Mercurial > dropbear
diff svr-authpasswd.c @ 628:d40f3cc47aed
- Add ALLOW_BLANK_PASSWORD option
- Don't reject blank-password logins via public key
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Wed, 26 Oct 2011 15:49:47 +0000 |
| parents | a98a2138364a |
| children | 0edf08895a33 |
line wrap: on
line diff
--- a/svr-authpasswd.c Thu Oct 20 13:45:43 2011 +0000 +++ b/svr-authpasswd.c Wed Oct 26 15:49:47 2011 +0000 @@ -42,6 +42,7 @@ char * passwdcrypt = NULL; /* the crypt from /etc/passwd or /etc/shadow */ char * testcrypt = NULL; /* crypt generated from the user's password sent */ unsigned char * password; + int success_blank = 0; unsigned int passwordlen; unsigned int changepw; @@ -60,16 +61,6 @@ passwdcrypt = DEBUG_HACKCRYPT; #endif - /* check for empty password - need to do this again here - * since the shadow password may differ to that tested - * in auth.c */ - if (passwdcrypt[0] == '\0') { - dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected", - ses.authstate.pw_name); - send_msg_userauth_failure(0, 1); - return; - } - /* check if client wants to change password */ changepw = buf_getbool(ses.payload); if (changepw) { @@ -85,7 +76,21 @@ m_burn(password, passwordlen); m_free(password); - if (strcmp(testcrypt, passwdcrypt) == 0) { + /* check for empty password */ + if (passwdcrypt[0] == '\0') { +#ifdef ALLOW_BLANK_PASSWORD + if (passwordlen == 0) { + success_blank = 1; + } +#else + dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected", + ses.authstate.pw_name); + send_msg_userauth_failure(0, 1); + return; +#endif + } + + if (success_blank || strcmp(testcrypt, passwdcrypt) == 0) { /* successful authentication */ dropbear_log(LOG_NOTICE, "Password auth succeeded for '%s' from %s", @@ -99,7 +104,6 @@ svr_ses.addrstring); send_msg_userauth_failure(0, 1); } - } #endif