static void *console_logctx = NULL;
+static struct termios orig_termios_stderr;
+static int stderr_is_a_tty;
+
+void stderr_tty_init()
+{
+ /* Ensure that if stderr is a tty, we can get it back to a sane state. */
+ if ((flags & FLAG_STDERR_TTY) && isatty(STDERR_FILENO)) {
+ stderr_is_a_tty = TRUE;
+ tcgetattr(STDERR_FILENO, &orig_termios_stderr);
+ }
+}
+
+void premsg(struct termios *cf)
+{
+ if (stderr_is_a_tty) {
+ tcgetattr(STDERR_FILENO, cf);
+ tcsetattr(STDERR_FILENO, TCSADRAIN, &orig_termios_stderr);
+ }
+}
+void postmsg(struct termios *cf)
+{
+ if (stderr_is_a_tty)
+ tcsetattr(STDERR_FILENO, TCSADRAIN, cf);
+}
+
/*
* Clean up and exit.
*/
static const char abandoned[] = "Connection abandoned.\n";
char line[32];
+ struct termios cf;
/*
* Verify the key.
if (ret == 0) /* success - key matched OK */
return 1;
+ premsg(&cf);
if (ret == 2) { /* key was different */
if (console_batch_mode) {
fprintf(stderr, wrongmsg_batch, keytype, fingerprint);
newmode.c_lflag |= ECHO | ISIG | ICANON;
tcsetattr(0, TCSANOW, &newmode);
line[0] = '\0';
- read(0, line, sizeof(line) - 1);
+ if (read(0, line, sizeof(line) - 1) <= 0)
+ /* handled below */;
tcsetattr(0, TCSANOW, &oldmode);
}
if (line[0] != '\0' && line[0] != '\r' && line[0] != '\n') {
if (line[0] == 'y' || line[0] == 'Y')
store_host_key(host, port, keytype, keystr);
+ postmsg(&cf);
return 1;
} else {
fprintf(stderr, abandoned);
+ postmsg(&cf);
return 0;
}
}
static const char abandoned[] = "Connection abandoned.\n";
char line[32];
+ struct termios cf;
+ premsg(&cf);
if (console_batch_mode) {
fprintf(stderr, msg_batch, algtype, algname);
return 0;
newmode.c_lflag |= ECHO | ISIG | ICANON;
tcsetattr(0, TCSANOW, &newmode);
line[0] = '\0';
- read(0, line, sizeof(line) - 1);
+ if (read(0, line, sizeof(line) - 1) <= 0)
+ /* handled below */;
tcsetattr(0, TCSANOW, &oldmode);
}
if (line[0] == 'y' || line[0] == 'Y') {
+ postmsg(&cf);
return 1;
} else {
fprintf(stderr, abandoned);
+ postmsg(&cf);
return 0;
}
}
"Logging will not be enabled.\n";
char line[32];
+ struct termios cf;
+ premsg(&cf);
if (console_batch_mode) {
fprintf(stderr, msgtemplate_batch, FILENAME_MAX, filename.path);
fflush(stderr);
newmode.c_lflag |= ECHO | ISIG | ICANON;
tcsetattr(0, TCSANOW, &newmode);
line[0] = '\0';
- read(0, line, sizeof(line) - 1);
+ if (read(0, line, sizeof(line) - 1) <= 0)
+ /* handled below */;
tcsetattr(0, TCSANOW, &oldmode);
}
+ postmsg(&cf);
if (line[0] == 'y' || line[0] == 'Y')
return 2;
else if (line[0] == 'n' || line[0] == 'N')
"Once the key is loaded into PuTTYgen, you can perform\n"
"this conversion simply by saving it again.\n";
+ struct termios cf;
+ premsg(&cf);
fputs(message, stderr);
+ postmsg(&cf);
}
void console_provide_logctx(void *logctx)
void logevent(void *frontend, const char *string)
{
+ struct termios cf;
+ premsg(&cf);
if (console_logctx)
log_eventlog(console_logctx, string);
+ postmsg(&cf);
}
-static void console_data_untrusted(const char *data, int len)
+/*
+ * Special function to print text to the console for password
+ * prompts and the like. Uses /dev/tty or stderr, in that order of
+ * preference; also sanitises escape sequences out of the text, on
+ * the basis that it might have been sent by a hostile SSH server
+ * doing malicious keyboard-interactive.
+ */
+static void console_prompt_text(FILE **confp, const char *data, int len)
{
int i;
+
+ if (!*confp) {
+ if ((*confp = fopen("/dev/tty", "w")) == NULL)
+ *confp = stderr;
+ }
+
for (i = 0; i < len; i++)
if ((data[i] & 0x60) || (data[i] == '\n'))
- fputc(data[i], stdout);
- fflush(stdout);
+ fputc(data[i], *confp);
+ fflush(*confp);
}
int console_get_userpass_input(prompts_t *p, unsigned char *in, int inlen)
{
size_t curr_prompt;
+ FILE *confp = NULL;
/*
* Zero all the results, in case we abort half-way through.
memset(p->prompts[i]->result, 0, p->prompts[i]->result_len);
}
- if (console_batch_mode)
+ if (p->n_prompts && console_batch_mode)
return 0;
/*
/* We only print the `name' caption if we have to... */
if (p->name_reqd && p->name) {
size_t l = strlen(p->name);
- console_data_untrusted(p->name, l);
+ console_prompt_text(&confp, p->name, l);
if (p->name[l-1] != '\n')
- console_data_untrusted("\n", 1);
+ console_prompt_text(&confp, "\n", 1);
}
/* ...but we always print any `instruction'. */
if (p->instruction) {
size_t l = strlen(p->instruction);
- console_data_untrusted(p->instruction, l);
+ console_prompt_text(&confp, p->instruction, l);
if (p->instruction[l-1] != '\n')
- console_data_untrusted("\n", 1);
+ console_prompt_text(&confp, "\n", 1);
}
for (curr_prompt = 0; curr_prompt < p->n_prompts; curr_prompt++) {
newmode.c_lflag |= ECHO;
tcsetattr(0, TCSANOW, &newmode);
- console_data_untrusted(pr->prompt, strlen(pr->prompt));
+ console_prompt_text(&confp, pr->prompt, strlen(pr->prompt));
i = read(0, pr->result, pr->result_len - 1);
pr->result[i] = '\0';
if (!pr->echo)
- fputs("\n", stdout);
+ console_prompt_text(&confp, "\n", 1);
}
- return 1; /* success */
+ if (confp && confp != stderr)
+ fclose(confp);
+ return 1; /* success */
}
void frontend_keypress(void *handle)
* X11-forwarding-related things suitable for console.
*/
-const char platform_x11_best_transport[] = "unix";
-
char *platform_get_x_display(void) {
return dupstr(getenv("DISPLAY"));
}