# HG changeset patch # User Matt Johnston # Date 1336574224 -28800 # Node ID 0edf08895a33de9a4f14b78899acfc99596dd9a3 # Parent dfdb9d9189ffaf00c1fecd1f1dc42118d3b56f2a Return immediate success for blank passwords if allowed diff -r dfdb9d9189ff -r 0edf08895a33 common-session.c --- a/common-session.c Wed May 09 21:09:34 2012 +0800 +++ b/common-session.c Wed May 09 22:37:04 2012 +0800 @@ -453,6 +453,16 @@ ses.authstate.pw_name = m_strdup(pw->pw_name); ses.authstate.pw_dir = m_strdup(pw->pw_dir); ses.authstate.pw_shell = m_strdup(pw->pw_shell); - ses.authstate.pw_passwd = m_strdup(pw->pw_passwd); + { + char *passwd_crypt = pw->pw_passwd; +#ifdef HAVE_SHADOW_H + /* get the shadow password if possible */ + struct spwd *spasswd = getspnam(ses.authstate.pw_name); + if (spasswd && spasswd->sp_pwdp) { + passwd_crypt = spasswd->sp_pwdp; + } +#endif + ses.authstate.pw_passwd = m_strdup(passwd_crypt); + } } diff -r dfdb9d9189ff -r 0edf08895a33 svr-auth.c --- a/svr-auth.c Wed May 09 21:09:34 2012 +0800 +++ b/svr-auth.c Wed May 09 22:37:04 2012 +0800 @@ -141,15 +141,6 @@ dropbear_exit("unknown service in auth"); } - /* user wants to know what methods are supported */ - if (methodlen == AUTH_METHOD_NONE_LEN && - strncmp(methodname, AUTH_METHOD_NONE, - AUTH_METHOD_NONE_LEN) == 0) { - TRACE(("recv_msg_userauth_request: 'none' request")) - send_msg_userauth_failure(0, 0); - goto out; - } - /* check username is good before continuing */ if (checkusername(username, userlen) == DROPBEAR_FAILURE) { /* username is invalid/no shell/etc - send failure */ @@ -158,6 +149,31 @@ goto out; } + /* user wants to know what methods are supported */ + if (methodlen == AUTH_METHOD_NONE_LEN && + strncmp(methodname, AUTH_METHOD_NONE, + AUTH_METHOD_NONE_LEN) == 0) { + TRACE(("recv_msg_userauth_request: 'none' request")) +#ifdef ALLOW_BLANK_PASSWORD + if (!svr_opts.noauthpass + && !(svr_opts.norootpass && ses.authstate.pw_uid == 0) + && ses.authstate.pw_passwd == '\0') + { + dropbear_log(LOG_NOTICE, + "Auth succeeded with blank password for '%s' from %s", + ses.authstate.pw_name, + svr_ses.addrstring); + send_msg_userauth_success(); + goto out; + } + else +#endif + { + send_msg_userauth_failure(0, 0); + goto out; + } + } + #ifdef ENABLE_SVR_PASSWORD_AUTH if (!svr_opts.noauthpass && !(svr_opts.norootpass && ses.authstate.pw_uid == 0) ) { @@ -205,8 +221,7 @@ } -/* Check that the username exists, has a non-empty password, and has a valid - * shell. +/* Check that the username exists and isn't disallowed (root), and has a valid shell. * returns DROPBEAR_SUCCESS on valid username, DROPBEAR_FAILURE on failure */ static int checkusername(unsigned char *username, unsigned int userlen) { diff -r dfdb9d9189ff -r 0edf08895a33 svr-authpasswd.c --- a/svr-authpasswd.c Wed May 09 21:09:34 2012 +0800 +++ b/svr-authpasswd.c Wed May 09 22:37:04 2012 +0800 @@ -36,9 +36,6 @@ * appropriate */ void svr_auth_password() { -#ifdef HAVE_SHADOW_H - struct spwd *spasswd = NULL; -#endif char * passwdcrypt = NULL; /* the crypt from /etc/passwd or /etc/shadow */ char * testcrypt = NULL; /* crypt generated from the user's password sent */ unsigned char * password; @@ -48,13 +45,6 @@ unsigned int changepw; passwdcrypt = ses.authstate.pw_passwd; -#ifdef HAVE_SHADOW_H - /* get the shadow password if possible */ - spasswd = getspnam(ses.authstate.pw_name); - if (spasswd != NULL && spasswd->sp_pwdp != NULL) { - passwdcrypt = spasswd->sp_pwdp; - } -#endif #ifdef DEBUG_HACKCRYPT /* debugging crypt for non-root testing with shadows */