diff options
-rw-r--r-- | ChangeLog | 11 | ||||
-rw-r--r-- | packet.c | 6 | ||||
-rw-r--r-- | readpass.c | 37 | ||||
-rw-r--r-- | sshd.c | 24 |
4 files changed, 60 insertions, 18 deletions
@@ -7,6 +7,17 @@ | |||
7 | - Irix uses preformatted manpages | 7 | - Irix uses preformatted manpages |
8 | - Missing htons() in bsd-bindresvport.c, fix from Holger Trapp | 8 | - Missing htons() in bsd-bindresvport.c, fix from Holger Trapp |
9 | <Holger.Trapp@Informatik.TU-Chemnitz.DE> | 9 | <Holger.Trapp@Informatik.TU-Chemnitz.DE> |
10 | - OpenBSD CVS updates: | ||
11 | - [packet.c] | ||
12 | use getpeername() in packet_connection_is_on_socket(), fixes sshd -i; | ||
13 | from Holger.Trapp@Informatik.TU-Chemnitz.DE | ||
14 | - [sshd.c] | ||
15 | log with level log() not fatal() if peer behaves badly. | ||
16 | - [readpass.c] | ||
17 | instead of blocking SIGINT, catch it ourselves, so that we can clean | ||
18 | the tty modes up and kill ourselves -- instead of our process group | ||
19 | leader (scp, cvs, ...) going away and leaving us in noecho mode. | ||
20 | people with cbreak shells never even noticed.. | ||
10 | 21 | ||
11 | 20000120 | 22 | 20000120 |
12 | - Don't use getaddrinfo on AIX | 23 | - Don't use getaddrinfo on AIX |
@@ -15,7 +15,7 @@ | |||
15 | */ | 15 | */ |
16 | 16 | ||
17 | #include "includes.h" | 17 | #include "includes.h" |
18 | RCSID("$Id: packet.c,v 1.9 2000/01/14 04:45:50 damien Exp $"); | 18 | RCSID("$Id: packet.c,v 1.10 2000/01/22 08:47:21 damien Exp $"); |
19 | 19 | ||
20 | #include "xmalloc.h" | 20 | #include "xmalloc.h" |
21 | #include "buffer.h" | 21 | #include "buffer.h" |
@@ -117,11 +117,11 @@ packet_connection_is_on_socket() | |||
117 | return 1; | 117 | return 1; |
118 | fromlen = sizeof(from); | 118 | fromlen = sizeof(from); |
119 | memset(&from, 0, sizeof(from)); | 119 | memset(&from, 0, sizeof(from)); |
120 | if (getpeername(connection_in, (struct sockaddr *) & from, &fromlen) < 0) | 120 | if (getpeername(connection_in, (struct sockaddr *)&from, &fromlen) < 0) |
121 | return 0; | 121 | return 0; |
122 | tolen = sizeof(to); | 122 | tolen = sizeof(to); |
123 | memset(&to, 0, sizeof(to)); | 123 | memset(&to, 0, sizeof(to)); |
124 | if (getsockname(connection_out, (struct sockaddr *)&to, &tolen) < 0) | 124 | if (getpeername(connection_out, (struct sockaddr *)&to, &tolen) < 0) |
125 | return 0; | 125 | return 0; |
126 | if (fromlen != tolen || memcmp(&from, &to, fromlen) != 0) | 126 | if (fromlen != tolen || memcmp(&from, &to, fromlen) != 0) |
127 | return 0; | 127 | return 0; |
diff --git a/readpass.c b/readpass.c index 5ea3b22dc..edeb23864 100644 --- a/readpass.c +++ b/readpass.c | |||
@@ -32,11 +32,19 @@ | |||
32 | */ | 32 | */ |
33 | 33 | ||
34 | #include "includes.h" | 34 | #include "includes.h" |
35 | RCSID("$Id: readpass.c,v 1.4 1999/12/08 23:31:37 damien Exp $"); | 35 | RCSID("$Id: readpass.c,v 1.5 2000/01/22 08:47:21 damien Exp $"); |
36 | 36 | ||
37 | #include "xmalloc.h" | 37 | #include "xmalloc.h" |
38 | #include "ssh.h" | 38 | #include "ssh.h" |
39 | 39 | ||
40 | volatile int intr; | ||
41 | |||
42 | void | ||
43 | intcatch() | ||
44 | { | ||
45 | intr = 1; | ||
46 | } | ||
47 | |||
40 | /* | 48 | /* |
41 | * Reads a passphrase from /dev/tty with echo turned off. Returns the | 49 | * Reads a passphrase from /dev/tty with echo turned off. Returns the |
42 | * passphrase (allocated with xmalloc), being very careful to ensure that | 50 | * passphrase (allocated with xmalloc), being very careful to ensure that |
@@ -48,6 +56,7 @@ read_passphrase(const char *prompt, int from_stdin) | |||
48 | char buf[1024], *p, ch; | 56 | char buf[1024], *p, ch; |
49 | struct termios tio, saved_tio; | 57 | struct termios tio, saved_tio; |
50 | sigset_t oset, nset; | 58 | sigset_t oset, nset; |
59 | struct sigaction sa, osa; | ||
51 | int input, output, echo = 0; | 60 | int input, output, echo = 0; |
52 | 61 | ||
53 | if (from_stdin) { | 62 | if (from_stdin) { |
@@ -61,13 +70,17 @@ read_passphrase(const char *prompt, int from_stdin) | |||
61 | 70 | ||
62 | /* block signals, get terminal modes and turn off echo */ | 71 | /* block signals, get terminal modes and turn off echo */ |
63 | sigemptyset(&nset); | 72 | sigemptyset(&nset); |
64 | sigaddset(&nset, SIGINT); | ||
65 | sigaddset(&nset, SIGTSTP); | 73 | sigaddset(&nset, SIGTSTP); |
66 | (void) sigprocmask(SIG_BLOCK, &nset, &oset); | 74 | (void) sigprocmask(SIG_BLOCK, &nset, &oset); |
75 | memset(&sa, 0, sizeof(sa)); | ||
76 | sa.sa_handler = intcatch; | ||
77 | (void) sigaction(SIGINT, &sa, &osa); | ||
67 | 78 | ||
68 | if (tcgetattr(input, &tio) == 0 && (tio.c_lflag & ECHO)) { | 79 | intr = 0; |
80 | |||
81 | if (tcgetattr(input, &saved_tio) == 0 && (saved_tio.c_lflag & ECHO)) { | ||
69 | echo = 1; | 82 | echo = 1; |
70 | saved_tio = tio; | 83 | tio = saved_tio; |
71 | tio.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL); | 84 | tio.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL); |
72 | (void) tcsetattr(input, TCSANOW, &tio); | 85 | (void) tcsetattr(input, TCSANOW, &tio); |
73 | } | 86 | } |
@@ -75,16 +88,28 @@ read_passphrase(const char *prompt, int from_stdin) | |||
75 | fflush(stdout); | 88 | fflush(stdout); |
76 | 89 | ||
77 | (void)write(output, prompt, strlen(prompt)); | 90 | (void)write(output, prompt, strlen(prompt)); |
78 | for (p = buf; read(input, &ch, 1) == 1 && ch != '\n';) | 91 | for (p = buf; read(input, &ch, 1) == 1 && ch != '\n';) { |
92 | if (intr) | ||
93 | break; | ||
79 | if (p < buf + sizeof(buf) - 1) | 94 | if (p < buf + sizeof(buf) - 1) |
80 | *p++ = ch; | 95 | *p++ = ch; |
96 | } | ||
81 | *p = '\0'; | 97 | *p = '\0'; |
82 | (void)write(output, "\n", 1); | 98 | if (!intr) |
99 | (void)write(output, "\n", 1); | ||
83 | 100 | ||
84 | /* restore terminal modes and allow signals */ | 101 | /* restore terminal modes and allow signals */ |
85 | if (echo) | 102 | if (echo) |
86 | tcsetattr(input, TCSANOW, &saved_tio); | 103 | tcsetattr(input, TCSANOW, &saved_tio); |
87 | (void) sigprocmask(SIG_SETMASK, &oset, NULL); | 104 | (void) sigprocmask(SIG_SETMASK, &oset, NULL); |
105 | (void) sigaction(SIGINT, &osa, NULL); | ||
106 | |||
107 | if (intr) { | ||
108 | kill(getpid(), SIGINT); | ||
109 | sigemptyset(&nset); | ||
110 | /* XXX tty has not neccessarily drained by now? */ | ||
111 | sigsuspend(&nset); | ||
112 | } | ||
88 | 113 | ||
89 | if (!from_stdin) | 114 | if (!from_stdin) |
90 | (void)close(input); | 115 | (void)close(input); |
@@ -11,7 +11,7 @@ | |||
11 | */ | 11 | */ |
12 | 12 | ||
13 | #include "includes.h" | 13 | #include "includes.h" |
14 | RCSID("$OpenBSD: sshd.c,v 1.79 2000/01/18 13:45:05 markus Exp $"); | 14 | RCSID("$OpenBSD: sshd.c,v 1.80 2000/01/20 15:19:22 markus Exp $"); |
15 | 15 | ||
16 | #include "xmalloc.h" | 16 | #include "xmalloc.h" |
17 | #include "rsa.h" | 17 | #include "rsa.h" |
@@ -784,13 +784,17 @@ main(int ac, char **av) | |||
784 | /* Send our protocol version identification. */ | 784 | /* Send our protocol version identification. */ |
785 | snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", | 785 | snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", |
786 | PROTOCOL_MAJOR, PROTOCOL_MINOR, SSH_VERSION); | 786 | PROTOCOL_MAJOR, PROTOCOL_MINOR, SSH_VERSION); |
787 | if (atomicio(write, sock_out, buf, strlen(buf)) != strlen(buf)) | 787 | if (atomicio(write, sock_out, buf, strlen(buf)) != strlen(buf)) { |
788 | fatal("Could not write ident string to %s.", remote_ip); | 788 | log("Could not write ident string to %s.", remote_ip); |
789 | fatal_cleanup(); | ||
790 | } | ||
789 | 791 | ||
790 | /* Read other side\'s version identification. */ | 792 | /* Read other side\'s version identification. */ |
791 | for (i = 0; i < sizeof(buf) - 1; i++) { | 793 | for (i = 0; i < sizeof(buf) - 1; i++) { |
792 | if (read(sock_in, &buf[i], 1) != 1) | 794 | if (read(sock_in, &buf[i], 1) != 1) { |
793 | fatal("Did not receive ident string from %s.", remote_ip); | 795 | log("Did not receive ident string from %s.", remote_ip); |
796 | fatal_cleanup(); | ||
797 | } | ||
794 | if (buf[i] == '\r') { | 798 | if (buf[i] == '\r') { |
795 | buf[i] = '\n'; | 799 | buf[i] = '\n'; |
796 | buf[i + 1] = 0; | 800 | buf[i + 1] = 0; |
@@ -816,8 +820,9 @@ main(int ac, char **av) | |||
816 | (void) atomicio(write, sock_out, s, strlen(s)); | 820 | (void) atomicio(write, sock_out, s, strlen(s)); |
817 | close(sock_in); | 821 | close(sock_in); |
818 | close(sock_out); | 822 | close(sock_out); |
819 | fatal("Bad protocol version identification '%.100s' from %s", | 823 | log("Bad protocol version identification '%.100s' from %s", |
820 | buf, remote_ip); | 824 | buf, remote_ip); |
825 | fatal_cleanup(); | ||
821 | } | 826 | } |
822 | debug("Client protocol version %d.%d; client software version %.100s", | 827 | debug("Client protocol version %d.%d; client software version %.100s", |
823 | remote_major, remote_minor, remote_version); | 828 | remote_major, remote_minor, remote_version); |
@@ -827,8 +832,9 @@ main(int ac, char **av) | |||
827 | (void) atomicio(write, sock_out, s, strlen(s)); | 832 | (void) atomicio(write, sock_out, s, strlen(s)); |
828 | close(sock_in); | 833 | close(sock_in); |
829 | close(sock_out); | 834 | close(sock_out); |
830 | fatal("Protocol major versions differ for %s: %d vs. %d", | 835 | log("Protocol major versions differ for %s: %d vs. %d", |
831 | remote_ip, PROTOCOL_MAJOR, remote_major); | 836 | remote_ip, PROTOCOL_MAJOR, remote_major); |
837 | fatal_cleanup(); | ||
832 | } | 838 | } |
833 | /* Check that the client has sufficiently high software version. */ | 839 | /* Check that the client has sufficiently high software version. */ |
834 | if (remote_major == 1 && remote_minor < 3) | 840 | if (remote_major == 1 && remote_minor < 3) |