Bugzilla – Attachment 1383 Details for
Bug 1393
patch modifies gnome-ssh-askpass to optionally use one-time password
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
modifies gnome-ssh-askpass2.c to use one-time password
gnome-ssh-askpass2.c.patch (text/plain), 3.08 KB, created by
Paul Sery
on 2007-11-24 14:45:38 AEDT
(
hide
)
Description:
modifies gnome-ssh-askpass2.c to use one-time password
Filename:
MIME Type:
Creator:
Paul Sery
Created:
2007-11-24 14:45:38 AEDT
Size:
3.08 KB
patch
obsolete
>--- gnome-ssh-askpass2.c.orig 2007-11-23 19:42:11.000000000 -0700 >+++ gnome-ssh-askpass2.c 2007-11-23 19:50:26.000000000 -0700 >@@ -35,9 +35,12 @@ > * pointer will be grabbed too. These may have some benefit to security if > * you don't trust your X server. We grab the keyboard always. > */ >+char *write_otac_to_fifo(char *); > > #define GRAB_TRIES 16 > #define GRAB_WAIT 250 /* milliseconds */ >+#define OTAC_PWD_LEN 4 /* number of characters in otac passphrase */ >+#define OTAC_FIFO_LEN 32 /* max fifo name length */ > > /* > * Compile with: >@@ -87,11 +90,16 @@ > passphrase_dialog(char *message) > { > const char *failed; >- char *passphrase, *local; >+ char *passphrase, *local, *otac_passphrase, *otac_fifo; > int result, grab_tries, grab_server, grab_pointer; > GtkWidget *dialog, *entry; > GdkGrabStatus status; > >+ /* generate and transmit otac passphrase if env var set */ >+ otac_fifo=malloc(OTAC_FIFO_LEN); >+ otac_fifo=getenv("SSH_OTAC_FIFO"); >+ if (otac_fifo) >+ otac_passphrase=write_otac_to_fifo(otac_fifo); > grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL); > grab_pointer = (getenv("GNOME_SSH_ASKPASS_GRAB_POINTER") != NULL); > grab_tries = 0; >@@ -163,14 +171,27 @@ > /* Report passphrase if user selected OK */ > passphrase = g_strdup(gtk_entry_get_text(GTK_ENTRY(entry))); > if (result == GTK_RESPONSE_OK) { >- local = g_locale_from_utf8(passphrase, strlen(passphrase), >- NULL, NULL, NULL); >- if (local != NULL) { >- puts(local); >- memset(local, '\0', strlen(local)); >- g_free(local); >+ if (otac_fifo) { >+ if (strcmp(otac_passphrase,passphrase)==0) { >+ puts("yes"); >+ } else { >+ puts("no"); >+ } >+ /* Zero otac passphrase in memory */ >+ memset(otac_passphrase, '\b', strlen(otac_passphrase)); >+ gtk_entry_set_text(GTK_ENTRY(entry), otac_passphrase); >+ memset(otac_passphrase, '\0', strlen(otac_passphrase)); >+ g_free(otac_passphrase); > } else { >- puts(passphrase); >+ local = g_locale_from_utf8(passphrase, strlen(passphrase), >+ NULL, NULL, NULL); >+ if (local != NULL) { >+ puts(local); >+ memset(local, '\0', strlen(local)); >+ g_free(local); >+ } else { >+ puts(passphrase); >+ } > } > } > >@@ -198,6 +219,38 @@ > return (-1); > } > >+/* generate the one-time agent confirm password and write it to fifo */ >+char * >+write_otac_to_fifo(char *otac_fifo) >+{ >+ FILE *out; >+ int i,ran,nchars=52,otac_length=OTAC_PWD_LEN; >+ char cpool[52]="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; >+ char *otac_passphrase; >+ >+ /* use random # to select characters for one-time passphrase */ >+ /* TODO: substitute better ran-num initializer*/ >+ otac_passphrase=malloc(otac_length+1); >+ srandom(time(0)); >+ for (i=0;i<otac_length;i++) { >+ ran = random(); >+ otac_passphrase[i]=cpool[ran%nchars]; >+ } >+ otac_passphrase[otac_length] = 0; >+ >+ /* write otac password to fifo */ >+ if ( (out=fopen(otac_fifo,"w")) == NULL) { >+ mkfifo(otac_fifo, 0660); >+ out=fopen(otac_fifo,"w"); >+ } >+ fflush(out); >+ fprintf(out,"One-time agent confirm: %s\n",otac_passphrase); >+ fclose(out); >+ >+ /* return otac passphrase */ >+ return(otac_passphrase); >+} >+ > int > main(int argc, char **argv) > {
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1383">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1393
: 1383 |
1384
|
1390
|
1391