Date: Mon, 9 Jun 2003 10:53:52 -0700 From: "Thomas Park" <tpark@drivespeed.com> To: "'Matthew D. Fuller'" <fullermd@over-yonder.net> Cc: freebsd-questions@FreeBSD.ORG Subject: RE: /dev/tty keeps changing permissions..? Message-ID: <001601c32eb0$17cb7f40$11640a0a@titanium> In-Reply-To: <20030609174810.GL28798@over-yonder.net>
next in thread | previous in thread | raw e-mail | index | archive | help
...Wow - this is definitely what I'd call going above and beyond the
call of duty.
Thanks so much for your insights; I'll try this patch and let you know
if it works! ^_^
Best,
thomas
> -----Original Message-----
> From: Matthew D. Fuller [mailto:fullermd@over-yonder.net]
> Sent: Monday, June 09, 2003 10:48
> To: Thomas Park
> Cc: freebsd-questions@FreeBSD.ORG
> Subject: Re: /dev/tty keeps changing permissions..?
>
>
> On Mon, Jun 09, 2003 at 09:59:18AM -0700 I heard the voice of
> Thomas Park, and lo! it spake thus:
> >
> > By God, I see that you're right!
>
> This is what I've been telling you 8-}
>
>
> > I think the problem arises when I su into another account
> and try to ssh
> > outbound. Which should arguably be possible without having
> to do arcane
> > manipulations to the tty device, IMHO..?
>
> Well, it should be, yah.
>
>
> Here's what's happening (after a quick foray into the source):
>
> In the routine (readpassphrase(), readpassphrase.c) where it
> reads in a
> password, it tries to open() /dev/tty, and if THAT fails, then use
> stdin/stdout:
>
> ----
> if ((input = output = open(_PATH_TTY, O_RDWR)) == -1) {
> if (flags & RPP_REQUIRE_TTY) {
> errno = ENOTTY;
> return(NULL);
> }
> input = STDIN_FILENO;
> output = STDERR_FILENO;
> }
> ----
>
> So, if it can't open /dev/tty (which it can't), and the
> RPP_REQUIRE_TTY
> flag is set, then it returns NULL here. From what I can see,
> that gets
> passed up, so it ends up sending nothing as the password, which is why
> you see it looping a few times there like:
>
> > debug1: Next authentication method: password
> > debug2: we sent a password packet, wait for reply
> > debug1: Authentications that can continue:
> > publickey,password,keyboard-interactive
> > Permission denied, please try again.
>
>
> So, why is that flag set? Let's look upward:
>
> readpassphrase() is called from read_passphrase()
> (readpass.c), just to
> confuse you with naming. That sets the RPP_REQUIRE_TTY flag,
> unless IT
> is passed RP_ALLOW_STDIN. read_passphrase() is called in
> this case from
> userauth_passwd (sshconnect2.c), with the flags set to 0:
> ----
> password = read_passphrase(prompt, 0);
> ----
>
> So, according to my reading, if you change that '0' to
> 'RP_ALLOW_STDIN'
> there (line 458 in sshconnect2.c from the openssh-portable/
> port, after
> 'make patch'), then make/make install it, you SHOULD be able
> to use that
> ssh(1) binary, and get out just fine, I think.
>
>
> You can probably patch it in the base source tree too (it's in
> src/crypto/openssh/), then 'make clean objdir all install' in
> src/secure/usr.bin/ssh/ to install it.
>
>
> --
> Matthew Fuller (MF4839) | fullermd@over-yonder.net
> Systems/Network Administrator | http://www.over-yonder.net/~fullermd/
>
> "The only reason I'm burning my candle at both ends, is because I
> haven't figured out how to light the middle yet"
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001601c32eb0$17cb7f40$11640a0a>