diff options
| author | Alistair Delva <adelva@google.com> | 2020-08-21 00:00:13 +0000 |
|---|---|---|
| committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2020-08-21 00:00:13 +0000 |
| commit | ed358b3546c776c1c677fd88eb8f716cf6187510 (patch) | |
| tree | 3c6134bcb2cda4b9dccc57b4a8b997a945aab62d /auth-passwd.c | |
| parent | 22246b08952d746a7cc5a292570636cf4277598f (diff) | |
| parent | 44a1065de8a58c51a021243a28bfa01e87822e4f (diff) | |
Merge changes I934c73d4,I28cdc9a0,I9e734da9,I3c079d86
* changes:
UPSTREAM: depend
UPSTREAM: upstream: avoid possible NULL deref; from Pedro Martelletto
Revert "upstream: fix compilation with DEBUG_KEXDH; bz#3160 ok dtucker@"
Merge upstream-master into master
Diffstat (limited to 'auth-passwd.c')
| -rw-r--r-- | auth-passwd.c | 69 |
1 files changed, 38 insertions, 31 deletions
diff --git a/auth-passwd.c b/auth-passwd.c index 63ccf3ca..24fcb67b 100644 --- a/auth-passwd.c +++ b/auth-passwd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-passwd.c,v 1.44 2014/07/15 15:54:14 millert Exp $ */ +/* $OpenBSD: auth-passwd.c,v 1.47 2018/07/09 21:26:02 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -46,16 +46,17 @@ #include <stdarg.h> #include "packet.h" -#include "buffer.h" +#include "sshbuf.h" +#include "ssherr.h" #include "log.h" #include "misc.h" #include "servconf.h" -#include "key.h" +#include "sshkey.h" #include "hostfile.h" #include "auth.h" #include "auth-options.h" -extern Buffer loginmsg; +extern struct sshbuf *loginmsg; extern ServerOptions options; #ifdef HAVE_LOGIN_CAP @@ -66,27 +67,25 @@ extern login_cap_t *lc; #define DAY (24L * 60 * 60) /* 1 day in seconds */ #define TWO_WEEKS (2L * 7 * DAY) /* 2 weeks in seconds */ -void -disable_forwarding(void) -{ - no_port_forwarding_flag = 1; - no_agent_forwarding_flag = 1; - no_x11_forwarding_flag = 1; -} +#define MAX_PASSWORD_LEN 1024 /* * Tries to authenticate the user using password. Returns true if * authentication succeeds. */ int -auth_password(Authctxt *authctxt, const char *password) +auth_password(struct ssh *ssh, const char *password) { - struct passwd * pw = authctxt->pw; + Authctxt *authctxt = ssh->authctxt; + struct passwd *pw = authctxt->pw; int result, ok = authctxt->valid; #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) static int expire_checked = 0; #endif + if (strlen(password) > MAX_PASSWORD_LEN) + return 0; + #ifndef HAVE_CYGWIN if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) ok = 0; @@ -123,9 +122,9 @@ auth_password(Authctxt *authctxt, const char *password) authctxt->force_pwchange = 1; } #endif - result = sys_auth_passwd(authctxt, password); + result = sys_auth_passwd(ssh, password); if (authctxt->force_pwchange) - disable_forwarding(); + auth_restrict_session(ssh); return (result && ok); } @@ -133,7 +132,7 @@ auth_password(Authctxt *authctxt, const char *password) static void warn_expiry(Authctxt *authctxt, auth_session_t *as) { - char buf[256]; + int r; quad_t pwtimeleft, actimeleft, daysleft, pwwarntime, acwarntime; pwwarntime = acwarntime = TWO_WEEKS; @@ -150,34 +149,34 @@ warn_expiry(Authctxt *authctxt, auth_session_t *as) #endif if (pwtimeleft != 0 && pwtimeleft < pwwarntime) { daysleft = pwtimeleft / DAY + 1; - snprintf(buf, sizeof(buf), + if ((r = sshbuf_putf(loginmsg, "Your password will expire in %lld day%s.\n", - daysleft, daysleft == 1 ? "" : "s"); - buffer_append(&loginmsg, buf, strlen(buf)); + daysleft, daysleft == 1 ? "" : "s")) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); } if (actimeleft != 0 && actimeleft < acwarntime) { daysleft = actimeleft / DAY + 1; - snprintf(buf, sizeof(buf), + if ((r = sshbuf_putf(loginmsg, "Your account will expire in %lld day%s.\n", - daysleft, daysleft == 1 ? "" : "s"); - buffer_append(&loginmsg, buf, strlen(buf)); + daysleft, daysleft == 1 ? "" : "s")) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); } } int -sys_auth_passwd(Authctxt *authctxt, const char *password) +sys_auth_passwd(struct ssh *ssh, const char *password) { - struct passwd *pw = authctxt->pw; + Authctxt *authctxt = ssh->authctxt; auth_session_t *as; static int expire_checked = 0; - as = auth_usercheck(pw->pw_name, authctxt->style, "auth-ssh", + as = auth_usercheck(authctxt->pw->pw_name, authctxt->style, "auth-ssh", (char *)password); if (as == NULL) return (0); if (auth_getstate(as) & AUTH_PWEXPIRED) { auth_close(as); - disable_forwarding(); + auth_restrict_session(ssh); authctxt->force_pwchange = 1; return (1); } else { @@ -190,21 +189,29 @@ sys_auth_passwd(Authctxt *authctxt, const char *password) } #elif !defined(CUSTOM_SYS_AUTH_PASSWD) int -sys_auth_passwd(Authctxt *authctxt, const char *password) +sys_auth_passwd(struct ssh *ssh, const char *password) { + Authctxt *authctxt = ssh->authctxt; struct passwd *pw = authctxt->pw; - char *encrypted_password; + char *encrypted_password, *salt = NULL; /* Just use the supplied fake password if authctxt is invalid */ char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd; + if (pw_password == NULL) + return 0; + /* Check for users with no password. */ if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0) return (1); - /* Encrypt the candidate password using the proper salt. */ - encrypted_password = xcrypt(password, - (pw_password[0] && pw_password[1]) ? pw_password : "xx"); + /* + * Encrypt the candidate password using the proper salt, or pass a + * NULL and let xcrypt pick one. + */ + if (authctxt->valid && pw_password[0] && pw_password[1]) + salt = pw_password; + encrypted_password = xcrypt(password, salt); /* * Authentication is accepted if the encrypted passwords |