diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2001-02-15 23:20:00 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2001-02-15 23:20:00 +0000 |
| commit | e2de8d6a1ba5bc1f948d3a373a7578caa7c4e6f6 (patch) | |
| tree | 0cf2c63f80dd5b918fc5d82c61bcca1b948f782f /usr.bin/ssh | |
| parent | 74cb2dda5f42cb174c986e42f0afbc743b18b75a (diff) | |
genericize password padding function for SSH1 and SSH2.
add stylized echo to 2, too.
Diffstat (limited to 'usr.bin/ssh')
| -rw-r--r-- | usr.bin/ssh/channels.c | 29 | ||||
| -rw-r--r-- | usr.bin/ssh/channels.h | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/serverloop.c | 4 | ||||
| -rw-r--r-- | usr.bin/ssh/sshconnect.c | 17 | ||||
| -rw-r--r-- | usr.bin/ssh/sshconnect.h | 4 | ||||
| -rw-r--r-- | usr.bin/ssh/sshconnect1.c | 20 | ||||
| -rw-r--r-- | usr.bin/ssh/sshconnect2.c | 6 |
7 files changed, 57 insertions, 26 deletions
diff --git a/usr.bin/ssh/channels.c b/usr.bin/ssh/channels.c index da9262ecd8b..dfe193a1baa 100644 --- a/usr.bin/ssh/channels.c +++ b/usr.bin/ssh/channels.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.90 2001/02/08 21:58:28 markus Exp $"); +RCSID("$OpenBSD: channels.c,v 1.91 2001/02/15 23:19:59 markus Exp $"); #include <openssl/rsa.h> #include <openssl/dsa.h> @@ -193,6 +193,18 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd, c->efd = efd; c->extended_usage = extusage; + /* XXX ugly hack: nonblock is only set by the server */ + if (nonblock && isatty(c->rfd)) { + debug("channel: %d: rfd %d isatty", c->self, c->rfd); + c->isatty = 1; + if (!isatty(c->wfd)) { + error("channel: %d: wfd %d is not a tty?", + c->self, c->wfd); + } + } else { + c->isatty = 0; + } + /* enable nonblocking mode */ if (nonblock) { if (rfd != -1) @@ -776,6 +788,21 @@ channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset) } return -1; } + if (compat20 && c->isatty) { + struct termios tio; + if (tcgetattr(c->wfd, &tio) == 0 && + !(tio.c_lflag & ECHO) && (tio.c_lflag & ICANON)) { + /* + * Simulate echo to reduce the impact of + * traffic analysis. + */ + packet_start(SSH2_MSG_IGNORE); + memset(buffer_ptr(&c->output), 0, len); + packet_put_string(buffer_ptr(&c->output), len); + packet_send(); + debug("channel: %d simulate echo (%d)", c->self, len); + } + } buffer_consume(&c->output, len); if (compat20 && len > 0) { c->local_consumed += len; diff --git a/usr.bin/ssh/channels.h b/usr.bin/ssh/channels.h index abd71904245..f57029a14e5 100644 --- a/usr.bin/ssh/channels.h +++ b/usr.bin/ssh/channels.h @@ -32,7 +32,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* RCSID("$OpenBSD: channels.h,v 1.26 2001/01/31 20:37:23 markus Exp $"); */ +/* RCSID("$OpenBSD: channels.h,v 1.27 2001/02/15 23:19:59 markus Exp $"); */ #ifndef CHANNELS_H #define CHANNELS_H @@ -75,6 +75,7 @@ struct Channel { int wfd; /* write fd */ int efd; /* extended fd */ int sock; /* sock fd */ + int isatty; /* rfd is a tty */ Buffer input; /* data read from socket, to be sent over * encrypted connection */ Buffer output; /* data received over encrypted connection for diff --git a/usr.bin/ssh/serverloop.c b/usr.bin/ssh/serverloop.c index d45dd888a68..858cc282b62 100644 --- a/usr.bin/ssh/serverloop.c +++ b/usr.bin/ssh/serverloop.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: serverloop.c,v 1.48 2001/02/15 08:38:04 deraadt Exp $"); +RCSID("$OpenBSD: serverloop.c,v 1.49 2001/02/15 23:19:59 markus Exp $"); #include "xmalloc.h" #include "packet.h" @@ -339,7 +339,7 @@ process_output(fd_set * writeset) } else { /* Successful write. */ if (tcgetattr(fdin, &tio) == 0 && - !(tio.c_lflag & ECHO)) { + !(tio.c_lflag & ECHO) && (tio.c_lflag & ICANON)) { /* * Simulate echo to reduce the impact of * traffic analysis diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c index ff21ba3346c..b068d0bc6cb 100644 --- a/usr.bin/ssh/sshconnect.c +++ b/usr.bin/ssh/sshconnect.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.96 2001/02/08 22:35:30 markus Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.97 2001/02/15 23:19:59 markus Exp $"); #include <openssl/bn.h> @@ -762,3 +762,18 @@ ssh_login(int host_key_valid, RSA *own_host_key, const char *orighost, ssh_userauth(local_user, server_user, host, host_key_valid, own_host_key); } } + +void +ssh_put_password(char *password) +{ + int size; + char *padded; + + size = roundup(strlen(password) + 1, 32); + padded = xmalloc(size); + memset(padded, 0, size); + strlcpy(padded, password, size); + packet_put_string(padded, size); + memset(padded, 0, size); + xfree(padded); +} diff --git a/usr.bin/ssh/sshconnect.h b/usr.bin/ssh/sshconnect.h index 8337cb71d2b..4edd72f2ef7 100644 --- a/usr.bin/ssh/sshconnect.h +++ b/usr.bin/ssh/sshconnect.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.h,v 1.5 2001/01/29 01:58:18 niklas Exp $ */ +/* $OpenBSD: sshconnect.h,v 1.6 2001/02/15 23:19:59 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -66,4 +66,6 @@ ssh_userauth(const char * local_user, const char * server_user, char *host, void ssh_kex2(char *host, struct sockaddr *hostaddr); void ssh_userauth2(const char *server_user, char *host); +void ssh_put_password(char *password); + #endif diff --git a/usr.bin/ssh/sshconnect1.c b/usr.bin/ssh/sshconnect1.c index c82375a3dfb..c5ff7213a01 100644 --- a/usr.bin/ssh/sshconnect1.c +++ b/usr.bin/ssh/sshconnect1.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect1.c,v 1.26 2001/02/12 12:45:06 markus Exp $"); +RCSID("$OpenBSD: sshconnect1.c,v 1.27 2001/02/15 23:19:59 markus Exp $"); #include <openssl/bn.h> #include <openssl/evp.h> @@ -51,20 +51,6 @@ u_int supported_authentications = 0; extern Options options; extern char *__progname; -void -ssh1_put_password(char *password) -{ - int size; - char *padded; - - size = roundup(strlen(password) + 1, 32); - padded = xmalloc(size); - strlcpy(padded, password, size); - packet_put_string(padded, size); - memset(padded, 0, size); - xfree(padded); -} - /* * Checks if the user has an authentication agent, and if so, tries to * authenticate using the agent. @@ -672,7 +658,7 @@ try_challenge_reponse_authentication(void) break; } packet_start(SSH_CMSG_AUTH_TIS_RESPONSE); - ssh1_put_password(response); + ssh_put_password(response); memset(response, 0, strlen(response)); xfree(response); packet_send(); @@ -705,7 +691,7 @@ try_password_authentication(char *prompt) error("Permission denied, please try again."); password = read_passphrase(prompt, 0); packet_start(SSH_CMSG_AUTH_PASSWORD); - ssh1_put_password(password); + ssh_put_password(password); memset(password, 0, strlen(password)); xfree(password); packet_send(); diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c index 9681ca2d4d8..12335e80eef 100644 --- a/usr.bin/ssh/sshconnect2.c +++ b/usr.bin/ssh/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.47 2001/02/11 12:59:25 markus Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.48 2001/02/15 23:19:59 markus Exp $"); #include <openssl/bn.h> #include <openssl/md5.h> @@ -658,7 +658,7 @@ userauth_passwd(Authctxt *authctxt) packet_put_cstring(authctxt->service); packet_put_cstring(authctxt->method->name); packet_put_char(0); - packet_put_cstring(password); + ssh_put_password(password); memset(password, 0, strlen(password)); xfree(password); packet_send(); @@ -928,7 +928,7 @@ input_userauth_info_req(int type, int plen, void *ctxt) response = cli_prompt(prompt, echo); - packet_put_cstring(response); + ssh_put_password(response); memset(response, 0, strlen(response)); xfree(response); xfree(prompt); |