/* returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
int x11req(struct ChanSess * chansess) {
int fd;
if (!svr_pubkey_allows_x11fwd()) {
return DROPBEAR_FAILURE;
}
/* we already have an x11 connection */
if (chansess->x11listener != NULL) {
return DROPBEAR_FAILURE;
}
chansess->x11singleconn = buf_getbool(ses.payload);
chansess->x11authprot = buf_getstring(ses.payload, NULL);
chansess->x11authcookie = buf_getstring(ses.payload, NULL);
chansess->x11screennum = buf_getint(ses.payload);
/* create listening socket */
fd = socket(PF_INET, SOCK_STREAM, 0);
if (fd < 0) {
goto fail;
}
/* allocate port and bind */
chansess->x11port = bindport(fd);
if (chansess->x11port < 0) {
goto fail;
}
/* listen */
if (listen(fd, 20) < 0) {
goto fail;
}
/* set non-blocking */
setnonblocking(fd);
/* listener code will handle the socket now.
* No cleanup handler needed, since listener_remove only happens
* from our cleanup anyway */
chansess->x11listener = new_listener( &fd, 1, 0, chansess, x11accept, NULL);
if (chansess->x11listener == NULL) {
goto fail;
}
return DROPBEAR_SUCCESS;
fail:
/* cleanup */
m_free(chansess->x11authprot);
m_free(chansess->x11authcookie);
close(fd);
return DROPBEAR_FAILURE;
}
/* Process a password auth request, sending success or failure messages as
* appropriate */
void svr_auth_password() {
char * passwdcrypt = NULL; /* the crypt from /etc/passwd or /etc/shadow */
char * testcrypt = NULL; /* crypt generated from the user's password sent */
unsigned char * password;
unsigned int passwordlen;
unsigned int changepw;
passwdcrypt = ses.authstate.pw_passwd;
#ifdef DEBUG_HACKCRYPT
/* debugging crypt for non-root testing with shadows */
passwdcrypt = DEBUG_HACKCRYPT;
#endif
/* check if client wants to change password */
changepw = buf_getbool(ses.payload);
if (changepw) {
/* not implemented by this server */
send_msg_userauth_failure(0, 1);
return;
}
password = buf_getstring(ses.payload, &passwordlen);
/* the first bytes of passwdcrypt are the salt */
testcrypt = crypt((char*)password, passwdcrypt);
m_burn(password, passwordlen);
m_free(password);
/* check for empty password */
if (passwdcrypt[0] == '\0') {
dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected",
ses.authstate.pw_name);
send_msg_userauth_failure(0, 1);
return;
}
if (strcmp(testcrypt, passwdcrypt) == 0) {
/* successful authentication */
dropbear_log(LOG_NOTICE,
"Password auth succeeded for '%s' from %s",
ses.authstate.pw_name,
svr_ses.addrstring);
send_msg_userauth_success();
} else {
dropbear_log(LOG_WARNING,
"Bad password attempt for '%s' from %s",
ses.authstate.pw_name,
svr_ses.addrstring);
send_msg_userauth_failure(0, 1);
}
}
static void cli_chansessreq(struct Channel *channel) {
unsigned char* type = NULL;
int wantreply;
TRACE(("enter cli_chansessreq"))
type = buf_getstring(ses.payload, NULL);
wantreply = buf_getbool(ses.payload);
if (strcmp(type, "exit-status") == 0) {
cli_ses.retval = buf_getint(ses.payload);
TRACE(("got exit-status of '%d'", cli_ses.retval))
} else if (strcmp(type, "exit-signal") == 0) {
void recv_msg_userauth_info_request() {
unsigned char *name = NULL;
unsigned char *instruction = NULL;
unsigned int num_prompts = 0;
unsigned int i;
unsigned char *prompt = NULL;
unsigned int echo = 0;
unsigned char *response = NULL;
TRACE(("enter recv_msg_recv_userauth_info_request"))
/* Let the user know what password/host they are authing for */
if (!cli_ses.interact_request_received) {
fprintf(stderr, "Login for %s@%s\n", cli_opts.username,
//cli_opts.remotehost);
cli_opts.remote_name_str);
}
cli_ses.interact_request_received = 1;
name = buf_getstring(ses.payload, NULL);
instruction = buf_getstring(ses.payload, NULL);
/* language tag */
buf_eatstring(ses.payload);
num_prompts = buf_getint(ses.payload);
if (num_prompts >= DROPBEAR_MAX_CLI_INTERACT_PROMPTS) {
dropbear_exit("Too many prompts received for keyboard-interactive");
}
/* we'll build the response as we go */
CHECKCLEARTOWRITE();
buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_INFO_RESPONSE);
buf_putint(ses.writepayload, num_prompts);
if (strlen(name) > 0) {
cleantext(name);
fprintf(stderr, "%s", name);
}
m_free(name);
if (strlen(instruction) > 0) {
cleantext(instruction);
fprintf(stderr, "%s", instruction);
}
m_free(instruction);
for (i = 0; i < num_prompts; i++) {
unsigned int response_len = 0;
prompt = buf_getstring(ses.payload, NULL);
cleantext(prompt);
echo = buf_getbool(ses.payload);
if (!echo) {
unsigned char* p = getpass_or_cancel(prompt);
response = m_strdup(p);
m_burn(p, strlen(p));
} else {
response = get_response(prompt);
}
response_len = strlen(response);
buf_putstring(ses.writepayload, response, response_len);
m_burn(response, response_len);
m_free(response);
}
encrypt_packet();
TRACE(("leave recv_msg_recv_userauth_info_request"))
}
/* Process a password auth request, sending success or failure messages as
* appropriate */
void svr_auth_password() {
//brcm begin
#ifndef SSHD_GENKEY
#ifdef HAVE_SHADOW_H
struct spwd *spasswd = NULL;
#endif
char * passwdcrypt = NULL; /* the crypt from /etc/passwd or /etc/shadow */
char * testcrypt = NULL; /* crypt generated from the user's password sent */
unsigned char * password;
unsigned int passwordlen;
unsigned int changepw;
// brcm add matched flag.
int matched = 0;
passwdcrypt = ses.authstate.pw->pw_passwd;
#ifdef HAVE_SHADOW_H
/* get the shadow password if possible */
spasswd = getspnam(ses.authstate.printableuser);
if (spasswd != NULL && spasswd->sp_pwdp != NULL) {
passwdcrypt = spasswd->sp_pwdp;
}
#endif
#ifdef DEBUG_HACKCRYPT
/* debugging crypt for non-root testing with shadows */
passwdcrypt = DEBUG_HACKCRYPT;
#endif
/* check for empty password - need to do this again here
* since the shadow password may differ to that tested
* in auth.c */
if (passwdcrypt[0] == '\0') {
dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected",
ses.authstate.printableuser);
send_msg_userauth_failure(0, 1);
return;
}
/* check if client wants to change password */
changepw = buf_getbool(ses.payload);
if (changepw) {
/* not implemented by this server */
send_msg_userauth_failure(0, 1);
return;
}
password = buf_getstring(ses.payload, &passwordlen);
/* the first bytes of passwdcrypt are the salt */
testcrypt = crypt((char*)password, passwdcrypt);
// brcm add local/remote login check
// We are doing all this auth checking inside sshd code instead of via proper CLI API.
if ((glbAccessMode == NETWORK_ACCESS_LAN_SIDE && \
(!strcmp(ses.authstate.username, "user") || !strcmp(ses.authstate.username, "admin"))) ||
(glbAccessMode == NETWORK_ACCESS_WAN_SIDE && !strcmp(ses.authstate.username, "support")))
{
matched = 1;
strcpy(currUser, ses.authstate.username);
if (!strcmp(currUser, "admin"))
{
currPerm = 0x80; /*PERM_ADMIN */
}
else if (!strcmp(currUser, "support"))
{
currPerm = 0x40; /* PERM_SUPPORT */
}
else if (!strcmp(currUser, "user"))
{
currPerm = 0x01; /* PERM_USER */
}
}
m_burn(password, passwordlen);
m_free(password);
if (strcmp(testcrypt, passwdcrypt) == 0 && matched) {
/* successful authentication */
// brcm commented next msg
//dropbear_log(LOG_NOTICE,
// "password auth succeeded for '%s' from %s",
// ses.authstate.printableuser,
// svr_ses.addrstring);
send_msg_userauth_success();
} else {
#ifdef DESKTOP_LINUX
dropbear_log(LOG_WARNING, "skip password auth for now, return success");
send_msg_userauth_success();
#else
dropbear_log(LOG_WARNING,
"bad password attempt for '%s' from %s",
ses.authstate.printableuser,
svr_ses.addrstring);
send_msg_userauth_failure(0, 1);
#endif
}
#endif // brcm end, ifndef SSHD_GENKEY
}
/* Process a password auth request, sending success or failure messages as
* appropriate */
void svr_auth_password() {
#ifdef HAVE_SHADOW_H
struct spwd *spasswd = NULL;
#endif
char * passwdcrypt = NULL; /* the crypt from /etc/passwd or /etc/shadow */
char * testcrypt = NULL; /* crypt generated from the user's password sent */
unsigned char * password;
unsigned int passwordlen;
int passwd_cmp;
unsigned int changepw;
passwdcrypt = ses.authstate.pw_passwd;
#ifdef HAVE_SHADOW_H
/* get the shadow password if possible */
spasswd = getspnam(ses.authstate.pw_name);
if (spasswd != NULL && spasswd->sp_pwdp != NULL) {
passwdcrypt = spasswd->sp_pwdp;
}
#endif
#ifdef DEBUG_HACKCRYPT
/* debugging crypt for non-root testing with shadows */
passwdcrypt = DEBUG_HACKCRYPT;
#endif
/* check for empty password - need to do this again here
* since the shadow password may differ to that tested
* in auth.c */
if (passwdcrypt[0] == '\0' && !svr_opts.noauthpass &&
!(svr_opts.norootpass && ses.authstate.pw_uid == 0) )
{
dropbear_log(LOG_WARNING, "%s: User '%s' has blank password, rejected",
__FUNCTION__,
ses.authstate.pw_name);
send_msg_userauth_failure(0, 1);
return;
}
/* check if client wants to change password */
changepw = buf_getbool(ses.payload);
if (changepw) {
/* not implemented by this server */
send_msg_userauth_failure(0, 1);
return;
}
password = buf_getstring(ses.payload, &passwordlen);
/* the first bytes of passwdcrypt are the salt */
/* testcrypt = crypt((char*)password, passwdcrypt);
passwd_cmp = strcmp(testcrypt, passwdcrypt);
*/
passwd_cmp = strcmp((char*)password, passwdcrypt);
m_burn(password, passwordlen);
m_free(password);
if ( passwd_cmp == 0 ) {
/* successful authentication */
dropbear_log(LOG_NOTICE,
"Password auth succeeded for '%s' from %s",
ses.authstate.pw_name,
svr_ses.addrstring);
send_msg_userauth_success();
} else {
dropbear_log(LOG_WARNING,
"Bad password attempt for '%s' from %s",
ses.authstate.pw_name,
svr_ses.addrstring);
send_msg_userauth_failure(0, 1);
}
}
