[X2Go-Commits] [x2goclient] 01/18: src/sshmasterconnection.cpp: stop libssh/OpenSSL from querying for a passphrase if started with a controlling terminal.

git-admin at x2go.org git-admin at x2go.org
Wed Mar 14 03:48:08 CET 2018 

This is an automated email from the git hooks/post-receive script.

x2go pushed a commit to branch master
in repository x2goclient.

commit c92b679443668ef8b913d3113eb786d77a603b0d
Author: Mihai Moldovan <ionic at ionic.de>
Date:   Wed Mar 14 00:41:57 2018 +0100

    src/sshmasterconnection.cpp: stop libssh/OpenSSL from querying for a passphrase if started with a controlling terminal.
---
 debian/changelog            |  2 ++
 src/sshmasterconnection.cpp | 13 ++++++++++++-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index 9ce7036..2e0f54c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -28,6 +28,8 @@ x2goclient (4.1.2.0-0x2go1) UNRELEASED; urgency=medium
     - res/qresources.qrc: add new lxqt files.
     - src/{onmainwindow.cpp,session{button,widget}.{cpp,h}}: add support for
       LXQt. Fixes: #1263.
+    - src/sshmasterconnection.cpp: stop libssh/OpenSSL from querying for a
+      passphrase if started with a controlling terminal.
 
  -- X2Go Release Manager <git-admin at x2go.org>  Thu, 15 Feb 2018 22:01:32 +0100
 
diff --git a/src/sshmasterconnection.cpp b/src/sshmasterconnection.cpp
index 0772f3f..7c2f91b 100644
--- a/src/sshmasterconnection.cpp
+++ b/src/sshmasterconnection.cpp
@@ -1407,7 +1407,18 @@ bool SshMasterConnection::userAuthWithKey()
 #if LIBSSH_VERSION_INT >= SSH_VERSION_INT (0, 6, 0)
     ssh_key priv_key = { 0 };
 
-    int rc = ssh_pki_import_privkey_file (tmp_ba.data (), NULL, NULL, NULL, &priv_key);
+    /*
+     * Passing an empty string as a passphrase parameter is a workaround for inconsistent
+     * behavior in libssh:
+     *   - compiled with OpenSSL, libssh lets OpenSSL query the passphrase if the
+     *     application has a controlling terminal connected
+     *   - compiled with libgcrypt, this never happens
+     *
+     * We do not want to break user experience by having libssh/OpenSSL query for the
+     * passphrase on a terminal (and the client not reacting to any input while this
+     * happens), so work around this inconsistency by providing an empty passphrase.
+     */
+    int rc = ssh_pki_import_privkey_file (tmp_ba.data (), "", NULL, NULL, &priv_key);
 
     if (SSH_EOF == rc) {
         x2goDebug << "Failed to get private key from " << keyName << "; file does not exist.";

--
Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2goclient.git

More information about the x2go-commits mailing list