Mercurial > dropbear

comparison svr-authpasswd.c @ 4:fe6bca95afa7

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Makefile.in contains updated files required
author Matt Johnston <matt@ucc.asn.au>
date Tue, 01 Jun 2004 02:46:09 +0000
parents
children f789045062e6
comparison
equal deleted inserted replaced
-1:000000000000 4:fe6bca95afa7
1 /*
2 * Dropbear - a SSH2 server
3 *
4 * Copyright (c) 2002,2003 Matt Johnston
5 * All rights reserved.
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23 * SOFTWARE. */
24
25 /* Validates a user password */
26
27 #include "includes.h"
28 #include "session.h"
29 #include "buffer.h"
30 #include "dbutil.h"
31 #include "auth.h"
32 #include "authpasswd.h"
33
34 #ifdef DROPBEAR_PASSWORD_AUTH
35
36 /* Process a password auth request, sending success or failure messages as
37 * appropriate */
38 void passwordauth() {
39
40 #ifdef HAVE_SHADOW_H
41 struct spwd *spasswd;
42 #endif
43 char * passwdcrypt; /* the crypt from /etc/passwd or /etc/shadow */
44 char * testcrypt; /* crypt generated from the user's password sent */
45 unsigned char * password;
46 unsigned int passwordlen;
47
48 unsigned char changepw;
49
50 passwdcrypt = svr_ses.authstate.pw->pw_passwd;
51 #ifdef HAVE_SHADOW_H
52 /* get the shadow password if possible */
53 spasswd = getspnam(svr_ses.authstate.pw->pw_name);
54 if (spasswd != NULL && spasswd->sp_pwdp != NULL) {
55 passwdcrypt = spasswd->sp_pwdp;
56 }
57 #endif
58
59 #ifdef DEBUG_HACKCRYPT
60 /* debugging crypt for non-root testing with shadows */
61 passwdcrypt = DEBUG_HACKCRYPT;
62 #endif
63
64 /* check for empty password - need to do this again here
65 * since the shadow password may differ to that tested
66 * in auth.c */
67 if (passwdcrypt[0] == '\0') {
68 dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected",
69 svr_ses.authstate.printableuser);
70 send_msg_userauth_failure(0, 1);
71 return;
72 }
73
74 /* check if client wants to change password */
75 changepw = buf_getbyte(ses.payload);
76 if (changepw) {
77 /* not implemented by this server */
78 send_msg_userauth_failure(0, 1);
79 return;
80 }
81
82 password = buf_getstring(ses.payload, &passwordlen);
83
84 /* clear the buffer containing the password */
85 buf_incrpos(ses.payload, -passwordlen - 4);
86 m_burn(buf_getptr(ses.payload, passwordlen + 4), passwordlen + 4);
87
88 /* the first bytes of passwdcrypt are the salt */
89 testcrypt = crypt((char*)password, passwdcrypt);
90
91 if (strcmp(testcrypt, passwdcrypt) == 0) {
92 /* successful authentication */
93 dropbear_log(LOG_NOTICE,
94 "password auth succeeded for '%s'",
95 svr_ses.authstate.printableuser);
96 send_msg_userauth_success();
97 } else {
98 dropbear_log(LOG_WARNING,
99 "bad password attempt for '%s'",
100 svr_ses.authstate.printableuser);
101 send_msg_userauth_failure(0, 1);
102 }
103
104 m_burn(password, passwordlen);
105 m_free(password);
106 }
107
108 #endif /* DROPBEAR_PASSWORD_AUTH */