Password through telnet
I have a server that listens to connection that are supposed to be done with just telnet. I don't care for encryption since the server won't be so big and serious but I do care for the password be in clear text when you type it in.
So the server send opens a socket and so on and when a connection is made is does something like this: Code:
message = "Type in password: "; |
I use this in a program I wrote:
Code:
static char echo_on_str[] = { IAC, WONT, TELOPT_ECHO, '\0' }; Just send whichever string you want to turn echo on and off. P.S. You can also find a bunch of other cool stuff you can do with the telnet protocol by browsing through that header file. You might also find the RFC helpful: http://www.faqs.org/rfcs/rfc854.html |
I don't really understand what you mean. Should I send() the echo_off_str to the client from the server and then do a recv() to get the password?
Like this: Code:
char *sendmsg; |
Yes.
|
Quote:
Because the next recv() got filled without letting the client respond. |
It doesn't matter what you do after you send the echo_off_str. The telnet client receives it, turns local echo off, and anything the user types after that doesn't get echo'd until you send the echo_on_str which tells the client to turn local echo back on.
Maybe you're using a client that doesn't comply to the full telnet protocol standard? |
I am using "telnet" that comes with Slackware Linux so I guess the chances that it is pretty "standard" are good.
But the problem is that after I send echo_off_str I seem to get some answer from the client. So then the password was filled with the returned answer (which I haven't checked what it is) but I could fix this by setting a recv() that just put the answer in "char *trash" and after that prompt for the password. So it is working. But I wonder if it will work with other clients now. |
If you plan on making your server work with telnet, then you should make your server comply to telnet protocol standards. Almost every telnet command you send will generate a reply.
If you just want to use the echo on/off thing then you can read in the reply and discard the 3 bytes that comprise the reply the client is sending to you. |
Oh great. I was afraid that the reply was *not* supposed to be there so if I would have any client that follows the telnet protocol standars it would prompt two times before password.
But ok, so then I am doing it right, recv()ing the reply and after that getting password. Thanks a lot. :) |
Simply solutions to complex problems
Alternately, you can just allow the user to see the password, and then use RFC 1097 to make him forget that he saw it.
|
All times are GMT -5. The time now is 09:22 PM. |