diff options
| -rw-r--r-- | ChangeLog | 11 | ||||
| -rw-r--r-- | packet.c | 6 | ||||
| -rw-r--r-- | readpass.c | 37 | ||||
| -rw-r--r-- | sshd.c | 24 |
4 files changed, 60 insertions, 18 deletions
| @@ -7,6 +7,17 @@ | |||
| 7 | - Irix uses preformatted manpages | 7 | - Irix uses preformatted manpages |
| 8 | - Missing htons() in bsd-bindresvport.c, fix from Holger Trapp | 8 | - Missing htons() in bsd-bindresvport.c, fix from Holger Trapp |
| 9 | <Holger.Trapp@Informatik.TU-Chemnitz.DE> | 9 | <Holger.Trapp@Informatik.TU-Chemnitz.DE> |
| 10 | - OpenBSD CVS updates: | ||
| 11 | - [packet.c] | ||
| 12 | use getpeername() in packet_connection_is_on_socket(), fixes sshd -i; | ||
| 13 | from Holger.Trapp@Informatik.TU-Chemnitz.DE | ||
| 14 | - [sshd.c] | ||
| 15 | log with level log() not fatal() if peer behaves badly. | ||
| 16 | - [readpass.c] | ||
| 17 | instead of blocking SIGINT, catch it ourselves, so that we can clean | ||
| 18 | the tty modes up and kill ourselves -- instead of our process group | ||
| 19 | leader (scp, cvs, ...) going away and leaving us in noecho mode. | ||
| 20 | people with cbreak shells never even noticed.. | ||
| 10 | 21 | ||
| 11 | 20000120 | 22 | 20000120 |
| 12 | - Don't use getaddrinfo on AIX | 23 | - Don't use getaddrinfo on AIX |
| @@ -15,7 +15,7 @@ | |||
| 15 | */ | 15 | */ |
| 16 | 16 | ||
| 17 | #include "includes.h" | 17 | #include "includes.h" |
| 18 | RCSID("$Id: packet.c,v 1.9 2000/01/14 04:45:50 damien Exp $"); | 18 | RCSID("$Id: packet.c,v 1.10 2000/01/22 08:47:21 damien Exp $"); |
| 19 | 19 | ||
| 20 | #include "xmalloc.h" | 20 | #include "xmalloc.h" |
| 21 | #include "buffer.h" | 21 | #include "buffer.h" |
| @@ -117,11 +117,11 @@ packet_connection_is_on_socket() | |||
| 117 | return 1; | 117 | return 1; |
| 118 | fromlen = sizeof(from); | 118 | fromlen = sizeof(from); |
| 119 | memset(&from, 0, sizeof(from)); | 119 | memset(&from, 0, sizeof(from)); |
| 120 | if (getpeername(connection_in, (struct sockaddr *) & from, &fromlen) < 0) | 120 | if (getpeername(connection_in, (struct sockaddr *)&from, &fromlen) < 0) |
| 121 | return 0; | 121 | return 0; |
| 122 | tolen = sizeof(to); | 122 | tolen = sizeof(to); |
| 123 | memset(&to, 0, sizeof(to)); | 123 | memset(&to, 0, sizeof(to)); |
| 124 | if (getsockname(connection_out, (struct sockaddr *)&to, &tolen) < 0) | 124 | if (getpeername(connection_out, (struct sockaddr *)&to, &tolen) < 0) |
| 125 | return 0; | 125 | return 0; |
| 126 | if (fromlen != tolen || memcmp(&from, &to, fromlen) != 0) | 126 | if (fromlen != tolen || memcmp(&from, &to, fromlen) != 0) |
| 127 | return 0; | 127 | return 0; |
diff --git a/readpass.c b/readpass.c index 5ea3b22dc..edeb23864 100644 --- a/readpass.c +++ b/readpass.c | |||
| @@ -32,11 +32,19 @@ | |||
| 32 | */ | 32 | */ |
| 33 | 33 | ||
| 34 | #include "includes.h" | 34 | #include "includes.h" |
| 35 | RCSID("$Id: readpass.c,v 1.4 1999/12/08 23:31:37 damien Exp $"); | 35 | RCSID("$Id: readpass.c,v 1.5 2000/01/22 08:47:21 damien Exp $"); |
| 36 | 36 | ||
| 37 | #include "xmalloc.h" | 37 | #include "xmalloc.h" |
| 38 | #include "ssh.h" | 38 | #include "ssh.h" |
| 39 | 39 | ||
| 40 | volatile int intr; | ||
| 41 | |||
| 42 | void | ||
| 43 | intcatch() | ||
| 44 | { | ||
| 45 | intr = 1; | ||
| 46 | } | ||
| 47 | |||
| 40 | /* | 48 | /* |
| 41 | * Reads a passphrase from /dev/tty with echo turned off. Returns the | 49 | * Reads a passphrase from /dev/tty with echo turned off. Returns the |
| 42 | * passphrase (allocated with xmalloc), being very careful to ensure that | 50 | * passphrase (allocated with xmalloc), being very careful to ensure that |
| @@ -48,6 +56,7 @@ read_passphrase(const char *prompt, int from_stdin) | |||
| 48 | char buf[1024], *p, ch; | 56 | char buf[1024], *p, ch; |
| 49 | struct termios tio, saved_tio; | 57 | struct termios tio, saved_tio; |
| 50 | sigset_t oset, nset; | 58 | sigset_t oset, nset; |
| 59 | struct sigaction sa, osa; | ||
| 51 | int input, output, echo = 0; | 60 | int input, output, echo = 0; |
| 52 | 61 | ||
| 53 | if (from_stdin) { | 62 | if (from_stdin) { |
| @@ -61,13 +70,17 @@ read_passphrase(const char *prompt, int from_stdin) | |||
| 61 | 70 | ||
| 62 | /* block signals, get terminal modes and turn off echo */ | 71 | /* block signals, get terminal modes and turn off echo */ |
| 63 | sigemptyset(&nset); | 72 | sigemptyset(&nset); |
| 64 | sigaddset(&nset, SIGINT); | ||
| 65 | sigaddset(&nset, SIGTSTP); | 73 | sigaddset(&nset, SIGTSTP); |
| 66 | (void) sigprocmask(SIG_BLOCK, &nset, &oset); | 74 | (void) sigprocmask(SIG_BLOCK, &nset, &oset); |
| 75 | memset(&sa, 0, sizeof(sa)); | ||
| 76 | sa.sa_handler = intcatch; | ||
| 77 | (void) sigaction(SIGINT, &sa, &osa); | ||
| 67 | 78 | ||
| 68 | if (tcgetattr(input, &tio) == 0 && (tio.c_lflag & ECHO)) { | 79 | intr = 0; |
| 80 | |||
| 81 | if (tcgetattr(input, &saved_tio) == 0 && (saved_tio.c_lflag & ECHO)) { | ||
| 69 | echo = 1; | 82 | echo = 1; |
| 70 | saved_tio = tio; | 83 | tio = saved_tio; |
| 71 | tio.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL); | 84 | tio.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL); |
| 72 | (void) tcsetattr(input, TCSANOW, &tio); | 85 | (void) tcsetattr(input, TCSANOW, &tio); |
| 73 | } | 86 | } |
| @@ -75,16 +88,28 @@ read_passphrase(const char *prompt, int from_stdin) | |||
| 75 | fflush(stdout); | 88 | fflush(stdout); |
| 76 | 89 | ||
| 77 | (void)write(output, prompt, strlen(prompt)); | 90 | (void)write(output, prompt, strlen(prompt)); |
| 78 | for (p = buf; read(input, &ch, 1) == 1 && ch != '\n';) | 91 | for (p = buf; read(input, &ch, 1) == 1 && ch != '\n';) { |
| 92 | if (intr) | ||
| 93 | break; | ||
| 79 | if (p < buf + sizeof(buf) - 1) | 94 | if (p < buf + sizeof(buf) - 1) |
| 80 | *p++ = ch; | 95 | *p++ = ch; |
| 96 | } | ||
| 81 | *p = '\0'; | 97 | *p = '\0'; |
| 82 | (void)write(output, "\n", 1); | 98 | if (!intr) |
| 99 | (void)write(output, "\n", 1); | ||
| 83 | 100 | ||
| 84 | /* restore terminal modes and allow signals */ | 101 | /* restore terminal modes and allow signals */ |
| 85 | if (echo) | 102 | if (echo) |
| 86 | tcsetattr(input, TCSANOW, &saved_tio); | 103 | tcsetattr(input, TCSANOW, &saved_tio); |
| 87 | (void) sigprocmask(SIG_SETMASK, &oset, NULL); | 104 | (void) sigprocmask(SIG_SETMASK, &oset, NULL); |
| 105 | (void) sigaction(SIGINT, &osa, NULL); | ||
| 106 | |||
| 107 | if (intr) { | ||
| 108 | kill(getpid(), SIGINT); | ||
| 109 | sigemptyset(&nset); | ||
| 110 | /* XXX tty has not neccessarily drained by now? */ | ||
| 111 | sigsuspend(&nset); | ||
| 112 | } | ||
| 88 | 113 | ||
| 89 | if (!from_stdin) | 114 | if (!from_stdin) |
| 90 | (void)close(input); | 115 | (void)close(input); |
| @@ -11,7 +11,7 @@ | |||
| 11 | */ | 11 | */ |
| 12 | 12 | ||
| 13 | #include "includes.h" | 13 | #include "includes.h" |
| 14 | RCSID("$OpenBSD: sshd.c,v 1.79 2000/01/18 13:45:05 markus Exp $"); | 14 | RCSID("$OpenBSD: sshd.c,v 1.80 2000/01/20 15:19:22 markus Exp $"); |
| 15 | 15 | ||
| 16 | #include "xmalloc.h" | 16 | #include "xmalloc.h" |
| 17 | #include "rsa.h" | 17 | #include "rsa.h" |
| @@ -784,13 +784,17 @@ main(int ac, char **av) | |||
| 784 | /* Send our protocol version identification. */ | 784 | /* Send our protocol version identification. */ |
| 785 | snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", | 785 | snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", |
| 786 | PROTOCOL_MAJOR, PROTOCOL_MINOR, SSH_VERSION); | 786 | PROTOCOL_MAJOR, PROTOCOL_MINOR, SSH_VERSION); |
| 787 | if (atomicio(write, sock_out, buf, strlen(buf)) != strlen(buf)) | 787 | if (atomicio(write, sock_out, buf, strlen(buf)) != strlen(buf)) { |
| 788 | fatal("Could not write ident string to %s.", remote_ip); | 788 | log("Could not write ident string to %s.", remote_ip); |
| 789 | fatal_cleanup(); | ||
| 790 | } | ||
| 789 | 791 | ||
| 790 | /* Read other side\'s version identification. */ | 792 | /* Read other side\'s version identification. */ |
| 791 | for (i = 0; i < sizeof(buf) - 1; i++) { | 793 | for (i = 0; i < sizeof(buf) - 1; i++) { |
| 792 | if (read(sock_in, &buf[i], 1) != 1) | 794 | if (read(sock_in, &buf[i], 1) != 1) { |
| 793 | fatal("Did not receive ident string from %s.", remote_ip); | 795 | log("Did not receive ident string from %s.", remote_ip); |
| 796 | fatal_cleanup(); | ||
| 797 | } | ||
| 794 | if (buf[i] == '\r') { | 798 | if (buf[i] == '\r') { |
| 795 | buf[i] = '\n'; | 799 | buf[i] = '\n'; |
| 796 | buf[i + 1] = 0; | 800 | buf[i + 1] = 0; |
| @@ -816,8 +820,9 @@ main(int ac, char **av) | |||
| 816 | (void) atomicio(write, sock_out, s, strlen(s)); | 820 | (void) atomicio(write, sock_out, s, strlen(s)); |
| 817 | close(sock_in); | 821 | close(sock_in); |
| 818 | close(sock_out); | 822 | close(sock_out); |
| 819 | fatal("Bad protocol version identification '%.100s' from %s", | 823 | log("Bad protocol version identification '%.100s' from %s", |
| 820 | buf, remote_ip); | 824 | buf, remote_ip); |
| 825 | fatal_cleanup(); | ||
| 821 | } | 826 | } |
| 822 | debug("Client protocol version %d.%d; client software version %.100s", | 827 | debug("Client protocol version %d.%d; client software version %.100s", |
| 823 | remote_major, remote_minor, remote_version); | 828 | remote_major, remote_minor, remote_version); |
| @@ -827,8 +832,9 @@ main(int ac, char **av) | |||
| 827 | (void) atomicio(write, sock_out, s, strlen(s)); | 832 | (void) atomicio(write, sock_out, s, strlen(s)); |
| 828 | close(sock_in); | 833 | close(sock_in); |
| 829 | close(sock_out); | 834 | close(sock_out); |
| 830 | fatal("Protocol major versions differ for %s: %d vs. %d", | 835 | log("Protocol major versions differ for %s: %d vs. %d", |
| 831 | remote_ip, PROTOCOL_MAJOR, remote_major); | 836 | remote_ip, PROTOCOL_MAJOR, remote_major); |
| 837 | fatal_cleanup(); | ||
| 832 | } | 838 | } |
| 833 | /* Check that the client has sufficiently high software version. */ | 839 | /* Check that the client has sufficiently high software version. */ |
| 834 | if (remote_major == 1 && remote_minor < 3) | 840 | if (remote_major == 1 && remote_minor < 3) |