changeset 676:0edf08895a33

Return immediate success for blank passwords if allowed
author Matt Johnston <matt@ucc.asn.au>
date Wed, 09 May 2012 22:37:04 +0800
parents dfdb9d9189ff
children 55b84e59aaad
files common-session.c svr-auth.c svr-authpasswd.c
diffstat 3 files changed, 37 insertions(+), 22 deletions(-) [+]
line wrap: on
line diff
--- a/common-session.c	Wed May 09 21:09:34 2012 +0800
+++ b/common-session.c	Wed May 09 22:37:04 2012 +0800
@@ -453,6 +453,16 @@
 	ses.authstate.pw_name = m_strdup(pw->pw_name);
 	ses.authstate.pw_dir = m_strdup(pw->pw_dir);
 	ses.authstate.pw_shell = m_strdup(pw->pw_shell);
-	ses.authstate.pw_passwd = m_strdup(pw->pw_passwd);
+	{
+		char *passwd_crypt = pw->pw_passwd;
+#ifdef HAVE_SHADOW_H
+		/* get the shadow password if possible */
+		struct spwd *spasswd = getspnam(ses.authstate.pw_name);
+		if (spasswd && spasswd->sp_pwdp) {
+			passwd_crypt = spasswd->sp_pwdp;
+		}
+#endif
+		ses.authstate.pw_passwd = m_strdup(passwd_crypt);
+	}
 }
 
--- a/svr-auth.c	Wed May 09 21:09:34 2012 +0800
+++ b/svr-auth.c	Wed May 09 22:37:04 2012 +0800
@@ -141,15 +141,6 @@
 		dropbear_exit("unknown service in auth");
 	}
 
-	/* user wants to know what methods are supported */
-	if (methodlen == AUTH_METHOD_NONE_LEN &&
-			strncmp(methodname, AUTH_METHOD_NONE,
-				AUTH_METHOD_NONE_LEN) == 0) {
-		TRACE(("recv_msg_userauth_request: 'none' request"))
-		send_msg_userauth_failure(0, 0);
-		goto out;
-	}
-	
 	/* check username is good before continuing */
 	if (checkusername(username, userlen) == DROPBEAR_FAILURE) {
 		/* username is invalid/no shell/etc - send failure */
@@ -158,6 +149,31 @@
 		goto out;
 	}
 
+	/* user wants to know what methods are supported */
+	if (methodlen == AUTH_METHOD_NONE_LEN &&
+			strncmp(methodname, AUTH_METHOD_NONE,
+				AUTH_METHOD_NONE_LEN) == 0) {
+		TRACE(("recv_msg_userauth_request: 'none' request"))
+#ifdef ALLOW_BLANK_PASSWORD
+		if (!svr_opts.noauthpass 
+				&& !(svr_opts.norootpass && ses.authstate.pw_uid == 0) 
+				&& ses.authstate.pw_passwd == '\0') 
+		{
+			dropbear_log(LOG_NOTICE, 
+					"Auth succeeded with blank password for '%s' from %s",
+					ses.authstate.pw_name,
+					svr_ses.addrstring);
+			send_msg_userauth_success();
+			goto out;
+		}
+		else
+#endif
+		{
+			send_msg_userauth_failure(0, 0);
+			goto out;
+		}
+	}
+	
 #ifdef ENABLE_SVR_PASSWORD_AUTH
 	if (!svr_opts.noauthpass &&
 			!(svr_opts.norootpass && ses.authstate.pw_uid == 0) ) {
@@ -205,8 +221,7 @@
 }
 
 
-/* Check that the username exists, has a non-empty password, and has a valid
- * shell.
+/* Check that the username exists and isn't disallowed (root), and has a valid shell.
  * returns DROPBEAR_SUCCESS on valid username, DROPBEAR_FAILURE on failure */
 static int checkusername(unsigned char *username, unsigned int userlen) {
 
--- a/svr-authpasswd.c	Wed May 09 21:09:34 2012 +0800
+++ b/svr-authpasswd.c	Wed May 09 22:37:04 2012 +0800
@@ -36,9 +36,6 @@
  * appropriate */
 void svr_auth_password() {
 	
-#ifdef HAVE_SHADOW_H
-	struct spwd *spasswd = NULL;
-#endif
 	char * passwdcrypt = NULL; /* the crypt from /etc/passwd or /etc/shadow */
 	char * testcrypt = NULL; /* crypt generated from the user's password sent */
 	unsigned char * password;
@@ -48,13 +45,6 @@
 	unsigned int changepw;
 
 	passwdcrypt = ses.authstate.pw_passwd;
-#ifdef HAVE_SHADOW_H
-	/* get the shadow password if possible */
-	spasswd = getspnam(ses.authstate.pw_name);
-	if (spasswd != NULL && spasswd->sp_pwdp != NULL) {
-		passwdcrypt = spasswd->sp_pwdp;
-	}
-#endif
 
 #ifdef DEBUG_HACKCRYPT
 	/* debugging crypt for non-root testing with shadows */