diff options
| author | Simon Tatham <anakin@pobox.com> | 2022-05-18 15:04:56 +0300 |
|---|---|---|
| committer | Simon Tatham <anakin@pobox.com> | 2022-05-18 15:05:17 +0300 |
| commit | 787c358d373bbef8383b385770747b1a6a4ab3ca (patch) | |
| tree | 8c6538959b4b8738fd320f77af5e8398c71ff474 /unix | |
| parent | 81dcbd6267db063367056cb0cf94eca4eb161991 (diff) | |
Fix command-line password handling in Restart Session.
When the user provides a password on the PuTTY command line, via -pw
or -pwfile, the flag 'tried_once' inside cmdline_get_passwd_input() is
intended to arrange that we only try sending that password once, and
after we've sent it, we don't try again.
But this plays badly with the 'Restart Session' operation. If the
connection is lost and then restarted at user request, we _do_ want to
send that password again!
So this commit moves that static variable out into a small state
structure held by the client of cmdline_get_passwd_input. Each client
can decide how to manage that state itself.
Clients that support 'Restart Session' - i.e. just GUI PuTTY itself -
will initialise the state at the same time as instantiating the
backend, so that every time the session is restarted, we return
to (correctly) believing that we _haven't_ yet tried the password
provided on the command line.
But clients that don't support 'Restart Session' - i.e. Plink and file
transfer tools - can do the same thing that cmdline.c was doing
before: just keep the state in a static variable.
This also means that the GUI login tools will now retain the
command-line password in memory, whereas previously they'd have wiped
it out once it was used. But the other tools will still wipe and free
the password, because I've also added a 'bool restartable' flag to
cmdline_get_passwd_input to let it know when it _is_ allowed to do
that.
In the GUI tools, I don't see any way to get round that, because if
the session is restarted you _have_ to still have the password to use
again. (And you can't infer that that will never happen from the
CONF_close_on_exit setting, because that too could be changed in
mid-session.) On the other hand, I think it's not all that worrying,
because the use of either -pw or -pwfile means that a persistent copy
of your password is *already* stored somewhere, so another one isn't
too big a stretch.
(Due to the change of -pw policy in 0.77, the effect of this bug was
that an attempt to reconnect in a session set up this way would lead
to "Configured password was not accepted". In 0.76, the failure mode
was different: PuTTY would interactively prompt for the password,
having wiped it out of memory after it was used the first time round.)
Diffstat (limited to 'unix')
| -rw-r--r-- | unix/plink.c | 7 | ||||
| -rw-r--r-- | unix/sftp.c | 8 | ||||
| -rw-r--r-- | unix/window.c | 5 |
3 files changed, 17 insertions, 3 deletions
diff --git a/unix/plink.c b/unix/plink.c index 8f53ceda..9e109f01 100644 --- a/unix/plink.c +++ b/unix/plink.c @@ -373,8 +373,13 @@ static bool plink_eof(Seat *seat) static SeatPromptResult plink_get_userpass_input(Seat *seat, prompts_t *p) { + /* Plink doesn't support Restart Session, so we can just have a + * single static cmdline_get_passwd_input_state that's never reset */ + static cmdline_get_passwd_input_state cmdline_state = + CMDLINE_GET_PASSWD_INPUT_STATE_INIT; + SeatPromptResult spr; - spr = cmdline_get_passwd_input(p); + spr = cmdline_get_passwd_input(p, &cmdline_state, false); if (spr.kind == SPRK_INCOMPLETE) spr = console_get_userpass_input(p); return spr; diff --git a/unix/sftp.c b/unix/sftp.c index 17a83a89..9d099f55 100644 --- a/unix/sftp.c +++ b/unix/sftp.c @@ -65,8 +65,14 @@ Filename *platform_default_filename(const char *name) SeatPromptResult filexfer_get_userpass_input(Seat *seat, prompts_t *p) { + /* The file transfer tools don't support Restart Session, so we + * can just have a single static cmdline_get_passwd_input_state + * that's never reset */ + static cmdline_get_passwd_input_state cmdline_state = + CMDLINE_GET_PASSWD_INPUT_STATE_INIT; + SeatPromptResult spr; - spr = cmdline_get_passwd_input(p); + spr = cmdline_get_passwd_input(p, &cmdline_state, false); if (spr.kind == SPRK_INCOMPLETE) spr = console_get_userpass_input(p); return spr; diff --git a/unix/window.c b/unix/window.c index c2e79bf0..173943cb 100644 --- a/unix/window.c +++ b/unix/window.c @@ -160,6 +160,7 @@ struct GtkFrontend { Ldisc *ldisc; Backend *backend; Terminal *term; + cmdline_get_passwd_input_state cmdline_get_passwd_state; LogContext *logctx; bool exited; struct unicode_data ucsdata; @@ -343,7 +344,7 @@ static SeatPromptResult gtk_seat_get_userpass_input(Seat *seat, prompts_t *p) { GtkFrontend *inst = container_of(seat, GtkFrontend, seat); SeatPromptResult spr; - spr = cmdline_get_passwd_input(p); + spr = cmdline_get_passwd_input(p, &inst->cmdline_get_passwd_state, true); if (spr.kind == SPRK_INCOMPLETE) spr = term_get_userpass_input(inst->term, p); return spr; @@ -5105,6 +5106,8 @@ static void start_backend(GtkFrontend *inst) const struct BackendVtable *vt; char *error, *realhost; + inst->cmdline_get_passwd_state = cmdline_get_passwd_input_state_new; + vt = select_backend(inst->conf); seat_set_trust_status(&inst->seat, true); |