LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Programming (https://www.linuxquestions.org/questions/programming-9/)
-   -   Password through telnet (https://www.linuxquestions.org/questions/programming-9/password-through-telnet-266817/)

Ephracis 12-15-2004 05:11 PM
Password through telnet
 
I have a server that listens to connection that are supposed to be done with just telnet. I don't care for encryption since the server won't be so big and serious but I do care for the password be in clear text when you type it in.

So the server send opens a socket and so on and when a connection is made is does something like this:
Code:
message = "Type in password: ";
send(socket, message, strlen(message), 0);
nbytes = recv(socket, buffer, maxsize, 0);
The thing here is that when you type in the password it is show in clear text. I don't want that. How can I fix this?

itsme86 12-15-2004 10:51 PM
I use this in a program I wrote:
Code:
static char echo_on_str[] = { IAC, WONT, TELOPT_ECHO, '\0' };
static char echo_off_str[] = { IAC, WILL, TELOPT_ECHO, '\0' };
Just be sure to #include <arpa/telnet.h>

Just send whichever string you want to turn echo on and off.

P.S. You can also find a bunch of other cool stuff you can do with the telnet protocol by browsing through that header file.

You might also find the RFC helpful: http://www.faqs.org/rfcs/rfc854.html

Ephracis 12-16-2004 05:25 AM
I don't really understand what you mean. Should I send() the echo_off_str to the client from the server and then do a recv() to get the password?

Like this:
Code:
char *sendmsg;
char *recvmsg;
int nbytes;

static char echo_on_str[] = { IAC, WONT, TELOPT_ECHO, '\0' };
static char echo_off_str[] = { IAC, WILL, TELOPT_ECHO, '\0' };

sendmsg = "Password: ";
send(socket, sendmsg, strlen(sendmsg), 0);

send(socket, echo_off_str, sizeof(echo_off_str), 0);
nbytes = recv(socket, recvmsg, 256, 0);
send(socket, echo_on_str, sizeof(echo_on_str), 0);

itsme86 12-16-2004 09:29 AM
Yes.

Ephracis 12-16-2004 11:03 AM
Quote:
Originally posted by itsme86
Yes.
Well that did not work. But do I have to do a recv() before I can continue?

Because the next recv() got filled without letting the client respond.

itsme86 12-16-2004 12:07 PM
It doesn't matter what you do after you send the echo_off_str. The telnet client receives it, turns local echo off, and anything the user types after that doesn't get echo'd until you send the echo_on_str which tells the client to turn local echo back on.

Maybe you're using a client that doesn't comply to the full telnet protocol standard?

Ephracis 12-16-2004 12:49 PM
I am using "telnet" that comes with Slackware Linux so I guess the chances that it is pretty "standard" are good.

But the problem is that after I send echo_off_str I seem to get some answer from the client. So then the password was filled with the returned answer (which I haven't checked what it is) but I could fix this by setting a recv() that just put the answer in "char *trash" and after that prompt for the password. So it is working.

But I wonder if it will work with other clients now.

itsme86 12-16-2004 12:58 PM
If you plan on making your server work with telnet, then you should make your server comply to telnet protocol standards. Almost every telnet command you send will generate a reply.

If you just want to use the echo on/off thing then you can read in the reply and discard the 3 bytes that comprise the reply the client is sending to you.

Ephracis 12-16-2004 01:02 PM
Oh great. I was afraid that the reply was *not* supposed to be there so if I would have any client that follows the telnet protocol standars it would prompt two times before password.

But ok, so then I am doing it right, recv()ing the reply and after that getting password.

Thanks a lot. :)

bm17 12-16-2004 04:21 PM
Simply solutions to complex problems
 
Alternately, you can just allow the user to see the password, and then use RFC 1097 to make him forget that he saw it.


All times are GMT -5. The time now is 09:22 PM.