def do_process_challenge_prompt(self, packet, prompt="password"):
authlog("do_process_challenge_prompt() use_gui_prompt=%s",
use_gui_prompt())
if not use_gui_prompt():
import getpass
authlog("stdin isatty, using password prompt")
password = getpass.getpass("%s :" %
self.get_challenge_prompt(prompt))
authlog("password read from tty via getpass: %s", obsc(password))
self.send_challenge_reply(packet, password)
return True
else:
from xpra.platform.paths import get_nodock_command
cmd = get_nodock_command() + ["_pass", prompt]
try:
from subprocess import Popen, PIPE
proc = Popen(cmd, stdout=PIPE)
getChildReaper().add_process(proc, "password-prompt", cmd,
True, True)
out, err = proc.communicate(None, 60)
authlog("err(%s)=%s", cmd, err)
password = out.decode()
self.send_challenge_reply(packet, password)
return True
except Exception:
log("Error: failed to show GUi for password prompt",
exc_info=True)
return False
def confirm(info=(),
title="Confirm Key",
prompt="Are you sure you want to continue connecting?") -> bool:
log("confirm%s SKIP_UI=%s, PINENTRY=%s", (info, title, prompt), SKIP_UI,
PINENTRY)
if SKIP_UI:
return False
if PINENTRY:
pinentry_cmd = get_pinentry_command()
if pinentry_cmd:
messages = list(info) + ["", prompt]
return run_pinentry_confirm(pinentry_cmd, title,
"%0A".join(messages)) == "OK"
if use_gui_prompt():
from xpra.platform.paths import get_icon_filename
icon = get_icon_filename("authentication", "png") or ""
NO_CODE = 199
YES_CODE = 200
code = dialog_confirm(title,
prompt,
info,
icon,
buttons=[("NO", NO_CODE), ("yes", YES_CODE)])
log("dialog return code=%s", code)
r = code == YES_CODE
return r
log("confirm%s will use stdin prompt", (info, title, prompt))
prompt = "Are you sure you want to continue connecting (yes/NO)? "
sys.stderr.write(os.linesep.join(info) + os.linesep + prompt)
try:
v = sys.stdin.readline().rstrip(os.linesep)
except KeyboardInterrupt:
sys.exit(128 + signal.SIGINT)
return v and v.lower() in ("y", "yes")
def confirm_key(
info=(),
title="Confirm Key",
prompt="Are you sure you want to continue connecting?") -> bool:
if SKIP_UI:
return False
from xpra.platform.paths import get_icon_filename
if PINENTRY:
pinentry_cmd = get_pinentry_command()
if pinentry_cmd:
messages = list(info) + ["", prompt]
return run_pinentry_confirm(pinentry_cmd, title,
"%0A".join(messages))
if use_gui_prompt():
icon = get_icon_filename("authentication", "png") or ""
code = dialog_confirm(title,
prompt,
info,
icon,
buttons=[("yes", 200), ("NO", 201)])
log("dialog return code=%s", code)
r = code == 200
log.info("host key %sconfirmed", ["not ", ""][r])
return r
log("confirm_key(%r) will use stdin prompt", info)
prompt = "Are you sure you want to continue connecting (yes/NO)? "
sys.stderr.write(os.linesep.join(info) + os.linesep + prompt)
try:
v = sys.stdin.readline().rstrip(os.linesep)
except KeyboardInterrupt:
sys.exit(128 + signal.SIGINT)
return v and v.lower() in ("y", "yes")
def input_pass(prompt) -> str:
if SKIP_UI:
return None
from xpra.platform.paths import get_icon_filename
if use_gui_prompt():
icon = get_icon_filename("authentication", "png") or ""
return dialog_pass("Password Input", prompt, icon)
from getpass import getpass
try:
return getpass(prompt)
except KeyboardInterrupt:
sys.exit(128 + signal.SIGINT)
def main():
from xpra.platform import program_context
with program_context("U2F-Register", "Xpra U2F Registration Tool"):
if use_gui_prompt():
from gi.repository import GLib, Gtk
def show_dialog(mode, *msgs):
dialog = Gtk.MessageDialog(None, 0, mode,
Gtk.ButtonsType.CLOSE, "\n".join(msgs))
dialog.set_title("Xpra U2F Registration Tool")
v = dialog.run()
dialog.destroy()
#run the main loop long enough to destroy the dialog:
GLib.idle_add(Gtk.main_quit)
Gtk.main()
return v
def error(*msgs):
return show_dialog(Gtk.MessageType.ERROR, *msgs)
def info(*msgs):
return show_dialog(Gtk.MessageType.INFO, *msgs)
else:
print("U2F Registration Tool")
def printmsgs(*msgs):
for x in msgs:
print(x)
error = info = printmsgs
key_handle_filenames = [os.path.join(d, "u2f-keyhandle.hex") for d in get_user_conf_dirs()]
assert key_handle_filenames
for filename in key_handle_filenames:
p = osexpand(filename)
key_handle_str = load_binary_file(p)
if key_handle_str:
error(" found an existing key handle in file '%s':" % p,
#" %s" % key_handle_str,
" skipping U2F registration",
" delete this file if you want to register again")
return 1
public_key_filenames = []
for d in get_user_conf_dirs():
public_key_filenames += glob.glob(os.path.join(d, "u2f*.pub"))
if public_key_filenames:
info(" found %i existing public key%s" % (len(public_key_filenames, engs(public_key_filenames))),
*((" - %s" % x) for x in public_key_filenames))
#pick the first directory:
conf_dir = osexpand(get_user_conf_dirs()[0])
if not os.path.exists(conf_dir):
os.mkdir(conf_dir)
from pyu2f.u2f import GetLocalU2FInterface #@UnresolvedImport
try:
dev = GetLocalU2FInterface()
except Exception as e:
error("Failed to open local U2F device:",
"%s" % (str(e) or type(e)))
return 1
info("Please activate your U2F device now to generate a new key")
registered_keys = []
challenge= b'01234567890123456789012345678901' #unused
rr = dev.Register(APP_ID, challenge, registered_keys)
b = rr.registration_data
assert b[0]==5
pubkey = bytes(b[1:66])
khl = b[66]
key_handle = bytes(b[67:67 + khl])
#save to files:
key_handle_filename = osexpand(key_handle_filenames[0])
with open(key_handle_filename, "wb") as f:
f.write(hexstr(key_handle).encode())
#find a filename we can use for this public key:
i = 1
while True:
c = ""
if i>1:
c = "-%i"
public_key_filename = os.path.join(conf_dir, "u2f%s-pub.hex" % c)
if not os.path.exists(public_key_filename):
break
with open(public_key_filename, "wb") as f:
f.write(hexstr(pubkey).encode())
#info("key handle: %s" % csv(hex40(key_handle)),
# "saved to file '%s'" % key_handle_filename,
# "public key: %s" % csv(hex40(pubkey)),
# "saved to file '%s'" % public_key_filename,
# )
info(
"key handle saved to file:",
"'%s'" % key_handle_filename,
"public key saved to file:",
"'%s'" % public_key_filename,
)
return 0
