Mercurial > dropbear
comparison svr-authpasswd.c @ 464:4317be8b7cf9
Make a copy of passwd fields since getpwnam()'s retval isn't safe to keep
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Sun, 13 Jan 2008 03:55:59 +0000 |
| parents | 161557a9dde8 |
| children | a98a2138364a |
comparison
equal
deleted
inserted
replaced
| 461:db4f6adcb7e2 | 464:4317be8b7cf9 |
|---|---|
| 44 unsigned char * password; | 44 unsigned char * password; |
| 45 unsigned int passwordlen; | 45 unsigned int passwordlen; |
| 46 | 46 |
| 47 unsigned int changepw; | 47 unsigned int changepw; |
| 48 | 48 |
| 49 passwdcrypt = ses.authstate.pw->pw_passwd; | 49 passwdcrypt = ses.authstate.pw_passwd; |
| 50 #ifdef HAVE_SHADOW_H | 50 #ifdef HAVE_SHADOW_H |
| 51 /* get the shadow password if possible */ | 51 /* get the shadow password if possible */ |
| 52 spasswd = getspnam(ses.authstate.printableuser); | 52 spasswd = getspnam(ses.authstate.pw_name); |
| 53 if (spasswd != NULL && spasswd->sp_pwdp != NULL) { | 53 if (spasswd != NULL && spasswd->sp_pwdp != NULL) { |
| 54 passwdcrypt = spasswd->sp_pwdp; | 54 passwdcrypt = spasswd->sp_pwdp; |
| 55 } | 55 } |
| 56 #endif | 56 #endif |
| 57 | 57 |
| 63 /* check for empty password - need to do this again here | 63 /* check for empty password - need to do this again here |
| 64 * since the shadow password may differ to that tested | 64 * since the shadow password may differ to that tested |
| 65 * in auth.c */ | 65 * in auth.c */ |
| 66 if (passwdcrypt[0] == '\0') { | 66 if (passwdcrypt[0] == '\0') { |
| 67 dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected", | 67 dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected", |
| 68 ses.authstate.printableuser); | 68 ses.authstate.pw_name); |
| 69 send_msg_userauth_failure(0, 1); | 69 send_msg_userauth_failure(0, 1); |
| 70 return; | 70 return; |
| 71 } | 71 } |
| 72 | 72 |
| 73 /* check if client wants to change password */ | 73 /* check if client wants to change password */ |
| 87 | 87 |
| 88 if (strcmp(testcrypt, passwdcrypt) == 0) { | 88 if (strcmp(testcrypt, passwdcrypt) == 0) { |
| 89 /* successful authentication */ | 89 /* successful authentication */ |
| 90 dropbear_log(LOG_NOTICE, | 90 dropbear_log(LOG_NOTICE, |
| 91 "password auth succeeded for '%s' from %s", | 91 "password auth succeeded for '%s' from %s", |
| 92 ses.authstate.printableuser, | 92 ses.authstate.pw_name, |
| 93 svr_ses.addrstring); | 93 svr_ses.addrstring); |
| 94 send_msg_userauth_success(); | 94 send_msg_userauth_success(); |
| 95 } else { | 95 } else { |
| 96 dropbear_log(LOG_WARNING, | 96 dropbear_log(LOG_WARNING, |
| 97 "bad password attempt for '%s' from %s", | 97 "bad password attempt for '%s' from %s", |
| 98 ses.authstate.printableuser, | 98 ses.authstate.pw_name, |
| 99 svr_ses.addrstring); | 99 svr_ses.addrstring); |
| 100 send_msg_userauth_failure(0, 1); | 100 send_msg_userauth_failure(0, 1); |
| 101 } | 101 } |
| 102 | 102 |
| 103 } | 103 } |