diff options
author | Damien Miller <djm@mindrot.org> | 2001-02-16 12:34:57 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2001-02-16 12:34:57 +1100 |
commit | 79438cc03040e22a053f2cb02e42483272b458df (patch) | |
tree | cbc85e2742e20db8ed40835b087523f78eb4e9a8 | |
parent | 217f567187a9b1d32019666151d702c87332c72b (diff) | |
download | openssh-git-79438cc03040e22a053f2cb02e42483272b458df.tar.gz |
- (djm) OpenBSD CVS:
- markus@cvs.openbsd.org 2001/02/15 16:19:59
[channels.c channels.h serverloop.c sshconnect.c sshconnect.h]
[sshconnect1.c sshconnect2.c]
genericize password padding function for SSH1 and SSH2.
add stylized echo to 2, too.
- (djm) Add roundup() macro to defines.h
-rw-r--r-- | ChangeLog | 9 | ||||
-rw-r--r-- | channels.c | 29 | ||||
-rw-r--r-- | channels.h | 3 | ||||
-rw-r--r-- | defines.h | 24 | ||||
-rw-r--r-- | serverloop.c | 4 | ||||
-rw-r--r-- | sshconnect.c | 17 | ||||
-rw-r--r-- | sshconnect.h | 4 | ||||
-rw-r--r-- | sshconnect1.c | 20 | ||||
-rw-r--r-- | sshconnect2.c | 6 |
9 files changed, 79 insertions, 37 deletions
@@ -13,6 +13,13 @@ - (djm) Ask users to check config.log when we can't find necessary libs - (djm) Set "login ID" on systems with setluid. Only enabled for SCO OpenServer for now. Based on patch from svaughan <svaughan@asterion.com> + - (djm) OpenBSD CVS: + - markus@cvs.openbsd.org 2001/02/15 16:19:59 + [channels.c channels.h serverloop.c sshconnect.c sshconnect.h] + [sshconnect1.c sshconnect2.c] + genericize password padding function for SSH1 and SSH2. + add stylized echo to 2, too. + - (djm) Add roundup() macro to defines.h 20010215 - (djm) Move PAM session setup back to before setuid to user. Fixes @@ -3986,4 +3993,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.778 2001/02/16 01:12:41 djm Exp $ +$Id: ChangeLog,v 1.779 2001/02/16 01:34:57 djm Exp $ @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.90 2001/02/08 21:58:28 markus Exp $"); +RCSID("$OpenBSD: channels.c,v 1.91 2001/02/15 23:19:59 markus Exp $"); #include <openssl/rsa.h> #include <openssl/dsa.h> @@ -193,6 +193,18 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd, c->efd = efd; c->extended_usage = extusage; + /* XXX ugly hack: nonblock is only set by the server */ + if (nonblock && isatty(c->rfd)) { + debug("channel: %d: rfd %d isatty", c->self, c->rfd); + c->isatty = 1; + if (!isatty(c->wfd)) { + error("channel: %d: wfd %d is not a tty?", + c->self, c->wfd); + } + } else { + c->isatty = 0; + } + /* enable nonblocking mode */ if (nonblock) { if (rfd != -1) @@ -776,6 +788,21 @@ channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset) } return -1; } + if (compat20 && c->isatty) { + struct termios tio; + if (tcgetattr(c->wfd, &tio) == 0 && + !(tio.c_lflag & ECHO) && (tio.c_lflag & ICANON)) { + /* + * Simulate echo to reduce the impact of + * traffic analysis. + */ + packet_start(SSH2_MSG_IGNORE); + memset(buffer_ptr(&c->output), 0, len); + packet_put_string(buffer_ptr(&c->output), len); + packet_send(); + debug("channel: %d simulate echo (%d)", c->self, len); + } + } buffer_consume(&c->output, len); if (compat20 && len > 0) { c->local_consumed += len; @@ -32,7 +32,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* RCSID("$OpenBSD: channels.h,v 1.26 2001/01/31 20:37:23 markus Exp $"); */ +/* RCSID("$OpenBSD: channels.h,v 1.27 2001/02/15 23:19:59 markus Exp $"); */ #ifndef CHANNELS_H #define CHANNELS_H @@ -75,6 +75,7 @@ struct Channel { int wfd; /* write fd */ int efd; /* extended fd */ int sock; /* sock fd */ + int isatty; /* rfd is a tty */ Buffer input; /* data read from socket, to be sent over * encrypted connection */ Buffer output; /* data received over encrypted connection for @@ -1,7 +1,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.54 2001/02/09 11:55:17 djm Exp $ */ +/* $Id: defines.h,v 1.55 2001/02/16 01:34:57 djm Exp $ */ /* Some platforms need this for the _r() functions */ #if !defined(_REENTRANT) && !defined(SNI) @@ -12,7 +12,7 @@ #include <sys/types.h> /* For [u]intxx_t */ #include <sys/socket.h> /* For SHUT_XXXX */ -#include <sys/param.h> /* For MAXPATHLEN */ +#include <sys/param.h> /* For MAXPATHLEN and roundup() */ #include <netinet/in_systm.h> /* For typedefs */ #include <netinet/in.h> /* For IPv6 macros */ #include <netinet/ip.h> /* For IPTOS macros */ @@ -318,15 +318,19 @@ struct winsize { # define MIN(a,b) (((a)<(b))?(a):(b)) #endif +#ifndef roundup +# define roundup(x, y) ((((x)+((y)-1))/(y))*(y)) +#endif + #ifndef timersub -#define timersub(a, b, result) \ - do { \ - (result)->tv_sec = (a)->tv_sec - (b)->tv_sec; \ - (result)->tv_usec = (a)->tv_usec - (b)->tv_usec; \ - if ((result)->tv_usec < 0) { \ - --(result)->tv_sec; \ - (result)->tv_usec += 1000000; \ - } \ +#define timersub(a, b, result) \ + do { \ + (result)->tv_sec = (a)->tv_sec - (b)->tv_sec; \ + (result)->tv_usec = (a)->tv_usec - (b)->tv_usec; \ + if ((result)->tv_usec < 0) { \ + --(result)->tv_sec; \ + (result)->tv_usec += 1000000; \ + } \ } while (0) #endif diff --git a/serverloop.c b/serverloop.c index d59de862..613f5181 100644 --- a/serverloop.c +++ b/serverloop.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: serverloop.c,v 1.48 2001/02/15 08:38:04 deraadt Exp $"); +RCSID("$OpenBSD: serverloop.c,v 1.49 2001/02/15 23:19:59 markus Exp $"); #include "xmalloc.h" #include "packet.h" @@ -339,7 +339,7 @@ process_output(fd_set * writeset) } else { /* Successful write. */ if (tcgetattr(fdin, &tio) == 0 && - !(tio.c_lflag & ECHO)) { + !(tio.c_lflag & ECHO) && (tio.c_lflag & ICANON)) { /* * Simulate echo to reduce the impact of * traffic analysis diff --git a/sshconnect.c b/sshconnect.c index 389d6598..623caed7 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.96 2001/02/08 22:35:30 markus Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.97 2001/02/15 23:19:59 markus Exp $"); #include <openssl/bn.h> @@ -770,3 +770,18 @@ ssh_login(int host_key_valid, RSA *own_host_key, const char *orighost, ssh_userauth(local_user, server_user, host, host_key_valid, own_host_key); } } + +void +ssh_put_password(char *password) +{ + int size; + char *padded; + + size = roundup(strlen(password) + 1, 32); + padded = xmalloc(size); + memset(padded, 0, size); + strlcpy(padded, password, size); + packet_put_string(padded, size); + memset(padded, 0, size); + xfree(padded); +} diff --git a/sshconnect.h b/sshconnect.h index 8337cb71..4edd72f2 100644 --- a/sshconnect.h +++ b/sshconnect.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.h,v 1.5 2001/01/29 01:58:18 niklas Exp $ */ +/* $OpenBSD: sshconnect.h,v 1.6 2001/02/15 23:19:59 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -66,4 +66,6 @@ ssh_userauth(const char * local_user, const char * server_user, char *host, void ssh_kex2(char *host, struct sockaddr *hostaddr); void ssh_userauth2(const char *server_user, char *host); +void ssh_put_password(char *password); + #endif diff --git a/sshconnect1.c b/sshconnect1.c index c82375a3..c5ff7213 100644 --- a/sshconnect1.c +++ b/sshconnect1.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect1.c,v 1.26 2001/02/12 12:45:06 markus Exp $"); +RCSID("$OpenBSD: sshconnect1.c,v 1.27 2001/02/15 23:19:59 markus Exp $"); #include <openssl/bn.h> #include <openssl/evp.h> @@ -51,20 +51,6 @@ u_int supported_authentications = 0; extern Options options; extern char *__progname; -void -ssh1_put_password(char *password) -{ - int size; - char *padded; - - size = roundup(strlen(password) + 1, 32); - padded = xmalloc(size); - strlcpy(padded, password, size); - packet_put_string(padded, size); - memset(padded, 0, size); - xfree(padded); -} - /* * Checks if the user has an authentication agent, and if so, tries to * authenticate using the agent. @@ -672,7 +658,7 @@ try_challenge_reponse_authentication(void) break; } packet_start(SSH_CMSG_AUTH_TIS_RESPONSE); - ssh1_put_password(response); + ssh_put_password(response); memset(response, 0, strlen(response)); xfree(response); packet_send(); @@ -705,7 +691,7 @@ try_password_authentication(char *prompt) error("Permission denied, please try again."); password = read_passphrase(prompt, 0); packet_start(SSH_CMSG_AUTH_PASSWORD); - ssh1_put_password(password); + ssh_put_password(password); memset(password, 0, strlen(password)); xfree(password); packet_send(); diff --git a/sshconnect2.c b/sshconnect2.c index 9681ca2d..12335e80 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.47 2001/02/11 12:59:25 markus Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.48 2001/02/15 23:19:59 markus Exp $"); #include <openssl/bn.h> #include <openssl/md5.h> @@ -658,7 +658,7 @@ userauth_passwd(Authctxt *authctxt) packet_put_cstring(authctxt->service); packet_put_cstring(authctxt->method->name); packet_put_char(0); - packet_put_cstring(password); + ssh_put_password(password); memset(password, 0, strlen(password)); xfree(password); packet_send(); @@ -928,7 +928,7 @@ input_userauth_info_req(int type, int plen, void *ctxt) response = cli_prompt(prompt, echo); - packet_put_cstring(response); + ssh_put_password(response); memset(response, 0, strlen(response)); xfree(response); xfree(prompt); |