Skip to content

Commit

Permalink
`ssh-log-pw-blank': known password fields are now omitted from SSH pa…
Browse files Browse the repository at this point in the history
…cket logs

by default (although they can be included). There's also an option to remove
session data, which is good both for privacy and for reducing the size of
logfiles.

[originally from svn r4593]
  • Loading branch information
jtn20 committed Oct 2, 2004
1 parent fb92f11 commit e375ba1
Show file tree
Hide file tree
Showing 7 changed files with 311 additions and 39 deletions.
12 changes: 12 additions & 0 deletions config.c
Original file line number Diff line number Diff line change
Expand Up @@ -885,6 +885,18 @@ void setup_config_box(struct controlbox *b, struct sesslist *sesslist,
"Always append to the end of it", I(LGXF_APN),
"Ask the user every time", I(LGXF_ASK), NULL);

if ((midsession && protocol == PROT_SSH) ||
(!midsession && backends[3].name != NULL)) {
s = ctrl_getset(b, "Session/Logging", "ssh",
"Options specific to SSH packet logging");
ctrl_checkbox(s, "Omit known password fields", 'k',
HELPCTX(logging_ssh_omit_password),
dlg_stdcheckbox_handler, I(offsetof(Config,logomitpass)));
ctrl_checkbox(s, "Omit session data", 'd',
HELPCTX(logging_ssh_omit_data),
dlg_stdcheckbox_handler, I(offsetof(Config,logomitdata)));
}

/*
* The Terminal panel.
*/
Expand Down
45 changes: 42 additions & 3 deletions doc/config.but
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
\versionid $Id: config.but,v 1.90 2004/09/22 22:15:25 jacob Exp $
\versionid $Id: config.but,v 1.91 2004/10/02 00:33:27 jacob Exp $

\C{config} Configuring PuTTY

Expand Down Expand Up @@ -148,8 +148,9 @@ connections), the SSH message packets sent over the encrypted
connection are written to the log file. You might need this to debug
a network-level problem, or more likely to send to the PuTTY authors
as part of a bug report. \e{BE WARNED} that if you log in using a
password, the password will appear in the log file, so be sure to
edit it out before sending the log file to anyone else!
password, the password can appear in the log file; see
\k{config-logssh} for options that may help to remove sensitive
material from the log file before you send it to anyone else.

\S{config-logfilename} \q{Log file name}

Expand Down Expand Up @@ -198,6 +199,44 @@ Finally (the default option), you might not want to have any
automatic behaviour, but to ask the user every time the problem
comes up.

\S{config-logssh} Options specific to SSH packet logging

These options only apply if SSH packet data is being logged.

The following options allow particularly sensitive portions of
unencrypted packets to be automatically left out of the log file.
They are only intended to deter casual nosiness; an attacker could
glean a lot of useful information from even these obfuscated logs
(e.g., length of password).

\S2{config-logssh-omitpw} \q{Omit known password fields}

\cfg{winhelp-topic}{logging.ssh.omitpassword}

When checked, password fields are removed from the log of transmitted
packets. (This includes any user responses to challenge-response
authentication methods such as \q{keyboard-interactive}.) This does
not include X11 authentication data if using X11 forwarding.

Note that this will only omit data that PuTTY \e{knows} to be a
password. However, if you start another login session within your
PuTTY session, for instance, any password used will appear in the
clear in the packet log. The next option may be of use to protect
against this.

This option is enabled by default.

\S2{config-logssh-omitdata} \q{Omit session data}

\cfg{winhelp-topic}{logging.ssh.omitdata}

When checked, all \q{session data} is omitted; this is defined as data
in terminal sessions and in forwarded channels (TCP, X11, and
authentication agent). This will usually substantially reduce the size
of the resulting log file.

This option is disabled by default.

\H{config-terminal} The Terminal panel

The Terminal configuration panel allows you to control the behaviour
Expand Down
86 changes: 74 additions & 12 deletions logging.c
Original file line number Diff line number Diff line change
Expand Up @@ -70,34 +70,96 @@ void log_eventlog(void *handle, const char *event)

/*
* Log an SSH packet.
* If n_blanks != 0, blank or omit some parts.
* Set of blanking areas must be in increasing order.
*/
void log_packet(void *handle, int direction, int type,
char *texttype, void *data, int len)
char *texttype, void *data, int len,
int n_blanks, const struct logblank_t *blanks)
{
struct LogContext *ctx = (struct LogContext *)handle;
int i, j;
char dumpdata[80], smalldata[5];

if (ctx->cfg.logtype != LGTYP_PACKETS)
return;
if (!ctx->lgfp)
logfopen(ctx);
if (ctx->lgfp) {
int p = 0, b = 0, omitted = 0;
int output_pos = 0; /* NZ if pending output in dumpdata */

/* Packet header. */
fprintf(ctx->lgfp, "%s packet type %d / 0x%02x (%s)\r\n",
direction == PKT_INCOMING ? "Incoming" : "Outgoing",
type, type, texttype);
for (i = 0; i < len; i += 16) {
sprintf(dumpdata, " %08x%*s\r\n", i, 1+3*16+2+16, "");
for (j = 0; j < 16 && i+j < len; j++) {
int c = ((unsigned char *)data)[i+j];
sprintf(smalldata, "%02x", c);
dumpdata[10+2+3*j] = smalldata[0];
dumpdata[10+2+3*j+1] = smalldata[1];
dumpdata[10+1+3*16+2+j] = (isprint(c) ? c : '.');

/*
* Output a hex/ASCII dump of the packet body, blanking/omitting
* parts as specified.
*/
while (p < len) {
int blktype;

/* Move to a current entry in the blanking array. */
while ((b < n_blanks) &&
(p >= blanks[b].offset + blanks[b].len))
b++;
/* Work out what type of blanking to apply to
* this byte. */
blktype = PKTLOG_EMIT; /* default */
if ((b < n_blanks) &&
(p >= blanks[b].offset) &&
(p < blanks[b].offset + blanks[b].len))
blktype = blanks[b].type;

/* If we're about to stop omitting, it's time to say how
* much we omitted. */
if ((blktype != PKTLOG_OMIT) && omitted) {
fprintf(ctx->lgfp, " (%d byte%s omitted)\r\n",
omitted, (omitted==1?"":"s"));
omitted = 0;
}

/* (Re-)initialise dumpdata as necessary
* (start of row, or if we've just stopped omitting) */
if (!output_pos && !omitted)
sprintf(dumpdata, " %08x%*s\r\n", p-(p%16), 1+3*16+2+16, "");

/* Deal with the current byte. */
if (blktype == PKTLOG_OMIT) {
omitted++;
} else {
int c;
if (blktype == PKTLOG_BLANK) {
c = 'X';
sprintf(smalldata, "XX");
} else { /* PKTLOG_EMIT */
c = ((unsigned char *)data)[p];
sprintf(smalldata, "%02x", c);
}
dumpdata[10+2+3*(p%16)] = smalldata[0];
dumpdata[10+2+3*(p%16)+1] = smalldata[1];
dumpdata[10+1+3*16+2+(p%16)] = (isprint(c) ? c : '.');
output_pos = (p%16) + 1;
}

p++;

/* Flush row if necessary */
if (((p % 16) == 0) || (p == len) || omitted) {
if (output_pos) {
strcpy(dumpdata + 10+1+3*16+2+output_pos, "\r\n");
fputs(dumpdata, ctx->lgfp);
output_pos = 0;
}
}
strcpy(dumpdata + 10+1+3*16+2+j, "\r\n");
fputs(dumpdata, ctx->lgfp);

}

/* Tidy up */
if (omitted)
fprintf(ctx->lgfp, " (%d byte%s omitted)\r\n",
omitted, (omitted==1?"":"s"));
fflush(ctx->lgfp);
}
}
Expand Down
11 changes: 10 additions & 1 deletion putty.h
Original file line number Diff line number Diff line change
Expand Up @@ -425,6 +425,8 @@ struct config_tag {
Filename logfilename;
int logtype;
int logxfovr;
int logomitpass;
int logomitdata;
int hide_mouseptr;
int sunken_edge;
int window_border;
Expand Down Expand Up @@ -658,8 +660,15 @@ void logtraffic(void *logctx, unsigned char c, int logmode);
void logflush(void *logctx);
void log_eventlog(void *logctx, const char *string);
enum { PKT_INCOMING, PKT_OUTGOING };
enum { PKTLOG_EMIT, PKTLOG_BLANK, PKTLOG_OMIT };
struct logblank_t {
int offset;
int len;
int type;
};
void log_packet(void *logctx, int direction, int type,
char *texttype, void *data, int len);
char *texttype, void *data, int len,
int n_blanks, const struct logblank_t *blanks);

/*
* Exports from testback.c
Expand Down
4 changes: 4 additions & 0 deletions settings.c
Original file line number Diff line number Diff line change
Expand Up @@ -167,6 +167,8 @@ void save_open_settings(void *sesskey, int do_host, Config *cfg)
write_setting_filename(sesskey, "LogFileName", cfg->logfilename);
write_setting_i(sesskey, "LogType", cfg->logtype);
write_setting_i(sesskey, "LogFileClash", cfg->logxfovr);
write_setting_i(sesskey, "SSHLogOmitPasswords", cfg->logomitpass);
write_setting_i(sesskey, "SSHLogOmitData", cfg->logomitdata);
p = "raw";
for (i = 0; backends[i].name != NULL; i++)
if (backends[i].protocol == cfg->protocol) {
Expand Down Expand Up @@ -389,6 +391,8 @@ void load_open_settings(void *sesskey, int do_host, Config *cfg)
gppfile(sesskey, "LogFileName", &cfg->logfilename);
gppi(sesskey, "LogType", 0, &cfg->logtype);
gppi(sesskey, "LogFileClash", LGXF_ASK, &cfg->logxfovr);
gppi(sesskey, "SSHLogOmitPasswords", 1, &cfg->logomitpass);
gppi(sesskey, "SSHLogOmitData", 0, &cfg->logomitdata);

gpps(sesskey, "Protocol", "default", prot, 10);
cfg->protocol = default_protocol;
Expand Down
Loading

0 comments on commit e375ba1

Please sign in to comment.