1 files changed, 38 insertions, 31 deletions

diff --git a/auth-passwd.c b/auth-passwd.c
index 63ccf3ca..24fcb67b 100644
--- a/auth-passwd.c
+++ b/auth-passwd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-passwd.c,v 1.44 2014/07/15 15:54:14 millert Exp $ */
+/* $OpenBSD: auth-passwd.c,v 1.47 2018/07/09 21:26:02 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -46,16 +46,17 @@
 #include <stdarg.h>
 
 #include "packet.h"
-#include "buffer.h"
+#include "sshbuf.h"
+#include "ssherr.h"
 #include "log.h"
 #include "misc.h"
 #include "servconf.h"
-#include "key.h"
+#include "sshkey.h"
 #include "hostfile.h"
 #include "auth.h"
 #include "auth-options.h"
 
-extern Buffer loginmsg;
+extern struct sshbuf *loginmsg;
 extern ServerOptions options;
 
 #ifdef HAVE_LOGIN_CAP
@@ -66,27 +67,25 @@ extern login_cap_t *lc;
 #define DAY		(24L * 60 * 60) /* 1 day in seconds */
 #define TWO_WEEKS	(2L * 7 * DAY)	/* 2 weeks in seconds */
 
-void
-disable_forwarding(void)
-{
-	no_port_forwarding_flag = 1;
-	no_agent_forwarding_flag = 1;
-	no_x11_forwarding_flag = 1;
-}
+#define MAX_PASSWORD_LEN	1024
 
 /*
  * Tries to authenticate the user using password.  Returns true if
  * authentication succeeds.
  */
 int
-auth_password(Authctxt *authctxt, const char *password)
+auth_password(struct ssh *ssh, const char *password)
 {
-	struct passwd * pw = authctxt->pw;
+	Authctxt *authctxt = ssh->authctxt;
+	struct passwd *pw = authctxt->pw;
 	int result, ok = authctxt->valid;
 #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
 	static int expire_checked = 0;
 #endif
 
+	if (strlen(password) > MAX_PASSWORD_LEN)
+		return 0;
+
 #ifndef HAVE_CYGWIN
 	if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
 		ok = 0;
@@ -123,9 +122,9 @@ auth_password(Authctxt *authctxt, const char *password)
 			authctxt->force_pwchange = 1;
 	}
 #endif
-	result = sys_auth_passwd(authctxt, password);
+	result = sys_auth_passwd(ssh, password);
 	if (authctxt->force_pwchange)
-		disable_forwarding();
+		auth_restrict_session(ssh);
 	return (result && ok);
 }
 
@@ -133,7 +132,7 @@ auth_password(Authctxt *authctxt, const char *password)
 static void
 warn_expiry(Authctxt *authctxt, auth_session_t *as)
 {
-	char buf[256];
+	int r;
 	quad_t pwtimeleft, actimeleft, daysleft, pwwarntime, acwarntime;
 
 	pwwarntime = acwarntime = TWO_WEEKS;
@@ -150,34 +149,34 @@ warn_expiry(Authctxt *authctxt, auth_session_t *as)
 #endif
 	if (pwtimeleft != 0 && pwtimeleft < pwwarntime) {
 		daysleft = pwtimeleft / DAY + 1;
-		snprintf(buf, sizeof(buf),
+		if ((r = sshbuf_putf(loginmsg,
 		    "Your password will expire in %lld day%s.\n",
-		    daysleft, daysleft == 1 ? "" : "s");
-		buffer_append(&loginmsg, buf, strlen(buf));
+		    daysleft, daysleft == 1 ? "" : "s")) != 0)
+			fatal("%s: buffer error: %s", __func__, ssh_err(r));
 	}
 	if (actimeleft != 0 && actimeleft < acwarntime) {
 		daysleft = actimeleft / DAY + 1;
-		snprintf(buf, sizeof(buf),
+		if ((r = sshbuf_putf(loginmsg,
 		    "Your account will expire in %lld day%s.\n",
-		    daysleft, daysleft == 1 ? "" : "s");
-		buffer_append(&loginmsg, buf, strlen(buf));
+		    daysleft, daysleft == 1 ? "" : "s")) != 0)
+			fatal("%s: buffer error: %s", __func__, ssh_err(r));
 	}
 }
 
 int
-sys_auth_passwd(Authctxt *authctxt, const char *password)
+sys_auth_passwd(struct ssh *ssh, const char *password)
 {
-	struct passwd *pw = authctxt->pw;
+	Authctxt *authctxt = ssh->authctxt;
 	auth_session_t *as;
 	static int expire_checked = 0;
 
-	as = auth_usercheck(pw->pw_name, authctxt->style, "auth-ssh",
+	as = auth_usercheck(authctxt->pw->pw_name, authctxt->style, "auth-ssh",
 	    (char *)password);
 	if (as == NULL)
 		return (0);
 	if (auth_getstate(as) & AUTH_PWEXPIRED) {
 		auth_close(as);
-		disable_forwarding();
+		auth_restrict_session(ssh);
 		authctxt->force_pwchange = 1;
 		return (1);
 	} else {
@@ -190,21 +189,29 @@ sys_auth_passwd(Authctxt *authctxt, const char *password)
 }
 #elif !defined(CUSTOM_SYS_AUTH_PASSWD)
 int
-sys_auth_passwd(Authctxt *authctxt, const char *password)
+sys_auth_passwd(struct ssh *ssh, const char *password)
 {
+	Authctxt *authctxt = ssh->authctxt;
 	struct passwd *pw = authctxt->pw;
-	char *encrypted_password;
+	char *encrypted_password, *salt = NULL;
 
 	/* Just use the supplied fake password if authctxt is invalid */
 	char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd;
 
+	if (pw_password == NULL)
+		return 0;
+
 	/* Check for users with no password. */
 	if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0)
 		return (1);
 
-	/* Encrypt the candidate password using the proper salt. */
-	encrypted_password = xcrypt(password,
-	    (pw_password[0] && pw_password[1]) ? pw_password : "xx");
+	/*
+	 * Encrypt the candidate password using the proper salt, or pass a
+	 * NULL and let xcrypt pick one.
+	 */
+	if (authctxt->valid && pw_password[0] && pw_password[1])
+		salt = pw_password;
+	encrypted_password = xcrypt(password, salt);
 
 	/*
 	 * Authentication is accepted if the encrypted passwords