From 0fbf75b95a61ce4bc3b4b642f5be31f165733ac6 Mon Sep 17 00:00:00 2001 From: Kovid Goyal Date: Mon, 21 Oct 2019 14:20:30 +0530 Subject: [PATCH] Allow specifying that remote control only works over a socket --- docs/changelog.rst | 4 ++++ kitty/boss.py | 10 +++++----- kitty/config_data.py | 20 ++++++++++++++++---- 3 files changed, 25 insertions(+), 9 deletions(-) diff --git a/docs/changelog.rst b/docs/changelog.rst index 6a3b63cba..467775f61 100644 --- a/docs/changelog.rst +++ b/docs/changelog.rst @@ -20,6 +20,10 @@ To update |kitty|, :doc:`follow the instructions `. - Add specialised rendering for a few more box powerline and unicode symbols (:pull:`2074` and :pull:`2021`) +- Add a new socket only mode for :opt:`allow_remote_control`. This makes + it possible to programs running on the local machine to control kitty + but not programs running over ssh. + 0.14.6 [2019-09-25] --------------------- diff --git a/kitty/boss.py b/kitty/boss.py index 2629c019f..530db94a1 100644 --- a/kitty/boss.py +++ b/kitty/boss.py @@ -121,7 +121,7 @@ class Boss: talk_fd = getattr(single_instance, 'socket', None) talk_fd = -1 if talk_fd is None else talk_fd.fileno() listen_fd = -1 - if opts.allow_remote_control and args.listen_on: + if args.listen_on and (opts.allow_remote_control in ('y', 'socket-only')): listen_fd = listen_on(args.listen_on) self.child_monitor = ChildMonitor( self.on_child_death, @@ -276,9 +276,9 @@ class Boss: self.child_monitor.add_child(window.id, window.child.pid, window.child.child_fd, window.screen) self.window_id_map[window.id] = window - def _handle_remote_command(self, cmd, window=None): + def _handle_remote_command(self, cmd, window=None, from_peer=False): response = None - if self.opts.allow_remote_control or getattr(window, 'allow_remote_control', False): + if self.opts.allow_remote_control == 'y' or from_peer or getattr(window, 'allow_remote_control', False): try: response = handle_cmd(self, window, cmd) except Exception as err: @@ -287,7 +287,7 @@ class Boss: if not getattr(err, 'hide_traceback', False): response['tb'] = traceback.format_exc() else: - response = {'ok': False, 'error': 'Remote control is disabled. Add allow_remote_control yes to your kitty.conf'} + response = {'ok': False, 'error': 'Remote control is disabled. Add allow_remote_control to your kitty.conf'} return response def peer_message_received(self, msg): @@ -295,7 +295,7 @@ class Boss: cmd_prefix = '\x1bP@kitty-cmd' if msg.startswith(cmd_prefix): cmd = msg[len(cmd_prefix):-2] - response = self._handle_remote_command(cmd) + response = self._handle_remote_command(cmd, from_peer=True) if response is not None: response = (cmd_prefix + json.dumps(response) + '\x1b\\').encode('utf-8') return response diff --git a/kitty/config_data.py b/kitty/config_data.py index e7f48a809..e0a4f5914 100644 --- a/kitty/config_data.py +++ b/kitty/config_data.py @@ -826,11 +826,23 @@ Note that setting it to yes means that any background processes still using the terminal can fail silently because their stdout/stderr/stdin no longer work. ''')) -o('allow_remote_control', False, long_text=_(''' + +def allow_remote_control(x): + if x != 'socket-only': + x = 'y' if to_bool(x) else 'n' + return x + + +o('allow_remote_control', 'no', option_type=allow_remote_control, long_text=_(''' Allow other programs to control kitty. If you turn this on other programs can -control all aspects of kitty, including sending text to kitty windows, -opening new windows, closing windows, reading the content of windows, etc. -Note that this even works over ssh connections. +control all aspects of kitty, including sending text to kitty windows, opening +new windows, closing windows, reading the content of windows, etc. Note that +this even works over ssh connections. You can chose to either allow any program +running within kitty to control it, with :code:`yes` or only programs that +connect to the socket specified with the :option:`kitty --listen-on` command +line option, if you use the value :code:`socket-only`. The latter is useful if +you want to prevent programs running on a remote computer over ssh from +controlling kitty. ''')) o(