Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authorization Prompts #1645

Closed
totaam opened this issue Sep 17, 2017 · 8 comments
Closed

Authorization Prompts #1645

totaam opened this issue Sep 17, 2017 · 8 comments

Comments

@totaam
Copy link
Collaborator

totaam commented Sep 17, 2017

Issue migrated from trac ticket # 1645

component: client | priority: major | resolution: fixed | keywords: authorization prompt password

2017-09-17 19:04:22: vinglya created the issue

When attempting to connect to a secured XPRA server, especially through command line (i.e. xpra start ssl/user@host), if no password is specified through either password-file or on the command line, then XPRA should prompt for the password to use rather than exiting with an error.

This would allow for the password to be omitted from any environment variables, command lines or files where they may be sniffed by other processes.
@totaam
Copy link
Collaborator Author

totaam commented Sep 18, 2017

2017-09-18 09:23:43: antoine changed owner from antoine to vinglya

@totaam
Copy link
Collaborator Author

totaam commented Sep 18, 2017

2017-09-18 09:23:43: antoine commented

Done in r16907.

This could be re-used for ssh prompts (#1646).

Limitations:

  • the server may timeout the connection if the user takes too long to supply the password (~60 seconds)
  • if the password is wrong the client exits without showing the password prompt again

@vinglya: please close if that works for you.

@totaam
Copy link
Collaborator Author

totaam commented Sep 20, 2017

2017-09-20 21:07:46: vinglya commented

Works fine for me.

Of note - there's no prompt when doing an xpra info ssl/user@host.

@totaam
Copy link
Collaborator Author

totaam commented Sep 21, 2017

2017-09-21 05:25:24: antoine changed status from new to closed

@totaam
Copy link
Collaborator Author

totaam commented Sep 21, 2017

2017-09-21 05:25:24: antoine set resolution to fixed

@totaam
Copy link
Collaborator Author

totaam commented Sep 21, 2017

2017-09-21 05:25:24: antoine commented

Commands like "xpra info", "xpra version", etc are command line utilities with no GUI, adding a GUI prompt would cause problems with scripts.

@totaam totaam closed this as completed Sep 21, 2017
@totaam
Copy link
Collaborator Author

totaam commented Sep 21, 2017

2017-09-21 09:15:47: vinglya commented

Just as a note - when I'd mentioned prompting for password in IRC I had thought a simple call to python's getpass module would suffice to request it from stdin of the process rather than a GUI prompt. Either way this at least covers my usecase of only having to provide the password transiently.

@totaam
Copy link
Collaborator Author

totaam commented Sep 21, 2017

2017-09-21 10:44:00: antoine commented

@vinglya: you're right about using getpass, r16940 does that for command line tools like "xpra info". We first check to see if we're running from a tty so this should remain compatible with any wrapper scripts.

Some minor related improvements in r16941.

r16942 also uses the same code for "xpra attach": if the user started the command from a terminal, we prompt for the password there instead of using the GUI. (minor gripe: if you just press enter from the getpass prompt, the GUI prompt still comes up..)

@totaam totaam mentioned this issue Jan 22, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@totaam