nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-09 17:38:00 +00:00
Code Issues Projects Releases Wiki Activity

Restrict -pwfile / -pw to apply to server prompts only.

Browse Source 
Jacob spotted that an unused -pwfile input can be accidentally used as
the answer to Plink's antispoof 'press Return to begin session'
prompt, which is unintended and confusing.

To fix that, I've made the use of a command-line password conditional
on p->to_server, the flag in a prompts_t that indicates whether the
results of the prompts are going to be sent directly to the server or
consumed locally by PuTTY. (And I've also corrected the setting of
to_server in the antispoof prompt, which was true when it should have
been false.)

A side effect of this is that -pwfile will no longer work to provide a
private-key passphrase, if you're using public-key authentication
without Pageant. This is deliberate, because if you're doing that on
purpose then Pageant is a better way to achieve the same thing (or
else just store the key unencrypted, which is no worse); but in the
case of a server that sequentially demands public-key _and_ password
authentication, the new behaviour makes -pwfile apply to the right one
of the two prompts, i.e. the actual password.
This commit is contained in:
Simon Tatham 2022-10-23 14:00:07 +01:00
parent 2fbb9284f3
commit bdb3ac9f3b
2 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
cmdline.c
View File

@ -87,9 +87,13 @@ SeatPromptResult cmdline_get_passwd_input(
/* /*
* We only handle prompts which don't echo (which we assume to be * We only handle prompts which don't echo (which we assume to be
* passwords), and (currently) we only cope with a password prompt * passwords), and (currently) we only cope with a password prompt
* that comes in a prompt-set on its own. * that comes in a prompt-set on its own. Also, we don't use a
* command-line password for any kind of prompt which is destined
* for local use rather than to be sent to the server: the idea is
* to pre-fill _passwords_, not private-key passphrases (for which
* there are better alternatives available).
*/ */
if (p->n_prompts != 1 || p->prompts[0]->echo) { if (p->n_prompts != 1 || p->prompts[0]->echo || !p->to_server) {
return SPR_INCOMPLETE; return SPR_INCOMPLETE;
} }

2
ssh/connection2.c
View File

@ -989,7 +989,7 @@ static void ssh2_connection_process_queue(PacketProtocolLayer *ppl)
*/ */
if (ssh2_connection_need_antispoof_prompt(s)) { if (ssh2_connection_need_antispoof_prompt(s)) {
s->antispoof_prompt = ssh_ppl_new_prompts(&s->ppl); s->antispoof_prompt = ssh_ppl_new_prompts(&s->ppl);
s->antispoof_prompt->to_server = true; s->antispoof_prompt->to_server = false;
s->antispoof_prompt->from_server = false; s->antispoof_prompt->from_server = false;
s->antispoof_prompt->name = dupstr("Authentication successful"); s->antispoof_prompt->name = dupstr("Authentication successful");
add_prompt( add_prompt(