Mercurial > dropbear
comparison svr-auth.c @ 1733:d529a52b2f7c coverity coverity
merge coverity from main
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Fri, 26 Jun 2020 21:07:34 +0800 |
parents | 7c17995bcdfb |
children | 8dc43b30c6bf |
comparison
equal
deleted
inserted
replaced
1643:b59623a64678 | 1733:d529a52b2f7c |
---|---|
239 if (userlen > MAX_USERNAME_LEN) { | 239 if (userlen > MAX_USERNAME_LEN) { |
240 return DROPBEAR_FAILURE; | 240 return DROPBEAR_FAILURE; |
241 } | 241 } |
242 | 242 |
243 if (strlen(username) != userlen) { | 243 if (strlen(username) != userlen) { |
244 dropbear_exit("Attempted username with a null byte from %s", | 244 dropbear_exit("Attempted username with a null byte"); |
245 svr_ses.addrstring); | |
246 } | 245 } |
247 | 246 |
248 if (ses.authstate.username == NULL) { | 247 if (ses.authstate.username == NULL) { |
249 /* first request */ | 248 /* first request */ |
250 fill_passwd(username); | 249 fill_passwd(username); |
251 ses.authstate.username = m_strdup(username); | 250 ses.authstate.username = m_strdup(username); |
252 } else { | 251 } else { |
253 /* check username hasn't changed */ | 252 /* check username hasn't changed */ |
254 if (strcmp(username, ses.authstate.username) != 0) { | 253 if (strcmp(username, ses.authstate.username) != 0) { |
255 dropbear_exit("Client trying multiple usernames from %s", | 254 dropbear_exit("Client trying multiple usernames"); |
256 svr_ses.addrstring); | |
257 } | 255 } |
258 } | 256 } |
259 | 257 |
260 /* avoids cluttering logs with repeated failure messages from | 258 /* avoids cluttering logs with repeated failure messages from |
261 consecutive authentication requests in a sesssion */ | 259 consecutive authentication requests in a sesssion */ |
266 | 264 |
267 /* check that user exists */ | 265 /* check that user exists */ |
268 if (!ses.authstate.pw_name) { | 266 if (!ses.authstate.pw_name) { |
269 TRACE(("leave checkusername: user '%s' doesn't exist", username)) | 267 TRACE(("leave checkusername: user '%s' doesn't exist", username)) |
270 dropbear_log(LOG_WARNING, | 268 dropbear_log(LOG_WARNING, |
271 "Login attempt for nonexistent user from %s", | 269 "Login attempt for nonexistent user"); |
272 svr_ses.addrstring); | |
273 ses.authstate.checkusername_failed = 1; | 270 ses.authstate.checkusername_failed = 1; |
274 return DROPBEAR_FAILURE; | 271 return DROPBEAR_FAILURE; |
275 } | 272 } |
276 | 273 |
277 /* check if we are running as non-root, and login user is different from the server */ | 274 /* check if we are running as non-root, and login user is different from the server */ |
278 uid = geteuid(); | 275 uid = geteuid(); |
279 if (!(DROPBEAR_SVR_MULTIUSER && uid == 0) && uid != ses.authstate.pw_uid) { | 276 if (!(DROPBEAR_SVR_MULTIUSER && uid == 0) && uid != ses.authstate.pw_uid) { |
280 TRACE(("running as nonroot, only server uid is allowed")) | 277 TRACE(("running as nonroot, only server uid is allowed")) |
281 dropbear_log(LOG_WARNING, | 278 dropbear_log(LOG_WARNING, |
282 "Login attempt with wrong user %s from %s", | 279 "Login attempt with wrong user %s", |
283 ses.authstate.pw_name, | 280 ses.authstate.pw_name); |
284 svr_ses.addrstring); | |
285 ses.authstate.checkusername_failed = 1; | 281 ses.authstate.checkusername_failed = 1; |
286 return DROPBEAR_FAILURE; | 282 return DROPBEAR_FAILURE; |
287 } | 283 } |
288 | 284 |
289 /* check for non-root if desired */ | 285 /* check for non-root if desired */ |
438 if (ses.authstate.pw_name == NULL) { | 434 if (ses.authstate.pw_name == NULL) { |
439 userstr = "is invalid"; | 435 userstr = "is invalid"; |
440 } else { | 436 } else { |
441 userstr = ses.authstate.pw_name; | 437 userstr = ses.authstate.pw_name; |
442 } | 438 } |
443 dropbear_exit("Max auth tries reached - user '%s' from %s", | 439 dropbear_exit("Max auth tries reached - user '%s'", |
444 userstr, svr_ses.addrstring); | 440 userstr); |
445 } | 441 } |
446 | 442 |
447 TRACE(("leave send_msg_userauth_failure")) | 443 TRACE(("leave send_msg_userauth_failure")) |
448 } | 444 } |
449 | 445 |