[PATCH] git-gui--askpass implements SSH_ASKPASS_PROMPT

[PATCH] git-gui--askpass implements SSH_ASKPASS_PROMPT

[Likai Liu]

SSH_ASKPASS_PROMPT is a new behavior introduced in OpenSSH 8.2 for
prompting U2F touch.

  - When unset/empty, this is used to input passphrase as before.
  - When set to "confirm", allows the user to OK or Cancel.
  - When set to "none", only shows a message.

Signed-off-by: Likai Liu <liulk@likai.org>
---
 git-gui/git-gui--askpass | 70 +++++++++++++++++++++++++++++-----------
 1 file changed, 52 insertions(+), 18 deletions(-)

diff --git a/git-gui/git-gui--askpass b/git-gui/git-gui--askpass
index 71a536d232..7d4bda8f31 100755
--- a/git-gui/git-gui--askpass
+++ b/git-gui/git-gui--askpass
@@ -4,6 +4,21 @@ exec wish "$0" -- "$@"
 
 # This is a trivial implementation of an SSH_ASKPASS handler.
 # Git-gui uses this script if none are already configured.
+#
+# When SSH_ASKPASS_PROMPT is unset or empty, we show a message
+# promot, a text input, an option to show the input, and the OK and
+# Cancel buttons.  If the prompt explicitly asks for (yes/no) as the
+# answer, the input will be checked to be either "yes" or "no".
+#
+# When SSH_ASKPASS_PROMPT=confirm, we only show the message and the OK
+# and Cancel buttons without the text input.
+#
+# When SSH_ASKPASS_PROMPT=none, we only show the message.  This is
+# typically to prompt for U2F touch, which cannot be dismissed.  We
+# will get SIGTERM once touched.  The exit status is inconsequential.
+#
+# See: https://www.openssh.com/txt/release-8.2
+# See also: notify_start() and notify_complete() in readpass.c
 
 package require Tk
 
@@ -11,10 +26,22 @@ set answer {}
 set yesno  0
 set rc     255
 
+if {[info exists ::env(SSH_ASKPASS_PROMPT)]} {
+	set mode $::env(SSH_ASKPASS_PROMPT)
+} else {
+	set mode {}
+}
+switch $mode {
+	confirm {}
+	none {}
+	default {set mode {}}
+}
 if {$argc < 1} {
 	set prompt "Enter your OpenSSH passphrase:"
 } else {
 	set prompt [join $argv " "]
+}
+if {$mode eq {}} {
 	if {[regexp -nocase {\(yes\/no\)\?\s*$} $prompt]} {
 		set yesno 1
 	}
@@ -23,9 +50,6 @@ if {$argc < 1} {
 message .m -text $prompt -justify center -aspect 4000
 pack .m -side top -fill x -padx 20 -pady 20 -expand 1
 
-entry .e -textvariable answer -width 50
-pack .e -side top -fill x -padx 10 -pady 10
-
 proc on_show_input_changed {args} {
 	global show_input
 	if {$show_input} {
@@ -34,27 +58,37 @@ proc on_show_input_changed {args} {
 		.e configure -show "*"
 	}
 }
-trace add variable show_input write "on_show_input_changed"
 
-set show_input 0
+if {$mode eq {}} {
+	entry .e -textvariable answer -width 50
+	pack .e -side top -fill x -padx 10 -pady 10
 
-if {!$yesno} {
-	checkbutton .cb_show -text "Show input" -variable show_input
-	pack .cb_show -side top -anchor nw
+	trace add variable show_input write "on_show_input_changed"
+
+	set show_input $yesno
+
+	if {!$yesno} {
+		checkbutton .cb_show -text "Show input" -variable show_input
+		pack .cb_show -side top -anchor nw
+	}
 }
 
-frame .b
-button .b.ok     -text OK     -command finish
-button .b.cancel -text Cancel -command cancel
+if {$mode ne {none}} {
+	frame .b
+	button .b.ok     -text OK     -command finish
+	button .b.cancel -text Cancel -command cancel
 
-pack .b.ok -side left -expand 1
-pack .b.cancel -side right -expand 1
-pack .b -side bottom -fill x -padx 10 -pady 10
+	pack .b.ok -side left -expand 1
+	pack .b.cancel -side right -expand 1
+	pack .b -side bottom -fill x -padx 10 -pady 10
 
-bind . <Visibility> {focus -force .e}
-bind . <Key-Return> [list .b.ok invoke]
-bind . <Key-Escape> [list .b.cancel invoke]
-bind . <Destroy>    {set rc $rc}
+	if {$mode eq {}} {
+		bind . <Visibility> {focus -force .e}
+	}
+	bind . <Key-Return> [list .b.ok invoke]
+	bind . <Key-Escape> [list .b.cancel invoke]
+}
+bind . <Destroy> {set rc $rc}
 
 proc cancel {} {
 	set ::rc 255
-- 
2.30.1 (Apple Git-130)