summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog9
-rw-r--r--channels.c29
-rw-r--r--channels.h3
-rw-r--r--defines.h24
-rw-r--r--serverloop.c4
-rw-r--r--sshconnect.c17
-rw-r--r--sshconnect.h4
-rw-r--r--sshconnect1.c20
-rw-r--r--sshconnect2.c6
9 files changed, 79 insertions, 37 deletions
diff --git a/ChangeLog b/ChangeLog
index 83677c0e8..57d38407e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -13,6 +13,13 @@
13 - (djm) Ask users to check config.log when we can't find necessary libs 13 - (djm) Ask users to check config.log when we can't find necessary libs
14 - (djm) Set "login ID" on systems with setluid. Only enabled for SCO 14 - (djm) Set "login ID" on systems with setluid. Only enabled for SCO
15 OpenServer for now. Based on patch from svaughan <svaughan@asterion.com> 15 OpenServer for now. Based on patch from svaughan <svaughan@asterion.com>
16 - (djm) OpenBSD CVS:
17 - markus@cvs.openbsd.org 2001/02/15 16:19:59
18 [channels.c channels.h serverloop.c sshconnect.c sshconnect.h]
19 [sshconnect1.c sshconnect2.c]
20 genericize password padding function for SSH1 and SSH2.
21 add stylized echo to 2, too.
22 - (djm) Add roundup() macro to defines.h
16 23
1720010215 2420010215
18 - (djm) Move PAM session setup back to before setuid to user. Fixes 25 - (djm) Move PAM session setup back to before setuid to user. Fixes
@@ -3986,4 +3993,4 @@
3986 - Wrote replacements for strlcpy and mkdtemp 3993 - Wrote replacements for strlcpy and mkdtemp
3987 - Released 1.0pre1 3994 - Released 1.0pre1
3988 3995
3989$Id: ChangeLog,v 1.778 2001/02/16 01:12:41 djm Exp $ 3996$Id: ChangeLog,v 1.779 2001/02/16 01:34:57 djm Exp $
diff --git a/channels.c b/channels.c
index a079fc24d..b7286940b 100644
--- a/channels.c
+++ b/channels.c
@@ -40,7 +40,7 @@
40 */ 40 */
41 41
42#include "includes.h" 42#include "includes.h"
43RCSID("$OpenBSD: channels.c,v 1.90 2001/02/08 21:58:28 markus Exp $"); 43RCSID("$OpenBSD: channels.c,v 1.91 2001/02/15 23:19:59 markus Exp $");
44 44
45#include <openssl/rsa.h> 45#include <openssl/rsa.h>
46#include <openssl/dsa.h> 46#include <openssl/dsa.h>
@@ -193,6 +193,18 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd,
193 c->efd = efd; 193 c->efd = efd;
194 c->extended_usage = extusage; 194 c->extended_usage = extusage;
195 195
196 /* XXX ugly hack: nonblock is only set by the server */
197 if (nonblock && isatty(c->rfd)) {
198 debug("channel: %d: rfd %d isatty", c->self, c->rfd);
199 c->isatty = 1;
200 if (!isatty(c->wfd)) {
201 error("channel: %d: wfd %d is not a tty?",
202 c->self, c->wfd);
203 }
204 } else {
205 c->isatty = 0;
206 }
207
196 /* enable nonblocking mode */ 208 /* enable nonblocking mode */
197 if (nonblock) { 209 if (nonblock) {
198 if (rfd != -1) 210 if (rfd != -1)
@@ -776,6 +788,21 @@ channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset)
776 } 788 }
777 return -1; 789 return -1;
778 } 790 }
791 if (compat20 && c->isatty) {
792 struct termios tio;
793 if (tcgetattr(c->wfd, &tio) == 0 &&
794 !(tio.c_lflag & ECHO) && (tio.c_lflag & ICANON)) {
795 /*
796 * Simulate echo to reduce the impact of
797 * traffic analysis.
798 */
799 packet_start(SSH2_MSG_IGNORE);
800 memset(buffer_ptr(&c->output), 0, len);
801 packet_put_string(buffer_ptr(&c->output), len);
802 packet_send();
803 debug("channel: %d simulate echo (%d)", c->self, len);
804 }
805 }
779 buffer_consume(&c->output, len); 806 buffer_consume(&c->output, len);
780 if (compat20 && len > 0) { 807 if (compat20 && len > 0) {
781 c->local_consumed += len; 808 c->local_consumed += len;
diff --git a/channels.h b/channels.h
index abd719042..f57029a14 100644
--- a/channels.h
+++ b/channels.h
@@ -32,7 +32,7 @@
32 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 32 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
33 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 33 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34 */ 34 */
35/* RCSID("$OpenBSD: channels.h,v 1.26 2001/01/31 20:37:23 markus Exp $"); */ 35/* RCSID("$OpenBSD: channels.h,v 1.27 2001/02/15 23:19:59 markus Exp $"); */
36 36
37#ifndef CHANNELS_H 37#ifndef CHANNELS_H
38#define CHANNELS_H 38#define CHANNELS_H
@@ -75,6 +75,7 @@ struct Channel {
75 int wfd; /* write fd */ 75 int wfd; /* write fd */
76 int efd; /* extended fd */ 76 int efd; /* extended fd */
77 int sock; /* sock fd */ 77 int sock; /* sock fd */
78 int isatty; /* rfd is a tty */
78 Buffer input; /* data read from socket, to be sent over 79 Buffer input; /* data read from socket, to be sent over
79 * encrypted connection */ 80 * encrypted connection */
80 Buffer output; /* data received over encrypted connection for 81 Buffer output; /* data received over encrypted connection for
diff --git a/defines.h b/defines.h
index 9f1ab3d7f..635bfad20 100644
--- a/defines.h
+++ b/defines.h
@@ -1,7 +1,7 @@
1#ifndef _DEFINES_H 1#ifndef _DEFINES_H
2#define _DEFINES_H 2#define _DEFINES_H
3 3
4/* $Id: defines.h,v 1.54 2001/02/09 11:55:17 djm Exp $ */ 4/* $Id: defines.h,v 1.55 2001/02/16 01:34:57 djm Exp $ */
5 5
6/* Some platforms need this for the _r() functions */ 6/* Some platforms need this for the _r() functions */
7#if !defined(_REENTRANT) && !defined(SNI) 7#if !defined(_REENTRANT) && !defined(SNI)
@@ -12,7 +12,7 @@
12 12
13#include <sys/types.h> /* For [u]intxx_t */ 13#include <sys/types.h> /* For [u]intxx_t */
14#include <sys/socket.h> /* For SHUT_XXXX */ 14#include <sys/socket.h> /* For SHUT_XXXX */
15#include <sys/param.h> /* For MAXPATHLEN */ 15#include <sys/param.h> /* For MAXPATHLEN and roundup() */
16#include <netinet/in_systm.h> /* For typedefs */ 16#include <netinet/in_systm.h> /* For typedefs */
17#include <netinet/in.h> /* For IPv6 macros */ 17#include <netinet/in.h> /* For IPv6 macros */
18#include <netinet/ip.h> /* For IPTOS macros */ 18#include <netinet/ip.h> /* For IPTOS macros */
@@ -318,15 +318,19 @@ struct winsize {
318# define MIN(a,b) (((a)<(b))?(a):(b)) 318# define MIN(a,b) (((a)<(b))?(a):(b))
319#endif 319#endif
320 320
321#ifndef roundup
322# define roundup(x, y) ((((x)+((y)-1))/(y))*(y))
323#endif
324
321#ifndef timersub 325#ifndef timersub
322#define timersub(a, b, result) \ 326#define timersub(a, b, result) \
323 do { \ 327 do { \
324 (result)->tv_sec = (a)->tv_sec - (b)->tv_sec; \ 328 (result)->tv_sec = (a)->tv_sec - (b)->tv_sec; \
325 (result)->tv_usec = (a)->tv_usec - (b)->tv_usec; \ 329 (result)->tv_usec = (a)->tv_usec - (b)->tv_usec; \
326 if ((result)->tv_usec < 0) { \ 330 if ((result)->tv_usec < 0) { \
327 --(result)->tv_sec; \ 331 --(result)->tv_sec; \
328 (result)->tv_usec += 1000000; \ 332 (result)->tv_usec += 1000000; \
329 } \ 333 } \
330 } while (0) 334 } while (0)
331#endif 335#endif
332 336
diff --git a/serverloop.c b/serverloop.c
index d59de8622..613f5181d 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -35,7 +35,7 @@
35 */ 35 */
36 36
37#include "includes.h" 37#include "includes.h"
38RCSID("$OpenBSD: serverloop.c,v 1.48 2001/02/15 08:38:04 deraadt Exp $"); 38RCSID("$OpenBSD: serverloop.c,v 1.49 2001/02/15 23:19:59 markus Exp $");
39 39
40#include "xmalloc.h" 40#include "xmalloc.h"
41#include "packet.h" 41#include "packet.h"
@@ -339,7 +339,7 @@ process_output(fd_set * writeset)
339 } else { 339 } else {
340 /* Successful write. */ 340 /* Successful write. */
341 if (tcgetattr(fdin, &tio) == 0 && 341 if (tcgetattr(fdin, &tio) == 0 &&
342 !(tio.c_lflag & ECHO)) { 342 !(tio.c_lflag & ECHO) && (tio.c_lflag & ICANON)) {
343 /* 343 /*
344 * Simulate echo to reduce the impact of 344 * Simulate echo to reduce the impact of
345 * traffic analysis 345 * traffic analysis
diff --git a/sshconnect.c b/sshconnect.c
index 389d65985..623caed73 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -13,7 +13,7 @@
13 */ 13 */
14 14
15#include "includes.h" 15#include "includes.h"
16RCSID("$OpenBSD: sshconnect.c,v 1.96 2001/02/08 22:35:30 markus Exp $"); 16RCSID("$OpenBSD: sshconnect.c,v 1.97 2001/02/15 23:19:59 markus Exp $");
17 17
18#include <openssl/bn.h> 18#include <openssl/bn.h>
19 19
@@ -770,3 +770,18 @@ ssh_login(int host_key_valid, RSA *own_host_key, const char *orighost,
770 ssh_userauth(local_user, server_user, host, host_key_valid, own_host_key); 770 ssh_userauth(local_user, server_user, host, host_key_valid, own_host_key);
771 } 771 }
772} 772}
773
774void
775ssh_put_password(char *password)
776{
777 int size;
778 char *padded;
779
780 size = roundup(strlen(password) + 1, 32);
781 padded = xmalloc(size);
782 memset(padded, 0, size);
783 strlcpy(padded, password, size);
784 packet_put_string(padded, size);
785 memset(padded, 0, size);
786 xfree(padded);
787}
diff --git a/sshconnect.h b/sshconnect.h
index 8337cb71d..4edd72f2e 100644
--- a/sshconnect.h
+++ b/sshconnect.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect.h,v 1.5 2001/01/29 01:58:18 niklas Exp $ */ 1/* $OpenBSD: sshconnect.h,v 1.6 2001/02/15 23:19:59 markus Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -66,4 +66,6 @@ ssh_userauth(const char * local_user, const char * server_user, char *host,
66void ssh_kex2(char *host, struct sockaddr *hostaddr); 66void ssh_kex2(char *host, struct sockaddr *hostaddr);
67void ssh_userauth2(const char *server_user, char *host); 67void ssh_userauth2(const char *server_user, char *host);
68 68
69void ssh_put_password(char *password);
70
69#endif 71#endif
diff --git a/sshconnect1.c b/sshconnect1.c
index c82375a3d..c5ff7213a 100644
--- a/sshconnect1.c
+++ b/sshconnect1.c
@@ -13,7 +13,7 @@
13 */ 13 */
14 14
15#include "includes.h" 15#include "includes.h"
16RCSID("$OpenBSD: sshconnect1.c,v 1.26 2001/02/12 12:45:06 markus Exp $"); 16RCSID("$OpenBSD: sshconnect1.c,v 1.27 2001/02/15 23:19:59 markus Exp $");
17 17
18#include <openssl/bn.h> 18#include <openssl/bn.h>
19#include <openssl/evp.h> 19#include <openssl/evp.h>
@@ -51,20 +51,6 @@ u_int supported_authentications = 0;
51extern Options options; 51extern Options options;
52extern char *__progname; 52extern char *__progname;
53 53
54void
55ssh1_put_password(char *password)
56{
57 int size;
58 char *padded;
59
60 size = roundup(strlen(password) + 1, 32);
61 padded = xmalloc(size);
62 strlcpy(padded, password, size);
63 packet_put_string(padded, size);
64 memset(padded, 0, size);
65 xfree(padded);
66}
67
68/* 54/*
69 * Checks if the user has an authentication agent, and if so, tries to 55 * Checks if the user has an authentication agent, and if so, tries to
70 * authenticate using the agent. 56 * authenticate using the agent.
@@ -672,7 +658,7 @@ try_challenge_reponse_authentication(void)
672 break; 658 break;
673 } 659 }
674 packet_start(SSH_CMSG_AUTH_TIS_RESPONSE); 660 packet_start(SSH_CMSG_AUTH_TIS_RESPONSE);
675 ssh1_put_password(response); 661 ssh_put_password(response);
676 memset(response, 0, strlen(response)); 662 memset(response, 0, strlen(response));
677 xfree(response); 663 xfree(response);
678 packet_send(); 664 packet_send();
@@ -705,7 +691,7 @@ try_password_authentication(char *prompt)
705 error("Permission denied, please try again."); 691 error("Permission denied, please try again.");
706 password = read_passphrase(prompt, 0); 692 password = read_passphrase(prompt, 0);
707 packet_start(SSH_CMSG_AUTH_PASSWORD); 693 packet_start(SSH_CMSG_AUTH_PASSWORD);
708 ssh1_put_password(password); 694 ssh_put_password(password);
709 memset(password, 0, strlen(password)); 695 memset(password, 0, strlen(password));
710 xfree(password); 696 xfree(password);
711 packet_send(); 697 packet_send();
diff --git a/sshconnect2.c b/sshconnect2.c
index 9681ca2d4..12335e80e 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: sshconnect2.c,v 1.47 2001/02/11 12:59:25 markus Exp $"); 26RCSID("$OpenBSD: sshconnect2.c,v 1.48 2001/02/15 23:19:59 markus Exp $");
27 27
28#include <openssl/bn.h> 28#include <openssl/bn.h>
29#include <openssl/md5.h> 29#include <openssl/md5.h>
@@ -658,7 +658,7 @@ userauth_passwd(Authctxt *authctxt)
658 packet_put_cstring(authctxt->service); 658 packet_put_cstring(authctxt->service);
659 packet_put_cstring(authctxt->method->name); 659 packet_put_cstring(authctxt->method->name);
660 packet_put_char(0); 660 packet_put_char(0);
661 packet_put_cstring(password); 661 ssh_put_password(password);
662 memset(password, 0, strlen(password)); 662 memset(password, 0, strlen(password));
663 xfree(password); 663 xfree(password);
664 packet_send(); 664 packet_send();
@@ -928,7 +928,7 @@ input_userauth_info_req(int type, int plen, void *ctxt)
928 928
929 response = cli_prompt(prompt, echo); 929 response = cli_prompt(prompt, echo);
930 930
931 packet_put_cstring(response); 931 ssh_put_password(response);
932 memset(response, 0, strlen(response)); 932 memset(response, 0, strlen(response));
933 xfree(response); 933 xfree(response);
934 xfree(prompt); 934 xfree(prompt);
generated by cgit v1.2.3 (git 2.39.1) at 2024-10-08 04:43:02 +0000