xpra icon
Bug tracker and wiki

Opened 4 weeks ago

Closed 4 weeks ago

Last modified 4 weeks ago

#1645 closed enhancement (fixed)

Authorization Prompts

Reported by: vinglya Owned by: vinglya
Priority: major Milestone: 2.2
Component: client Version: trunk
Keywords: authorization prompt password Cc:

Description

When attempting to connect to a secured XPRA server, especially through command line (i.e. xpra start ssl/user@host), if no password is specified through either password-file or on the command line, then XPRA should prompt for the password to use rather than exiting with an error.

This would allow for the password to be omitted from any environment variables, command lines or files where they may be sniffed by other processes.

Change History (5)

comment:1 Changed 4 weeks ago by Antoine Martin

Owner: changed from Antoine Martin to vinglya

Done in r16907.

This could be re-used for ssh prompts (#1646).

Limitations:

  • the server may timeout the connection if the user takes too long to supply the password (~60 seconds)
  • if the password is wrong the client exits without showing the password prompt again

@vinglya: please close if that works for you.

comment:2 Changed 4 weeks ago by vinglya

Works fine for me.

Of note - there's no prompt when doing an xpra info ssl/user@host.

comment:3 Changed 4 weeks ago by Antoine Martin

Resolution: fixed
Status: newclosed

Commands like "xpra info", "xpra version", etc are command line utilities with no GUI, adding a GUI prompt would cause problems with scripts.

comment:4 Changed 4 weeks ago by vinglya

Just as a note - when I'd mentioned prompting for password in IRC I had thought a simple call to python's getpass module would suffice to request it from stdin of the process rather than a GUI prompt. Either way this at least covers my usecase of only having to provide the password transiently.

comment:5 Changed 4 weeks ago by Antoine Martin

@vinglya: you're right about using getpass, r16940 does that for command line tools like "xpra info". We first check to see if we're running from a tty so this should remain compatible with any wrapper scripts.

Some minor related improvements in r16941.

r16942 also uses the same code for "xpra attach": if the user started the command from a terminal, we prompt for the password there instead of using the GUI. (minor gripe: if you just press enter from the getpass prompt, the GUI prompt still comes up..)

Note: See TracTickets for help on using tickets.