summaryrefslogtreecommitdiffhomepage
path: root/svr-auth.c
diff options
context:
space:
mode:
Diffstat (limited to 'svr-auth.c')
-rw-r--r--svr-auth.c37
1 files changed, 26 insertions, 11 deletions
diff --git a/svr-auth.c b/svr-auth.c
index de254ea..04321fe 100644
--- a/svr-auth.c
+++ b/svr-auth.c
@@ -141,15 +141,6 @@ void recv_msg_userauth_request() {
dropbear_exit("unknown service in auth");
}
- /* user wants to know what methods are supported */
- if (methodlen == AUTH_METHOD_NONE_LEN &&
- strncmp(methodname, AUTH_METHOD_NONE,
- AUTH_METHOD_NONE_LEN) == 0) {
- TRACE(("recv_msg_userauth_request: 'none' request"))
- send_msg_userauth_failure(0, 0);
- goto out;
- }
-
/* check username is good before continuing */
if (checkusername(username, userlen) == DROPBEAR_FAILURE) {
/* username is invalid/no shell/etc - send failure */
@@ -158,6 +149,31 @@ void recv_msg_userauth_request() {
goto out;
}
+ /* user wants to know what methods are supported */
+ if (methodlen == AUTH_METHOD_NONE_LEN &&
+ strncmp(methodname, AUTH_METHOD_NONE,
+ AUTH_METHOD_NONE_LEN) == 0) {
+ TRACE(("recv_msg_userauth_request: 'none' request"))
+#ifdef ALLOW_BLANK_PASSWORD
+ if (!svr_opts.noauthpass
+ && !(svr_opts.norootpass && ses.authstate.pw_uid == 0)
+ && ses.authstate.pw_passwd == '\0')
+ {
+ dropbear_log(LOG_NOTICE,
+ "Auth succeeded with blank password for '%s' from %s",
+ ses.authstate.pw_name,
+ svr_ses.addrstring);
+ send_msg_userauth_success();
+ goto out;
+ }
+ else
+#endif
+ {
+ send_msg_userauth_failure(0, 0);
+ goto out;
+ }
+ }
+
#ifdef ENABLE_SVR_PASSWORD_AUTH
if (!svr_opts.noauthpass &&
!(svr_opts.norootpass && ses.authstate.pw_uid == 0) ) {
@@ -205,8 +221,7 @@ out:
}
-/* Check that the username exists, has a non-empty password, and has a valid
- * shell.
+/* Check that the username exists and isn't disallowed (root), and has a valid shell.
* returns DROPBEAR_SUCCESS on valid username, DROPBEAR_FAILURE on failure */
static int checkusername(unsigned char *username, unsigned int userlen) {