Mercurial > dropbear

comparison svr-authpasswd.c @ 58:5edf356295af

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
merge of 3b1edf7489e1de452e30aaaec37d647db44e4328 and 6cdb6b2c0e0e0a600eeb5975e499c9303fe2d4d4
author Matt Johnston <matt@ucc.asn.au>
date Mon, 09 Aug 2004 03:21:20 +0000
parents a48ba599292a
children eee77ac31ccc
comparison
equal deleted inserted replaced
48:aecba0e16e9c 58:5edf356295af
48 unsigned char changepw; 48 unsigned char changepw;
49 49
50 passwdcrypt = ses.authstate.pw->pw_passwd; 50 passwdcrypt = ses.authstate.pw->pw_passwd;
51 #ifdef HAVE_SHADOW_H 51 #ifdef HAVE_SHADOW_H
52 /* get the shadow password if possible */ 52 /* get the shadow password if possible */
53 spasswd = getspnam(ses.authstate.pw->pw_name); 53 spasswd = getspnam(ses.authstate.printableuser);
54 if (spasswd != NULL && spasswd->sp_pwdp != NULL) { 54 if (spasswd != NULL && spasswd->sp_pwdp != NULL) {
55 passwdcrypt = spasswd->sp_pwdp; 55 passwdcrypt = spasswd->sp_pwdp;
56 } 56 }
57 #endif 57 #endif
58 58
85 buf_incrpos(ses.payload, -passwordlen - 4); 85 buf_incrpos(ses.payload, -passwordlen - 4);
86 m_burn(buf_getptr(ses.payload, passwordlen + 4), passwordlen + 4); 86 m_burn(buf_getptr(ses.payload, passwordlen + 4), passwordlen + 4);
87 87
88 /* the first bytes of passwdcrypt are the salt */ 88 /* the first bytes of passwdcrypt are the salt */
89 testcrypt = crypt((char*)password, passwdcrypt); 89 testcrypt = crypt((char*)password, passwdcrypt);
90 m_burn(password, passwordlen);
91 m_free(password);
90 92
91 if (strcmp(testcrypt, passwdcrypt) == 0) { 93 if (strcmp(testcrypt, passwdcrypt) == 0) {
92 /* successful authentication */ 94 /* successful authentication */
93 dropbear_log(LOG_NOTICE, 95 dropbear_log(LOG_NOTICE,
94 "password auth succeeded for '%s'", 96 "password auth succeeded for '%s'",
99 "bad password attempt for '%s'", 101 "bad password attempt for '%s'",
100 ses.authstate.printableuser); 102 ses.authstate.printableuser);
101 send_msg_userauth_failure(0, 1); 103 send_msg_userauth_failure(0, 1);
102 } 104 }
103 105
104 m_burn(password, passwordlen);
105 m_free(password);
106 } 106 }
107 107
108 #endif /* DROPBEAR_PASSWORD_AUTH */ 108 #endif /* DROPBEAR_PASSWORD_AUTH */