diff options
author | Markus Friedl <markus@cvs.openbsd.org> | 2003-08-26 09:58:44 +0000 |
---|---|---|
committer | Markus Friedl <markus@cvs.openbsd.org> | 2003-08-26 09:58:44 +0000 |
commit | fda304b5a80ed890fea222257d74e366f160b8dc (patch) | |
tree | 83b44bab039b08fd6d861409dfe6fa068f9eff91 | |
parent | d583950be9e490d1bb31e20cb010348fcb444fd0 (diff) |
fix passwd auth for 'username leaks via timing'; with djm@, original patches from solar
-rw-r--r-- | usr.bin/ssh/auth-passwd.c | 13 | ||||
-rw-r--r-- | usr.bin/ssh/auth.c | 21 | ||||
-rw-r--r-- | usr.bin/ssh/auth.h | 4 | ||||
-rw-r--r-- | usr.bin/ssh/auth1.c | 6 | ||||
-rw-r--r-- | usr.bin/ssh/auth2-none.c | 4 | ||||
-rw-r--r-- | usr.bin/ssh/auth2-passwd.c | 5 | ||||
-rw-r--r-- | usr.bin/ssh/auth2.c | 3 | ||||
-rw-r--r-- | usr.bin/ssh/monitor.c | 4 |
8 files changed, 42 insertions, 18 deletions
diff --git a/usr.bin/ssh/auth-passwd.c b/usr.bin/ssh/auth-passwd.c index 5eb8ac6065e..6452660270d 100644 --- a/usr.bin/ssh/auth-passwd.c +++ b/usr.bin/ssh/auth-passwd.c @@ -36,7 +36,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-passwd.c,v 1.28 2003/07/22 13:35:22 markus Exp $"); +RCSID("$OpenBSD: auth-passwd.c,v 1.29 2003/08/26 09:58:43 markus Exp $"); #include "packet.h" #include "log.h" @@ -54,19 +54,20 @@ int auth_password(Authctxt *authctxt, const char *password) { struct passwd * pw = authctxt->pw; + int ok = authctxt->valid; /* deny if no user. */ if (pw == NULL) return 0; if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) - return 0; + ok = 0; if (*password == '\0' && options.permit_empty_passwd == 0) return 0; #ifdef KRB5 if (options.kerberos_authentication == 1) { int ret = auth_krb5_password(authctxt, password); if (ret == 1 || ret == 0) - return ret; + return ret && ok; /* Fall back to ordinary passwd authentication. */ } #endif @@ -75,11 +76,11 @@ auth_password(Authctxt *authctxt, const char *password) (char *)password) == 0) return 0; else - return 1; + return ok; #else /* Check for users with no password. */ if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0) - return 1; + return ok; else { /* Encrypt the candidate password using the proper salt. */ char *encrypted_password = crypt(password, @@ -89,7 +90,7 @@ auth_password(Authctxt *authctxt, const char *password) * Authentication is accepted if the encrypted passwords * are identical. */ - return (strcmp(encrypted_password, pw->pw_passwd) == 0); + return (strcmp(encrypted_password, pw->pw_passwd) == 0) && ok; } #endif } diff --git a/usr.bin/ssh/auth.c b/usr.bin/ssh/auth.c index 89882c56b5e..4b66fa09ae3 100644 --- a/usr.bin/ssh/auth.c +++ b/usr.bin/ssh/auth.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth.c,v 1.48 2003/06/02 09:17:34 markus Exp $"); +RCSID("$OpenBSD: auth.c,v 1.49 2003/08/26 09:58:43 markus Exp $"); #include <libgen.h> @@ -471,3 +471,22 @@ auth_debug_reset(void) auth_debug_init = 1; } } + +struct passwd * +fakepw(void) +{ + static struct passwd fake; + + memset(&fake, 0, sizeof(fake)); + fake.pw_name = "NOUSER"; + fake.pw_passwd = + "$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK"; + fake.pw_gecos = "NOUSER"; + fake.pw_uid = -1; + fake.pw_gid = -1; + fake.pw_class = ""; + fake.pw_dir = "/nonexist"; + fake.pw_shell = "/nonexist"; + + return (&fake); +} diff --git a/usr.bin/ssh/auth.h b/usr.bin/ssh/auth.h index 54116301ee4..14d66d23c01 100644 --- a/usr.bin/ssh/auth.h +++ b/usr.bin/ssh/auth.h @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.h,v 1.44 2003/08/22 10:56:08 markus Exp $ */ +/* $OpenBSD: auth.h,v 1.45 2003/08/26 09:58:43 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -171,6 +171,8 @@ void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2))); void auth_debug_send(void); void auth_debug_reset(void); +struct passwd *fakepw(void); + #define AUTH_FAIL_MAX 6 #define AUTH_FAIL_LOG (AUTH_FAIL_MAX/2) #define AUTH_FAIL_MSG "Too many authentication failures for %.100s" diff --git a/usr.bin/ssh/auth1.c b/usr.bin/ssh/auth1.c index dea027f3023..bcd4ab01411 100644 --- a/usr.bin/ssh/auth1.c +++ b/usr.bin/ssh/auth1.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth1.c,v 1.50 2003/08/13 08:46:30 markus Exp $"); +RCSID("$OpenBSD: auth1.c,v 1.51 2003/08/26 09:58:43 markus Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -315,8 +315,10 @@ do_authentication(void) /* Verify that the user is a valid user. */ if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL) authctxt->valid = 1; - else + else { debug("do_authentication: illegal user %s", user); + authctxt->pw = fakepw(); + } setproctitle("%s%s", authctxt->pw ? user : "unknown", use_privsep ? " [net]" : ""); diff --git a/usr.bin/ssh/auth2-none.c b/usr.bin/ssh/auth2-none.c index 1b557b96c24..58df8d33b09 100644 --- a/usr.bin/ssh/auth2-none.c +++ b/usr.bin/ssh/auth2-none.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2-none.c,v 1.5 2003/07/31 09:21:02 markus Exp $"); +RCSID("$OpenBSD: auth2-none.c,v 1.6 2003/08/26 09:58:43 markus Exp $"); #include "auth.h" #include "xmalloc.h" @@ -96,7 +96,7 @@ userauth_none(Authctxt *authctxt) none_enabled = 0; packet_check_eom(); userauth_banner(); - if (options.password_authentication && authctxt->valid) + if (options.password_authentication) return (PRIVSEP(auth_password(authctxt, ""))); return (0); } diff --git a/usr.bin/ssh/auth2-passwd.c b/usr.bin/ssh/auth2-passwd.c index a6d6b379147..7a659a2e126 100644 --- a/usr.bin/ssh/auth2-passwd.c +++ b/usr.bin/ssh/auth2-passwd.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2-passwd.c,v 1.3 2003/04/08 20:21:28 itojun Exp $"); +RCSID("$OpenBSD: auth2-passwd.c,v 1.4 2003/08/26 09:58:43 markus Exp $"); #include "xmalloc.h" #include "packet.h" @@ -47,8 +47,7 @@ userauth_passwd(Authctxt *authctxt) logit("password change not supported"); password = packet_get_string(&len); packet_check_eom(); - if (authctxt->valid && - PRIVSEP(auth_password(authctxt, password)) == 1) + if (PRIVSEP(auth_password(authctxt, password)) == 1) authenticated = 1; memset(password, 0, len); xfree(password); diff --git a/usr.bin/ssh/auth2.c b/usr.bin/ssh/auth2.c index 192f4aaddb1..15da377c590 100644 --- a/usr.bin/ssh/auth2.c +++ b/usr.bin/ssh/auth2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2.c,v 1.101 2003/08/22 13:22:27 markus Exp $"); +RCSID("$OpenBSD: auth2.c,v 1.102 2003/08/26 09:58:43 markus Exp $"); #include "ssh2.h" #include "xmalloc.h" @@ -164,6 +164,7 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) debug2("input_userauth_request: setting up authctxt for %s", user); } else { logit("input_userauth_request: illegal user %s", user); + authctxt->pw = fakepw(); } setproctitle("%s%s", authctxt->pw ? user : "unknown", use_privsep ? " [net]" : ""); diff --git a/usr.bin/ssh/monitor.c b/usr.bin/ssh/monitor.c index 017ca931eb9..9b16c4d2f1e 100644 --- a/usr.bin/ssh/monitor.c +++ b/usr.bin/ssh/monitor.c @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor.c,v 1.47 2003/08/24 17:36:52 deraadt Exp $"); +RCSID("$OpenBSD: monitor.c,v 1.48 2003/08/26 09:58:43 markus Exp $"); #include <openssl/dh.h> @@ -615,7 +615,7 @@ mm_answer_authpassword(int socket, Buffer *m) passwd = buffer_get_string(m, &plen); /* Only authenticate if the context is valid */ authenticated = options.password_authentication && - authctxt->valid && auth_password(authctxt, passwd); + auth_password(authctxt, passwd); memset(passwd, 0, strlen(passwd)); xfree(passwd); |