|
Lines 35-43
Link Here
|
| 35 |
* pointer will be grabbed too. These may have some benefit to security if |
35 |
* pointer will be grabbed too. These may have some benefit to security if |
| 36 |
* you don't trust your X server. We grab the keyboard always. |
36 |
* you don't trust your X server. We grab the keyboard always. |
| 37 |
*/ |
37 |
*/ |
|
|
38 |
char *write_otac_to_fifo(char *); |
| 38 |
|
39 |
|
| 39 |
#define GRAB_TRIES 16 |
40 |
#define GRAB_TRIES 16 |
| 40 |
#define GRAB_WAIT 250 /* milliseconds */ |
41 |
#define GRAB_WAIT 250 /* milliseconds */ |
|
|
42 |
#define OTAC_PWD_LEN 4 /* number of characters in otac passphrase */ |
| 43 |
#define OTAC_FIFO_LEN 32 /* max fifo name length */ |
| 41 |
|
44 |
|
| 42 |
/* |
45 |
/* |
| 43 |
* Compile with: |
46 |
* Compile with: |
|
Lines 87-97
Link Here
|
| 87 |
passphrase_dialog(char *message) |
90 |
passphrase_dialog(char *message) |
| 88 |
{ |
91 |
{ |
| 89 |
const char *failed; |
92 |
const char *failed; |
| 90 |
char *passphrase, *local; |
93 |
char *passphrase, *local, *otac_passphrase, *otac_fifo; |
| 91 |
int result, grab_tries, grab_server, grab_pointer; |
94 |
int result, grab_tries, grab_server, grab_pointer; |
| 92 |
GtkWidget *dialog, *entry; |
95 |
GtkWidget *dialog, *entry; |
| 93 |
GdkGrabStatus status; |
96 |
GdkGrabStatus status; |
| 94 |
|
97 |
|
|
|
98 |
/* generate and transmit otac passphrase if env var set */ |
| 99 |
otac_fifo=malloc(OTAC_FIFO_LEN); |
| 100 |
otac_fifo=getenv("SSH_OTAC_FIFO"); |
| 101 |
if (otac_fifo) |
| 102 |
otac_passphrase=write_otac_to_fifo(otac_fifo); |
| 95 |
grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL); |
103 |
grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL); |
| 96 |
grab_pointer = (getenv("GNOME_SSH_ASKPASS_GRAB_POINTER") != NULL); |
104 |
grab_pointer = (getenv("GNOME_SSH_ASKPASS_GRAB_POINTER") != NULL); |
| 97 |
grab_tries = 0; |
105 |
grab_tries = 0; |
|
Lines 163-176
Link Here
|
| 163 |
/* Report passphrase if user selected OK */ |
171 |
/* Report passphrase if user selected OK */ |
| 164 |
passphrase = g_strdup(gtk_entry_get_text(GTK_ENTRY(entry))); |
172 |
passphrase = g_strdup(gtk_entry_get_text(GTK_ENTRY(entry))); |
| 165 |
if (result == GTK_RESPONSE_OK) { |
173 |
if (result == GTK_RESPONSE_OK) { |
| 166 |
local = g_locale_from_utf8(passphrase, strlen(passphrase), |
174 |
if (otac_fifo) { |
| 167 |
NULL, NULL, NULL); |
175 |
if (strcmp(otac_passphrase,passphrase)==0) { |
| 168 |
if (local != NULL) { |
176 |
puts("yes"); |
| 169 |
puts(local); |
177 |
} else { |
| 170 |
memset(local, '\0', strlen(local)); |
178 |
puts("no"); |
| 171 |
g_free(local); |
179 |
} |
|
|
180 |
/* Zero otac passphrase in memory */ |
| 181 |
memset(otac_passphrase, '\b', strlen(otac_passphrase)); |
| 182 |
gtk_entry_set_text(GTK_ENTRY(entry), otac_passphrase); |
| 183 |
memset(otac_passphrase, '\0', strlen(otac_passphrase)); |
| 184 |
g_free(otac_passphrase); |
| 172 |
} else { |
185 |
} else { |
| 173 |
puts(passphrase); |
186 |
local = g_locale_from_utf8(passphrase, strlen(passphrase), |
|
|
187 |
NULL, NULL, NULL); |
| 188 |
if (local != NULL) { |
| 189 |
puts(local); |
| 190 |
memset(local, '\0', strlen(local)); |
| 191 |
g_free(local); |
| 192 |
} else { |
| 193 |
puts(passphrase); |
| 194 |
} |
| 174 |
} |
195 |
} |
| 175 |
} |
196 |
} |
| 176 |
|
197 |
|
|
Lines 198-203
Link Here
|
| 198 |
return (-1); |
219 |
return (-1); |
| 199 |
} |
220 |
} |
| 200 |
|
221 |
|
|
|
222 |
/* generate the one-time agent confirm password and write it to fifo */ |
| 223 |
char * |
| 224 |
write_otac_to_fifo(char *otac_fifo) |
| 225 |
{ |
| 226 |
FILE *out; |
| 227 |
int i,ran,nchars=52,otac_length=OTAC_PWD_LEN; |
| 228 |
char cpool[52]="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; |
| 229 |
char *otac_passphrase; |
| 230 |
|
| 231 |
/* use random # to select characters for one-time passphrase */ |
| 232 |
/* TODO: substitute better ran-num initializer*/ |
| 233 |
otac_passphrase=malloc(otac_length+1); |
| 234 |
srandom(time(0)); |
| 235 |
for (i=0;i<otac_length;i++) { |
| 236 |
ran = random(); |
| 237 |
otac_passphrase[i]=cpool[ran%nchars]; |
| 238 |
} |
| 239 |
otac_passphrase[otac_length] = 0; |
| 240 |
|
| 241 |
/* write otac password to fifo */ |
| 242 |
if ( (out=fopen(otac_fifo,"w")) == NULL) { |
| 243 |
mkfifo(otac_fifo, 0660); |
| 244 |
out=fopen(otac_fifo,"w"); |
| 245 |
} |
| 246 |
fflush(out); |
| 247 |
fprintf(out,"One-time agent confirm: %s\n",otac_passphrase); |
| 248 |
fclose(out); |
| 249 |
|
| 250 |
/* return otac passphrase */ |
| 251 |
return(otac_passphrase); |
| 252 |
} |
| 253 |
|
| 201 |
int |
254 |
int |
| 202 |
main(int argc, char **argv) |
255 |
main(int argc, char **argv) |
| 203 |
{ |
256 |
{ |