1f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project/* 2f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * Dropbear - a SSH2 server 3f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * 4f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * Copyright (c) 2002,2003 Matt Johnston 5f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * All rights reserved. 6f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * 7f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * Permission is hereby granted, free of charge, to any person obtaining a copy 8f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * of this software and associated documentation files (the "Software"), to deal 9f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * in the Software without restriction, including without limitation the rights 10f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * copies of the Software, and to permit persons to whom the Software is 12f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * furnished to do so, subject to the following conditions: 13f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * 14f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * The above copyright notice and this permission notice shall be included in 15f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * all copies or substantial portions of the Software. 16f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * 17f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 20f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * SOFTWARE. */ 24f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 25f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project/* Validates a user password */ 26f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 27f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project#include "includes.h" 28f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project#include "session.h" 29f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project#include "buffer.h" 30f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project#include "dbutil.h" 31f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project#include "auth.h" 32f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 33f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project#ifdef ENABLE_SVR_PASSWORD_AUTH 34f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 35f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project/* Process a password auth request, sending success or failure messages as 36f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * appropriate */ 37f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Projectvoid svr_auth_password() { 38f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 39f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project#ifdef HAVE_SHADOW_H 40f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project struct spwd *spasswd = NULL; 41f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project#endif 42f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project char * passwdcrypt = NULL; /* the crypt from /etc/passwd or /etc/shadow */ 43f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project char * testcrypt = NULL; /* crypt generated from the user's password sent */ 44f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project unsigned char * password; 45f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project unsigned int passwordlen; 46f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 47f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project unsigned int changepw; 48f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 49f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project passwdcrypt = ses.authstate.pw->pw_passwd; 50f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project#ifdef HAVE_SHADOW_H 51f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project /* get the shadow password if possible */ 52f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project spasswd = getspnam(ses.authstate.printableuser); 53f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project if (spasswd != NULL && spasswd->sp_pwdp != NULL) { 54f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project passwdcrypt = spasswd->sp_pwdp; 55f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project } 56f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project#endif 57f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 58f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project#ifdef DEBUG_HACKCRYPT 59f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project /* debugging crypt for non-root testing with shadows */ 60f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project passwdcrypt = DEBUG_HACKCRYPT; 61f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project#endif 62f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 63f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project /* check for empty password - need to do this again here 64f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * since the shadow password may differ to that tested 65f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * in auth.c */ 66f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project if (passwdcrypt[0] == '\0') { 67f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected", 68f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project ses.authstate.printableuser); 69f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project send_msg_userauth_failure(0, 1); 70f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project return; 71f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project } 72f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 73f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project /* check if client wants to change password */ 74f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project changepw = buf_getbool(ses.payload); 75f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project if (changepw) { 76f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project /* not implemented by this server */ 77f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project send_msg_userauth_failure(0, 1); 78f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project return; 79f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project } 80f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 81f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project password = buf_getstring(ses.payload, &passwordlen); 82f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 83f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project /* the first bytes of passwdcrypt are the salt */ 84f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project testcrypt = crypt((char*)password, passwdcrypt); 85f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project m_burn(password, passwordlen); 86f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project m_free(password); 87f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 88f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project if (strcmp(testcrypt, passwdcrypt) == 0) { 89f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project /* successful authentication */ 90f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project dropbear_log(LOG_NOTICE, 91f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project "password auth succeeded for '%s' from %s", 92f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project ses.authstate.printableuser, 93f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project svr_ses.addrstring); 94f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project send_msg_userauth_success(); 95f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project } else { 96f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project dropbear_log(LOG_WARNING, 97f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project "bad password attempt for '%s' from %s", 98f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project ses.authstate.printableuser, 99f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project svr_ses.addrstring); 100f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project send_msg_userauth_failure(0, 1); 101f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project } 102f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 103f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project} 104f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 105f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project#endif 106