_askpass(askpass, prompt)) == NULL)
+		if ((flags & RP_ASK_PERMISSION) != 0)
+			askpass_hint = "confirm";
+		if ((ret = ssh_askpass(askpass, prompt, askpass_hint)) == NULL)
 			if (!(flags & RP_ALLOW_EOF))
 				return xstrdup("");
 		return ret;
@@ -181,7 +188,8 @@
 	vsnprintf(prompt, sizeof(prompt), fmt, args);
 	va_end(args);
 
-	p = read_passphrase(prompt, RP_USE_ASKPASS|RP_ALLOW_EOF);
+	p = read_passphrase(prompt,
+	    RP_USE_ASKPASS|RP_ALLOW_EOF|RP_ASK_PERMISSION);
 	if (p != NULL) {
 		/*
 		 * Accept empty responses and responses consisting