mirror of
git://anongit.mindrot.org/openssh.git
synced 2024-12-22 10:00:14 +00:00
- OpenBSD CVS updates:
- [readpass.c] avoid stdio; based on work by markus, millert, and I - [sshd.c] make sure the client selects a supported cipher - [sshd.c] fix sighup handling. accept would just restart and daemon handled sighup only after the next connection was accepted. use poll on listen sock now. - [sshd.c] make that a fatal
This commit is contained in:
parent
bf1c9b2012
commit
50945fa861
11
ChangeLog
11
ChangeLog
@ -4,6 +4,17 @@
|
||||
- "uninstall" rule for Makefile
|
||||
- utmpx support
|
||||
- Should fix PAM problems on Solaris
|
||||
- OpenBSD CVS updates:
|
||||
- [readpass.c]
|
||||
avoid stdio; based on work by markus, millert, and I
|
||||
- [sshd.c]
|
||||
make sure the client selects a supported cipher
|
||||
- [sshd.c]
|
||||
fix sighup handling. accept would just restart and daemon handled
|
||||
sighup only after the next connection was accepted. use poll on
|
||||
listen sock now.
|
||||
- [sshd.c]
|
||||
make that a fatal
|
||||
|
||||
19991208
|
||||
- Compile fix for Solaris with /dev/ptmx from
|
||||
|
167
readpass.c
167
readpass.c
@ -1,119 +1,94 @@
|
||||
/*
|
||||
*
|
||||
* readpass.c
|
||||
*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
*
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
* All rights reserved
|
||||
*
|
||||
* Created: Mon Jul 10 22:08:59 1995 ylo
|
||||
*
|
||||
* Functions for reading passphrases and passwords.
|
||||
*
|
||||
* Copyright (c) 1988, 1993
|
||||
* The Regents of the University of California. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* This product includes software developed by the University of
|
||||
* California, Berkeley and its contributors.
|
||||
* 4. Neither the name of the University nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$Id: readpass.c,v 1.3 1999/11/25 00:54:59 damien Exp $");
|
||||
RCSID("$Id: readpass.c,v 1.4 1999/12/08 23:31:37 damien Exp $");
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "ssh.h"
|
||||
|
||||
/* Saved old terminal mode for read_passphrase. */
|
||||
static struct termios saved_tio;
|
||||
|
||||
/* Old interrupt signal handler for read_passphrase. */
|
||||
static void (*old_handler) (int sig) = NULL;
|
||||
|
||||
/* Interrupt signal handler for read_passphrase. */
|
||||
|
||||
void
|
||||
intr_handler(int sig)
|
||||
{
|
||||
/* Restore terminal modes. */
|
||||
tcsetattr(fileno(stdin), TCSANOW, &saved_tio);
|
||||
/* Restore the old signal handler. */
|
||||
signal(sig, old_handler);
|
||||
/* Resend the signal, with the old handler. */
|
||||
kill(getpid(), sig);
|
||||
}
|
||||
|
||||
/*
|
||||
* Reads a passphrase from /dev/tty with echo turned off. Returns the
|
||||
* passphrase (allocated with xmalloc). Exits if EOF is encountered. The
|
||||
* passphrase if read from stdin if from_stdin is true (as is the case with
|
||||
* ssh-keygen).
|
||||
* passphrase (allocated with xmalloc), being very careful to ensure that
|
||||
* no other userland buffer is storing the password.
|
||||
*/
|
||||
|
||||
char *
|
||||
read_passphrase(const char *prompt, int from_stdin)
|
||||
{
|
||||
char buf[1024], *cp;
|
||||
struct termios tio;
|
||||
FILE *f;
|
||||
char buf[1024], *p, ch;
|
||||
struct termios tio, saved_tio;
|
||||
sigset_t oset, nset;
|
||||
int input, output, echo = 0;
|
||||
|
||||
if (from_stdin) {
|
||||
input = STDIN_FILENO;
|
||||
output = STDERR_FILENO;
|
||||
} else
|
||||
input = output = open("/dev/tty", O_RDWR);
|
||||
|
||||
if (from_stdin)
|
||||
f = stdin;
|
||||
else {
|
||||
/*
|
||||
* Read the passphrase from /dev/tty to make it possible to
|
||||
* ask it even when stdin has been redirected.
|
||||
*/
|
||||
f = fopen("/dev/tty", "r");
|
||||
if (!f) {
|
||||
/* No controlling terminal and no DISPLAY. Nowhere to read. */
|
||||
fprintf(stderr, "You have no controlling tty and no DISPLAY. Cannot read passphrase.\n");
|
||||
exit(1);
|
||||
}
|
||||
if (input == -1)
|
||||
fatal("You have no controlling tty. Cannot read passphrase.\n");
|
||||
|
||||
/* block signals, get terminal modes and turn off echo */
|
||||
sigemptyset(&nset);
|
||||
sigaddset(&nset, SIGINT);
|
||||
sigaddset(&nset, SIGTSTP);
|
||||
(void) sigprocmask(SIG_BLOCK, &nset, &oset);
|
||||
|
||||
if (tcgetattr(input, &tio) == 0 && (tio.c_lflag & ECHO)) {
|
||||
echo = 1;
|
||||
saved_tio = tio;
|
||||
tio.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL);
|
||||
(void) tcsetattr(input, TCSANOW, &tio);
|
||||
}
|
||||
|
||||
/* Display the prompt (on stderr because stdout might be redirected). */
|
||||
fflush(stdout);
|
||||
fprintf(stderr, "%s", prompt);
|
||||
fflush(stderr);
|
||||
|
||||
/* Get terminal modes. */
|
||||
tcgetattr(fileno(f), &tio);
|
||||
saved_tio = tio;
|
||||
/* Save signal handler and set the new handler. */
|
||||
old_handler = signal(SIGINT, intr_handler);
|
||||
(void)write(output, prompt, strlen(prompt));
|
||||
for (p = buf; read(input, &ch, 1) == 1 && ch != '\n';)
|
||||
if (p < buf + sizeof(buf) - 1)
|
||||
*p++ = ch;
|
||||
*p = '\0';
|
||||
(void)write(output, "\n", 1);
|
||||
|
||||
/* Set new terminal modes disabling all echo. */
|
||||
tio.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL);
|
||||
tcsetattr(fileno(f), TCSANOW, &tio);
|
||||
/* restore terminal modes and allow signals */
|
||||
if (echo)
|
||||
tcsetattr(input, TCSANOW, &saved_tio);
|
||||
(void) sigprocmask(SIG_SETMASK, &oset, NULL);
|
||||
|
||||
/* Read the passphrase from the terminal. */
|
||||
if (fgets(buf, sizeof(buf), f) == NULL) {
|
||||
/* Got EOF. Just exit. */
|
||||
/* Restore terminal modes. */
|
||||
tcsetattr(fileno(f), TCSANOW, &saved_tio);
|
||||
/* Restore the signal handler. */
|
||||
signal(SIGINT, old_handler);
|
||||
/* Print a newline (the prompt probably didn\'t have one). */
|
||||
fprintf(stderr, "\n");
|
||||
/* Close the file. */
|
||||
if (f != stdin)
|
||||
fclose(f);
|
||||
exit(1);
|
||||
}
|
||||
/* Restore terminal modes. */
|
||||
tcsetattr(fileno(f), TCSANOW, &saved_tio);
|
||||
/* Restore the signal handler. */
|
||||
(void) signal(SIGINT, old_handler);
|
||||
/* Remove newline from the passphrase. */
|
||||
if (strchr(buf, '\n'))
|
||||
*strchr(buf, '\n') = 0;
|
||||
/* Allocate a copy of the passphrase. */
|
||||
cp = xstrdup(buf);
|
||||
/*
|
||||
* Clear the buffer so we don\'t leave copies of the passphrase
|
||||
* laying around.
|
||||
*/
|
||||
if (!from_stdin)
|
||||
(void)close(input);
|
||||
p = xstrdup(buf);
|
||||
memset(buf, 0, sizeof(buf));
|
||||
/* Print a newline since the prompt probably didn\'t have one. */
|
||||
fprintf(stderr, "\n");
|
||||
/* Close the file. */
|
||||
if (f != stdin)
|
||||
fclose(f);
|
||||
return cp;
|
||||
return (p);
|
||||
}
|
||||
|
23
sshd.c
23
sshd.c
@ -11,7 +11,9 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$Id: sshd.c,v 1.36 1999/12/08 23:16:55 damien Exp $");
|
||||
RCSID("$Id: sshd.c,v 1.37 1999/12/08 23:31:37 damien Exp $");
|
||||
|
||||
#include <poll.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "rsa.h"
|
||||
@ -419,6 +421,7 @@ main(int ac, char **av)
|
||||
int opt, aux, sock_in, sock_out, newsock, i, pid, on = 1;
|
||||
int remote_major, remote_minor;
|
||||
int silentrsa = 0;
|
||||
struct pollfd fds;
|
||||
struct sockaddr_in sin;
|
||||
char buf[100]; /* Must not be larger than remote_version. */
|
||||
char remote_version[100]; /* Must be at least as big as buf. */
|
||||
@ -688,7 +691,18 @@ main(int ac, char **av)
|
||||
for (;;) {
|
||||
if (received_sighup)
|
||||
sighup_restart();
|
||||
/* Wait in accept until there is a connection. */
|
||||
/* Wait in poll until there is a connection. */
|
||||
memset(&fds, 0, sizeof(fds));
|
||||
fds.fd = listen_sock;
|
||||
fds.events = POLLIN;
|
||||
if (poll(&fds, 1, -1) == -1) {
|
||||
if (errno == EINTR)
|
||||
continue;
|
||||
fatal("poll: %.100s", strerror(errno));
|
||||
/*NOTREACHED*/
|
||||
}
|
||||
if (fds.revents == 0)
|
||||
continue;
|
||||
aux = sizeof(sin);
|
||||
newsock = accept(listen_sock, (struct sockaddr *) & sin, &aux);
|
||||
if (received_sighup)
|
||||
@ -1026,9 +1040,12 @@ do_connection()
|
||||
/* Read clients reply (cipher type and session key). */
|
||||
packet_read_expect(&plen, SSH_CMSG_SESSION_KEY);
|
||||
|
||||
/* Get cipher type. */
|
||||
/* Get cipher type and check whether we accept this. */
|
||||
cipher_type = packet_get_char();
|
||||
|
||||
if (!(cipher_mask() & (1 << cipher_type)))
|
||||
packet_disconnect("Warning: client selects unsupported cipher.");
|
||||
|
||||
/* Get check bytes from the packet. These must match those we
|
||||
sent earlier with the public key packet. */
|
||||
for (i = 0; i < 8; i++)
|
||||
|
Loading…
Reference in New Issue
Block a user