- markus@cvs.openbsd.org 2003/08/26 09:58:43
[auth-passwd.c auth.c auth.h auth1.c auth2-none.c auth2-passwd.c]
[auth2.c monitor.c]
fix passwd auth for 'username leaks via timing'; with djm@, original
patches from solar
diff --git a/auth-passwd.c b/auth-passwd.c
index a5d23b6..57a2d36 100644
--- a/auth-passwd.c
+++ b/auth-passwd.c
@@ -36,7 +36,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-passwd.c,v 1.28 2003/07/22 13:35:22 markus Exp $");
+RCSID("$OpenBSD: auth-passwd.c,v 1.29 2003/08/26 09:58:43 markus Exp $");
#include "packet.h"
#include "log.h"
@@ -62,25 +62,22 @@
/* deny if no user. */
if (pw == NULL)
- ok = 0;
+ return 0;
#ifndef HAVE_CYGWIN
if (pw && pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
ok = 0;
#endif
if (*password == '\0' && options.permit_empty_passwd == 0)
- ok = 0;
-
- if (!ok)
return 0;
#if defined(HAVE_OSF_SIA)
- return auth_sia_password(authctxt, password);
+ return auth_sia_password(authctxt, password) && ok;
#else
# ifdef KRB5
if (options.kerberos_authentication == 1) {
int ret = auth_krb5_password(authctxt, password);
if (ret == 1 || ret == 0)
- return ret;
+ return ret && ok;
/* Fall back to ordinary passwd authentication. */
}
# endif
@@ -89,30 +86,32 @@
HANDLE hToken = cygwin_logon_user(pw, password);
if (hToken == INVALID_HANDLE_VALUE)
- return (0);
+ return 0;
cygwin_set_impersonation_token(hToken);
- return (1);
+ return ok;
}
# endif
# ifdef WITH_AIXAUTHENTICATE
{
- char *authmsg;
+ char *authmsg = NULL;
int reenter = 1;
- int authsuccess = (authenticate(pw->pw_name, password,
- &reenter, &authmsg) == 0);
- aix_remove_embedded_newlines(authmsg);
+ int authsuccess = 0;
- if (authsuccess) {
+ if (authenticate(pw->pw_name, password, &reenter,
+ &authmsg) == 0 && ok) {
char *msg;
char *host =
(char *)get_canonical_hostname(options.use_dns);
+ authsuccess = 1;
+ aix_remove_embedded_newlines(authmsg);
+
debug3("AIX/authenticate succeeded for user %s: %.100s",
pw->pw_name, authmsg);
/* No pty yet, so just label the line as "ssh" */
if (loginsuccess(authctxt->user, host, "ssh",
- &msg) == 0){
+ &msg) == 0) {
if (msg != NULL) {
debug("%s: msg %s", __func__, msg);
buffer_append(&loginmsg, msg,
@@ -120,14 +119,15 @@
xfree(msg);
}
}
- } else
+ } else {
debug3("AIX/authenticate failed for user %s: %.100s",
pw->pw_name, authmsg);
+ }
if (authmsg != NULL)
xfree(authmsg);
- return (authsuccess);
+ return authsuccess;
}
# endif
# ifdef BSD_AUTH
@@ -135,15 +135,15 @@
(char *)password) == 0)
return 0;
else
- return 1;
+ return ok;
# else
{
- char *pw_password = shadow_pw(pw);
+ /* Just use the supplied fake password if authctxt is invalid */
+ char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd;
/* Check for users with no password. */
- /* XXX Reverted back to OpenBSD, why was this changed again? */
if (strcmp(pw_password, "") == 0 && strcmp(pw->pw_passwd, "") == 0)
- return 1;
+ return ok;
else {
/* Encrypt the candidate password using the proper salt. */
char *encrypted_password = xcrypt(password,
@@ -153,7 +153,7 @@
* Authentication is accepted if the encrypted passwords
* are identical.
*/
- return (strcmp(encrypted_password, pw_password) == 0);
+ return (strcmp(encrypted_password, pw_password) == 0) && ok;
}
}