You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
94 lines
2.6 KiB
94 lines
2.6 KiB
6 years ago
|
diff -uNr dropbear-2018.76/svr-authpasswd.c dropbear-2018.76.mod/svr-authpasswd.c
|
||
|
--- dropbear-2018.76/svr-authpasswd.c 2018-02-27 16:25:12.000000000 +0200
|
||
|
+++ dropbear-2018.76.mod/svr-authpasswd.c 2018-10-21 14:05:37.774231619 +0300
|
||
|
@@ -33,36 +33,13 @@
|
||
|
|
||
|
#if DROPBEAR_SVR_PASSWORD_AUTH
|
||
|
|
||
|
-/* not constant time when strings are differing lengths.
|
||
|
- string content isn't leaked, and crypt hashes are predictable length. */
|
||
|
-static int constant_time_strcmp(const char* a, const char* b) {
|
||
|
- size_t la = strlen(a);
|
||
|
- size_t lb = strlen(b);
|
||
|
-
|
||
|
- if (la != lb) {
|
||
|
- return 1;
|
||
|
- }
|
||
|
-
|
||
|
- return constant_time_memcmp(a, b, la);
|
||
|
-}
|
||
|
+#include <termux-auth.h>
|
||
|
|
||
|
/* Process a password auth request, sending success or failure messages as
|
||
|
* appropriate */
|
||
|
void svr_auth_password() {
|
||
|
-
|
||
|
- char * passwdcrypt = NULL; /* the crypt from /etc/passwd or /etc/shadow */
|
||
|
- char * testcrypt = NULL; /* crypt generated from the user's password sent */
|
||
|
- char * password;
|
||
|
- unsigned int passwordlen;
|
||
|
-
|
||
|
- unsigned int changepw;
|
||
|
-
|
||
|
- passwdcrypt = ses.authstate.pw_passwd;
|
||
|
-
|
||
|
-#ifdef DEBUG_HACKCRYPT
|
||
|
- /* debugging crypt for non-root testing with shadows */
|
||
|
- passwdcrypt = DEBUG_HACKCRYPT;
|
||
|
-#endif
|
||
|
+ char *password;
|
||
|
+ unsigned int changepw, passwordlen;
|
||
|
|
||
|
/* check if client wants to change password */
|
||
|
changepw = buf_getbool(ses.payload);
|
||
|
@@ -72,43 +49,23 @@
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
- password = buf_getstring(ses.payload, &passwordlen);
|
||
|
-
|
||
|
- /* the first bytes of passwdcrypt are the salt */
|
||
|
- testcrypt = crypt(password, passwdcrypt);
|
||
|
- m_burn(password, passwordlen);
|
||
|
- m_free(password);
|
||
|
-
|
||
|
- if (testcrypt == NULL) {
|
||
|
- /* crypt() with an invalid salt like "!!" */
|
||
|
- dropbear_log(LOG_WARNING, "User account '%s' is locked",
|
||
|
- ses.authstate.pw_name);
|
||
|
- send_msg_userauth_failure(0, 1);
|
||
|
- return;
|
||
|
- }
|
||
|
-
|
||
|
- /* check for empty password */
|
||
|
- if (passwdcrypt[0] == '\0') {
|
||
|
- dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected",
|
||
|
- ses.authstate.pw_name);
|
||
|
- send_msg_userauth_failure(0, 1);
|
||
|
- return;
|
||
|
- }
|
||
|
+ password = buf_getstring(ses.payload, &passwordlen);
|
||
|
|
||
|
- if (constant_time_strcmp(testcrypt, passwdcrypt) == 0) {
|
||
|
+ /* check if password is valid */
|
||
|
+ if (termux_auth(ses.authstate.pw_name, password)) {
|
||
|
/* successful authentication */
|
||
|
- dropbear_log(LOG_NOTICE,
|
||
|
+ dropbear_log(LOG_NOTICE,
|
||
|
"Password auth succeeded for '%s' from %s",
|
||
|
ses.authstate.pw_name,
|
||
|
svr_ses.addrstring);
|
||
|
send_msg_userauth_success();
|
||
|
- } else {
|
||
|
+ } else {
|
||
|
dropbear_log(LOG_WARNING,
|
||
|
"Bad password attempt for '%s' from %s",
|
||
|
ses.authstate.pw_name,
|
||
|
svr_ses.addrstring);
|
||
|
send_msg_userauth_failure(0, 1);
|
||
|
- }
|
||
|
+ }
|
||
|
}
|
||
|
|
||
|
#endif
|