annotate common-runopts.c @ 1629:258b57b208ae

Fix for issue successfull login of disabled user (#78) This commit introduces fix for scenario: 1. Root login disabled on dropbear 2. PAM authentication model enabled While login as root user, after prompt for password user is being notified about login failrue, but after second attempt of prompt for password within same session, login becames succesfull. Signed-off-by: Pawel Rapkiewicz <[email protected]>
author vincentto13 <33652988+vincentto13@users.noreply.github.com>
date Wed, 20 Mar 2019 15:03:40 +0100
parents 750ec4ec4cbe
children b9a466b43de0
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1 /*
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
2 * Dropbear - a SSH2 server
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
3 *
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
4 * Copyright (c) 2002,2003 Matt Johnston
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
5 * All rights reserved.
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
6 *
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
8 * of this software and associated documentation files (the "Software"), to deal
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
9 * in the Software without restriction, including without limitation the rights
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
11 * copies of the Software, and to permit persons to whom the Software is
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
12 * furnished to do so, subject to the following conditions:
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
13 *
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
14 * The above copyright notice and this permission notice shall be included in
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
15 * all copies or substantial portions of the Software.
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
16 *
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
23 * SOFTWARE. */
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
24
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
25 #include "includes.h"
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
26 #include "runopts.h"
47
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
27 #include "signkey.h"
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
28 #include "buffer.h"
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
29 #include "dbutil.h"
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
30 #include "auth.h"
682
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
31 #include "algo.h"
858
220f55d540ae rename random.h to dbrandom.h since some OSes have a system random.h
Matt Johnston <matt@ucc.asn.au>
parents: 841
diff changeset
32 #include "dbrandom.h"
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
33
f789045062e6 Progressing client support
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
34 runopts opts; /* GLOBAL */
47
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
35
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
36 /* returns success or failure, and the keytype in *type. If we want
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
37 * to restrict the type, type can contain a type to return */
841
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents: 713
diff changeset
38 int readhostkey(const char * filename, sign_key * hostkey,
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents: 713
diff changeset
39 enum signkey_type *type) {
47
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
40
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
41 int ret = DROPBEAR_FAILURE;
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
42 buffer *buf;
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
43
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
44 buf = buf_new(MAX_PRIVKEY_SIZE);
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
45
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
46 if (buf_readfile(buf, filename) == DROPBEAR_FAILURE) {
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
47 goto out;
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
48 }
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
49 buf_setpos(buf, 0);
687
167fdc091c05 Improve RNG seeding.
Matt Johnston <matt@ucc.asn.au>
parents: 682
diff changeset
50
167fdc091c05 Improve RNG seeding.
Matt Johnston <matt@ucc.asn.au>
parents: 682
diff changeset
51 addrandom(buf_getptr(buf, buf->len), buf->len);
167fdc091c05 Improve RNG seeding.
Matt Johnston <matt@ucc.asn.au>
parents: 682
diff changeset
52
47
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
53 if (buf_get_priv_key(buf, hostkey, type) == DROPBEAR_FAILURE) {
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
54 goto out;
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
55 }
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
56
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
57 ret = DROPBEAR_SUCCESS;
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
58 out:
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
59
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
60 buf_burn(buf);
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
61 buf_free(buf);
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
62 return ret;
4b53a43f0082 - client pubkey auth works
Matt Johnston <matt@ucc.asn.au>
parents: 33
diff changeset
63 }
682
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
64
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 948
diff changeset
65 #if DROPBEAR_USER_ALGO_LIST
682
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
66 void
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
67 parse_ciphers_macs()
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
68 {
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
69 if (opts.cipher_list)
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
70 {
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
71 if (strcmp(opts.cipher_list, "help") == 0)
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
72 {
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
73 char *ciphers = algolist_string(sshciphers);
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
74 dropbear_log(LOG_INFO, "Available ciphers:\n%s\n", ciphers);
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
75 m_free(ciphers);
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
76 dropbear_exit(".");
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
77 }
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
78
713
e22d5f5f6e37 Fix "-c none" so that it allows aes during authentication
Matt Johnston <matt@ucc.asn.au>
parents: 687
diff changeset
79 if (strcmp(opts.cipher_list, "none") == 0)
e22d5f5f6e37 Fix "-c none" so that it allows aes during authentication
Matt Johnston <matt@ucc.asn.au>
parents: 687
diff changeset
80 {
e22d5f5f6e37 Fix "-c none" so that it allows aes during authentication
Matt Johnston <matt@ucc.asn.au>
parents: 687
diff changeset
81 /* Encryption is required during authentication */
e22d5f5f6e37 Fix "-c none" so that it allows aes during authentication
Matt Johnston <matt@ucc.asn.au>
parents: 687
diff changeset
82 opts.cipher_list = "none,aes128-ctr";
e22d5f5f6e37 Fix "-c none" so that it allows aes during authentication
Matt Johnston <matt@ucc.asn.au>
parents: 687
diff changeset
83 }
e22d5f5f6e37 Fix "-c none" so that it allows aes during authentication
Matt Johnston <matt@ucc.asn.au>
parents: 687
diff changeset
84
682
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
85 if (check_user_algos(opts.cipher_list, sshciphers, "cipher") == 0)
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
86 {
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
87 dropbear_exit("No valid ciphers specified for '-c'");
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
88 }
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
89 }
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
90
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
91 if (opts.mac_list)
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
92 {
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
93 if (strcmp(opts.mac_list, "help") == 0)
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
94 {
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
95 char *macs = algolist_string(sshhashes);
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
96 dropbear_log(LOG_INFO, "Available MACs:\n%s\n", macs);
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
97 m_free(macs);
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
98 dropbear_exit(".");
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
99 }
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
100
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
101 if (check_user_algos(opts.mac_list, sshhashes, "MAC") == 0)
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
102 {
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
103 dropbear_exit("No valid MACs specified for '-m'");
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
104 }
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
105 }
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
106 }
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
107 #endif
4edea9f363d0 Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents: 47
diff changeset
108
948
f92eb625c48d - Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents: 946
diff changeset
109 void print_version() {
f92eb625c48d - Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents: 946
diff changeset
110 fprintf(stderr, "Dropbear v%s\n", DROPBEAR_VERSION);
946
17d874ae93a1 Add '-V' for version
Matt Johnston <matt@ucc.asn.au>
parents: 858
diff changeset
111 }
17d874ae93a1 Add '-V' for version
Matt Johnston <matt@ucc.asn.au>
parents: 858
diff changeset
112
17d874ae93a1 Add '-V' for version
Matt Johnston <matt@ucc.asn.au>
parents: 858
diff changeset
113