- (djm) Ask users to check config.log when we can't find necessary libs
- (djm) Set "login ID" on systems with setluid. Only enabled for SCO
OpenServer for now. Based on patch from svaughan <svaughan@asterion.com>
+ - (djm) OpenBSD CVS:
+ - markus@cvs.openbsd.org 2001/02/15 16:19:59
+ [channels.c channels.h serverloop.c sshconnect.c sshconnect.h]
+ [sshconnect1.c sshconnect2.c]
+ genericize password padding function for SSH1 and SSH2.
+ add stylized echo to 2, too.
+ - (djm) Add roundup() macro to defines.h
20010215
- (djm) Move PAM session setup back to before setuid to user. Fixes
*/
#include "includes.h"
-RCSID("$OpenBSD: channels.c,v 1.90 2001/02/08 21:58:28 markus Exp $");
+RCSID("$OpenBSD: channels.c,v 1.91 2001/02/15 23:19:59 markus Exp $");
#include <openssl/rsa.h>
#include <openssl/dsa.h>
c->efd = efd;
c->extended_usage = extusage;
+ /* XXX ugly hack: nonblock is only set by the server */
+ if (nonblock && isatty(c->rfd)) {
+ debug("channel: %d: rfd %d isatty", c->self, c->rfd);
+ c->isatty = 1;
+ if (!isatty(c->wfd)) {
+ error("channel: %d: wfd %d is not a tty?",
+ c->self, c->wfd);
+ }
+ } else {
+ c->isatty = 0;
+ }
+
/* enable nonblocking mode */
if (nonblock) {
if (rfd != -1)
}
return -1;
}
+ if (compat20 && c->isatty) {
+ struct termios tio;
+ if (tcgetattr(c->wfd, &tio) == 0 &&
+ !(tio.c_lflag & ECHO) && (tio.c_lflag & ICANON)) {
+ /*
+ * Simulate echo to reduce the impact of
+ * traffic analysis.
+ */
+ packet_start(SSH2_MSG_IGNORE);
+ memset(buffer_ptr(&c->output), 0, len);
+ packet_put_string(buffer_ptr(&c->output), len);
+ packet_send();
+ debug("channel: %d simulate echo (%d)", c->self, len);
+ }
+ }
buffer_consume(&c->output, len);
if (compat20 && len > 0) {
c->local_consumed += len;
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-/* RCSID("$OpenBSD: channels.h,v 1.26 2001/01/31 20:37:23 markus Exp $"); */
+/* RCSID("$OpenBSD: channels.h,v 1.27 2001/02/15 23:19:59 markus Exp $"); */
#ifndef CHANNELS_H
#define CHANNELS_H
int wfd; /* write fd */
int efd; /* extended fd */
int sock; /* sock fd */
+ int isatty; /* rfd is a tty */
Buffer input; /* data read from socket, to be sent over
* encrypted connection */
Buffer output; /* data received over encrypted connection for
#include <sys/types.h> /* For [u]intxx_t */
#include <sys/socket.h> /* For SHUT_XXXX */
-#include <sys/param.h> /* For MAXPATHLEN */
+#include <sys/param.h> /* For MAXPATHLEN and roundup() */
#include <netinet/in_systm.h> /* For typedefs */
#include <netinet/in.h> /* For IPv6 macros */
#include <netinet/ip.h> /* For IPTOS macros */
# define MIN(a,b) (((a)<(b))?(a):(b))
#endif
+#ifndef roundup
+# define roundup(x, y) ((((x)+((y)-1))/(y))*(y))
+#endif
+
#ifndef timersub
-#define timersub(a, b, result) \
- do { \
- (result)->tv_sec = (a)->tv_sec - (b)->tv_sec; \
- (result)->tv_usec = (a)->tv_usec - (b)->tv_usec; \
- if ((result)->tv_usec < 0) { \
- --(result)->tv_sec; \
- (result)->tv_usec += 1000000; \
- } \
+#define timersub(a, b, result) \
+ do { \
+ (result)->tv_sec = (a)->tv_sec - (b)->tv_sec; \
+ (result)->tv_usec = (a)->tv_usec - (b)->tv_usec; \
+ if ((result)->tv_usec < 0) { \
+ --(result)->tv_sec; \
+ (result)->tv_usec += 1000000; \
+ } \
} while (0)
#endif
*/
#include "includes.h"
-RCSID("$OpenBSD: serverloop.c,v 1.48 2001/02/15 08:38:04 deraadt Exp $");
+RCSID("$OpenBSD: serverloop.c,v 1.49 2001/02/15 23:19:59 markus Exp $");
#include "xmalloc.h"
#include "packet.h"
} else {
/* Successful write. */
if (tcgetattr(fdin, &tio) == 0 &&
- !(tio.c_lflag & ECHO)) {
+ !(tio.c_lflag & ECHO) && (tio.c_lflag & ICANON)) {
/*
* Simulate echo to reduce the impact of
* traffic analysis
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.96 2001/02/08 22:35:30 markus Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.97 2001/02/15 23:19:59 markus Exp $");
#include <openssl/bn.h>
ssh_userauth(local_user, server_user, host, host_key_valid, own_host_key);
}
}
+
+void
+ssh_put_password(char *password)
+{
+ int size;
+ char *padded;
+
+ size = roundup(strlen(password) + 1, 32);
+ padded = xmalloc(size);
+ memset(padded, 0, size);
+ strlcpy(padded, password, size);
+ packet_put_string(padded, size);
+ memset(padded, 0, size);
+ xfree(padded);
+}
-/* $OpenBSD: sshconnect.h,v 1.5 2001/01/29 01:58:18 niklas Exp $ */
+/* $OpenBSD: sshconnect.h,v 1.6 2001/02/15 23:19:59 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
void ssh_kex2(char *host, struct sockaddr *hostaddr);
void ssh_userauth2(const char *server_user, char *host);
+void ssh_put_password(char *password);
+
#endif
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect1.c,v 1.26 2001/02/12 12:45:06 markus Exp $");
+RCSID("$OpenBSD: sshconnect1.c,v 1.27 2001/02/15 23:19:59 markus Exp $");
#include <openssl/bn.h>
#include <openssl/evp.h>
extern Options options;
extern char *__progname;
-void
-ssh1_put_password(char *password)
-{
- int size;
- char *padded;
-
- size = roundup(strlen(password) + 1, 32);
- padded = xmalloc(size);
- strlcpy(padded, password, size);
- packet_put_string(padded, size);
- memset(padded, 0, size);
- xfree(padded);
-}
-
/*
* Checks if the user has an authentication agent, and if so, tries to
* authenticate using the agent.
break;
}
packet_start(SSH_CMSG_AUTH_TIS_RESPONSE);
- ssh1_put_password(response);
+ ssh_put_password(response);
memset(response, 0, strlen(response));
xfree(response);
packet_send();
error("Permission denied, please try again.");
password = read_passphrase(prompt, 0);
packet_start(SSH_CMSG_AUTH_PASSWORD);
- ssh1_put_password(password);
+ ssh_put_password(password);
memset(password, 0, strlen(password));
xfree(password);
packet_send();
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.47 2001/02/11 12:59:25 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.48 2001/02/15 23:19:59 markus Exp $");
#include <openssl/bn.h>
#include <openssl/md5.h>
packet_put_cstring(authctxt->service);
packet_put_cstring(authctxt->method->name);
packet_put_char(0);
- packet_put_cstring(password);
+ ssh_put_password(password);
memset(password, 0, strlen(password));
xfree(password);
packet_send();
response = cli_prompt(prompt, echo);
- packet_put_cstring(response);
+ ssh_put_password(response);
memset(response, 0, strlen(response));
xfree(response);
xfree(prompt);