nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-06-30 19:12:48 -05:00
Code Issues Projects Releases Wiki Activity

Complete rework of terminal userpass input system.

Browse Source 
The system for handling seat_get_userpass_input has always been
structured differently between GUI PuTTY and CLI tools like Plink.

In the CLI tools, password input is read directly from the OS
terminal/console device by console_get_userpass_input; this means that
you need to ensure the same terminal input data _hasn't_ already been
consumed by the main event loop and sent on to the backend. This is
achieved by the backend_sendok() method, which tells the event loop
when the backend has finished issuing password prompts, and hence,
when it's safe to start passing standard input to backend_send().

But in the GUI tools, input generated by the terminal window has
always been sent straight to backend_send(), regardless of whether
backend_sendok() says it wants it. So the terminal-based
implementation of username and password prompts has to work by
consuming input data that had _already_ been passed to the backend -
hence, any backend that needs to do that must keep its input on a
bufchain, and pass that bufchain to seat_get_userpass_input.

It's awkward that these two totally different systems coexist in the
first place. And now that SSH proxying needs to present interactive
prompts of its own, it's clear which one should win: the CLI style is
the Right Thing. So this change reworks the GUI side of the mechanism
to be more similar: terminal data now goes into a queue in the Ldisc,
and is not sent on to the backend until the backend says it's ready
for it via backend_sendok(). So terminal-based userpass prompts can
now consume data directly from that queue during the connection setup
stage.

As a result, the 'bufchain *' parameter has vanished from all the
userpass_input functions (both the official implementations of the
Seat trait method, and term_get_userpass_input() to which some of
those implementations delegate). The only function that actually used
that bufchain, namely term_get_userpass_input(), now instead reads
from the ldisc's input queue via a couple of new Ldisc functions.

(Not _trivial_ functions, since input buffered by Ldisc can be a
mixture of raw bytes and session specials like SS_EOL! The input queue
inside Ldisc is a bufchain containing a fiddly binary encoding that
can represent an arbitrary interleaving of those things.)

This greatly simplifies the calls to seat_get_userpass_input in
backends, which now don't have to mess about with passing their own
user_input bufchain around, or toggling their want_user_input flag
back and forth to request data to put on to that bufchain.

But the flip side is that now there has to be some _other_ method for
notifying the terminal when there's more input to be consumed during
an interactive prompt, and for notifying the backend when prompt input
has finished so that it can proceed to the next stage of the protocol.
This is done by a pair of extra callbacks: when more data is put on to
Ldisc's input queue, it triggers a call to term_get_userpass_input,
and when term_get_userpass_input finishes, it calls a callback
function provided in the prompts_t.

Therefore, any use of a prompts_t which *might* be asynchronous must
fill in the latter callback when setting up the prompts_t. In SSH, the
callback is centralised into a common PPL helper function, which
reinvokes the same PPL's process_queue coroutine; in rlogin we have to
set it up ourselves.

I'm sorry for this large and sprawling patch: I tried fairly hard to
break it up into individually comprehensible sub-patches, but I just
couldn't tease out any part of it that would stand sensibly alone.
This commit is contained in:
Simon Tatham
2021-09-14 11:57:21 +01:00
parent 9f0e7d2915
commit cd8a7181fd
22 changed files with 445 additions and 232 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
ssh/common.c
View File

@ -737,6 +737,19 @@ size_t ssh_ppl_default_queued_data_size(PacketProtocolLayer *ppl)
return ppl->out_pq->pqb.total_size;
}
static void ssh_ppl_prompts_callback(void *ctx)
{
ssh_ppl_process_queue((PacketProtocolLayer *)ctx);
}
prompts_t *ssh_ppl_new_prompts(PacketProtocolLayer *ppl)
{
prompts_t *p = new_prompts();
p->callback = ssh_ppl_prompts_callback;
p->callback_ctx = ppl;
return p;
}
/* ----------------------------------------------------------------------
* Common helper functions for clients and implementations of
* BinaryPacketProtocol.

18
ssh/connection1.c
View File

@ -370,7 +370,7 @@ static void ssh1_connection_process_queue(PacketProtocolLayer *ppl)
* connection-sharing downstream).
*/
if (ssh1_connection_need_antispoof_prompt(s)) {
s->antispoof_prompt = new_prompts();
s->antispoof_prompt = ssh_ppl_new_prompts(&s->ppl);
s->antispoof_prompt->to_server = true;
s->antispoof_prompt->from_server = false;
s->antispoof_prompt->name = dupstr("Authentication successful");
@ -378,19 +378,11 @@ static void ssh1_connection_process_queue(PacketProtocolLayer *ppl)
s->antispoof_prompt,
dupstr("Access granted. Press Return to begin session. "), false);
s->antispoof_ret = seat_get_userpass_input(
s->ppl.seat, s->antispoof_prompt, NULL);
while (1) {
while (s->antispoof_ret < 0 &&
bufchain_size(s->ppl.user_input) > 0)
s->antispoof_ret = seat_get_userpass_input(
s->ppl.seat, s->antispoof_prompt, s->ppl.user_input);
if (s->antispoof_ret >= 0)
break;
s->want_user_input = true;
s->ppl.seat, s->antispoof_prompt);
while (s->antispoof_ret < 0) {
crReturnV;
s->want_user_input = false;
s->antispoof_ret = seat_get_userpass_input(
s->ppl.seat, s->antispoof_prompt);
}
free_prompts(s->antispoof_prompt);
s->antispoof_prompt = NULL;

18
ssh/connection2.c
View File

@ -982,7 +982,7 @@ static void ssh2_connection_process_queue(PacketProtocolLayer *ppl)
* connection-sharing downstream).
*/
if (ssh2_connection_need_antispoof_prompt(s)) {
s->antispoof_prompt = new_prompts();
s->antispoof_prompt = ssh_ppl_new_prompts(&s->ppl);
s->antispoof_prompt->to_server = true;
s->antispoof_prompt->from_server = false;
s->antispoof_prompt->name = dupstr("Authentication successful");
@ -990,19 +990,11 @@ static void ssh2_connection_process_queue(PacketProtocolLayer *ppl)
s->antispoof_prompt,
dupstr("Access granted. Press Return to begin session. "), false);
s->antispoof_ret = seat_get_userpass_input(
s->ppl.seat, s->antispoof_prompt, NULL);
while (1) {
while (s->antispoof_ret < 0 &&
bufchain_size(s->ppl.user_input) > 0)
s->antispoof_ret = seat_get_userpass_input(
s->ppl.seat, s->antispoof_prompt, s->ppl.user_input);
if (s->antispoof_ret >= 0)
break;
s->want_user_input = true;
s->ppl.seat, s->antispoof_prompt);
while (s->antispoof_ret < 0) {
crReturnV;
s->want_user_input = false;
s->antispoof_ret = seat_get_userpass_input(
s->ppl.seat, s->antispoof_prompt);
}
free_prompts(s->antispoof_prompt);
s->antispoof_prompt = NULL;

56
ssh/login1.c
View File

@ -404,25 +404,16 @@ static void ssh1_login_process_queue(PacketProtocolLayer *ppl)
ppl_logevent("Successfully started encryption");
if ((s->username = get_remote_username(s->conf)) == NULL) {
s->cur_prompt = new_prompts();
s->cur_prompt = ssh_ppl_new_prompts(&s->ppl);
s->cur_prompt->to_server = true;
s->cur_prompt->from_server = false;
s->cur_prompt->name = dupstr("SSH login name");
add_prompt(s->cur_prompt, dupstr("login as: "), true);
s->userpass_ret = seat_get_userpass_input(
s->ppl.seat, s->cur_prompt, NULL);
while (1) {
while (s->userpass_ret < 0 &&
bufchain_size(s->ppl.user_input) > 0)
s->userpass_ret = seat_get_userpass_input(
s->ppl.seat, s->cur_prompt, s->ppl.user_input);
if (s->userpass_ret >= 0)
break;
s->want_user_input = true;
s->userpass_ret = seat_get_userpass_input(s->ppl.seat, s->cur_prompt);
while (s->userpass_ret < 0) {
crReturnV;
s->want_user_input = false;
s->userpass_ret = seat_get_userpass_input(
s->ppl.seat, s->cur_prompt);
}
if (!s->userpass_ret) {
/*
@ -707,7 +698,7 @@ static void ssh1_login_process_queue(PacketProtocolLayer *ppl)
ppl_printf("No passphrase required.\r\n");
passphrase = NULL;
} else {
s->cur_prompt = new_prompts();
s->cur_prompt = ssh_ppl_new_prompts(&s->ppl);
s->cur_prompt->to_server = false;
s->cur_prompt->from_server = false;
s->cur_prompt->name = dupstr("SSH key passphrase");
@ -715,19 +706,11 @@ static void ssh1_login_process_queue(PacketProtocolLayer *ppl)
dupprintf("Passphrase for key \"%s\": ",
s->publickey_comment), false);
s->userpass_ret = seat_get_userpass_input(
s->ppl.seat, s->cur_prompt, NULL);
while (1) {
while (s->userpass_ret < 0 &&
bufchain_size(s->ppl.user_input) > 0)
s->userpass_ret = seat_get_userpass_input(
s->ppl.seat, s->cur_prompt, s->ppl.user_input);
if (s->userpass_ret >= 0)
break;
s->want_user_input = true;
s->ppl.seat, s->cur_prompt);
while (s->userpass_ret < 0) {
crReturnV;
s->want_user_input = false;
s->userpass_ret = seat_get_userpass_input(
s->ppl.seat, s->cur_prompt);
}
if (!s->userpass_ret) {
/* Failed to get a passphrase. Terminate. */
@ -846,7 +829,7 @@ static void ssh1_login_process_queue(PacketProtocolLayer *ppl)
/*
* Otherwise, try various forms of password-like authentication.
*/
s->cur_prompt = new_prompts();
s->cur_prompt = ssh_ppl_new_prompts(&s->ppl);
if (conf_get_bool(s->conf, CONF_try_tis_auth) &&
(s->supported_auths_mask & (1 << SSH1_AUTH_TIS)) &&
@ -977,20 +960,11 @@ static void ssh1_login_process_queue(PacketProtocolLayer *ppl)
* or CryptoCard exchange if we're doing TIS or CryptoCard
* authentication.
*/
s->userpass_ret = seat_get_userpass_input(
s->ppl.seat, s->cur_prompt, NULL);
while (1) {
while (s->userpass_ret < 0 &&
bufchain_size(s->ppl.user_input) > 0)
s->userpass_ret = seat_get_userpass_input(
s->ppl.seat, s->cur_prompt, s->ppl.user_input);
if (s->userpass_ret >= 0)
break;
s->want_user_input = true;
s->userpass_ret = seat_get_userpass_input(s->ppl.seat, s->cur_prompt);
while (s->userpass_ret < 0) {
crReturnV;
s->want_user_input = false;
s->userpass_ret = seat_get_userpass_input(
s->ppl.seat, s->cur_prompt);
}
if (!s->userpass_ret) {
/*

5
ssh/ppl.h
View File

@ -154,6 +154,11 @@ void ssh2_transport_notify_auth_done(PacketProtocolLayer *ssh2_transport_ptr);
* be handled by ssh2connection. */
bool ssh2_common_filter_queue(PacketProtocolLayer *ppl);
/* Method for making a prompts_t in such a way that it will install a
* callback that causes this PPL's process_queue method to be called
* when asynchronous prompt input completes. */
prompts_t *ssh_ppl_new_prompts(PacketProtocolLayer *ppl);
/* Methods for ssh1login to pass protocol flags to ssh1connection */
void ssh1_connection_set_protoflags(
PacketProtocolLayer *ppl, int local, int remote);

92
ssh/userauth2-client.c
View File

@ -442,25 +442,17 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl)
* it again.
*/
} else if ((s->username = s->default_username) == NULL) {
s->cur_prompt = new_prompts();
s->cur_prompt = ssh_ppl_new_prompts(&s->ppl);
s->cur_prompt->to_server = true;
s->cur_prompt->from_server = false;
s->cur_prompt->name = dupstr("SSH login name");
add_prompt(s->cur_prompt, dupstr("login as: "), true);
s->userpass_ret = seat_get_userpass_input(
s->ppl.seat, s->cur_prompt, NULL);
while (1) {
while (s->userpass_ret < 0 &&
bufchain_size(s->ppl.user_input) > 0)
s->userpass_ret = seat_get_userpass_input(
s->ppl.seat, s->cur_prompt, s->ppl.user_input);
if (s->userpass_ret >= 0)
break;
s->want_user_input = true;
s->ppl.seat, s->cur_prompt);
while (s->userpass_ret < 0) {
crReturnV;
s->want_user_input = false;
s->userpass_ret = seat_get_userpass_input(
s->ppl.seat, s->cur_prompt);
}
if (!s->userpass_ret) {
/*
@ -913,7 +905,7 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl)
/*
* Get a passphrase from the user.
*/
s->cur_prompt = new_prompts();
s->cur_prompt = ssh_ppl_new_prompts(&s->ppl);
s->cur_prompt->to_server = false;
s->cur_prompt->from_server = false;
s->cur_prompt->name = dupstr("SSH key passphrase");
@ -922,20 +914,11 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl)
s->publickey_comment),
false);
s->userpass_ret = seat_get_userpass_input(
s->ppl.seat, s->cur_prompt, NULL);
while (1) {
while (s->userpass_ret < 0 &&
bufchain_size(s->ppl.user_input) > 0)
s->userpass_ret = seat_get_userpass_input(
s->ppl.seat, s->cur_prompt,
s->ppl.user_input);
if (s->userpass_ret >= 0)
break;
s->want_user_input = true;
s->ppl.seat, s->cur_prompt);
while (s->userpass_ret < 0) {
crReturnV;
s->want_user_input = false;
s->userpass_ret = seat_get_userpass_input(
s->ppl.seat, s->cur_prompt);
}
if (!s->userpass_ret) {
/* Failed to get a passphrase. Terminate. */
@ -1304,7 +1287,7 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl)
name = get_string(pktin);
inst = get_string(pktin);
get_string(pktin); /* skip language tag */
s->cur_prompt = new_prompts();
s->cur_prompt = ssh_ppl_new_prompts(&s->ppl);
s->cur_prompt->to_server = true;
s->cur_prompt->from_server = true;
@ -1408,19 +1391,11 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl)
* user's response(s).
*/
s->userpass_ret = seat_get_userpass_input(
s->ppl.seat, s->cur_prompt, NULL);
while (1) {
while (s->userpass_ret < 0 &&
bufchain_size(s->ppl.user_input) > 0)
s->userpass_ret = seat_get_userpass_input(
s->ppl.seat, s->cur_prompt, s->ppl.user_input);
if (s->userpass_ret >= 0)
break;
s->want_user_input = true;
s->ppl.seat, s->cur_prompt);
while (s->userpass_ret < 0) {
crReturnV;
s->want_user_input = false;
s->userpass_ret = seat_get_userpass_input(
s->ppl.seat, s->cur_prompt);
}
if (!s->userpass_ret) {
/*
@ -1486,7 +1461,7 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl)
s->ppl.bpp->pls->actx = SSH2_PKTCTX_PASSWORD;
s->cur_prompt = new_prompts();
s->cur_prompt = ssh_ppl_new_prompts(&s->ppl);
s->cur_prompt->to_server = true;
s->cur_prompt->from_server = false;
s->cur_prompt->name = dupstr("SSH password");
@ -1495,19 +1470,11 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl)
false);
s->userpass_ret = seat_get_userpass_input(
s->ppl.seat, s->cur_prompt, NULL);
while (1) {
while (s->userpass_ret < 0 &&
bufchain_size(s->ppl.user_input) > 0)
s->userpass_ret = seat_get_userpass_input(
s->ppl.seat, s->cur_prompt, s->ppl.user_input);
if (s->userpass_ret >= 0)
break;
s->want_user_input = true;
s->ppl.seat, s->cur_prompt);
while (s->userpass_ret < 0) {
crReturnV;
s->want_user_input = false;
s->userpass_ret = seat_get_userpass_input(
s->ppl.seat, s->cur_prompt);
}
if (!s->userpass_ret) {
/*
@ -1581,7 +1548,7 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl)
prompt = get_string(pktin);
s->cur_prompt = new_prompts();
s->cur_prompt = ssh_ppl_new_prompts(&s->ppl);
s->cur_prompt->to_server = true;
s->cur_prompt->from_server = false;
s->cur_prompt->name = dupstr("New SSH password");
@ -1613,20 +1580,11 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl)
*/
while (!got_new) {
s->userpass_ret = seat_get_userpass_input(
s->ppl.seat, s->cur_prompt, NULL);
while (1) {
while (s->userpass_ret < 0 &&
bufchain_size(s->ppl.user_input) > 0)
s->userpass_ret = seat_get_userpass_input(
s->ppl.seat, s->cur_prompt,
s->ppl.user_input);
if (s->userpass_ret >= 0)
break;
s->want_user_input = true;
s->ppl.seat, s->cur_prompt);
while (s->userpass_ret < 0) {
crReturnV;
s->want_user_input = false;
s->userpass_ret = seat_get_userpass_input(
s->ppl.seat, s->cur_prompt);
}
if (!s->userpass_ret) {
/*