← Back to branch summary

~ubuntu-branches/ubuntu/vivid/dropbear/vivid

« back to all changes in this revision

Viewing changes to svr-authpasswd.c

  • Committer: Package Import Robot
  • Author(s): Gerrit Pape
  • Date: 2011-11-16 12:36:03 UTC
  • mfrom: (1.4.4)
  • mto: This revision was merged to the branch mainline in revision 17.
  • Revision ID: package-import@ubuntu.com-20111116123603-qkpk0p5e3gegporw
ImportĀ upstreamĀ versionĀ 2011.54

Show diffs side-by-side

added added

removed removed

Lines of Context:
svr-authpasswd.c
42
42
        char * passwdcrypt = NULL; /* the crypt from /etc/passwd or /etc/shadow */
43
43
        char * testcrypt = NULL; /* crypt generated from the user's password sent */
44
44
        unsigned char * password;
 
45
        int success_blank = 0;
45
46
        unsigned int passwordlen;
46
47
 
47
48
        unsigned int changepw;
60
61
        passwdcrypt = DEBUG_HACKCRYPT;
61
62
#endif
62
63
 
63
 
        /* check for empty password - need to do this again here
64
 
         * since the shadow password may differ to that tested
65
 
         * in auth.c */
66
 
        if (passwdcrypt[0] == '\0') {
67
 
                dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected",
68
 
                                ses.authstate.pw_name);
69
 
                send_msg_userauth_failure(0, 1);
70
 
                return;
71
 
        }
72
 
 
73
64
        /* check if client wants to change password */
74
65
        changepw = buf_getbool(ses.payload);
75
66
        if (changepw) {
85
76
        m_burn(password, passwordlen);
86
77
        m_free(password);
87
78
 
88
 
        if (strcmp(testcrypt, passwdcrypt) == 0) {
 
79
        /* check for empty password */
 
80
        if (passwdcrypt[0] == '\0') {
 
81
#ifdef ALLOW_BLANK_PASSWORD
 
82
                if (passwordlen == 0) {
 
83
                        success_blank = 1;
 
84
                }
 
85
#else
 
86
                dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected",
 
87
                                ses.authstate.pw_name);
 
88
                send_msg_userauth_failure(0, 1);
 
89
                return;
 
90
#endif
 
91
        }
 
92
 
 
93
        if (success_blank || strcmp(testcrypt, passwdcrypt) == 0) {
89
94
                /* successful authentication */
90
95
                dropbear_log(LOG_NOTICE, 
91
96
                                "Password auth succeeded for '%s' from %s",
99
104
                                svr_ses.addrstring);
100
105
                send_msg_userauth_failure(0, 1);
101
106
        }
102
 
 
103
107
}
104
108
 
105
109
#endif