mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-10 01:48:00 +00:00
SSH-1: disable trust sigils after session starts.
This exactly replicates the way it's done in SSH-2: at the start of the connection layer we set the trust status to untrusted, and if that reports that it didn't give any indication to the user, we fall back to presenting an interactive anti-spoofing prompt. I don't know how I forgot to do that in SSH-1, and even more, how we haven't noticed for a month. We noticed the same bug in _Rlogin_ within a day of the 0.71 release, after all!
This commit is contained in:
parent
98ed37f517
commit
128d001c3e
@ -526,3 +526,8 @@ SshChannel *ssh1_serverside_agent_open(ConnectionLayer *cl, Channel *chan)
|
||||
{
|
||||
unreachable("Should never be called in the client");
|
||||
}
|
||||
|
||||
bool ssh1_connection_need_antispoof_prompt(struct ssh1_connection_state *s)
|
||||
{
|
||||
return !seat_set_trust_status(s->ppl.seat, false);
|
||||
}
|
||||
|
@ -374,3 +374,8 @@ SshChannel *ssh1_serverside_agent_open(ConnectionLayer *cl, Channel *chan)
|
||||
|
||||
return &c->sc;
|
||||
}
|
||||
|
||||
bool ssh1_connection_need_antispoof_prompt(struct ssh1_connection_state *s)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
@ -209,6 +209,9 @@ static void ssh1_connection_free(PacketProtocolLayer *ppl)
|
||||
freetree234(s->rportfwds);
|
||||
portfwdmgr_free(s->portfwdmgr);
|
||||
|
||||
if (s->antispoof_prompt)
|
||||
free_prompts(s->antispoof_prompt);
|
||||
|
||||
delete_callbacks_for_context(s);
|
||||
|
||||
sfree(s);
|
||||
@ -376,6 +379,42 @@ static void ssh1_connection_process_queue(PacketProtocolLayer *ppl)
|
||||
|
||||
crBegin(s->crState);
|
||||
|
||||
/*
|
||||
* Signal the seat that authentication is done, so that it can
|
||||
* deploy spoofing defences. If it doesn't have any, deploy our
|
||||
* own fallback one.
|
||||
*
|
||||
* We do this here rather than at the end of userauth, because we
|
||||
* might not have gone through userauth at all (if we're a
|
||||
* connection-sharing downstream).
|
||||
*/
|
||||
if (ssh1_connection_need_antispoof_prompt(s)) {
|
||||
s->antispoof_prompt = new_prompts();
|
||||
s->antispoof_prompt->to_server = true;
|
||||
s->antispoof_prompt->from_server = false;
|
||||
s->antispoof_prompt->name = dupstr("Authentication successful");
|
||||
add_prompt(
|
||||
s->antispoof_prompt,
|
||||
dupstr("Access granted. Press Return to begin session. "), false);
|
||||
s->antispoof_ret = seat_get_userpass_input(
|
||||
s->ppl.seat, s->antispoof_prompt, NULL);
|
||||
while (1) {
|
||||
while (s->antispoof_ret < 0 &&
|
||||
bufchain_size(s->ppl.user_input) > 0)
|
||||
s->antispoof_ret = seat_get_userpass_input(
|
||||
s->ppl.seat, s->antispoof_prompt, s->ppl.user_input);
|
||||
|
||||
if (s->antispoof_ret >= 0)
|
||||
break;
|
||||
|
||||
s->want_user_input = true;
|
||||
crReturnV;
|
||||
s->want_user_input = false;
|
||||
}
|
||||
free_prompts(s->antispoof_prompt);
|
||||
s->antispoof_prompt = NULL;
|
||||
}
|
||||
|
||||
portfwdmgr_config(s->portfwdmgr, s->conf);
|
||||
s->portfwdmgr_configured = true;
|
||||
|
||||
|
@ -52,6 +52,9 @@ struct ssh1_connection_state {
|
||||
bool compressing; /* used in server mode only */
|
||||
bool sent_exit_status; /* also for server mode */
|
||||
|
||||
prompts_t *antispoof_prompt;
|
||||
int antispoof_ret;
|
||||
|
||||
const SshServerConfig *ssc;
|
||||
|
||||
ConnectionLayer cl;
|
||||
@ -120,3 +123,5 @@ bool ssh1_handle_direction_specific_packet(
|
||||
struct ssh1_connection_state *s, PktIn *pktin);
|
||||
|
||||
bool ssh1_check_termination(struct ssh1_connection_state *s);
|
||||
|
||||
bool ssh1_connection_need_antispoof_prompt(struct ssh1_connection_state *s);
|
||||
|
Loading…
Reference in New Issue
Block a user