Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

readpass: add fallback to tty if default askpass unavailable #536

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

YHNdnzj
Copy link

@YHNdnzj YHNdnzj commented Nov 9, 2024

Currently, when read_passphrase() is called with RP_ALLOW_STDIN + !isatty(STDIN_FILENO) or $SSH_ASKPASS_REQUIRE=prefer, and running in GUI environment (w/ $DISPLAY or $WAYLAND_DISPLAY), askpass is effectively enforced. This behavior is not ideal though when no askpass program is installed, as it results in hard failure.

Instead, check the existence of the default askpass path early, and if unavailable fall back to tty in the 2 cases mentioned above.

Currently, when read_passphrase() is called with RP_ALLOW_STDIN +
!isatty(STDIN_FILENO) or $SSH_ASKPASS_REQUIRE=prefer, and running in
GUI environment (w/ $DISPLAY or $WAYLAND_DISPLAY), askpass is effectively
enforced. This behavior is not ideal though when no askpass program
is installed, as it results in hard failure.

Instead, check the existence of the default askpass path early,
and if unavailable fall back to tty in the 2 cases mentioned above.
@djmdjm
Copy link
Contributor

djmdjm commented Nov 28, 2024

I think doing it this way might be a little cleaner. Does it solve your problem?

djmdjm/openssh-wip@0ad8745

@YHNdnzj
Copy link
Author

YHNdnzj commented Nov 28, 2024

I think doing it this way might be a little cleaner. Does it solve your problem?

djmdjm/openssh-wip@0ad8745

A cleaner approach is definitely appreciated. However, it appears to me that your patch would break compat if $SSH_ASKPASS points to executable in $PATH, rather than being absolute. That's why I resorted to only checking the existence for default askpass program, and rely on exec*p() returning error otherwise.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants