LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
Search this Thread
Old 12-15-2004, 06:11 PM   #1
Ephracis
Senior Member
 
Registered: Sep 2004
Location: Sweden
Distribution: Ubuntu, Debian
Posts: 1,109

Rep: Reputation: 49
Password through telnet


I have a server that listens to connection that are supposed to be done with just telnet. I don't care for encryption since the server won't be so big and serious but I do care for the password be in clear text when you type it in.

So the server send opens a socket and so on and when a connection is made is does something like this:
Code:
message = "Type in password: ";
send(socket, message, strlen(message), 0);
nbytes = recv(socket, buffer, maxsize, 0);
The thing here is that when you type in the password it is show in clear text. I don't want that. How can I fix this?
 
Old 12-15-2004, 11:51 PM   #2
itsme86
Senior Member
 
Registered: Jan 2004
Location: Oregon, USA
Distribution: Slackware
Posts: 1,246

Rep: Reputation: 58
I use this in a program I wrote:
Code:
static char echo_on_str[] = { IAC, WONT, TELOPT_ECHO, '\0' };
static char echo_off_str[] = { IAC, WILL, TELOPT_ECHO, '\0' };
Just be sure to #include <arpa/telnet.h>

Just send whichever string you want to turn echo on and off.

P.S. You can also find a bunch of other cool stuff you can do with the telnet protocol by browsing through that header file.

You might also find the RFC helpful: http://www.faqs.org/rfcs/rfc854.html

Last edited by itsme86; 12-15-2004 at 11:54 PM.
 
Old 12-16-2004, 06:25 AM   #3
Ephracis
Senior Member
 
Registered: Sep 2004
Location: Sweden
Distribution: Ubuntu, Debian
Posts: 1,109

Original Poster
Rep: Reputation: 49
I don't really understand what you mean. Should I send() the echo_off_str to the client from the server and then do a recv() to get the password?

Like this:
Code:
char *sendmsg;
char *recvmsg;
int nbytes;

static char echo_on_str[] = { IAC, WONT, TELOPT_ECHO, '\0' };
static char echo_off_str[] = { IAC, WILL, TELOPT_ECHO, '\0' };

sendmsg = "Password: ";
send(socket, sendmsg, strlen(sendmsg), 0);

send(socket, echo_off_str, sizeof(echo_off_str), 0);
nbytes = recv(socket, recvmsg, 256, 0);
send(socket, echo_on_str, sizeof(echo_on_str), 0);
 
Old 12-16-2004, 10:29 AM   #4
itsme86
Senior Member
 
Registered: Jan 2004
Location: Oregon, USA
Distribution: Slackware
Posts: 1,246

Rep: Reputation: 58
Yes.
 
Old 12-16-2004, 12:03 PM   #5
Ephracis
Senior Member
 
Registered: Sep 2004
Location: Sweden
Distribution: Ubuntu, Debian
Posts: 1,109

Original Poster
Rep: Reputation: 49
Quote:
Originally posted by itsme86
Yes.
Well that did not work. But do I have to do a recv() before I can continue?

Because the next recv() got filled without letting the client respond.
 
Old 12-16-2004, 01:07 PM   #6
itsme86
Senior Member
 
Registered: Jan 2004
Location: Oregon, USA
Distribution: Slackware
Posts: 1,246

Rep: Reputation: 58
It doesn't matter what you do after you send the echo_off_str. The telnet client receives it, turns local echo off, and anything the user types after that doesn't get echo'd until you send the echo_on_str which tells the client to turn local echo back on.

Maybe you're using a client that doesn't comply to the full telnet protocol standard?
 
Old 12-16-2004, 01:49 PM   #7
Ephracis
Senior Member
 
Registered: Sep 2004
Location: Sweden
Distribution: Ubuntu, Debian
Posts: 1,109

Original Poster
Rep: Reputation: 49
I am using "telnet" that comes with Slackware Linux so I guess the chances that it is pretty "standard" are good.

But the problem is that after I send echo_off_str I seem to get some answer from the client. So then the password was filled with the returned answer (which I haven't checked what it is) but I could fix this by setting a recv() that just put the answer in "char *trash" and after that prompt for the password. So it is working.

But I wonder if it will work with other clients now.
 
Old 12-16-2004, 01:58 PM   #8
itsme86
Senior Member
 
Registered: Jan 2004
Location: Oregon, USA
Distribution: Slackware
Posts: 1,246

Rep: Reputation: 58
If you plan on making your server work with telnet, then you should make your server comply to telnet protocol standards. Almost every telnet command you send will generate a reply.

If you just want to use the echo on/off thing then you can read in the reply and discard the 3 bytes that comprise the reply the client is sending to you.
 
Old 12-16-2004, 02:02 PM   #9
Ephracis
Senior Member
 
Registered: Sep 2004
Location: Sweden
Distribution: Ubuntu, Debian
Posts: 1,109

Original Poster
Rep: Reputation: 49
Oh great. I was afraid that the reply was *not* supposed to be there so if I would have any client that follows the telnet protocol standars it would prompt two times before password.

But ok, so then I am doing it right, recv()ing the reply and after that getting password.

Thanks a lot.
 
Old 12-16-2004, 05:21 PM   #10
bm17
Member
 
Registered: Sep 2004
Location: Santa Cruz, CA, USA
Distribution: Redhat 9.0
Posts: 104

Rep: Reputation: 15
Simply solutions to complex problems

Alternately, you can just allow the user to see the password, and then use RFC 1097 to make him forget that he saw it.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Logon (telnet) to RedHat ES 3.0 bypassing password amutrl Linux - Newbie 2 05-18-2005 07:12 AM
Qmail-password errors with telnet 110 Wolfy Linux - Software 2 01-28-2005 09:43 PM
Telnet not asking for username / password AlexHeylin Linux - Security 4 09-22-2003 03:24 PM
Password Authentication works for TELNET... but not FTP GEEXTER Linux - General 5 07-30-2003 05:50 PM
telnet via xinetd refuse root password adme Linux - Networking 2 02-05-2003 03:04 PM


All times are GMT -5. The time now is 02:56 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration