Mercurial > dropbear
comparison svr-auth.c @ 641:2b1bb792cd4d dropbear-tfm
- Update tfm changes to current default tip
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Mon, 21 Nov 2011 19:52:28 +0800 |
| parents | d40f3cc47aed |
| children | 0edf08895a33 |
comparison
equal
deleted
inserted
replaced
| 640:76097ec1a29a | 641:2b1bb792cd4d |
|---|---|
| 31 #include "buffer.h" | 31 #include "buffer.h" |
| 32 #include "ssh.h" | 32 #include "ssh.h" |
| 33 #include "packet.h" | 33 #include "packet.h" |
| 34 #include "auth.h" | 34 #include "auth.h" |
| 35 #include "runopts.h" | 35 #include "runopts.h" |
| 36 #include "random.h" | |
| 36 | 37 |
| 37 static void authclear(); | 38 static void authclear(); |
| 38 static int checkusername(unsigned char *username, unsigned int userlen); | 39 static int checkusername(unsigned char *username, unsigned int userlen); |
| 39 static void send_msg_userauth_banner(); | 40 static void send_msg_userauth_banner(); |
| 40 | 41 |
| 219 /* new user or username has changed */ | 220 /* new user or username has changed */ |
| 220 if (ses.authstate.username == NULL || | 221 if (ses.authstate.username == NULL || |
| 221 strcmp(username, ses.authstate.username) != 0) { | 222 strcmp(username, ses.authstate.username) != 0) { |
| 222 /* the username needs resetting */ | 223 /* the username needs resetting */ |
| 223 if (ses.authstate.username != NULL) { | 224 if (ses.authstate.username != NULL) { |
| 224 dropbear_log(LOG_WARNING, "client trying multiple usernames from %s", | 225 dropbear_log(LOG_WARNING, "Client trying multiple usernames from %s", |
| 225 svr_ses.addrstring); | 226 svr_ses.addrstring); |
| 226 m_free(ses.authstate.username); | 227 m_free(ses.authstate.username); |
| 227 } | 228 } |
| 228 authclear(); | 229 authclear(); |
| 229 fill_passwd(username); | 230 fill_passwd(username); |
| 232 | 233 |
| 233 /* check that user exists */ | 234 /* check that user exists */ |
| 234 if (!ses.authstate.pw_name) { | 235 if (!ses.authstate.pw_name) { |
| 235 TRACE(("leave checkusername: user '%s' doesn't exist", username)) | 236 TRACE(("leave checkusername: user '%s' doesn't exist", username)) |
| 236 dropbear_log(LOG_WARNING, | 237 dropbear_log(LOG_WARNING, |
| 237 "login attempt for nonexistent user from %s", | 238 "Login attempt for nonexistent user from %s", |
| 238 svr_ses.addrstring); | 239 svr_ses.addrstring); |
| 239 send_msg_userauth_failure(0, 1); | 240 send_msg_userauth_failure(0, 1); |
| 240 return DROPBEAR_FAILURE; | 241 return DROPBEAR_FAILURE; |
| 241 } | 242 } |
| 242 | 243 |
| 243 /* check for non-root if desired */ | 244 /* check for non-root if desired */ |
| 244 if (svr_opts.norootlogin && ses.authstate.pw_uid == 0) { | 245 if (svr_opts.norootlogin && ses.authstate.pw_uid == 0) { |
| 245 TRACE(("leave checkusername: root login disabled")) | 246 TRACE(("leave checkusername: root login disabled")) |
| 246 dropbear_log(LOG_WARNING, "root login rejected"); | 247 dropbear_log(LOG_WARNING, "root login rejected"); |
| 247 send_msg_userauth_failure(0, 1); | |
| 248 return DROPBEAR_FAILURE; | |
| 249 } | |
| 250 | |
| 251 /* check for an empty password */ | |
| 252 if (ses.authstate.pw_passwd[0] == '\0') { | |
| 253 TRACE(("leave checkusername: empty pword")) | |
| 254 dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected", | |
| 255 ses.authstate.pw_name); | |
| 256 send_msg_userauth_failure(0, 1); | 248 send_msg_userauth_failure(0, 1); |
| 257 return DROPBEAR_FAILURE; | 249 return DROPBEAR_FAILURE; |
| 258 } | 250 } |
| 259 | 251 |
| 260 TRACE(("shell is %s", ses.authstate.pw_shell)) | 252 TRACE(("shell is %s", ses.authstate.pw_shell)) |
| 278 } | 270 } |
| 279 } | 271 } |
| 280 /* no matching shell */ | 272 /* no matching shell */ |
| 281 endusershell(); | 273 endusershell(); |
| 282 TRACE(("no matching shell")) | 274 TRACE(("no matching shell")) |
| 283 dropbear_log(LOG_WARNING, "user '%s' has invalid shell, rejected", | 275 dropbear_log(LOG_WARNING, "User '%s' has invalid shell, rejected", |
| 284 ses.authstate.pw_name); | 276 ses.authstate.pw_name); |
| 285 send_msg_userauth_failure(0, 1); | 277 send_msg_userauth_failure(0, 1); |
| 286 return DROPBEAR_FAILURE; | 278 return DROPBEAR_FAILURE; |
| 287 | 279 |
| 288 goodshell: | 280 goodshell: |
| 335 | 327 |
| 336 buf_putbyte(ses.writepayload, partial ? 1 : 0); | 328 buf_putbyte(ses.writepayload, partial ? 1 : 0); |
| 337 encrypt_packet(); | 329 encrypt_packet(); |
| 338 | 330 |
| 339 if (incrfail) { | 331 if (incrfail) { |
| 340 usleep(300000); /* XXX improve this */ | 332 unsigned int delay; |
| 333 genrandom((unsigned char*)&delay, sizeof(delay)); | |
| 334 /* We delay for 300ms +- 50ms, 0.1ms granularity */ | |
| 335 delay = 250000 + (delay % 1000)*100; | |
| 336 usleep(delay); | |
| 341 ses.authstate.failcount++; | 337 ses.authstate.failcount++; |
| 342 } | 338 } |
| 343 | 339 |
| 344 if (ses.authstate.failcount >= MAX_AUTH_TRIES) { | 340 if (ses.authstate.failcount >= MAX_AUTH_TRIES) { |
| 345 char * userstr; | 341 char * userstr; |