- (djm) OpenBSD CVS:

   - markus@cvs.openbsd.org  2001/02/15 16:19:59
     [channels.c channels.h serverloop.c sshconnect.c sshconnect.h]
     [sshconnect1.c sshconnect2.c]
     genericize password padding function for SSH1 and SSH2.
     add stylized echo to 2, too.
 - (djm) Add roundup() macro to defines.h

9 files changed, 79 insertions, 37 deletions

diff --git a/ChangeLog b/ChangeLog
index 83677c0e..57d38407 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -13,6 +13,13 @@
  - (djm) Ask users to check config.log when we can't find necessary libs
  - (djm) Set "login ID" on systems with setluid. Only enabled for SCO
    OpenServer for now. Based on patch from svaughan <svaughan@asterion.com>
+ - (djm) OpenBSD CVS:
+   - markus@cvs.openbsd.org  2001/02/15 16:19:59
+     [channels.c channels.h serverloop.c sshconnect.c sshconnect.h]
+     [sshconnect1.c sshconnect2.c]
+     genericize password padding function for SSH1 and SSH2.
+     add stylized echo to 2, too.
+ - (djm) Add roundup() macro to defines.h
 
 20010215
  - (djm) Move PAM session setup back to before setuid to user. Fixes 
@@ -3986,4 +3993,4 @@
  - Wrote replacements for strlcpy and mkdtemp
  - Released 1.0pre1
 
-$Id: ChangeLog,v 1.778 2001/02/16 01:12:41 djm Exp $
+$Id: ChangeLog,v 1.779 2001/02/16 01:34:57 djm Exp $
diff --git a/channels.c b/channels.c
index a079fc24..b7286940 100644
--- a/channels.c
+++ b/channels.c
@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: channels.c,v 1.90 2001/02/08 21:58:28 markus Exp $");
+RCSID("$OpenBSD: channels.c,v 1.91 2001/02/15 23:19:59 markus Exp $");
 
 #include <openssl/rsa.h>
 #include <openssl/dsa.h>
@@ -193,6 +193,18 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd,
 	c->efd = efd;
 	c->extended_usage = extusage;
 
+	/* XXX ugly hack: nonblock is only set by the server */
+	if (nonblock && isatty(c->rfd)) {
+		debug("channel: %d: rfd %d isatty", c->self, c->rfd);
+		c->isatty = 1;
+		if (!isatty(c->wfd)) {
+			error("channel: %d: wfd %d is not a tty?",
+			    c->self, c->wfd);
+		}
+	} else {
+		c->isatty = 0;
+	}
+
 	/* enable nonblocking mode */
 	if (nonblock) {
 		if (rfd != -1)
@@ -776,6 +788,21 @@ channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset)
 			}
 			return -1;
 		}
+		if (compat20 && c->isatty) {
+			struct termios tio;
+			if (tcgetattr(c->wfd, &tio) == 0 &&
+			    !(tio.c_lflag & ECHO) && (tio.c_lflag & ICANON)) {
+				/*
+				 * Simulate echo to reduce the impact of
+				 * traffic analysis.
+				 */
+				packet_start(SSH2_MSG_IGNORE);
+				memset(buffer_ptr(&c->output), 0, len);
+				packet_put_string(buffer_ptr(&c->output), len);
+				packet_send();
+				debug("channel: %d simulate echo (%d)", c->self, len);
+			}
+		}
 		buffer_consume(&c->output, len);
 		if (compat20 && len > 0) {
 			c->local_consumed += len;
diff --git a/channels.h b/channels.h
index abd71904..f57029a1 100644
--- a/channels.h
+++ b/channels.h
@@ -32,7 +32,7 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
-/* RCSID("$OpenBSD: channels.h,v 1.26 2001/01/31 20:37:23 markus Exp $"); */
+/* RCSID("$OpenBSD: channels.h,v 1.27 2001/02/15 23:19:59 markus Exp $"); */
 
 #ifndef CHANNELS_H
 #define CHANNELS_H
@@ -75,6 +75,7 @@ struct Channel {
 	int     wfd;		/* write fd */
 	int     efd;		/* extended fd */
 	int     sock;		/* sock fd */
+	int     isatty;		/* rfd is a tty */
 	Buffer  input;		/* data read from socket, to be sent over
 				 * encrypted connection */
 	Buffer  output;		/* data received over encrypted connection for
diff --git a/defines.h b/defines.h
index 9f1ab3d7..635bfad2 100644
--- a/defines.h
+++ b/defines.h
@@ -1,7 +1,7 @@
 #ifndef _DEFINES_H
 #define _DEFINES_H
 
-/* $Id: defines.h,v 1.54 2001/02/09 11:55:17 djm Exp $ */
+/* $Id: defines.h,v 1.55 2001/02/16 01:34:57 djm Exp $ */
 
 /* Some platforms need this for the _r() functions */
 #if !defined(_REENTRANT) && !defined(SNI)
@@ -12,7 +12,7 @@
 
 #include <sys/types.h> /* For [u]intxx_t */
 #include <sys/socket.h> /* For SHUT_XXXX */
-#include <sys/param.h> /* For MAXPATHLEN */
+#include <sys/param.h> /* For MAXPATHLEN and roundup() */
 #include <netinet/in_systm.h> /* For typedefs */
 #include <netinet/in.h> /* For IPv6 macros */
 #include <netinet/ip.h> /* For IPTOS macros */
@@ -318,15 +318,19 @@ struct winsize {
 # define MIN(a,b) (((a)<(b))?(a):(b))
 #endif
 
+#ifndef roundup
+# define roundup(x, y)   ((((x)+((y)-1))/(y))*(y))
+#endif
+
 #ifndef timersub
-#define timersub(a, b, result)										  \
-   do {																		  \
-      (result)->tv_sec = (a)->tv_sec - (b)->tv_sec;           \
-      (result)->tv_usec = (a)->tv_usec - (b)->tv_usec;        \
-      if ((result)->tv_usec < 0) {                            \
-	 --(result)->tv_sec;                                  \
-	 (result)->tv_usec += 1000000;                        \
-      }                                                       \
+#define timersub(a, b, result)					\
+   do {								\
+      (result)->tv_sec = (a)->tv_sec - (b)->tv_sec;		\
+      (result)->tv_usec = (a)->tv_usec - (b)->tv_usec;		\
+      if ((result)->tv_usec < 0) {				\
+	 --(result)->tv_sec;					\
+	 (result)->tv_usec += 1000000;				\
+      }								\
    } while (0)
 #endif
 
diff --git a/serverloop.c b/serverloop.c
index d59de862..613f5181 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -35,7 +35,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: serverloop.c,v 1.48 2001/02/15 08:38:04 deraadt Exp $");
+RCSID("$OpenBSD: serverloop.c,v 1.49 2001/02/15 23:19:59 markus Exp $");
 
 #include "xmalloc.h"
 #include "packet.h"
@@ -339,7 +339,7 @@ process_output(fd_set * writeset)
 		} else {
 			/* Successful write. */
 			if (tcgetattr(fdin, &tio) == 0 &&
-			    !(tio.c_lflag & ECHO)) {
+			    !(tio.c_lflag & ECHO) && (tio.c_lflag & ICANON)) {
 				/*
 				 * Simulate echo to reduce the impact of
 				 * traffic analysis
diff --git a/sshconnect.c b/sshconnect.c
index 389d6598..623caed7 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -13,7 +13,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.96 2001/02/08 22:35:30 markus Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.97 2001/02/15 23:19:59 markus Exp $");
 
 #include <openssl/bn.h>
 
@@ -770,3 +770,18 @@ ssh_login(int host_key_valid, RSA *own_host_key, const char *orighost,
 		ssh_userauth(local_user, server_user, host, host_key_valid, own_host_key);
 	}
 }
+
+void
+ssh_put_password(char *password)
+{
+	int size;
+	char *padded;
+
+	size = roundup(strlen(password) + 1, 32);
+	padded = xmalloc(size);
+	memset(padded, 0, size);
+	strlcpy(padded, password, size);
+	packet_put_string(padded, size);
+	memset(padded, 0, size);
+	xfree(padded);
+}
diff --git a/sshconnect.h b/sshconnect.h
index 8337cb71..4edd72f2 100644
--- a/sshconnect.h
+++ b/sshconnect.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: sshconnect.h,v 1.5 2001/01/29 01:58:18 niklas Exp $	*/
+/*	$OpenBSD: sshconnect.h,v 1.6 2001/02/15 23:19:59 markus Exp $	*/
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -66,4 +66,6 @@ ssh_userauth(const char * local_user, const char * server_user, char *host,
 void	ssh_kex2(char *host, struct sockaddr *hostaddr);
 void	ssh_userauth2(const char *server_user, char *host);
 
+void	ssh_put_password(char *password);
+
 #endif
diff --git a/sshconnect1.c b/sshconnect1.c
index c82375a3..c5ff7213 100644
--- a/sshconnect1.c
+++ b/sshconnect1.c
@@ -13,7 +13,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect1.c,v 1.26 2001/02/12 12:45:06 markus Exp $");
+RCSID("$OpenBSD: sshconnect1.c,v 1.27 2001/02/15 23:19:59 markus Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/evp.h>
@@ -51,20 +51,6 @@ u_int supported_authentications = 0;
 extern Options options;
 extern char *__progname;
 
-void
-ssh1_put_password(char *password)
-{
-	int size;
-	char *padded;
-
-	size = roundup(strlen(password) + 1, 32);
-	padded = xmalloc(size);
-	strlcpy(padded, password, size);
-	packet_put_string(padded, size);
-	memset(padded, 0, size);
-	xfree(padded);
-}
-
 /*
  * Checks if the user has an authentication agent, and if so, tries to
  * authenticate using the agent.
@@ -672,7 +658,7 @@ try_challenge_reponse_authentication(void)
 			break;
 		}
 		packet_start(SSH_CMSG_AUTH_TIS_RESPONSE);
-		ssh1_put_password(response);
+		ssh_put_password(response);
 		memset(response, 0, strlen(response));
 		xfree(response);
 		packet_send();
@@ -705,7 +691,7 @@ try_password_authentication(char *prompt)
 			error("Permission denied, please try again.");
 		password = read_passphrase(prompt, 0);
 		packet_start(SSH_CMSG_AUTH_PASSWORD);
-		ssh1_put_password(password);
+		ssh_put_password(password);
 		memset(password, 0, strlen(password));
 		xfree(password);
 		packet_send();
diff --git a/sshconnect2.c b/sshconnect2.c
index 9681ca2d..12335e80 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.47 2001/02/11 12:59:25 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.48 2001/02/15 23:19:59 markus Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/md5.h>
@@ -658,7 +658,7 @@ userauth_passwd(Authctxt *authctxt)
 	packet_put_cstring(authctxt->service);
 	packet_put_cstring(authctxt->method->name);
 	packet_put_char(0);
-	packet_put_cstring(password);
+	ssh_put_password(password);
 	memset(password, 0, strlen(password));
 	xfree(password);
 	packet_send();
@@ -928,7 +928,7 @@ input_userauth_info_req(int type, int plen, void *ctxt)
 
 		response = cli_prompt(prompt, echo);
 
-		packet_put_cstring(response);
+		ssh_put_password(response);
 		memset(response, 0, strlen(response));
 		xfree(response);
 		xfree(prompt);