From b497e920b409250309c4abe64229237b8f2730ba Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 18 Nov 2019 15:05:04 +1100 Subject: Teach the GTK2/3 ssh-askpass the new prompt hints ssh/ssh-agent now sets a hint environment variable $SSH_ASKPASS_PROMPT when running the askpass program. This is intended to allow the askpass to vary its UI across the three cases it supports: asking for a passphrase, confirming the use of a key and (recently) reminding a user to touch their security key. This adapts the gnome-ssh-askpass[23] to use these hints. Specifically, for SSH_ASKPASS_PROMPT=confirm it will skip the text input box and show only "yes"/"no" buttons. For SSH_ASKPASS_PROMPT=none (used to remind users to tap their security key), it shows only a "close" button. Help wanted: adapt the other askpass programs in active use, including x11-ssh-askpass, lxqt-openssh-askpass, etc. --- contrib/gnome-ssh-askpass2.c | 115 +++++++++++++++++++++++++++---------------- 1 file changed, 72 insertions(+), 43 deletions(-) (limited to 'contrib') diff --git a/contrib/gnome-ssh-askpass2.c b/contrib/gnome-ssh-askpass2.c index 535a69274..bc83a2d67 100644 --- a/contrib/gnome-ssh-askpass2.c +++ b/contrib/gnome-ssh-askpass2.c @@ -39,6 +39,10 @@ #define GRAB_TRIES 16 #define GRAB_WAIT 250 /* milliseconds */ +#define PROMPT_ENTRY 0 +#define PROMPT_CONFIRM 1 +#define PROMPT_NONE 2 + /* * Compile with: * @@ -82,11 +86,12 @@ ok_dialog(GtkWidget *entry, gpointer dialog) } static int -passphrase_dialog(char *message) +passphrase_dialog(char *message, int prompt_type) { const char *failed; char *passphrase, *local; int result, grab_tries, grab_server, grab_pointer; + int buttons, default_response; GtkWidget *parent_window, *dialog, *entry; GdkGrabStatus status; @@ -98,31 +103,43 @@ passphrase_dialog(char *message) * complain. */ parent_window = gtk_window_new(GTK_WINDOW_TOPLEVEL); + switch (prompt_type) { + case PROMPT_CONFIRM: + buttons = GTK_BUTTONS_YES_NO; + default_response = GTK_RESPONSE_YES; + break; + case PROMPT_NONE: + buttons = GTK_BUTTONS_CLOSE; + default_response = GTK_RESPONSE_CLOSE; + break; + default: + buttons = GTK_BUTTONS_OK_CANCEL; + default_response = GTK_RESPONSE_OK; + break; + } + dialog = gtk_message_dialog_new(GTK_WINDOW(parent_window), 0, - GTK_MESSAGE_QUESTION, - GTK_BUTTONS_OK_CANCEL, - "%s", - message); - - entry = gtk_entry_new(); - gtk_box_pack_start( - GTK_BOX(gtk_dialog_get_content_area(GTK_DIALOG(dialog))), entry, - FALSE, FALSE, 0); - gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE); - gtk_widget_grab_focus(entry); - gtk_widget_show(entry); + GTK_MESSAGE_QUESTION, buttons, "%s", message); gtk_window_set_title(GTK_WINDOW(dialog), "OpenSSH"); gtk_window_set_position (GTK_WINDOW(dialog), GTK_WIN_POS_CENTER); gtk_window_set_keep_above(GTK_WINDOW(dialog), TRUE); - - /* Make close dialog */ - gtk_dialog_set_default_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK); - g_signal_connect(G_OBJECT(entry), "activate", - G_CALLBACK(ok_dialog), dialog); - + gtk_dialog_set_default_response(GTK_DIALOG(dialog), default_response); gtk_window_set_keep_above(GTK_WINDOW(dialog), TRUE); + if (prompt_type == PROMPT_ENTRY) { + entry = gtk_entry_new(); + gtk_box_pack_start( + GTK_BOX(gtk_dialog_get_content_area(GTK_DIALOG(dialog))), + entry, FALSE, FALSE, 0); + gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE); + gtk_widget_grab_focus(entry); + gtk_widget_show(entry); + /* Make close dialog */ + g_signal_connect(G_OBJECT(entry), "activate", + G_CALLBACK(ok_dialog), dialog); + } + /* Grab focus */ gtk_widget_show_now(dialog); if (grab_pointer) { @@ -166,32 +183,37 @@ passphrase_dialog(char *message) gdk_flush(); /* Report passphrase if user selected OK */ - passphrase = g_strdup(gtk_entry_get_text(GTK_ENTRY(entry))); - if (result == GTK_RESPONSE_OK) { - local = g_locale_from_utf8(passphrase, strlen(passphrase), - NULL, NULL, NULL); - if (local != NULL) { - puts(local); - memset(local, '\0', strlen(local)); - g_free(local); - } else { - puts(passphrase); + if (prompt_type == PROMPT_ENTRY) { + passphrase = g_strdup(gtk_entry_get_text(GTK_ENTRY(entry))); + if (result == GTK_RESPONSE_OK) { + local = g_locale_from_utf8(passphrase, + strlen(passphrase), NULL, NULL, NULL); + if (local != NULL) { + puts(local); + memset(local, '\0', strlen(local)); + g_free(local); + } else { + puts(passphrase); + } } + /* Zero passphrase in memory */ + memset(passphrase, '\b', strlen(passphrase)); + gtk_entry_set_text(GTK_ENTRY(entry), passphrase); + memset(passphrase, '\0', strlen(passphrase)); + g_free(passphrase); } - - /* Zero passphrase in memory */ - memset(passphrase, '\b', strlen(passphrase)); - gtk_entry_set_text(GTK_ENTRY(entry), passphrase); - memset(passphrase, '\0', strlen(passphrase)); - g_free(passphrase); - + gtk_widget_destroy(dialog); - return (result == GTK_RESPONSE_OK ? 0 : -1); + if (result != GTK_RESPONSE_OK && result != GTK_RESPONSE_YES) + return -1; + return 0; - /* At least one grab failed - ungrab what we got, and report - the failure to the user. Note that XGrabServer() cannot - fail. */ nograbkb: + /* + * At least one grab failed - ungrab what we got, and report + * the failure to the user. Note that XGrabServer() cannot + * fail. + */ gdk_pointer_ungrab(GDK_CURRENT_TIME); nograb: if (grab_server) @@ -206,8 +228,8 @@ passphrase_dialog(char *message) int main(int argc, char **argv) { - char *message; - int result; + char *message, *prompt_mode; + int result, prompt_type = PROMPT_ENTRY; gtk_init(&argc, &argv); @@ -217,8 +239,15 @@ main(int argc, char **argv) message = g_strdup("Enter your OpenSSH passphrase:"); } + if ((prompt_mode = getenv("SSH_ASKPASS_PROMPT")) != NULL) { + if (strcasecmp(prompt_mode, "confirm") == 0) + prompt_type = PROMPT_CONFIRM; + else if (strcasecmp(prompt_mode, "none") == 0) + prompt_type = PROMPT_NONE; + } + setvbuf(stdout, 0, _IONBF, 0); - result = passphrase_dialog(message); + result = passphrase_dialog(message, prompt_type); g_free(message); return (result); -- cgit v1.2.3 From 69e44ba701b90b0f530d64c3fe4363ea86e50cd3 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 6 Jan 2020 09:02:53 +1100 Subject: Fix typo: 'you' -> 'your'. bz#3108 from jmckitrick@gmail.com. --- contrib/ssh-copy-id.1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'contrib') diff --git a/contrib/ssh-copy-id.1 b/contrib/ssh-copy-id.1 index 8850cceda..ae75c79a5 100644 --- a/contrib/ssh-copy-id.1 +++ b/contrib/ssh-copy-id.1 @@ -158,7 +158,7 @@ asked for confirmation, which is your cue to log back out and run The reason you might want to specify the -i option in this case is to ensure that the comment on the installed key is the one from the .Pa .pub -file, rather than just the filename that was loaded into you agent. +file, rather than just the filename that was loaded into your agent. It also ensures that only the id you intended is installed, rather than all the keys that you have in your .Xr ssh-agent 1 . -- cgit v1.2.3 From 72f0ce33f0d5a37f31bad5800d1eb2fbdb732de6 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 12 Feb 2020 09:28:35 +1100 Subject: crank version numbers --- README | 2 +- contrib/redhat/openssh.spec | 2 +- contrib/suse/openssh.spec | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) (limited to 'contrib') diff --git a/README b/README index be79dafb6..c95ff2162 100644 --- a/README +++ b/README @@ -1,4 +1,4 @@ -See https://www.openssh.com/releasenotes.html#8.1p1 for the release notes. +See https://www.openssh.com/releasenotes.html#8.2p1 for the release notes. Please read https://www.openssh.com/report.html for bug reporting instructions and note that we do not use Github for bug reporting or diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index a440a11c2..54dc39610 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec @@ -1,4 +1,4 @@ -%define ver 8.1p1 +%define ver 8.2p1 %define rel 1%{?dist} # OpenSSH privilege separation requires a user & group ID diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec index 8c081acc0..4c318001e 100644 --- a/contrib/suse/openssh.spec +++ b/contrib/suse/openssh.spec @@ -13,7 +13,7 @@ Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation Name: openssh -Version: 8.1p1 +Version: 8.2p1 URL: https://www.openssh.com/ Release: 1 Source0: openssh-%{version}.tar.gz -- cgit v1.2.3 From 63da84c3570afb4fa6bab38fdac3e9af45d0ec54 Mon Sep 17 00:00:00 2001 From: Vincent Untz Date: Sun, 9 Feb 2014 16:10:16 +0000 Subject: Give the ssh-askpass-gnome window a default icon Bug-Ubuntu: https://bugs.launchpad.net/bugs/27152 Last-Update: 2010-02-28 Patch-Name: gnome-ssh-askpass2-icon.patch --- contrib/gnome-ssh-askpass2.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'contrib') diff --git a/contrib/gnome-ssh-askpass2.c b/contrib/gnome-ssh-askpass2.c index bc83a2d67..88cdfaeff 100644 --- a/contrib/gnome-ssh-askpass2.c +++ b/contrib/gnome-ssh-askpass2.c @@ -233,6 +233,8 @@ main(int argc, char **argv) gtk_init(&argc, &argv); + gtk_window_set_default_icon_from_file ("/usr/share/pixmaps/ssh-askpass-gnome.png", NULL); + if (argc > 1) { message = g_strjoinv(" ", argv + 1); } else { -- cgit v1.2.3