Sanitize the SSH command line a little more.
Show the real host name in the SSH password prompt, if available. Add some commented-out debugging helpers for tracking down problems with non-US keyboards. git-svn-id: https://shellinabox.googlecode.com/svn/trunk@164 0da03de8-d603-11dd-86c2-0f8696b7b6f9
This commit is contained in:
parent
2d226f5b53
commit
e78b94961c
9 changed files with 122 additions and 9 deletions
2
config.h
2
config.h
|
@ -138,7 +138,7 @@
|
||||||
#define STDC_HEADERS 1
|
#define STDC_HEADERS 1
|
||||||
|
|
||||||
/* Most recent revision number in the version control system */
|
/* Most recent revision number in the version control system */
|
||||||
#define VCS_REVISION "163"
|
#define VCS_REVISION "164"
|
||||||
|
|
||||||
/* Version number of package */
|
/* Version number of package */
|
||||||
#define VERSION "2.9"
|
#define VERSION "2.9"
|
||||||
|
|
2
configure
vendored
2
configure
vendored
|
@ -2317,7 +2317,7 @@ ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $
|
||||||
ac_compiler_gnu=$ac_cv_c_compiler_gnu
|
ac_compiler_gnu=$ac_cv_c_compiler_gnu
|
||||||
|
|
||||||
|
|
||||||
VCS_REVISION=163
|
VCS_REVISION=164
|
||||||
|
|
||||||
|
|
||||||
cat >>confdefs.h <<_ACEOF
|
cat >>confdefs.h <<_ACEOF
|
||||||
|
|
|
@ -2,7 +2,7 @@ AC_PREREQ(2.57)
|
||||||
|
|
||||||
dnl This is the one location where the authoritative version number is stored
|
dnl This is the one location where the authoritative version number is stored
|
||||||
AC_INIT(shellinabox, 2.9, markus@shellinabox.com)
|
AC_INIT(shellinabox, 2.9, markus@shellinabox.com)
|
||||||
VCS_REVISION=163
|
VCS_REVISION=164
|
||||||
AC_SUBST(VCS_REVISION)
|
AC_SUBST(VCS_REVISION)
|
||||||
AC_DEFINE_UNQUOTED(VCS_REVISION, "${VCS_REVISION}",
|
AC_DEFINE_UNQUOTED(VCS_REVISION, "${VCS_REVISION}",
|
||||||
[Most recent revision number in the version control system])
|
[Most recent revision number in the version control system])
|
||||||
|
|
|
@ -1693,7 +1693,7 @@ VT100.prototype.toggleBell = function() {
|
||||||
};
|
};
|
||||||
|
|
||||||
VT100.prototype.about = function() {
|
VT100.prototype.about = function() {
|
||||||
alert("VT100 Terminal Emulator " + "2.9 (revision 163)" +
|
alert("VT100 Terminal Emulator " + "2.9 (revision 164)" +
|
||||||
"\nCopyright 2008-2009 by Markus Gutschke\n" +
|
"\nCopyright 2008-2009 by Markus Gutschke\n" +
|
||||||
"For more information check http://shellinabox.com");
|
"For more information check http://shellinabox.com");
|
||||||
};
|
};
|
||||||
|
@ -1995,6 +1995,10 @@ VT100.prototype.handleKey = function(event) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if (this.menu.style.visibility == 'hidden') {
|
if (this.menu.style.visibility == 'hidden') {
|
||||||
|
// this.vt100('R: c=');
|
||||||
|
// for (var i = 0; i < ch.length; i++)
|
||||||
|
// this.vt100((i != 0 ? ', ' : '') + ch.charCodeAt(i));
|
||||||
|
// this.vt100('\r\n');
|
||||||
this.keysPressed(ch);
|
this.keysPressed(ch);
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
@ -2111,6 +2115,12 @@ VT100.prototype.fixEvent = function(event) {
|
||||||
};
|
};
|
||||||
|
|
||||||
VT100.prototype.keyDown = function(event) {
|
VT100.prototype.keyDown = function(event) {
|
||||||
|
// this.vt100('D: c=' + event.charCode + ', k=' + event.keyCode +
|
||||||
|
// (event.shiftKey || event.ctrlKey || event.altKey ||
|
||||||
|
// event.metaKey ? ', ' +
|
||||||
|
// (event.shiftKey ? 'S' : '') + (event.ctrlKey ? 'C' : '') +
|
||||||
|
// (event.altKey ? 'A' : '') + (event.metaKey ? 'M' : '') : '') +
|
||||||
|
// '\r\n');
|
||||||
this.checkComposedKeys(event);
|
this.checkComposedKeys(event);
|
||||||
this.lastKeyPressedEvent = undefined;
|
this.lastKeyPressedEvent = undefined;
|
||||||
this.lastKeyDownEvent = undefined;
|
this.lastKeyDownEvent = undefined;
|
||||||
|
@ -2196,6 +2206,12 @@ VT100.prototype.keyDown = function(event) {
|
||||||
};
|
};
|
||||||
|
|
||||||
VT100.prototype.keyPressed = function(event) {
|
VT100.prototype.keyPressed = function(event) {
|
||||||
|
// this.vt100('P: c=' + event.charCode + ', k=' + event.keyCode +
|
||||||
|
// (event.shiftKey || event.ctrlKey || event.altKey ||
|
||||||
|
// event.metaKey ? ', ' +
|
||||||
|
// (event.shiftKey ? 'S' : '') + (event.ctrlKey ? 'C' : '') +
|
||||||
|
// (event.altKey ? 'A' : '') + (event.metaKey ? 'M' : '') : '') +
|
||||||
|
// '\r\n');
|
||||||
if (this.lastKeyDownEvent) {
|
if (this.lastKeyDownEvent) {
|
||||||
// If we already processed the key on keydown, do not process it
|
// If we already processed the key on keydown, do not process it
|
||||||
// again here. Ideally, the browser should not even have generated a
|
// again here. Ideally, the browser should not even have generated a
|
||||||
|
@ -2226,6 +2242,12 @@ VT100.prototype.keyPressed = function(event) {
|
||||||
};
|
};
|
||||||
|
|
||||||
VT100.prototype.keyUp = function(event) {
|
VT100.prototype.keyUp = function(event) {
|
||||||
|
// this.vt100('U: c=' + event.charCode + ', k=' + event.keyCode +
|
||||||
|
// (event.shiftKey || event.ctrlKey || event.altKey ||
|
||||||
|
// event.metaKey ? ', ' +
|
||||||
|
// (event.shiftKey ? 'S' : '') + (event.ctrlKey ? 'C' : '') +
|
||||||
|
// (event.altKey ? 'A' : '') + (event.metaKey ? 'M' : '') : '') +
|
||||||
|
// '\r\n');
|
||||||
if (this.lastKeyPressedEvent) {
|
if (this.lastKeyPressedEvent) {
|
||||||
// The compose key on Linux occasionally confuses the browser and keeps
|
// The compose key on Linux occasionally confuses the browser and keeps
|
||||||
// inserting bogus characters into the input field, even if just a regular
|
// inserting bogus characters into the input field, even if just a regular
|
||||||
|
|
|
@ -772,6 +772,8 @@ static pam_handle_t *internalLogin(struct Service *service, struct Utmp *utmp,
|
||||||
check(!uname(&uts));
|
check(!uname(&uts));
|
||||||
hostname = uts.nodename;
|
hostname = uts.nodename;
|
||||||
}
|
}
|
||||||
|
const char *fqdn;
|
||||||
|
check(fqdn = strdup(hostname));
|
||||||
check(hostname = strdup(hostname));
|
check(hostname = strdup(hostname));
|
||||||
char *dot = strchr(hostname, '.');
|
char *dot = strchr(hostname, '.');
|
||||||
if (dot) {
|
if (dot) {
|
||||||
|
@ -785,14 +787,45 @@ static pam_handle_t *internalLogin(struct Service *service, struct Utmp *utmp,
|
||||||
char *user = NULL;
|
char *user = NULL;
|
||||||
char *prompt;
|
char *prompt;
|
||||||
check(prompt = stringPrintf(NULL, "%s login: ", hostname));
|
check(prompt = stringPrintf(NULL, "%s login: ", hostname));
|
||||||
|
for (;;) {
|
||||||
if (read_string(1, prompt, &user) <= 0) {
|
if (read_string(1, prompt, &user) <= 0) {
|
||||||
free(user);
|
free(user);
|
||||||
free(prompt);
|
free(prompt);
|
||||||
_exit(1);
|
_exit(1);
|
||||||
}
|
}
|
||||||
|
if (*user) {
|
||||||
|
for (char *u = user; *u; u++) {
|
||||||
|
char ch = *u;
|
||||||
|
if (!((ch >= '0' && ch <= '9') ||
|
||||||
|
(ch >= 'A' && ch <= 'Z') ||
|
||||||
|
(ch >= 'a' && ch <= 'z') ||
|
||||||
|
ch == '-' || ch == '_' || ch == '.')) {
|
||||||
|
goto invalid_user_name;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
invalid_user_name:
|
||||||
|
free(user);
|
||||||
|
user = NULL;
|
||||||
|
}
|
||||||
free(prompt);
|
free(prompt);
|
||||||
char *cmdline = stringPrintf(NULL, service->cmdline, user);
|
char *cmdline = stringPrintf(NULL, service->cmdline, user);
|
||||||
free(user);
|
free(user);
|
||||||
|
|
||||||
|
// Replace '@localhost' with the actual host name. This results in a nicer
|
||||||
|
// prompt when SSH asks for the password.
|
||||||
|
char *ptr = strrchr(cmdline, '@');
|
||||||
|
if (!strcmp(ptr + 1, "localhost")) {
|
||||||
|
int offset = ptr + 1 - cmdline;
|
||||||
|
check(cmdline = realloc(cmdline,
|
||||||
|
strlen(cmdline) + strlen(fqdn) -
|
||||||
|
strlen("localhost") + 1));
|
||||||
|
ptr = cmdline + offset;
|
||||||
|
*ptr = '\000';
|
||||||
|
strncat(ptr, fqdn, strlen(fqdn));
|
||||||
|
}
|
||||||
|
|
||||||
free((void *)service->cmdline);
|
free((void *)service->cmdline);
|
||||||
service->cmdline = cmdline;
|
service->cmdline = cmdline;
|
||||||
|
|
||||||
|
@ -892,6 +925,7 @@ static pam_handle_t *internalLogin(struct Service *service, struct Utmp *utmp,
|
||||||
pw = getPWEnt(service->uid);
|
pw = getPWEnt(service->uid);
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
free((void *)fqdn);
|
||||||
free((void *)hostname);
|
free((void *)hostname);
|
||||||
|
|
||||||
if (restricted &&
|
if (restricted &&
|
||||||
|
|
|
@ -124,6 +124,19 @@ void initService(struct Service *service, const char *arg) {
|
||||||
free(ptr);
|
free(ptr);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Don't allow manipulation of the SSH command line through "creative" use
|
||||||
|
// of the host name.
|
||||||
|
for (char *h = host; *h; h++) {
|
||||||
|
char ch = *h;
|
||||||
|
if (!((ch >= '0' && ch <= '9') ||
|
||||||
|
(ch >= 'A' && ch <= 'Z') ||
|
||||||
|
(ch >= 'a' && ch <= 'z') ||
|
||||||
|
ch == '-' || ch == '.')) {
|
||||||
|
fatal("Invalid hostname \"%s\" in service definition", host);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
service->cmdline = stringPrintf(NULL,
|
service->cmdline = stringPrintf(NULL,
|
||||||
"ssh -a -e none -i /dev/null -x -oChallengeResponseAuthentication=no "
|
"ssh -a -e none -i /dev/null -x -oChallengeResponseAuthentication=no "
|
||||||
"-oCheckHostIP=no -oClearAllForwardings=yes -oCompression=no "
|
"-oCheckHostIP=no -oClearAllForwardings=yes -oCompression=no "
|
||||||
|
|
|
@ -355,7 +355,7 @@ ShellInABox.prototype.extendContextMenu = function(entries, actions) {
|
||||||
};
|
};
|
||||||
|
|
||||||
ShellInABox.prototype.about = function() {
|
ShellInABox.prototype.about = function() {
|
||||||
alert("Shell In A Box version " + "2.9 (revision 163)" +
|
alert("Shell In A Box version " + "2.9 (revision 164)" +
|
||||||
"\nCopyright 2008-2009 by Markus Gutschke\n" +
|
"\nCopyright 2008-2009 by Markus Gutschke\n" +
|
||||||
"For more information check http://shellinabox.com" +
|
"For more information check http://shellinabox.com" +
|
||||||
(typeof serverSupportsSSL != 'undefined' && serverSupportsSSL ?
|
(typeof serverSupportsSSL != 'undefined' && serverSupportsSSL ?
|
||||||
|
|
|
@ -1693,7 +1693,7 @@ VT100.prototype.toggleBell = function() {
|
||||||
};
|
};
|
||||||
|
|
||||||
VT100.prototype.about = function() {
|
VT100.prototype.about = function() {
|
||||||
alert("VT100 Terminal Emulator " + "2.9 (revision 163)" +
|
alert("VT100 Terminal Emulator " + "2.9 (revision 164)" +
|
||||||
"\nCopyright 2008-2009 by Markus Gutschke\n" +
|
"\nCopyright 2008-2009 by Markus Gutschke\n" +
|
||||||
"For more information check http://shellinabox.com");
|
"For more information check http://shellinabox.com");
|
||||||
};
|
};
|
||||||
|
@ -1995,6 +1995,10 @@ VT100.prototype.handleKey = function(event) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if (this.menu.style.visibility == 'hidden') {
|
if (this.menu.style.visibility == 'hidden') {
|
||||||
|
// this.vt100('R: c=');
|
||||||
|
// for (var i = 0; i < ch.length; i++)
|
||||||
|
// this.vt100((i != 0 ? ', ' : '') + ch.charCodeAt(i));
|
||||||
|
// this.vt100('\r\n');
|
||||||
this.keysPressed(ch);
|
this.keysPressed(ch);
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
@ -2111,6 +2115,12 @@ VT100.prototype.fixEvent = function(event) {
|
||||||
};
|
};
|
||||||
|
|
||||||
VT100.prototype.keyDown = function(event) {
|
VT100.prototype.keyDown = function(event) {
|
||||||
|
// this.vt100('D: c=' + event.charCode + ', k=' + event.keyCode +
|
||||||
|
// (event.shiftKey || event.ctrlKey || event.altKey ||
|
||||||
|
// event.metaKey ? ', ' +
|
||||||
|
// (event.shiftKey ? 'S' : '') + (event.ctrlKey ? 'C' : '') +
|
||||||
|
// (event.altKey ? 'A' : '') + (event.metaKey ? 'M' : '') : '') +
|
||||||
|
// '\r\n');
|
||||||
this.checkComposedKeys(event);
|
this.checkComposedKeys(event);
|
||||||
this.lastKeyPressedEvent = undefined;
|
this.lastKeyPressedEvent = undefined;
|
||||||
this.lastKeyDownEvent = undefined;
|
this.lastKeyDownEvent = undefined;
|
||||||
|
@ -2196,6 +2206,12 @@ VT100.prototype.keyDown = function(event) {
|
||||||
};
|
};
|
||||||
|
|
||||||
VT100.prototype.keyPressed = function(event) {
|
VT100.prototype.keyPressed = function(event) {
|
||||||
|
// this.vt100('P: c=' + event.charCode + ', k=' + event.keyCode +
|
||||||
|
// (event.shiftKey || event.ctrlKey || event.altKey ||
|
||||||
|
// event.metaKey ? ', ' +
|
||||||
|
// (event.shiftKey ? 'S' : '') + (event.ctrlKey ? 'C' : '') +
|
||||||
|
// (event.altKey ? 'A' : '') + (event.metaKey ? 'M' : '') : '') +
|
||||||
|
// '\r\n');
|
||||||
if (this.lastKeyDownEvent) {
|
if (this.lastKeyDownEvent) {
|
||||||
// If we already processed the key on keydown, do not process it
|
// If we already processed the key on keydown, do not process it
|
||||||
// again here. Ideally, the browser should not even have generated a
|
// again here. Ideally, the browser should not even have generated a
|
||||||
|
@ -2226,6 +2242,12 @@ VT100.prototype.keyPressed = function(event) {
|
||||||
};
|
};
|
||||||
|
|
||||||
VT100.prototype.keyUp = function(event) {
|
VT100.prototype.keyUp = function(event) {
|
||||||
|
// this.vt100('U: c=' + event.charCode + ', k=' + event.keyCode +
|
||||||
|
// (event.shiftKey || event.ctrlKey || event.altKey ||
|
||||||
|
// event.metaKey ? ', ' +
|
||||||
|
// (event.shiftKey ? 'S' : '') + (event.ctrlKey ? 'C' : '') +
|
||||||
|
// (event.altKey ? 'A' : '') + (event.metaKey ? 'M' : '') : '') +
|
||||||
|
// '\r\n');
|
||||||
if (this.lastKeyPressedEvent) {
|
if (this.lastKeyPressedEvent) {
|
||||||
// The compose key on Linux occasionally confuses the browser and keeps
|
// The compose key on Linux occasionally confuses the browser and keeps
|
||||||
// inserting bogus characters into the input field, even if just a regular
|
// inserting bogus characters into the input field, even if just a regular
|
||||||
|
|
|
@ -1995,6 +1995,10 @@ VT100.prototype.handleKey = function(event) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if (this.menu.style.visibility == 'hidden') {
|
if (this.menu.style.visibility == 'hidden') {
|
||||||
|
// this.vt100('R: c=');
|
||||||
|
// for (var i = 0; i < ch.length; i++)
|
||||||
|
// this.vt100((i != 0 ? ', ' : '') + ch.charCodeAt(i));
|
||||||
|
// this.vt100('\r\n');
|
||||||
this.keysPressed(ch);
|
this.keysPressed(ch);
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
@ -2111,6 +2115,12 @@ VT100.prototype.fixEvent = function(event) {
|
||||||
};
|
};
|
||||||
|
|
||||||
VT100.prototype.keyDown = function(event) {
|
VT100.prototype.keyDown = function(event) {
|
||||||
|
// this.vt100('D: c=' + event.charCode + ', k=' + event.keyCode +
|
||||||
|
// (event.shiftKey || event.ctrlKey || event.altKey ||
|
||||||
|
// event.metaKey ? ', ' +
|
||||||
|
// (event.shiftKey ? 'S' : '') + (event.ctrlKey ? 'C' : '') +
|
||||||
|
// (event.altKey ? 'A' : '') + (event.metaKey ? 'M' : '') : '') +
|
||||||
|
// '\r\n');
|
||||||
this.checkComposedKeys(event);
|
this.checkComposedKeys(event);
|
||||||
this.lastKeyPressedEvent = undefined;
|
this.lastKeyPressedEvent = undefined;
|
||||||
this.lastKeyDownEvent = undefined;
|
this.lastKeyDownEvent = undefined;
|
||||||
|
@ -2196,6 +2206,12 @@ VT100.prototype.keyDown = function(event) {
|
||||||
};
|
};
|
||||||
|
|
||||||
VT100.prototype.keyPressed = function(event) {
|
VT100.prototype.keyPressed = function(event) {
|
||||||
|
// this.vt100('P: c=' + event.charCode + ', k=' + event.keyCode +
|
||||||
|
// (event.shiftKey || event.ctrlKey || event.altKey ||
|
||||||
|
// event.metaKey ? ', ' +
|
||||||
|
// (event.shiftKey ? 'S' : '') + (event.ctrlKey ? 'C' : '') +
|
||||||
|
// (event.altKey ? 'A' : '') + (event.metaKey ? 'M' : '') : '') +
|
||||||
|
// '\r\n');
|
||||||
if (this.lastKeyDownEvent) {
|
if (this.lastKeyDownEvent) {
|
||||||
// If we already processed the key on keydown, do not process it
|
// If we already processed the key on keydown, do not process it
|
||||||
// again here. Ideally, the browser should not even have generated a
|
// again here. Ideally, the browser should not even have generated a
|
||||||
|
@ -2226,6 +2242,12 @@ VT100.prototype.keyPressed = function(event) {
|
||||||
};
|
};
|
||||||
|
|
||||||
VT100.prototype.keyUp = function(event) {
|
VT100.prototype.keyUp = function(event) {
|
||||||
|
// this.vt100('U: c=' + event.charCode + ', k=' + event.keyCode +
|
||||||
|
// (event.shiftKey || event.ctrlKey || event.altKey ||
|
||||||
|
// event.metaKey ? ', ' +
|
||||||
|
// (event.shiftKey ? 'S' : '') + (event.ctrlKey ? 'C' : '') +
|
||||||
|
// (event.altKey ? 'A' : '') + (event.metaKey ? 'M' : '') : '') +
|
||||||
|
// '\r\n');
|
||||||
if (this.lastKeyPressedEvent) {
|
if (this.lastKeyPressedEvent) {
|
||||||
// The compose key on Linux occasionally confuses the browser and keeps
|
// The compose key on Linux occasionally confuses the browser and keeps
|
||||||
// inserting bogus characters into the input field, even if just a regular
|
// inserting bogus characters into the input field, even if just a regular
|
||||||
|
|
Loading…
Reference in a new issue