Mercurial > dropbear
comparison svr-auth.c @ 641:2b1bb792cd4d dropbear-tfm
- Update tfm changes to current default tip
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Mon, 21 Nov 2011 19:52:28 +0800 |
parents | d40f3cc47aed |
children | 0edf08895a33 |
comparison
equal
deleted
inserted
replaced
640:76097ec1a29a | 641:2b1bb792cd4d |
---|---|
31 #include "buffer.h" | 31 #include "buffer.h" |
32 #include "ssh.h" | 32 #include "ssh.h" |
33 #include "packet.h" | 33 #include "packet.h" |
34 #include "auth.h" | 34 #include "auth.h" |
35 #include "runopts.h" | 35 #include "runopts.h" |
36 #include "random.h" | |
36 | 37 |
37 static void authclear(); | 38 static void authclear(); |
38 static int checkusername(unsigned char *username, unsigned int userlen); | 39 static int checkusername(unsigned char *username, unsigned int userlen); |
39 static void send_msg_userauth_banner(); | 40 static void send_msg_userauth_banner(); |
40 | 41 |
219 /* new user or username has changed */ | 220 /* new user or username has changed */ |
220 if (ses.authstate.username == NULL || | 221 if (ses.authstate.username == NULL || |
221 strcmp(username, ses.authstate.username) != 0) { | 222 strcmp(username, ses.authstate.username) != 0) { |
222 /* the username needs resetting */ | 223 /* the username needs resetting */ |
223 if (ses.authstate.username != NULL) { | 224 if (ses.authstate.username != NULL) { |
224 dropbear_log(LOG_WARNING, "client trying multiple usernames from %s", | 225 dropbear_log(LOG_WARNING, "Client trying multiple usernames from %s", |
225 svr_ses.addrstring); | 226 svr_ses.addrstring); |
226 m_free(ses.authstate.username); | 227 m_free(ses.authstate.username); |
227 } | 228 } |
228 authclear(); | 229 authclear(); |
229 fill_passwd(username); | 230 fill_passwd(username); |
232 | 233 |
233 /* check that user exists */ | 234 /* check that user exists */ |
234 if (!ses.authstate.pw_name) { | 235 if (!ses.authstate.pw_name) { |
235 TRACE(("leave checkusername: user '%s' doesn't exist", username)) | 236 TRACE(("leave checkusername: user '%s' doesn't exist", username)) |
236 dropbear_log(LOG_WARNING, | 237 dropbear_log(LOG_WARNING, |
237 "login attempt for nonexistent user from %s", | 238 "Login attempt for nonexistent user from %s", |
238 svr_ses.addrstring); | 239 svr_ses.addrstring); |
239 send_msg_userauth_failure(0, 1); | 240 send_msg_userauth_failure(0, 1); |
240 return DROPBEAR_FAILURE; | 241 return DROPBEAR_FAILURE; |
241 } | 242 } |
242 | 243 |
243 /* check for non-root if desired */ | 244 /* check for non-root if desired */ |
244 if (svr_opts.norootlogin && ses.authstate.pw_uid == 0) { | 245 if (svr_opts.norootlogin && ses.authstate.pw_uid == 0) { |
245 TRACE(("leave checkusername: root login disabled")) | 246 TRACE(("leave checkusername: root login disabled")) |
246 dropbear_log(LOG_WARNING, "root login rejected"); | 247 dropbear_log(LOG_WARNING, "root login rejected"); |
247 send_msg_userauth_failure(0, 1); | |
248 return DROPBEAR_FAILURE; | |
249 } | |
250 | |
251 /* check for an empty password */ | |
252 if (ses.authstate.pw_passwd[0] == '\0') { | |
253 TRACE(("leave checkusername: empty pword")) | |
254 dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected", | |
255 ses.authstate.pw_name); | |
256 send_msg_userauth_failure(0, 1); | 248 send_msg_userauth_failure(0, 1); |
257 return DROPBEAR_FAILURE; | 249 return DROPBEAR_FAILURE; |
258 } | 250 } |
259 | 251 |
260 TRACE(("shell is %s", ses.authstate.pw_shell)) | 252 TRACE(("shell is %s", ses.authstate.pw_shell)) |
278 } | 270 } |
279 } | 271 } |
280 /* no matching shell */ | 272 /* no matching shell */ |
281 endusershell(); | 273 endusershell(); |
282 TRACE(("no matching shell")) | 274 TRACE(("no matching shell")) |
283 dropbear_log(LOG_WARNING, "user '%s' has invalid shell, rejected", | 275 dropbear_log(LOG_WARNING, "User '%s' has invalid shell, rejected", |
284 ses.authstate.pw_name); | 276 ses.authstate.pw_name); |
285 send_msg_userauth_failure(0, 1); | 277 send_msg_userauth_failure(0, 1); |
286 return DROPBEAR_FAILURE; | 278 return DROPBEAR_FAILURE; |
287 | 279 |
288 goodshell: | 280 goodshell: |
335 | 327 |
336 buf_putbyte(ses.writepayload, partial ? 1 : 0); | 328 buf_putbyte(ses.writepayload, partial ? 1 : 0); |
337 encrypt_packet(); | 329 encrypt_packet(); |
338 | 330 |
339 if (incrfail) { | 331 if (incrfail) { |
340 usleep(300000); /* XXX improve this */ | 332 unsigned int delay; |
333 genrandom((unsigned char*)&delay, sizeof(delay)); | |
334 /* We delay for 300ms +- 50ms, 0.1ms granularity */ | |
335 delay = 250000 + (delay % 1000)*100; | |
336 usleep(delay); | |
341 ses.authstate.failcount++; | 337 ses.authstate.failcount++; |
342 } | 338 } |
343 | 339 |
344 if (ses.authstate.failcount >= MAX_AUTH_TRIES) { | 340 if (ses.authstate.failcount >= MAX_AUTH_TRIES) { |
345 char * userstr; | 341 char * userstr; |