From ff1a297f775d385fb5c66be003444c7560d0082a Mon Sep 17 00:00:00 2001
From: Simon Tatham <anakin@pobox.com>
Date: Sat, 8 Feb 2020 18:08:20 +0000
Subject: [PATCH] Make the Pageant core serialise GUI requests.

---
 pageant.c     | 17 +++++++++++++++++
 unix/uxpgnt.c |  6 +-----
 2 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/pageant.c b/pageant.c
index 97f9c588..caee1aa5 100644
--- a/pageant.c
+++ b/pageant.c
@@ -120,6 +120,10 @@ struct PageantSignOp {
     PageantAsyncOp pao;
 };
 
+/* Master lock that indicates whether a GUI request is currently in
+ * progress */
+static bool gui_request_in_progress = false;
+
 static void failure(PageantClient *pc, PageantClientRequestId *reqid,
                     strbuf *sb, const char *fmt, ...);
 static void fail_requests_for_key(PageantKey *pk, const char *reason);
@@ -332,6 +336,8 @@ static void signop_free(PageantAsyncOp *pao)
 static bool request_passphrase(PageantClient *pc, PageantKey *pk)
 {
     if (!pk->decryption_prompt_active) {
+        assert(!gui_request_in_progress);
+
         strbuf *sb = strbuf_new();
         strbuf_catf(sb, "Enter passphrase to decrypt key '%s'", pk->comment);
         bool created_dlg = pageant_client_ask_passphrase(
@@ -341,6 +347,7 @@ static bool request_passphrase(PageantClient *pc, PageantKey *pk)
         if (!created_dlg)
             return false;
 
+        gui_request_in_progress = true;
         pk->decryption_prompt_active = true;
     }
 
@@ -354,6 +361,9 @@ static void signop_coroutine(PageantAsyncOp *pao)
 
     crBegin(so->crLine);
 
+    while (!so->pk->skey && gui_request_in_progress)
+        crReturnV;
+
     if (!so->pk->skey) {
         assert(so->pk->encrypted_key_file);
 
@@ -448,6 +458,9 @@ void pageant_passphrase_request_success(PageantClientDialogId *dlgid,
 {
     PageantKey *pk = container_of(dlgid, PageantKey, dlgid);
 
+    assert(gui_request_in_progress);
+    gui_request_in_progress = false;
+
     if (!pk->skey) {
         const char *error;
 
@@ -497,6 +510,10 @@ void pageant_passphrase_request_success(PageantClientDialogId *dlgid,
 void pageant_passphrase_request_refused(PageantClientDialogId *dlgid)
 {
     PageantKey *pk = container_of(dlgid, PageantKey, dlgid);
+
+    assert(gui_request_in_progress);
+    gui_request_in_progress = false;
+
     unblock_requests_for_key(pk);
 }
 
diff --git a/unix/uxpgnt.c b/unix/uxpgnt.c
index 642b6db4..c344f676 100644
--- a/unix/uxpgnt.c
+++ b/unix/uxpgnt.c
@@ -61,11 +61,7 @@ static bool uxpgnt_ask_passphrase(
     if (!upc->debug_prompt_possible)
         return false;
 
-    /*
-     * FIXME; we ought to check upc->dlgid here, and if it's already
-     * not NULL, queue this request up behind the previous one rather
-     * than trying to confusingly run both at oncec.
-     */
+    assert(!upc->dlgid); /* Pageant core should be serialising requests */
 
     fprintf(upc->logfp, "pageant passphrase request: %s\n", msg);
     upc->debug_prompt_active = true;