- (djm) OpenBSD CVS:
- markus@cvs.openbsd.org 2001/02/15 16:19:59 [channels.c channels.h serverloop.c sshconnect.c sshconnect.h] [sshconnect1.c sshconnect2.c] genericize password padding function for SSH1 and SSH2. add stylized echo to 2, too. - (djm) Add roundup() macro to defines.h
This commit is contained in:
parent
217f567187
commit
79438cc030
|
@ -13,6 +13,13 @@
|
|||
- (djm) Ask users to check config.log when we can't find necessary libs
|
||||
- (djm) Set "login ID" on systems with setluid. Only enabled for SCO
|
||||
OpenServer for now. Based on patch from svaughan <svaughan@asterion.com>
|
||||
- (djm) OpenBSD CVS:
|
||||
- markus@cvs.openbsd.org 2001/02/15 16:19:59
|
||||
[channels.c channels.h serverloop.c sshconnect.c sshconnect.h]
|
||||
[sshconnect1.c sshconnect2.c]
|
||||
genericize password padding function for SSH1 and SSH2.
|
||||
add stylized echo to 2, too.
|
||||
- (djm) Add roundup() macro to defines.h
|
||||
|
||||
20010215
|
||||
- (djm) Move PAM session setup back to before setuid to user. Fixes
|
||||
|
@ -3986,4 +3993,4 @@
|
|||
- Wrote replacements for strlcpy and mkdtemp
|
||||
- Released 1.0pre1
|
||||
|
||||
$Id: ChangeLog,v 1.778 2001/02/16 01:12:41 djm Exp $
|
||||
$Id: ChangeLog,v 1.779 2001/02/16 01:34:57 djm Exp $
|
||||
|
|
29
channels.c
29
channels.c
|
@ -40,7 +40,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: channels.c,v 1.90 2001/02/08 21:58:28 markus Exp $");
|
||||
RCSID("$OpenBSD: channels.c,v 1.91 2001/02/15 23:19:59 markus Exp $");
|
||||
|
||||
#include <openssl/rsa.h>
|
||||
#include <openssl/dsa.h>
|
||||
|
@ -193,6 +193,18 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd,
|
|||
c->efd = efd;
|
||||
c->extended_usage = extusage;
|
||||
|
||||
/* XXX ugly hack: nonblock is only set by the server */
|
||||
if (nonblock && isatty(c->rfd)) {
|
||||
debug("channel: %d: rfd %d isatty", c->self, c->rfd);
|
||||
c->isatty = 1;
|
||||
if (!isatty(c->wfd)) {
|
||||
error("channel: %d: wfd %d is not a tty?",
|
||||
c->self, c->wfd);
|
||||
}
|
||||
} else {
|
||||
c->isatty = 0;
|
||||
}
|
||||
|
||||
/* enable nonblocking mode */
|
||||
if (nonblock) {
|
||||
if (rfd != -1)
|
||||
|
@ -776,6 +788,21 @@ channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset)
|
|||
}
|
||||
return -1;
|
||||
}
|
||||
if (compat20 && c->isatty) {
|
||||
struct termios tio;
|
||||
if (tcgetattr(c->wfd, &tio) == 0 &&
|
||||
!(tio.c_lflag & ECHO) && (tio.c_lflag & ICANON)) {
|
||||
/*
|
||||
* Simulate echo to reduce the impact of
|
||||
* traffic analysis.
|
||||
*/
|
||||
packet_start(SSH2_MSG_IGNORE);
|
||||
memset(buffer_ptr(&c->output), 0, len);
|
||||
packet_put_string(buffer_ptr(&c->output), len);
|
||||
packet_send();
|
||||
debug("channel: %d simulate echo (%d)", c->self, len);
|
||||
}
|
||||
}
|
||||
buffer_consume(&c->output, len);
|
||||
if (compat20 && len > 0) {
|
||||
c->local_consumed += len;
|
||||
|
|
|
@ -32,7 +32,7 @@
|
|||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
/* RCSID("$OpenBSD: channels.h,v 1.26 2001/01/31 20:37:23 markus Exp $"); */
|
||||
/* RCSID("$OpenBSD: channels.h,v 1.27 2001/02/15 23:19:59 markus Exp $"); */
|
||||
|
||||
#ifndef CHANNELS_H
|
||||
#define CHANNELS_H
|
||||
|
@ -75,6 +75,7 @@ struct Channel {
|
|||
int wfd; /* write fd */
|
||||
int efd; /* extended fd */
|
||||
int sock; /* sock fd */
|
||||
int isatty; /* rfd is a tty */
|
||||
Buffer input; /* data read from socket, to be sent over
|
||||
* encrypted connection */
|
||||
Buffer output; /* data received over encrypted connection for
|
||||
|
|
24
defines.h
24
defines.h
|
@ -1,7 +1,7 @@
|
|||
#ifndef _DEFINES_H
|
||||
#define _DEFINES_H
|
||||
|
||||
/* $Id: defines.h,v 1.54 2001/02/09 11:55:17 djm Exp $ */
|
||||
/* $Id: defines.h,v 1.55 2001/02/16 01:34:57 djm Exp $ */
|
||||
|
||||
/* Some platforms need this for the _r() functions */
|
||||
#if !defined(_REENTRANT) && !defined(SNI)
|
||||
|
@ -12,7 +12,7 @@
|
|||
|
||||
#include <sys/types.h> /* For [u]intxx_t */
|
||||
#include <sys/socket.h> /* For SHUT_XXXX */
|
||||
#include <sys/param.h> /* For MAXPATHLEN */
|
||||
#include <sys/param.h> /* For MAXPATHLEN and roundup() */
|
||||
#include <netinet/in_systm.h> /* For typedefs */
|
||||
#include <netinet/in.h> /* For IPv6 macros */
|
||||
#include <netinet/ip.h> /* For IPTOS macros */
|
||||
|
@ -318,15 +318,19 @@ struct winsize {
|
|||
# define MIN(a,b) (((a)<(b))?(a):(b))
|
||||
#endif
|
||||
|
||||
#ifndef roundup
|
||||
# define roundup(x, y) ((((x)+((y)-1))/(y))*(y))
|
||||
#endif
|
||||
|
||||
#ifndef timersub
|
||||
#define timersub(a, b, result) \
|
||||
do { \
|
||||
(result)->tv_sec = (a)->tv_sec - (b)->tv_sec; \
|
||||
(result)->tv_usec = (a)->tv_usec - (b)->tv_usec; \
|
||||
if ((result)->tv_usec < 0) { \
|
||||
--(result)->tv_sec; \
|
||||
(result)->tv_usec += 1000000; \
|
||||
} \
|
||||
#define timersub(a, b, result) \
|
||||
do { \
|
||||
(result)->tv_sec = (a)->tv_sec - (b)->tv_sec; \
|
||||
(result)->tv_usec = (a)->tv_usec - (b)->tv_usec; \
|
||||
if ((result)->tv_usec < 0) { \
|
||||
--(result)->tv_sec; \
|
||||
(result)->tv_usec += 1000000; \
|
||||
} \
|
||||
} while (0)
|
||||
#endif
|
||||
|
||||
|
|
|
@ -35,7 +35,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: serverloop.c,v 1.48 2001/02/15 08:38:04 deraadt Exp $");
|
||||
RCSID("$OpenBSD: serverloop.c,v 1.49 2001/02/15 23:19:59 markus Exp $");
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "packet.h"
|
||||
|
@ -339,7 +339,7 @@ process_output(fd_set * writeset)
|
|||
} else {
|
||||
/* Successful write. */
|
||||
if (tcgetattr(fdin, &tio) == 0 &&
|
||||
!(tio.c_lflag & ECHO)) {
|
||||
!(tio.c_lflag & ECHO) && (tio.c_lflag & ICANON)) {
|
||||
/*
|
||||
* Simulate echo to reduce the impact of
|
||||
* traffic analysis
|
||||
|
|
17
sshconnect.c
17
sshconnect.c
|
@ -13,7 +13,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: sshconnect.c,v 1.96 2001/02/08 22:35:30 markus Exp $");
|
||||
RCSID("$OpenBSD: sshconnect.c,v 1.97 2001/02/15 23:19:59 markus Exp $");
|
||||
|
||||
#include <openssl/bn.h>
|
||||
|
||||
|
@ -770,3 +770,18 @@ ssh_login(int host_key_valid, RSA *own_host_key, const char *orighost,
|
|||
ssh_userauth(local_user, server_user, host, host_key_valid, own_host_key);
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
ssh_put_password(char *password)
|
||||
{
|
||||
int size;
|
||||
char *padded;
|
||||
|
||||
size = roundup(strlen(password) + 1, 32);
|
||||
padded = xmalloc(size);
|
||||
memset(padded, 0, size);
|
||||
strlcpy(padded, password, size);
|
||||
packet_put_string(padded, size);
|
||||
memset(padded, 0, size);
|
||||
xfree(padded);
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: sshconnect.h,v 1.5 2001/01/29 01:58:18 niklas Exp $ */
|
||||
/* $OpenBSD: sshconnect.h,v 1.6 2001/02/15 23:19:59 markus Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
|
@ -66,4 +66,6 @@ ssh_userauth(const char * local_user, const char * server_user, char *host,
|
|||
void ssh_kex2(char *host, struct sockaddr *hostaddr);
|
||||
void ssh_userauth2(const char *server_user, char *host);
|
||||
|
||||
void ssh_put_password(char *password);
|
||||
|
||||
#endif
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: sshconnect1.c,v 1.26 2001/02/12 12:45:06 markus Exp $");
|
||||
RCSID("$OpenBSD: sshconnect1.c,v 1.27 2001/02/15 23:19:59 markus Exp $");
|
||||
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/evp.h>
|
||||
|
@ -51,20 +51,6 @@ u_int supported_authentications = 0;
|
|||
extern Options options;
|
||||
extern char *__progname;
|
||||
|
||||
void
|
||||
ssh1_put_password(char *password)
|
||||
{
|
||||
int size;
|
||||
char *padded;
|
||||
|
||||
size = roundup(strlen(password) + 1, 32);
|
||||
padded = xmalloc(size);
|
||||
strlcpy(padded, password, size);
|
||||
packet_put_string(padded, size);
|
||||
memset(padded, 0, size);
|
||||
xfree(padded);
|
||||
}
|
||||
|
||||
/*
|
||||
* Checks if the user has an authentication agent, and if so, tries to
|
||||
* authenticate using the agent.
|
||||
|
@ -672,7 +658,7 @@ try_challenge_reponse_authentication(void)
|
|||
break;
|
||||
}
|
||||
packet_start(SSH_CMSG_AUTH_TIS_RESPONSE);
|
||||
ssh1_put_password(response);
|
||||
ssh_put_password(response);
|
||||
memset(response, 0, strlen(response));
|
||||
xfree(response);
|
||||
packet_send();
|
||||
|
@ -705,7 +691,7 @@ try_password_authentication(char *prompt)
|
|||
error("Permission denied, please try again.");
|
||||
password = read_passphrase(prompt, 0);
|
||||
packet_start(SSH_CMSG_AUTH_PASSWORD);
|
||||
ssh1_put_password(password);
|
||||
ssh_put_password(password);
|
||||
memset(password, 0, strlen(password));
|
||||
xfree(password);
|
||||
packet_send();
|
||||
|
|
|
@ -23,7 +23,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: sshconnect2.c,v 1.47 2001/02/11 12:59:25 markus Exp $");
|
||||
RCSID("$OpenBSD: sshconnect2.c,v 1.48 2001/02/15 23:19:59 markus Exp $");
|
||||
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/md5.h>
|
||||
|
@ -658,7 +658,7 @@ userauth_passwd(Authctxt *authctxt)
|
|||
packet_put_cstring(authctxt->service);
|
||||
packet_put_cstring(authctxt->method->name);
|
||||
packet_put_char(0);
|
||||
packet_put_cstring(password);
|
||||
ssh_put_password(password);
|
||||
memset(password, 0, strlen(password));
|
||||
xfree(password);
|
||||
packet_send();
|
||||
|
@ -928,7 +928,7 @@ input_userauth_info_req(int type, int plen, void *ctxt)
|
|||
|
||||
response = cli_prompt(prompt, echo);
|
||||
|
||||
packet_put_cstring(response);
|
||||
ssh_put_password(response);
|
||||
memset(response, 0, strlen(response));
|
||||
xfree(response);
|
||||
xfree(prompt);
|
||||
|
|
Loading…
Reference in New Issue