summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2001-02-16 12:34:57 +1100
committerDamien Miller <djm@mindrot.org>2001-02-16 12:34:57 +1100
commit79438cc03040e22a053f2cb02e42483272b458df (patch)
treecbc85e2742e20db8ed40835b087523f78eb4e9a8
parent217f567187a9b1d32019666151d702c87332c72b (diff)
- (djm) OpenBSD CVS:
- markus@cvs.openbsd.org 2001/02/15 16:19:59 [channels.c channels.h serverloop.c sshconnect.c sshconnect.h] [sshconnect1.c sshconnect2.c] genericize password padding function for SSH1 and SSH2. add stylized echo to 2, too. - (djm) Add roundup() macro to defines.h
-rw-r--r--ChangeLog9
-rw-r--r--channels.c29
-rw-r--r--channels.h3
-rw-r--r--defines.h24
-rw-r--r--serverloop.c4
-rw-r--r--sshconnect.c17
-rw-r--r--sshconnect.h4
-rw-r--r--sshconnect1.c20
-rw-r--r--sshconnect2.c6
9 files changed, 79 insertions, 37 deletions
diff --git a/ChangeLog b/ChangeLog
index 83677c0e..57d38407 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -13,6 +13,13 @@
- (djm) Ask users to check config.log when we can't find necessary libs
- (djm) Set "login ID" on systems with setluid. Only enabled for SCO
OpenServer for now. Based on patch from svaughan <svaughan@asterion.com>
+ - (djm) OpenBSD CVS:
+ - markus@cvs.openbsd.org 2001/02/15 16:19:59
+ [channels.c channels.h serverloop.c sshconnect.c sshconnect.h]
+ [sshconnect1.c sshconnect2.c]
+ genericize password padding function for SSH1 and SSH2.
+ add stylized echo to 2, too.
+ - (djm) Add roundup() macro to defines.h
20010215
- (djm) Move PAM session setup back to before setuid to user. Fixes
@@ -3986,4 +3993,4 @@
- Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1
-$Id: ChangeLog,v 1.778 2001/02/16 01:12:41 djm Exp $
+$Id: ChangeLog,v 1.779 2001/02/16 01:34:57 djm Exp $
diff --git a/channels.c b/channels.c
index a079fc24..b7286940 100644
--- a/channels.c
+++ b/channels.c
@@ -40,7 +40,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: channels.c,v 1.90 2001/02/08 21:58:28 markus Exp $");
+RCSID("$OpenBSD: channels.c,v 1.91 2001/02/15 23:19:59 markus Exp $");
#include <openssl/rsa.h>
#include <openssl/dsa.h>
@@ -193,6 +193,18 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd,
c->efd = efd;
c->extended_usage = extusage;
+ /* XXX ugly hack: nonblock is only set by the server */
+ if (nonblock && isatty(c->rfd)) {
+ debug("channel: %d: rfd %d isatty", c->self, c->rfd);
+ c->isatty = 1;
+ if (!isatty(c->wfd)) {
+ error("channel: %d: wfd %d is not a tty?",
+ c->self, c->wfd);
+ }
+ } else {
+ c->isatty = 0;
+ }
+
/* enable nonblocking mode */
if (nonblock) {
if (rfd != -1)
@@ -776,6 +788,21 @@ channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset)
}
return -1;
}
+ if (compat20 && c->isatty) {
+ struct termios tio;
+ if (tcgetattr(c->wfd, &tio) == 0 &&
+ !(tio.c_lflag & ECHO) && (tio.c_lflag & ICANON)) {
+ /*
+ * Simulate echo to reduce the impact of
+ * traffic analysis.
+ */
+ packet_start(SSH2_MSG_IGNORE);
+ memset(buffer_ptr(&c->output), 0, len);
+ packet_put_string(buffer_ptr(&c->output), len);
+ packet_send();
+ debug("channel: %d simulate echo (%d)", c->self, len);
+ }
+ }
buffer_consume(&c->output, len);
if (compat20 && len > 0) {
c->local_consumed += len;
diff --git a/channels.h b/channels.h
index abd71904..f57029a1 100644
--- a/channels.h
+++ b/channels.h
@@ -32,7 +32,7 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-/* RCSID("$OpenBSD: channels.h,v 1.26 2001/01/31 20:37:23 markus Exp $"); */
+/* RCSID("$OpenBSD: channels.h,v 1.27 2001/02/15 23:19:59 markus Exp $"); */
#ifndef CHANNELS_H
#define CHANNELS_H
@@ -75,6 +75,7 @@ struct Channel {
int wfd; /* write fd */
int efd; /* extended fd */
int sock; /* sock fd */
+ int isatty; /* rfd is a tty */
Buffer input; /* data read from socket, to be sent over
* encrypted connection */
Buffer output; /* data received over encrypted connection for
diff --git a/defines.h b/defines.h
index 9f1ab3d7..635bfad2 100644
--- a/defines.h
+++ b/defines.h
@@ -1,7 +1,7 @@
#ifndef _DEFINES_H
#define _DEFINES_H
-/* $Id: defines.h,v 1.54 2001/02/09 11:55:17 djm Exp $ */
+/* $Id: defines.h,v 1.55 2001/02/16 01:34:57 djm Exp $ */
/* Some platforms need this for the _r() functions */
#if !defined(_REENTRANT) && !defined(SNI)
@@ -12,7 +12,7 @@
#include <sys/types.h> /* For [u]intxx_t */
#include <sys/socket.h> /* For SHUT_XXXX */
-#include <sys/param.h> /* For MAXPATHLEN */
+#include <sys/param.h> /* For MAXPATHLEN and roundup() */
#include <netinet/in_systm.h> /* For typedefs */
#include <netinet/in.h> /* For IPv6 macros */
#include <netinet/ip.h> /* For IPTOS macros */
@@ -318,15 +318,19 @@ struct winsize {
# define MIN(a,b) (((a)<(b))?(a):(b))
#endif
+#ifndef roundup
+# define roundup(x, y) ((((x)+((y)-1))/(y))*(y))
+#endif
+
#ifndef timersub
-#define timersub(a, b, result) \
- do { \
- (result)->tv_sec = (a)->tv_sec - (b)->tv_sec; \
- (result)->tv_usec = (a)->tv_usec - (b)->tv_usec; \
- if ((result)->tv_usec < 0) { \
- --(result)->tv_sec; \
- (result)->tv_usec += 1000000; \
- } \
+#define timersub(a, b, result) \
+ do { \
+ (result)->tv_sec = (a)->tv_sec - (b)->tv_sec; \
+ (result)->tv_usec = (a)->tv_usec - (b)->tv_usec; \
+ if ((result)->tv_usec < 0) { \
+ --(result)->tv_sec; \
+ (result)->tv_usec += 1000000; \
+ } \
} while (0)
#endif
diff --git a/serverloop.c b/serverloop.c
index d59de862..613f5181 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -35,7 +35,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: serverloop.c,v 1.48 2001/02/15 08:38:04 deraadt Exp $");
+RCSID("$OpenBSD: serverloop.c,v 1.49 2001/02/15 23:19:59 markus Exp $");
#include "xmalloc.h"
#include "packet.h"
@@ -339,7 +339,7 @@ process_output(fd_set * writeset)
} else {
/* Successful write. */
if (tcgetattr(fdin, &tio) == 0 &&
- !(tio.c_lflag & ECHO)) {
+ !(tio.c_lflag & ECHO) && (tio.c_lflag & ICANON)) {
/*
* Simulate echo to reduce the impact of
* traffic analysis
diff --git a/sshconnect.c b/sshconnect.c
index 389d6598..623caed7 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -13,7 +13,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.96 2001/02/08 22:35:30 markus Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.97 2001/02/15 23:19:59 markus Exp $");
#include <openssl/bn.h>
@@ -770,3 +770,18 @@ ssh_login(int host_key_valid, RSA *own_host_key, const char *orighost,
ssh_userauth(local_user, server_user, host, host_key_valid, own_host_key);
}
}
+
+void
+ssh_put_password(char *password)
+{
+ int size;
+ char *padded;
+
+ size = roundup(strlen(password) + 1, 32);
+ padded = xmalloc(size);
+ memset(padded, 0, size);
+ strlcpy(padded, password, size);
+ packet_put_string(padded, size);
+ memset(padded, 0, size);
+ xfree(padded);
+}
diff --git a/sshconnect.h b/sshconnect.h
index 8337cb71..4edd72f2 100644
--- a/sshconnect.h
+++ b/sshconnect.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.h,v 1.5 2001/01/29 01:58:18 niklas Exp $ */
+/* $OpenBSD: sshconnect.h,v 1.6 2001/02/15 23:19:59 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -66,4 +66,6 @@ ssh_userauth(const char * local_user, const char * server_user, char *host,
void ssh_kex2(char *host, struct sockaddr *hostaddr);
void ssh_userauth2(const char *server_user, char *host);
+void ssh_put_password(char *password);
+
#endif
diff --git a/sshconnect1.c b/sshconnect1.c
index c82375a3..c5ff7213 100644
--- a/sshconnect1.c
+++ b/sshconnect1.c
@@ -13,7 +13,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect1.c,v 1.26 2001/02/12 12:45:06 markus Exp $");
+RCSID("$OpenBSD: sshconnect1.c,v 1.27 2001/02/15 23:19:59 markus Exp $");
#include <openssl/bn.h>
#include <openssl/evp.h>
@@ -51,20 +51,6 @@ u_int supported_authentications = 0;
extern Options options;
extern char *__progname;
-void
-ssh1_put_password(char *password)
-{
- int size;
- char *padded;
-
- size = roundup(strlen(password) + 1, 32);
- padded = xmalloc(size);
- strlcpy(padded, password, size);
- packet_put_string(padded, size);
- memset(padded, 0, size);
- xfree(padded);
-}
-
/*
* Checks if the user has an authentication agent, and if so, tries to
* authenticate using the agent.
@@ -672,7 +658,7 @@ try_challenge_reponse_authentication(void)
break;
}
packet_start(SSH_CMSG_AUTH_TIS_RESPONSE);
- ssh1_put_password(response);
+ ssh_put_password(response);
memset(response, 0, strlen(response));
xfree(response);
packet_send();
@@ -705,7 +691,7 @@ try_password_authentication(char *prompt)
error("Permission denied, please try again.");
password = read_passphrase(prompt, 0);
packet_start(SSH_CMSG_AUTH_PASSWORD);
- ssh1_put_password(password);
+ ssh_put_password(password);
memset(password, 0, strlen(password));
xfree(password);
packet_send();
diff --git a/sshconnect2.c b/sshconnect2.c
index 9681ca2d..12335e80 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.47 2001/02/11 12:59:25 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.48 2001/02/15 23:19:59 markus Exp $");
#include <openssl/bn.h>
#include <openssl/md5.h>
@@ -658,7 +658,7 @@ userauth_passwd(Authctxt *authctxt)
packet_put_cstring(authctxt->service);
packet_put_cstring(authctxt->method->name);
packet_put_char(0);
- packet_put_cstring(password);
+ ssh_put_password(password);
memset(password, 0, strlen(password));
xfree(password);
packet_send();
@@ -928,7 +928,7 @@ input_userauth_info_req(int type, int plen, void *ctxt)
response = cli_prompt(prompt, echo);
- packet_put_cstring(response);
+ ssh_put_password(response);
memset(response, 0, strlen(response));
xfree(response);
xfree(prompt);