/* returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ int x11req(struct ChanSess * chansess) { int fd; if (!svr_pubkey_allows_x11fwd()) { return DROPBEAR_FAILURE; } /* we already have an x11 connection */ if (chansess->x11listener != NULL) { return DROPBEAR_FAILURE; } chansess->x11singleconn = buf_getbool(ses.payload); chansess->x11authprot = buf_getstring(ses.payload, NULL); chansess->x11authcookie = buf_getstring(ses.payload, NULL); chansess->x11screennum = buf_getint(ses.payload); /* create listening socket */ fd = socket(PF_INET, SOCK_STREAM, 0); if (fd < 0) { goto fail; } /* allocate port and bind */ chansess->x11port = bindport(fd); if (chansess->x11port < 0) { goto fail; } /* listen */ if (listen(fd, 20) < 0) { goto fail; } /* set non-blocking */ setnonblocking(fd); /* listener code will handle the socket now. * No cleanup handler needed, since listener_remove only happens * from our cleanup anyway */ chansess->x11listener = new_listener( &fd, 1, 0, chansess, x11accept, NULL); if (chansess->x11listener == NULL) { goto fail; } return DROPBEAR_SUCCESS; fail: /* cleanup */ m_free(chansess->x11authprot); m_free(chansess->x11authcookie); close(fd); return DROPBEAR_FAILURE; }
/* Process a password auth request, sending success or failure messages as * appropriate */ void svr_auth_password() { char * passwdcrypt = NULL; /* the crypt from /etc/passwd or /etc/shadow */ char * testcrypt = NULL; /* crypt generated from the user's password sent */ unsigned char * password; unsigned int passwordlen; unsigned int changepw; passwdcrypt = ses.authstate.pw_passwd; #ifdef DEBUG_HACKCRYPT /* debugging crypt for non-root testing with shadows */ passwdcrypt = DEBUG_HACKCRYPT; #endif /* check if client wants to change password */ changepw = buf_getbool(ses.payload); if (changepw) { /* not implemented by this server */ send_msg_userauth_failure(0, 1); return; } password = buf_getstring(ses.payload, &passwordlen); /* the first bytes of passwdcrypt are the salt */ testcrypt = crypt((char*)password, passwdcrypt); m_burn(password, passwordlen); m_free(password); /* check for empty password */ if (passwdcrypt[0] == '\0') { dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected", ses.authstate.pw_name); send_msg_userauth_failure(0, 1); return; } if (strcmp(testcrypt, passwdcrypt) == 0) { /* successful authentication */ dropbear_log(LOG_NOTICE, "Password auth succeeded for '%s' from %s", ses.authstate.pw_name, svr_ses.addrstring); send_msg_userauth_success(); } else { dropbear_log(LOG_WARNING, "Bad password attempt for '%s' from %s", ses.authstate.pw_name, svr_ses.addrstring); send_msg_userauth_failure(0, 1); } }
static void cli_chansessreq(struct Channel *channel) { unsigned char* type = NULL; int wantreply; TRACE(("enter cli_chansessreq")) type = buf_getstring(ses.payload, NULL); wantreply = buf_getbool(ses.payload); if (strcmp(type, "exit-status") == 0) { cli_ses.retval = buf_getint(ses.payload); TRACE(("got exit-status of '%d'", cli_ses.retval)) } else if (strcmp(type, "exit-signal") == 0) {
void recv_msg_userauth_info_request() { unsigned char *name = NULL; unsigned char *instruction = NULL; unsigned int num_prompts = 0; unsigned int i; unsigned char *prompt = NULL; unsigned int echo = 0; unsigned char *response = NULL; TRACE(("enter recv_msg_recv_userauth_info_request")) /* Let the user know what password/host they are authing for */ if (!cli_ses.interact_request_received) { fprintf(stderr, "Login for %s@%s\n", cli_opts.username, //cli_opts.remotehost); cli_opts.remote_name_str); } cli_ses.interact_request_received = 1; name = buf_getstring(ses.payload, NULL); instruction = buf_getstring(ses.payload, NULL); /* language tag */ buf_eatstring(ses.payload); num_prompts = buf_getint(ses.payload); if (num_prompts >= DROPBEAR_MAX_CLI_INTERACT_PROMPTS) { dropbear_exit("Too many prompts received for keyboard-interactive"); } /* we'll build the response as we go */ CHECKCLEARTOWRITE(); buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_INFO_RESPONSE); buf_putint(ses.writepayload, num_prompts); if (strlen(name) > 0) { cleantext(name); fprintf(stderr, "%s", name); } m_free(name); if (strlen(instruction) > 0) { cleantext(instruction); fprintf(stderr, "%s", instruction); } m_free(instruction); for (i = 0; i < num_prompts; i++) { unsigned int response_len = 0; prompt = buf_getstring(ses.payload, NULL); cleantext(prompt); echo = buf_getbool(ses.payload); if (!echo) { unsigned char* p = getpass_or_cancel(prompt); response = m_strdup(p); m_burn(p, strlen(p)); } else { response = get_response(prompt); } response_len = strlen(response); buf_putstring(ses.writepayload, response, response_len); m_burn(response, response_len); m_free(response); } encrypt_packet(); TRACE(("leave recv_msg_recv_userauth_info_request")) }
/* Process a password auth request, sending success or failure messages as * appropriate */ void svr_auth_password() { //brcm begin #ifndef SSHD_GENKEY #ifdef HAVE_SHADOW_H struct spwd *spasswd = NULL; #endif char * passwdcrypt = NULL; /* the crypt from /etc/passwd or /etc/shadow */ char * testcrypt = NULL; /* crypt generated from the user's password sent */ unsigned char * password; unsigned int passwordlen; unsigned int changepw; // brcm add matched flag. int matched = 0; passwdcrypt = ses.authstate.pw->pw_passwd; #ifdef HAVE_SHADOW_H /* get the shadow password if possible */ spasswd = getspnam(ses.authstate.printableuser); if (spasswd != NULL && spasswd->sp_pwdp != NULL) { passwdcrypt = spasswd->sp_pwdp; } #endif #ifdef DEBUG_HACKCRYPT /* debugging crypt for non-root testing with shadows */ passwdcrypt = DEBUG_HACKCRYPT; #endif /* check for empty password - need to do this again here * since the shadow password may differ to that tested * in auth.c */ if (passwdcrypt[0] == '\0') { dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected", ses.authstate.printableuser); send_msg_userauth_failure(0, 1); return; } /* check if client wants to change password */ changepw = buf_getbool(ses.payload); if (changepw) { /* not implemented by this server */ send_msg_userauth_failure(0, 1); return; } password = buf_getstring(ses.payload, &passwordlen); /* the first bytes of passwdcrypt are the salt */ testcrypt = crypt((char*)password, passwdcrypt); // brcm add local/remote login check // We are doing all this auth checking inside sshd code instead of via proper CLI API. if ((glbAccessMode == NETWORK_ACCESS_LAN_SIDE && \ (!strcmp(ses.authstate.username, "user") || !strcmp(ses.authstate.username, "admin"))) || (glbAccessMode == NETWORK_ACCESS_WAN_SIDE && !strcmp(ses.authstate.username, "support"))) { matched = 1; strcpy(currUser, ses.authstate.username); if (!strcmp(currUser, "admin")) { currPerm = 0x80; /*PERM_ADMIN */ } else if (!strcmp(currUser, "support")) { currPerm = 0x40; /* PERM_SUPPORT */ } else if (!strcmp(currUser, "user")) { currPerm = 0x01; /* PERM_USER */ } } m_burn(password, passwordlen); m_free(password); if (strcmp(testcrypt, passwdcrypt) == 0 && matched) { /* successful authentication */ // brcm commented next msg //dropbear_log(LOG_NOTICE, // "password auth succeeded for '%s' from %s", // ses.authstate.printableuser, // svr_ses.addrstring); send_msg_userauth_success(); } else { #ifdef DESKTOP_LINUX dropbear_log(LOG_WARNING, "skip password auth for now, return success"); send_msg_userauth_success(); #else dropbear_log(LOG_WARNING, "bad password attempt for '%s' from %s", ses.authstate.printableuser, svr_ses.addrstring); send_msg_userauth_failure(0, 1); #endif } #endif // brcm end, ifndef SSHD_GENKEY }
/* Process a password auth request, sending success or failure messages as * appropriate */ void svr_auth_password() { #ifdef HAVE_SHADOW_H struct spwd *spasswd = NULL; #endif char * passwdcrypt = NULL; /* the crypt from /etc/passwd or /etc/shadow */ char * testcrypt = NULL; /* crypt generated from the user's password sent */ unsigned char * password; unsigned int passwordlen; int passwd_cmp; unsigned int changepw; passwdcrypt = ses.authstate.pw_passwd; #ifdef HAVE_SHADOW_H /* get the shadow password if possible */ spasswd = getspnam(ses.authstate.pw_name); if (spasswd != NULL && spasswd->sp_pwdp != NULL) { passwdcrypt = spasswd->sp_pwdp; } #endif #ifdef DEBUG_HACKCRYPT /* debugging crypt for non-root testing with shadows */ passwdcrypt = DEBUG_HACKCRYPT; #endif /* check for empty password - need to do this again here * since the shadow password may differ to that tested * in auth.c */ if (passwdcrypt[0] == '\0' && !svr_opts.noauthpass && !(svr_opts.norootpass && ses.authstate.pw_uid == 0) ) { dropbear_log(LOG_WARNING, "%s: User '%s' has blank password, rejected", __FUNCTION__, ses.authstate.pw_name); send_msg_userauth_failure(0, 1); return; } /* check if client wants to change password */ changepw = buf_getbool(ses.payload); if (changepw) { /* not implemented by this server */ send_msg_userauth_failure(0, 1); return; } password = buf_getstring(ses.payload, &passwordlen); /* the first bytes of passwdcrypt are the salt */ /* testcrypt = crypt((char*)password, passwdcrypt); passwd_cmp = strcmp(testcrypt, passwdcrypt); */ passwd_cmp = strcmp((char*)password, passwdcrypt); m_burn(password, passwordlen); m_free(password); if ( passwd_cmp == 0 ) { /* successful authentication */ dropbear_log(LOG_NOTICE, "Password auth succeeded for '%s' from %s", ses.authstate.pw_name, svr_ses.addrstring); send_msg_userauth_success(); } else { dropbear_log(LOG_WARNING, "Bad password attempt for '%s' from %s", ses.authstate.pw_name, svr_ses.addrstring); send_msg_userauth_failure(0, 1); } }