Mercurial > dropbear
annotate common-runopts.c @ 1629:258b57b208ae
Fix for issue successfull login of disabled user (#78)
This commit introduces fix for scenario:
1. Root login disabled on dropbear
2. PAM authentication model enabled
While login as root user, after prompt for password
user is being notified about login failrue, but
after second attempt of prompt for password within
same session, login becames succesfull.
Signed-off-by: Pawel Rapkiewicz <[email protected]>
author | vincentto13 <33652988+vincentto13@users.noreply.github.com> |
---|---|
date | Wed, 20 Mar 2019 15:03:40 +0100 |
parents | 750ec4ec4cbe |
children | b9a466b43de0 |
rev | line source |
---|---|
33 | 1 /* |
2 * Dropbear - a SSH2 server | |
3 * | |
4 * Copyright (c) 2002,2003 Matt Johnston | |
5 * All rights reserved. | |
6 * | |
7 * Permission is hereby granted, free of charge, to any person obtaining a copy | |
8 * of this software and associated documentation files (the "Software"), to deal | |
9 * in the Software without restriction, including without limitation the rights | |
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | |
11 * copies of the Software, and to permit persons to whom the Software is | |
12 * furnished to do so, subject to the following conditions: | |
13 * | |
14 * The above copyright notice and this permission notice shall be included in | |
15 * all copies or substantial portions of the Software. | |
16 * | |
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | |
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | |
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | |
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | |
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | |
23 * SOFTWARE. */ | |
24 | |
25 #include "includes.h" | |
26 #include "runopts.h" | |
47 | 27 #include "signkey.h" |
28 #include "buffer.h" | |
29 #include "dbutil.h" | |
30 #include "auth.h" | |
682
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
47
diff
changeset
|
31 #include "algo.h" |
858
220f55d540ae
rename random.h to dbrandom.h since some OSes have a system random.h
Matt Johnston <matt@ucc.asn.au>
parents:
841
diff
changeset
|
32 #include "dbrandom.h" |
33 | 33 |
34 runopts opts; /* GLOBAL */ | |
47 | 35 |
36 /* returns success or failure, and the keytype in *type. If we want | |
37 * to restrict the type, type can contain a type to return */ | |
841
d4ce5269a439
Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents:
713
diff
changeset
|
38 int readhostkey(const char * filename, sign_key * hostkey, |
d4ce5269a439
Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents:
713
diff
changeset
|
39 enum signkey_type *type) { |
47 | 40 |
41 int ret = DROPBEAR_FAILURE; | |
42 buffer *buf; | |
43 | |
44 buf = buf_new(MAX_PRIVKEY_SIZE); | |
45 | |
46 if (buf_readfile(buf, filename) == DROPBEAR_FAILURE) { | |
47 goto out; | |
48 } | |
49 buf_setpos(buf, 0); | |
687 | 50 |
51 addrandom(buf_getptr(buf, buf->len), buf->len); | |
52 | |
47 | 53 if (buf_get_priv_key(buf, hostkey, type) == DROPBEAR_FAILURE) { |
54 goto out; | |
55 } | |
56 | |
57 ret = DROPBEAR_SUCCESS; | |
58 out: | |
59 | |
60 buf_burn(buf); | |
61 buf_free(buf); | |
62 return ret; | |
63 } | |
682
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
47
diff
changeset
|
64 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
948
diff
changeset
|
65 #if DROPBEAR_USER_ALGO_LIST |
682
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
47
diff
changeset
|
66 void |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
47
diff
changeset
|
67 parse_ciphers_macs() |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
47
diff
changeset
|
68 { |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
47
diff
changeset
|
69 if (opts.cipher_list) |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
47
diff
changeset
|
70 { |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
47
diff
changeset
|
71 if (strcmp(opts.cipher_list, "help") == 0) |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
47
diff
changeset
|
72 { |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
47
diff
changeset
|
73 char *ciphers = algolist_string(sshciphers); |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
47
diff
changeset
|
74 dropbear_log(LOG_INFO, "Available ciphers:\n%s\n", ciphers); |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
47
diff
changeset
|
75 m_free(ciphers); |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
47
diff
changeset
|
76 dropbear_exit("."); |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
47
diff
changeset
|
77 } |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
47
diff
changeset
|
78 |
713
e22d5f5f6e37
Fix "-c none" so that it allows aes during authentication
Matt Johnston <matt@ucc.asn.au>
parents:
687
diff
changeset
|
79 if (strcmp(opts.cipher_list, "none") == 0) |
e22d5f5f6e37
Fix "-c none" so that it allows aes during authentication
Matt Johnston <matt@ucc.asn.au>
parents:
687
diff
changeset
|
80 { |
e22d5f5f6e37
Fix "-c none" so that it allows aes during authentication
Matt Johnston <matt@ucc.asn.au>
parents:
687
diff
changeset
|
81 /* Encryption is required during authentication */ |
e22d5f5f6e37
Fix "-c none" so that it allows aes during authentication
Matt Johnston <matt@ucc.asn.au>
parents:
687
diff
changeset
|
82 opts.cipher_list = "none,aes128-ctr"; |
e22d5f5f6e37
Fix "-c none" so that it allows aes during authentication
Matt Johnston <matt@ucc.asn.au>
parents:
687
diff
changeset
|
83 } |
e22d5f5f6e37
Fix "-c none" so that it allows aes during authentication
Matt Johnston <matt@ucc.asn.au>
parents:
687
diff
changeset
|
84 |
682
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
47
diff
changeset
|
85 if (check_user_algos(opts.cipher_list, sshciphers, "cipher") == 0) |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
47
diff
changeset
|
86 { |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
47
diff
changeset
|
87 dropbear_exit("No valid ciphers specified for '-c'"); |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
47
diff
changeset
|
88 } |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
47
diff
changeset
|
89 } |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
47
diff
changeset
|
90 |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
47
diff
changeset
|
91 if (opts.mac_list) |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
47
diff
changeset
|
92 { |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
47
diff
changeset
|
93 if (strcmp(opts.mac_list, "help") == 0) |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
47
diff
changeset
|
94 { |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
47
diff
changeset
|
95 char *macs = algolist_string(sshhashes); |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
47
diff
changeset
|
96 dropbear_log(LOG_INFO, "Available MACs:\n%s\n", macs); |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
47
diff
changeset
|
97 m_free(macs); |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
47
diff
changeset
|
98 dropbear_exit("."); |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
47
diff
changeset
|
99 } |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
47
diff
changeset
|
100 |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
47
diff
changeset
|
101 if (check_user_algos(opts.mac_list, sshhashes, "MAC") == 0) |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
47
diff
changeset
|
102 { |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
47
diff
changeset
|
103 dropbear_exit("No valid MACs specified for '-m'"); |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
47
diff
changeset
|
104 } |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
47
diff
changeset
|
105 } |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
47
diff
changeset
|
106 } |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
47
diff
changeset
|
107 #endif |
4edea9f363d0
Add rough support for choosing ciphers/hashes with "-c" or "-m"
Matt Johnston <matt@ucc.asn.au>
parents:
47
diff
changeset
|
108 |
948
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
946
diff
changeset
|
109 void print_version() { |
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
946
diff
changeset
|
110 fprintf(stderr, "Dropbear v%s\n", DROPBEAR_VERSION); |
946 | 111 } |
112 | |
113 |