Bugzilla – Attachment 2003 Details for
Bug 1871
ssh-askpass should be able to distinguish between a prompt for confirmation and a prompt for an actual passphrase
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch to contrib/gnome-ssh-askpass2.c implementing these changes
gnome-ssh-askpass-confirmation-only.diff (text/plain), 5.09 KB, created by
Daniel Kahn Gillmor
on 2011-02-25 09:24:02 AEDT
(
hide
)
Description:
patch to contrib/gnome-ssh-askpass2.c implementing these changes
Filename:
MIME Type:
Creator:
Daniel Kahn Gillmor
Created:
2011-02-25 09:24:02 AEDT
Size:
5.09 KB
patch
obsolete
>=== modified file 'contrib/gnome-ssh-askpass2.c' >--- contrib/gnome-ssh-askpass2.c 2010-03-31 09:46:28 +0000 >+++ contrib/gnome-ssh-askpass2.c 2011-02-24 22:15:21 +0000 >@@ -23,17 +23,23 @@ > */ > > /* GTK2 support by Nalin Dahyabhai <nalin@redhat.com> */ >+/* SSH_ASKPASS_CONFIRMATION_ONLY support by >+ Daniel Kahn Gillmor <dkg@fifthhorseman.net> */ > > /* > * This is a simple GNOME SSH passphrase grabber. To use it, set the > * environment variable SSH_ASKPASS to point to the location of > * gnome-ssh-askpass before calling "ssh-add < /dev/null". > * >- * There is only two run-time options: if you set the environment variable >+ * if SSH_ASKPASS_CONFIRMATION_ONLY is set, then no text input will be >+ * displayed, and the keyboard, mouse, and X server will not be "grabbed". >+ * >+ * There are two more run-time options: if you set the environment variable > * "GNOME_SSH_ASKPASS_GRAB_SERVER=true" then gnome-ssh-askpass will grab > * the X server. If you set "GNOME_SSH_ASKPASS_GRAB_POINTER=true", then the > * pointer will be grabbed too. These may have some benefit to security if >- * you don't trust your X server. We grab the keyboard always. >+ * you don't trust your X server. We always grab the keyboard unless this >+ * is just a confirmation prompt. > */ > > #define GRAB_TRIES 16 >@@ -88,16 +94,19 @@ > { > const char *failed; > char *passphrase, *local; >- int result, grab_tries, grab_server, grab_pointer; >+ int result, grab_tries, grab_server, grab_pointer, confirmation_only; > GtkWidget *dialog, *entry; > GdkGrabStatus status; > > grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL); > grab_pointer = (getenv("GNOME_SSH_ASKPASS_GRAB_POINTER") != NULL); >+ confirmation_only = (getenv("SSH_ASKPASS_CONFIRMATION_ONLY") != NULL); > grab_tries = 0; > > dialog = gtk_message_dialog_new(NULL, 0, > GTK_MESSAGE_QUESTION, >+ confirmation_only ? >+ GTK_BUTTONS_YES_NO : > GTK_BUTTONS_OK_CANCEL, > "%s", > message); >@@ -105,9 +114,11 @@ > entry = gtk_entry_new(); > gtk_box_pack_start(GTK_BOX(GTK_DIALOG(dialog)->vbox), entry, FALSE, > FALSE, 0); >- gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE); >- gtk_widget_grab_focus(entry); >- gtk_widget_show(entry); >+ if (!confirmation_only) { >+ gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE); >+ gtk_widget_grab_focus(entry); >+ gtk_widget_show(entry); >+ } > > gtk_window_set_title(GTK_WINDOW(dialog), "OpenSSH"); > gtk_window_set_position (GTK_WINDOW(dialog), GTK_WIN_POS_CENTER); >@@ -116,7 +127,7 @@ > TRUE); > > /* Make <enter> close dialog */ >- gtk_dialog_set_default_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK); >+ gtk_dialog_set_default_response(GTK_DIALOG(dialog), confirmation_only ? GTK_RESPONSE_YES : GTK_RESPONSE_OK); > g_signal_connect(G_OBJECT(entry), "activate", > G_CALLBACK(ok_dialog), dialog); > >@@ -124,48 +135,53 @@ > > /* Grab focus */ > gtk_widget_show_now(dialog); >- if (grab_pointer) { >+ /* no need to grab focus for a confirmation prompt */ >+ if (!confirmation_only) { >+ if (grab_pointer) { >+ for(;;) { >+ status = gdk_pointer_grab( >+ (GTK_WIDGET(dialog))->window, TRUE, 0, NULL, >+ NULL, GDK_CURRENT_TIME); >+ if (status == GDK_GRAB_SUCCESS) >+ break; >+ usleep(GRAB_WAIT * 1000); >+ if (++grab_tries > GRAB_TRIES) { >+ failed = "mouse"; >+ goto nograb; >+ } >+ } >+ } > for(;;) { >- status = gdk_pointer_grab( >- (GTK_WIDGET(dialog))->window, TRUE, 0, NULL, >- NULL, GDK_CURRENT_TIME); >+ status = gdk_keyboard_grab((GTK_WIDGET(dialog))->window, >+ FALSE, GDK_CURRENT_TIME); > if (status == GDK_GRAB_SUCCESS) > break; > usleep(GRAB_WAIT * 1000); > if (++grab_tries > GRAB_TRIES) { >- failed = "mouse"; >- goto nograb; >+ failed = "keyboard"; >+ goto nograbkb; > } > } >- } >- for(;;) { >- status = gdk_keyboard_grab((GTK_WIDGET(dialog))->window, >- FALSE, GDK_CURRENT_TIME); >- if (status == GDK_GRAB_SUCCESS) >- break; >- usleep(GRAB_WAIT * 1000); >- if (++grab_tries > GRAB_TRIES) { >- failed = "keyboard"; >- goto nograbkb; >+ if (grab_server) { >+ gdk_x11_grab_server(); > } > } >- if (grab_server) { >- gdk_x11_grab_server(); >- } > > result = gtk_dialog_run(GTK_DIALOG(dialog)); > > /* Ungrab */ >- if (grab_server) >- XUngrabServer(GDK_DISPLAY()); >- if (grab_pointer) >- gdk_pointer_ungrab(GDK_CURRENT_TIME); >- gdk_keyboard_ungrab(GDK_CURRENT_TIME); >+ if (!confirmation_only) { >+ if (grab_server) >+ XUngrabServer(GDK_DISPLAY()); >+ if (grab_pointer) >+ gdk_pointer_ungrab(GDK_CURRENT_TIME); >+ gdk_keyboard_ungrab(GDK_CURRENT_TIME); >+ } > gdk_flush(); > > /* Report passphrase if user selected OK */ > passphrase = g_strdup(gtk_entry_get_text(GTK_ENTRY(entry))); >- if (result == GTK_RESPONSE_OK) { >+ if (result == GTK_RESPONSE_OK || result == GTK_RESPONSE_YES) { > local = g_locale_from_utf8(passphrase, strlen(passphrase), > NULL, NULL, NULL); > if (local != NULL) { >@@ -184,7 +200,7 @@ > g_free(passphrase); > > gtk_widget_destroy(dialog); >- return (result == GTK_RESPONSE_OK ? 0 : -1); >+ return (result == GTK_RESPONSE_OK || result == GTK_RESPONSE_YES ? 0 : -1); > > /* At least one grab failed - ungrab what we got, and report > the failure to the user. Note that XGrabServer() cannot >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2003">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1871
: 2003 |
2004