diff options
author | Matt Johnston <matt@ucc.asn.au> | 2006-03-08 13:23:49 +0000 |
---|---|---|
committer | Matt Johnston <matt@ucc.asn.au> | 2006-03-08 13:23:49 +0000 |
commit | 8608a8e64c1aeda096867f43f89e29e1aee207ae (patch) | |
tree | 453ebf8873dd287a2def6a674d42afcc6637cde2 /svr-authpasswd.c | |
parent | 2481693cf23dba90c693762a528d2923cde9c9cc (diff) | |
parent | 882a9ced901348b3a48023443bfd23e0ef9d9b67 (diff) |
propagate from branch 'au.asn.ucc.matt.ltm.dropbear' (head 6c790cad5a7fa866ad062cb3a0c279f7ba788583)
to branch 'au.asn.ucc.matt.dropbear' (head fff0894a0399405a9410ea1c6d118f342cf2aa64)
--HG--
extra : convert_revision : fdf4a7a3b97ae5046139915de7e40399cceb2c01
Diffstat (limited to 'svr-authpasswd.c')
-rw-r--r-- | svr-authpasswd.c | 105 |
1 files changed, 105 insertions, 0 deletions
diff --git a/svr-authpasswd.c b/svr-authpasswd.c new file mode 100644 index 0000000..5be1e2a --- /dev/null +++ b/svr-authpasswd.c @@ -0,0 +1,105 @@ +/* + * Dropbear - a SSH2 server + * + * Copyright (c) 2002,2003 Matt Johnston + * All rights reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. */ + +/* Validates a user password */ + +#include "includes.h" +#include "session.h" +#include "buffer.h" +#include "dbutil.h" +#include "auth.h" + +#ifdef ENABLE_SVR_PASSWORD_AUTH + +/* Process a password auth request, sending success or failure messages as + * appropriate */ +void svr_auth_password() { + +#ifdef HAVE_SHADOW_H + struct spwd *spasswd = NULL; +#endif + char * passwdcrypt = NULL; /* the crypt from /etc/passwd or /etc/shadow */ + char * testcrypt = NULL; /* crypt generated from the user's password sent */ + unsigned char * password; + unsigned int passwordlen; + + unsigned int changepw; + + passwdcrypt = ses.authstate.pw->pw_passwd; +#ifdef HAVE_SHADOW_H + /* get the shadow password if possible */ + spasswd = getspnam(ses.authstate.printableuser); + if (spasswd != NULL && spasswd->sp_pwdp != NULL) { + passwdcrypt = spasswd->sp_pwdp; + } +#endif + +#ifdef DEBUG_HACKCRYPT + /* debugging crypt for non-root testing with shadows */ + passwdcrypt = DEBUG_HACKCRYPT; +#endif + + /* check for empty password - need to do this again here + * since the shadow password may differ to that tested + * in auth.c */ + if (passwdcrypt[0] == '\0') { + dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected", + ses.authstate.printableuser); + send_msg_userauth_failure(0, 1); + return; + } + + /* check if client wants to change password */ + changepw = buf_getbool(ses.payload); + if (changepw) { + /* not implemented by this server */ + send_msg_userauth_failure(0, 1); + return; + } + + password = buf_getstring(ses.payload, &passwordlen); + + /* the first bytes of passwdcrypt are the salt */ + testcrypt = crypt((char*)password, passwdcrypt); + m_burn(password, passwordlen); + m_free(password); + + if (strcmp(testcrypt, passwdcrypt) == 0) { + /* successful authentication */ + dropbear_log(LOG_NOTICE, + "password auth succeeded for '%s' from %s", + ses.authstate.printableuser, + svr_ses.addrstring); + send_msg_userauth_success(); + } else { + dropbear_log(LOG_WARNING, + "bad password attempt for '%s' from %s", + ses.authstate.printableuser, + svr_ses.addrstring); + send_msg_userauth_failure(0, 1); + } + +} + +#endif |