diff options
| author | Matt Johnston <matt@ucc.asn.au> | 2012-05-09 22:37:04 +0800 |
|---|---|---|
| committer | Matt Johnston <matt@ucc.asn.au> | 2012-05-09 22:37:04 +0800 |
| commit | 7f88aa61330e2ab15ffe300d71f313face69d7a3 (patch) | |
| tree | 6eef41ce957179b05d1d7da2a8c1171c4ca7a7bb | |
| parent | fc5e9a0fe81c9b56d63b7eea3cdb1b091dbc3021 (diff) | |
| download | dropbear-7f88aa61330e2ab15ffe300d71f313face69d7a3.tar.gz | |
Return immediate success for blank passwords if allowed
| -rw-r--r-- | common-session.c | 12 | ||||
| -rw-r--r-- | svr-auth.c | 37 | ||||
| -rw-r--r-- | svr-authpasswd.c | 10 |
3 files changed, 37 insertions, 22 deletions
diff --git a/common-session.c b/common-session.c index a5e138d..eab2ee5 100644 --- a/common-session.c +++ b/common-session.c @@ -453,6 +453,16 @@ void fill_passwd(const char* username) { ses.authstate.pw_name = m_strdup(pw->pw_name); ses.authstate.pw_dir = m_strdup(pw->pw_dir); ses.authstate.pw_shell = m_strdup(pw->pw_shell); - ses.authstate.pw_passwd = m_strdup(pw->pw_passwd); + { + char *passwd_crypt = pw->pw_passwd; +#ifdef HAVE_SHADOW_H + /* get the shadow password if possible */ + struct spwd *spasswd = getspnam(ses.authstate.pw_name); + if (spasswd && spasswd->sp_pwdp) { + passwd_crypt = spasswd->sp_pwdp; + } +#endif + ses.authstate.pw_passwd = m_strdup(passwd_crypt); + } } @@ -141,15 +141,6 @@ void recv_msg_userauth_request() { dropbear_exit("unknown service in auth"); } - /* user wants to know what methods are supported */ - if (methodlen == AUTH_METHOD_NONE_LEN && - strncmp(methodname, AUTH_METHOD_NONE, - AUTH_METHOD_NONE_LEN) == 0) { - TRACE(("recv_msg_userauth_request: 'none' request")) - send_msg_userauth_failure(0, 0); - goto out; - } - /* check username is good before continuing */ if (checkusername(username, userlen) == DROPBEAR_FAILURE) { /* username is invalid/no shell/etc - send failure */ @@ -158,6 +149,31 @@ void recv_msg_userauth_request() { goto out; } + /* user wants to know what methods are supported */ + if (methodlen == AUTH_METHOD_NONE_LEN && + strncmp(methodname, AUTH_METHOD_NONE, + AUTH_METHOD_NONE_LEN) == 0) { + TRACE(("recv_msg_userauth_request: 'none' request")) +#ifdef ALLOW_BLANK_PASSWORD + if (!svr_opts.noauthpass + && !(svr_opts.norootpass && ses.authstate.pw_uid == 0) + && ses.authstate.pw_passwd == '\0') + { + dropbear_log(LOG_NOTICE, + "Auth succeeded with blank password for '%s' from %s", + ses.authstate.pw_name, + svr_ses.addrstring); + send_msg_userauth_success(); + goto out; + } + else +#endif + { + send_msg_userauth_failure(0, 0); + goto out; + } + } + #ifdef ENABLE_SVR_PASSWORD_AUTH if (!svr_opts.noauthpass && !(svr_opts.norootpass && ses.authstate.pw_uid == 0) ) { @@ -205,8 +221,7 @@ out: } -/* Check that the username exists, has a non-empty password, and has a valid - * shell. +/* Check that the username exists and isn't disallowed (root), and has a valid shell. * returns DROPBEAR_SUCCESS on valid username, DROPBEAR_FAILURE on failure */ static int checkusername(unsigned char *username, unsigned int userlen) { diff --git a/svr-authpasswd.c b/svr-authpasswd.c index 54b4889..ceeb4d8 100644 --- a/svr-authpasswd.c +++ b/svr-authpasswd.c @@ -36,9 +36,6 @@ * appropriate */ void svr_auth_password() { -#ifdef HAVE_SHADOW_H - struct spwd *spasswd = NULL; -#endif char * passwdcrypt = NULL; /* the crypt from /etc/passwd or /etc/shadow */ char * testcrypt = NULL; /* crypt generated from the user's password sent */ unsigned char * password; @@ -48,13 +45,6 @@ void svr_auth_password() { unsigned int changepw; passwdcrypt = ses.authstate.pw_passwd; -#ifdef HAVE_SHADOW_H - /* get the shadow password if possible */ - spasswd = getspnam(ses.authstate.pw_name); - if (spasswd != NULL && spasswd->sp_pwdp != NULL) { - passwdcrypt = spasswd->sp_pwdp; - } -#endif #ifdef DEBUG_HACKCRYPT /* debugging crypt for non-root testing with shadows */ |