rpms/x11-ssh-askpass/devel X11-ssh-askpass.csh, NONE, 1.1 X11-ssh-askpass.sh, NONE, 1.1 x11-ssh-askpass-1.2.4-random.patch, NONE, 1.1 x11-ssh-askpass.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
Enrico Scholz (ensc)
fedora-extras-commits at redhat.com
Wed Aug 9 20:27:35 UTC 2006
Author: ensc
Update of /cvs/extras/rpms/x11-ssh-askpass/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv1798/devel
Modified Files:
.cvsignore sources
Added Files:
X11-ssh-askpass.csh X11-ssh-askpass.sh
x11-ssh-askpass-1.2.4-random.patch x11-ssh-askpass.spec
Log Message:
auto-import x11-ssh-askpass-1.2.4.1-1.fc5x on branch devel from x11-ssh-askpass-1.2.4.1-1.fc5x.src.rpm
--- NEW FILE X11-ssh-askpass.csh ---
if ( $?SSH_ASKPASS ) then
exit
endif
setenv SSH_ASKPASS /usr/libexec/openssh/x11-ssh-askpass
--- NEW FILE X11-ssh-askpass.sh ---
if [ -z "$SSH_ASKPASS" ] ; then
SSH_ASKPASS=/usr/libexec/openssh/x11-ssh-askpass
export SSH_ASKPASS
fi
x11-ssh-askpass-1.2.4-random.patch:
--- NEW FILE x11-ssh-askpass-1.2.4-random.patch ---
2005-12-27 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de>
- added code to randomize the amount of shown ticks per
password character. The new code is a little bit dirty and
not well-designed.
- dynlist.c: do not 'realloc(3)'; it may leak passwords into
free'd memory. Instead of, do a malloc-memcpy-memset-free
sequence.
--- x11-ssh-askpass-1.2.4.1/dynlist.c.random 2001-09-17 09:42:50.000000000 +0200
+++ x11-ssh-askpass-1.2.4.1/dynlist.c 2005-12-27 01:23:54.000000000 +0100
@@ -24,6 +24,7 @@
#include <stdio.h>
#include <stdlib.h>
+#include <string.h>
#include "dynlist.h"
@@ -54,29 +55,50 @@
return(APPEND_SUCCESS);
}
+static void *
+Xrealloc(void *orig, size_t sz, size_t old_sz)
+{
+ void * tmp = malloc(sz);
+ if (tmp!=0 && old_sz>0) {
+ memcpy(tmp, orig, old_sz);
+ memset(orig, 0, old_sz);
+ __asm__ __volatile__("" : : : "memory");
+ free(orig);
+ }
+
+ return tmp;
+}
+
/* For single-dimensional buffers. */
-int append_to_buf(char **buf, int *buflen, int *i, int c)
+int append_to_buf(char **buf, unsigned char **buf_rnd, int *buflen, int *i, int c, unsigned char rnd)
{
char *tmp_buf;
if (*i >= *buflen)
{
+ size_t old_len = *buflen;
*buflen += BUF_CHUNK_SIZE;
- if (NULL == *buf) {
- tmp_buf = malloc(sizeof(**buf) * *buflen);
- } else {
- tmp_buf = realloc(*buf, (sizeof(**buf) * *buflen));
- }
+ tmp_buf = Xrealloc(*buf, sizeof(**buf) * *buflen, sizeof(**buf) * old_len);
if (NULL == tmp_buf)
{
return(APPEND_FAILURE);
}
*buf = tmp_buf;
+
+ tmp_buf = Xrealloc(*buf_rnd,
+ sizeof(**buf_rnd) * *buflen,
+ sizeof(**buf_rnd) * old_len);
+ if (NULL == tmp_buf)
+ {
+ return(APPEND_FAILURE);
+ }
+ *buf_rnd = tmp_buf;
#ifdef DEBUG
printf("-->Allocated buffer of size %d\n", *buflen);
#endif /* DEBUG */
}
- (*buf)[*i] = (char) c;
+ (*buf)[*i] = (char) c;
+ (*buf_rnd)[*i] = rnd;
(*i)++;
return(APPEND_SUCCESS);
}
--- x11-ssh-askpass-1.2.4.1/dynlist.h.random 2001-09-17 09:42:50.000000000 +0200
+++ x11-ssh-askpass-1.2.4.1/dynlist.h 2005-12-27 01:23:25.000000000 +0100
@@ -29,6 +29,6 @@
#define APPEND_FAILURE 0
int append_to_list(char ***list_ptr, int *list_len, int *i, char *item);
-int append_to_buf(char **buf, int *buflen, int *i, int c);
+int append_to_buf(char **buf, unsigned char **buf_rnd, int *buflen, int *i, int c, unsigned char rnd);
#endif /* H_DYNLIST */
--- x11-ssh-askpass-1.2.4.1/x11-ssh-askpass.c.random 2001-09-17 09:42:50.000000000 +0200
+++ x11-ssh-askpass-1.2.4.1/x11-ssh-askpass.c 2005-12-27 01:23:25.000000000 +0100
@@ -400,6 +400,9 @@
getResolutionResource(app, "xResolutionFuzz", "XResolutionFuzz", "20/in");
app->yFuzz =
getResolutionResource(app, "yResolutionFuzz", "YResolutionFuzz", "20/in");
+
+ app->randCount =
+ getUnsignedIntegerResource(app, "randCount", "RandCount", 2)+1;
d->title =
getStringResourceWithDefault("dialog.title", "Dialog.Title",
@@ -1008,21 +1011,25 @@
DialogInfo *d = app->dialog;
if (condition > 0) {
- /* Move forward one. */
- updateIndicatorElement(app, d->indicator.current);
- if (d->indicator.current < (d->indicator.count - 1)) {
- (d->indicator.current)++;
- } else {
- d->indicator.current = 0;
+ for (;condition>0;--condition) {
+ /* Move forward one. */
+ updateIndicatorElement(app, d->indicator.current);
+ if (d->indicator.current < (d->indicator.count - 1)) {
+ (d->indicator.current)++;
+ } else {
+ d->indicator.current = 0;
+ }
}
} else if (condition < 0) {
- /* Move backward one. */
- if (d->indicator.current > 0) {
- (d->indicator.current)--;
- } else {
- d->indicator.current = d->indicator.count - 1;
+ for (;condition<0;++condition) {
+ /* Move backward one. */
+ if (d->indicator.current > 0) {
+ (d->indicator.current)--;
+ } else {
+ d->indicator.current = d->indicator.count - 1;
+ }
+ updateIndicatorElement(app, d->indicator.current);
}
- updateIndicatorElement(app, d->indicator.current);
} else {
/* Erase them all. */
int i;
@@ -1200,9 +1207,12 @@
destroyGCs(app);
destroyDialog(app);
if (app->buf) {
- memset(app->buf, 0, app->bufSize);
+ memset(app->buf, 0, app->bufSize);
+ memset(app->buf_rnd, 0, app->bufSize);
+ __asm__ __volatile__("" : : : "memory");
}
freeIf(app->buf);
+ freeIf(app->buf_rnd);
ungrabPointer(app);
ungrabKeyboard(app);
ungrabServer(app);
@@ -1216,8 +1225,9 @@
void acceptAction(AppInfo *app)
{
- int status = append_to_buf(&(app->buf), &(app->bufSize),
- &(app->bufIndex), '\0');
+ int status = append_to_buf(&(app->buf), &(app->buf_rnd),
+ &(app->bufSize), &(app->bufIndex),
+ '\0', 0);
if (APPEND_FAILURE == status) {
cleanUp(app);
outOfMemory(app, __LINE__);
@@ -1239,7 +1249,7 @@
return;
}
(app->bufIndex)--;
- updateIndicators(app, -1);
+ updateIndicators(app, -app->buf_rnd[app->bufIndex]);
}
void erasePassphrase(AppInfo *app)
@@ -1254,13 +1264,15 @@
void addToPassphrase(AppInfo *app, char c)
{
- int status = append_to_buf(&(app->buf), &(app->bufSize),
- &(app->bufIndex), c);
+ unsigned int r = rand()%app->randCount + 1;
+ int status = append_to_buf(&(app->buf), &(app->buf_rnd),
+ &(app->bufSize), &(app->bufIndex),
+ c, r);
if (APPEND_FAILURE == status) {
cleanUp(app);
outOfMemory(app, __LINE__);
}
- updateIndicators(app, 1);
+ updateIndicators(app, r);
}
void handleKeyPress(AppInfo *app, XEvent *event)
@@ -1433,11 +1445,27 @@
}
}
+static void
+initRandom()
+{
+ int fd=open("/dev/urandom", O_RDONLY);
+ unsigned int seed;
+
+ if (fd!=-1) {
+ read(fd, &seed, sizeof seed);
+ close(fd);
+ }
+
+ seed += time(0);
+ srand(seed);
+}
+
int main(int argc, char **argv)
{
AppInfo app;
XEvent event;
+ initRandom();
memset(&app, 0, sizeof(app));
progclass = "SshAskpass";
--- x11-ssh-askpass-1.2.4.1/x11-ssh-askpass.h.random 2001-09-17 09:42:50.000000000 +0200
+++ x11-ssh-askpass-1.2.4.1/x11-ssh-askpass.h 2005-12-27 01:23:25.000000000 +0100
@@ -152,6 +152,7 @@
pid_t pid;
char *buf;
+ unsigned char *buf_rnd;
int bufSize;
int bufIndex;
@@ -196,6 +197,8 @@
unsigned long inputTimeout;
XtIntervalId inputTimeoutTimerId;
Bool inputTimeoutActive;
+
+ unsigned char randCount;
DialogInfo *dialog;
} AppInfo;
--- x11-ssh-askpass-1.2.4.1/x11-ssh-askpass.man.in.random 2001-09-17 09:42:50.000000000 +0200
+++ x11-ssh-askpass-1.2.4.1/x11-ssh-askpass.man.in 2005-12-27 01:23:25.000000000 +0100
@@ -1,4 +1,4 @@
-.\" x11-ssh-askpass.man
+.\" x11-ssh-askpass.man -*- nroff -*-
.\" Created by Matthieu Herrb <matthieu at laas.fr> for OpenBSD
.\" Modified by Jim Knoble <jmknoble at pobox.com> for non-OpenBSD
.\" distribution
@@ -219,6 +219,14 @@
.Dq 20/in
(20 pixels per inch).
.El
+.It Cm randCount ( No class Cm RandCount )
+.Bl -inset -compact
+.It specifies the maximum amount of additional, random units which can
+be generated per password character. A non-zero value helps to hide
+the length of the typed passphrase.
+.It Default value:
+.Dq 2 .
+.El
.El
.Pp
The following resources are recognized by the Dialog widget:
--- NEW FILE x11-ssh-askpass.spec ---
## $Id$
%global __alternatives /usr/sbin/alternatives
%global appdefaultsdir /usr/share/X11/app-defaults
%{!?release_func:%global release_func() %1%{?dist}}
Name: x11-ssh-askpass
Version: 1.2.4.1
Release: %release_func 1
Summary: A passphrase dialog for X and not only for OpenSSH
Group: Applications/System
License: Public Domain
URL: http://www.jmknoble.net/software/x11-ssh-askpass/
Source0: http://www.jmknoble.net/software/x11-ssh-askpass/%name-%version.tar.gz
Source10: X11-ssh-askpass.csh
Source11: X11-ssh-askpass.sh
Patch0: x11-ssh-askpass-1.2.4-random.patch
BuildRoot: %_tmppath/%name-%version-%release-root-%(%__id_u -n)
Provides: openssh-askpass-x11
Requires(pre): %appdefaultsdir
Requires(postun): %appdefaultsdir
#Requires(post): %__alternatives
#Requires(preun): %__alternatives
BuildRequires: imake libXt-devel
%description
x11-ssh-askpass is a lightweight passphrase dialog for OpenSSH or
other open variants of SSH. In particular, x11-ssh-askpass is useful
with the Unix port of OpenSSH by Damien Miller and others, and Damien
includes it in his RPM packages of OpenSSH.
x11-ssh-askpass uses only the stock X11 libraries (libX11, libXt) for
its user interface. This reduces its dependencies on external libraries
(such as GNOME or Perl/Tk). See the README for further information.
%prep
%setup -q
%patch0 -p1 -b .random
%global makeflags XAPPLOADDIR='%appdefaultsdir'
%build
%configure --libexecdir=%_libexecdir/openssh
xmkmf
make includes %makeflags
make %{?_smp_mflags} %makeflags
%install
rm -rf $RPM_BUILD_ROOT
make install install.man DESTDIR=$RPM_BUILD_ROOT %makeflags
mkdir -p $RPM_BUILD_ROOT%_sysconfdir/profile.d
install -p -m0755 %SOURCE10 %SOURCE11 $RPM_BUILD_ROOT%_sysconfdir/profile.d/
rm -f $RPM_BUILD_ROOT{%_libexecdir/openssh,%_mandir/man1}/ssh-askpass*
%clean
rm -rf $RPM_BUILD_ROOT
## Disable alternatives stuff for now; it requires support from the
## Fedora Core openssh-askpass package
# #post
# %__alternatives --install \
# %_libexecdir/openssh/ssh-askpass ssh-askpass %_libexecdir/openssh/x11-ssh-askpass \
# --slave %_mandir/man1/ssh-askpass ssh-askpass-man %_mandir/man1/x11-ssh-askpass \
# 50
#
# #preun
# test "$1" != 0 || \
# %__alternatives --remove ssh-askpass %_libexecdir/openssh/x11-ssh-askpass
%files
%defattr(-,root,root,-)
%doc ChangeLog README TODO *.ad
%config(noreplace) %_sysconfdir/profile.d/*
%appdefaultsdir/*
%_libexecdir/openssh
%_mandir/*/*
%changelog
* Tue Jul 25 2006 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 1.2.4.1-1
- initial Fedora Extras package (review #176580)
* Sat May 20 2006 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 1.2.4.1-0.2
- removed '%%config' from the app-defaultsdir
- do not own the app-defaultsdir anymore
- added some tricks to the -random patch to avoid removal of the
clear-the-passphrase-memset() during optimization
* Sun Mar 26 2006 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 1.2.4.1-0.1
- fixed path of app-defaults dir
* Wed Dec 21 2005 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 1.2.4.1-0
- initial build
Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/x11-ssh-askpass/devel/.cvsignore,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- .cvsignore 9 Aug 2006 20:26:37 -0000 1.1
+++ .cvsignore 9 Aug 2006 20:27:35 -0000 1.2
@@ -0,0 +1 @@
+x11-ssh-askpass-1.2.4.1.tar.gz
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/x11-ssh-askpass/devel/sources,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sources 9 Aug 2006 20:26:37 -0000 1.1
+++ sources 9 Aug 2006 20:27:35 -0000 1.2
@@ -0,0 +1 @@
+8f2e41f3f7eaa8543a2440454637f3c3 x11-ssh-askpass-1.2.4.1.tar.gz
More information about the fedora-extras-commits
mailing list