- (djm) OpenBSD CVS:

   - markus@cvs.openbsd.org  2001/02/15 16:19:59
     [channels.c channels.h serverloop.c sshconnect.c sshconnect.h]
     [sshconnect1.c sshconnect2.c]
     genericize password padding function for SSH1 and SSH2.
     add stylized echo to 2, too.
 - (djm) Add roundup() macro to defines.h

diff --git a/ChangeLog b/ChangeLog
index 540943b0662e3cca383b671e1b29bfda116081dc..f1f57ab4a2c876c32010a662c28d1cffae48781b 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -13,6 +13,13 @@
  - (djm) Ask users to check config.log when we can't find necessary libs
  - (djm) Set "login ID" on systems with setluid. Only enabled for SCO
    OpenServer for now. Based on patch from svaughan <svaughan@asterion.com>
+ - (djm) OpenBSD CVS:
+   - markus@cvs.openbsd.org  2001/02/15 16:19:59
+     [channels.c channels.h serverloop.c sshconnect.c sshconnect.h]
+     [sshconnect1.c sshconnect2.c]
+     genericize password padding function for SSH1 and SSH2.
+     add stylized echo to 2, too.
+ - (djm) Add roundup() macro to defines.h
 
 20010215
  - (djm) Move PAM session setup back to before setuid to user. Fixes 

diff --git a/channels.c b/channels.c
index a079fc24daf5b899e36edaa1560b0f6e1cbbeb18..b7286940b473fa71120f46bac71e798021418234 100644 (file)
--- a/channels.c
+++ b/channels.c
@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: channels.c,v 1.90 2001/02/08 21:58:28 markus Exp $");
+RCSID("$OpenBSD: channels.c,v 1.91 2001/02/15 23:19:59 markus Exp $");
 
 #include <openssl/rsa.h>
 #include <openssl/dsa.h>
@@ -193,6 +193,18 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd,
        c->efd = efd;
        c->extended_usage = extusage;
 
+       /* XXX ugly hack: nonblock is only set by the server */
+       if (nonblock && isatty(c->rfd)) {
+               debug("channel: %d: rfd %d isatty", c->self, c->rfd);
+               c->isatty = 1;
+               if (!isatty(c->wfd)) {
+                       error("channel: %d: wfd %d is not a tty?",
+                           c->self, c->wfd);
+               }
+       } else {
+               c->isatty = 0;
+       }
+
        /* enable nonblocking mode */
        if (nonblock) {
                if (rfd != -1)
@@ -776,6 +788,21 @@ channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset)
                        }
                        return -1;
                }
+               if (compat20 && c->isatty) {
+                       struct termios tio;
+                       if (tcgetattr(c->wfd, &tio) == 0 &&
+                           !(tio.c_lflag & ECHO) && (tio.c_lflag & ICANON)) {
+                               /*
+                                * Simulate echo to reduce the impact of
+                                * traffic analysis.
+                                */
+                               packet_start(SSH2_MSG_IGNORE);
+                               memset(buffer_ptr(&c->output), 0, len);
+                               packet_put_string(buffer_ptr(&c->output), len);
+                               packet_send();
+                               debug("channel: %d simulate echo (%d)", c->self, len);
+                       }
+               }
                buffer_consume(&c->output, len);
                if (compat20 && len > 0) {
                        c->local_consumed += len;

diff --git a/channels.h b/channels.h
index abd71904245d3b03252ff7ba8b4e39fe4f744678..f57029a14e545c83f09785600d16c92e4e2dde80 100644 (file)
--- a/channels.h
+++ b/channels.h
@@ -32,7 +32,7 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
-/* RCSID("$OpenBSD: channels.h,v 1.26 2001/01/31 20:37:23 markus Exp $"); */
+/* RCSID("$OpenBSD: channels.h,v 1.27 2001/02/15 23:19:59 markus Exp $"); */
 
 #ifndef CHANNELS_H
 #define CHANNELS_H
@@ -75,6 +75,7 @@ struct Channel {
        int     wfd;            /* write fd */
        int     efd;            /* extended fd */
        int     sock;           /* sock fd */
+       int     isatty;         /* rfd is a tty */
        Buffer  input;          /* data read from socket, to be sent over
                                 * encrypted connection */
        Buffer  output;         /* data received over encrypted connection for

diff --git a/defines.h b/defines.h
index e446d0a22c74a4e624c0ff6ab9df0950c73234d5..4e3682838ec97903d2babd181068e7b4ec69315f 100644 (file)
--- a/defines.h
+++ b/defines.h
@@ -12,7 +12,7 @@
 
 #include <sys/types.h> /* For [u]intxx_t */
 #include <sys/socket.h> /* For SHUT_XXXX */
-#include <sys/param.h> /* For MAXPATHLEN */
+#include <sys/param.h> /* For MAXPATHLEN and roundup() */
 #include <netinet/in_systm.h> /* For typedefs */
 #include <netinet/in.h> /* For IPv6 macros */
 #include <netinet/ip.h> /* For IPTOS macros */
@@ -318,15 +318,19 @@ struct winsize {
 # define MIN(a,b) (((a)<(b))?(a):(b))
 #endif
 
+#ifndef roundup
+# define roundup(x, y)   ((((x)+((y)-1))/(y))*(y))
+#endif
+
 #ifndef timersub
-#define timersub(a, b, result)                                                                           \
-   do {                                                                                                                                                  \
-      (result)->tv_sec = (a)->tv_sec - (b)->tv_sec;           \
-      (result)->tv_usec = (a)->tv_usec - (b)->tv_usec;        \
-      if ((result)->tv_usec < 0) {                            \
-        --(result)->tv_sec;                                  \
-        (result)->tv_usec += 1000000;                        \
-      }                                                       \
+#define timersub(a, b, result)                                 \
+   do {                                                                \
+      (result)->tv_sec = (a)->tv_sec - (b)->tv_sec;            \
+      (result)->tv_usec = (a)->tv_usec - (b)->tv_usec;         \
+      if ((result)->tv_usec < 0) {                             \
+        --(result)->tv_sec;                                    \
+        (result)->tv_usec += 1000000;                          \
+      }                                                                \
    } while (0)
 #endif
 

diff --git a/serverloop.c b/serverloop.c
index d59de8622261d44f86745c30cf2e14076004b0f2..613f5181da159d26e81eb08c5cd935391c27f2c1 100644 (file)
--- a/serverloop.c
+++ b/serverloop.c
@@ -35,7 +35,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: serverloop.c,v 1.48 2001/02/15 08:38:04 deraadt Exp $");
+RCSID("$OpenBSD: serverloop.c,v 1.49 2001/02/15 23:19:59 markus Exp $");
 
 #include "xmalloc.h"
 #include "packet.h"
@@ -339,7 +339,7 @@ process_output(fd_set * writeset)
                } else {
                        /* Successful write. */
                        if (tcgetattr(fdin, &tio) == 0 &&
-                           !(tio.c_lflag & ECHO)) {
+                           !(tio.c_lflag & ECHO) && (tio.c_lflag & ICANON)) {
                                /*
                                 * Simulate echo to reduce the impact of
                                 * traffic analysis

diff --git a/sshconnect.c b/sshconnect.c
index 389d65985a00160004905f1c7328acd226558d54..623caed73c7b8d4c6f62331e350866ff864b3135 100644 (file)
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -13,7 +13,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.96 2001/02/08 22:35:30 markus Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.97 2001/02/15 23:19:59 markus Exp $");
 
 #include <openssl/bn.h>
 
@@ -770,3 +770,18 @@ ssh_login(int host_key_valid, RSA *own_host_key, const char *orighost,
                ssh_userauth(local_user, server_user, host, host_key_valid, own_host_key);
        }
 }
+
+void
+ssh_put_password(char *password)
+{
+       int size;
+       char *padded;
+
+       size = roundup(strlen(password) + 1, 32);
+       padded = xmalloc(size);
+       memset(padded, 0, size);
+       strlcpy(padded, password, size);
+       packet_put_string(padded, size);
+       memset(padded, 0, size);
+       xfree(padded);
+}

diff --git a/sshconnect.h b/sshconnect.h
index 8337cb71d2b5603d46fbfd39a8785264347bde24..4edd72f2ef71644a168c1b3b64e3b3b109180030 100644 (file)
--- a/sshconnect.h
+++ b/sshconnect.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: sshconnect.h,v 1.5 2001/01/29 01:58:18 niklas Exp $   */
+/*     $OpenBSD: sshconnect.h,v 1.6 2001/02/15 23:19:59 markus Exp $   */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -66,4 +66,6 @@ ssh_userauth(const char * local_user, const char * server_user, char *host,
 void   ssh_kex2(char *host, struct sockaddr *hostaddr);
 void   ssh_userauth2(const char *server_user, char *host);
 
+void   ssh_put_password(char *password);
+
 #endif

diff --git a/sshconnect1.c b/sshconnect1.c
index c82375a3dfb990bafcdf93c3ac342bebe8b2e6aa..c5ff7213a01e7dfeda64f41c6061808f7d7ca5c5 100644 (file)
--- a/sshconnect1.c
+++ b/sshconnect1.c
@@ -13,7 +13,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect1.c,v 1.26 2001/02/12 12:45:06 markus Exp $");
+RCSID("$OpenBSD: sshconnect1.c,v 1.27 2001/02/15 23:19:59 markus Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/evp.h>
@@ -51,20 +51,6 @@ u_int supported_authentications = 0;
 extern Options options;
 extern char *__progname;
 
-void
-ssh1_put_password(char *password)
-{
-       int size;
-       char *padded;
-
-       size = roundup(strlen(password) + 1, 32);
-       padded = xmalloc(size);
-       strlcpy(padded, password, size);
-       packet_put_string(padded, size);
-       memset(padded, 0, size);
-       xfree(padded);
-}
-
 /*
  * Checks if the user has an authentication agent, and if so, tries to
  * authenticate using the agent.
@@ -672,7 +658,7 @@ try_challenge_reponse_authentication(void)
                        break;
                }
                packet_start(SSH_CMSG_AUTH_TIS_RESPONSE);
-               ssh1_put_password(response);
+               ssh_put_password(response);
                memset(response, 0, strlen(response));
                xfree(response);
                packet_send();
@@ -705,7 +691,7 @@ try_password_authentication(char *prompt)
                        error("Permission denied, please try again.");
                password = read_passphrase(prompt, 0);
                packet_start(SSH_CMSG_AUTH_PASSWORD);
-               ssh1_put_password(password);
+               ssh_put_password(password);
                memset(password, 0, strlen(password));
                xfree(password);
                packet_send();

diff --git a/sshconnect2.c b/sshconnect2.c
index 9681ca2d4d83dd05be54a240c61693d2922fc25f..12335e80eefbbff20de665a4765f9006f9f54327 100644 (file)
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.47 2001/02/11 12:59:25 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.48 2001/02/15 23:19:59 markus Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/md5.h>
@@ -658,7 +658,7 @@ userauth_passwd(Authctxt *authctxt)
        packet_put_cstring(authctxt->service);
        packet_put_cstring(authctxt->method->name);
        packet_put_char(0);
-       packet_put_cstring(password);
+       ssh_put_password(password);
        memset(password, 0, strlen(password));
        xfree(password);
        packet_send();
@@ -928,7 +928,7 @@ input_userauth_info_req(int type, int plen, void *ctxt)
 
                response = cli_prompt(prompt, echo);
 
-               packet_put_cstring(response);
+               ssh_put_password(response);
                memset(response, 0, strlen(response));
                xfree(response);
                xfree(prompt);