summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarkus Friedl <markus@cvs.openbsd.org>2003-08-26 09:58:44 +0000
committerMarkus Friedl <markus@cvs.openbsd.org>2003-08-26 09:58:44 +0000
commitfda304b5a80ed890fea222257d74e366f160b8dc (patch)
tree83b44bab039b08fd6d861409dfe6fa068f9eff91
parentd583950be9e490d1bb31e20cb010348fcb444fd0 (diff)
fix passwd auth for 'username leaks via timing'; with djm@, original patches from solar
-rw-r--r--usr.bin/ssh/auth-passwd.c13
-rw-r--r--usr.bin/ssh/auth.c21
-rw-r--r--usr.bin/ssh/auth.h4
-rw-r--r--usr.bin/ssh/auth1.c6
-rw-r--r--usr.bin/ssh/auth2-none.c4
-rw-r--r--usr.bin/ssh/auth2-passwd.c5
-rw-r--r--usr.bin/ssh/auth2.c3
-rw-r--r--usr.bin/ssh/monitor.c4
8 files changed, 42 insertions, 18 deletions
diff --git a/usr.bin/ssh/auth-passwd.c b/usr.bin/ssh/auth-passwd.c
index 5eb8ac6065e..6452660270d 100644
--- a/usr.bin/ssh/auth-passwd.c
+++ b/usr.bin/ssh/auth-passwd.c
@@ -36,7 +36,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-passwd.c,v 1.28 2003/07/22 13:35:22 markus Exp $");
+RCSID("$OpenBSD: auth-passwd.c,v 1.29 2003/08/26 09:58:43 markus Exp $");
#include "packet.h"
#include "log.h"
@@ -54,19 +54,20 @@ int
auth_password(Authctxt *authctxt, const char *password)
{
struct passwd * pw = authctxt->pw;
+ int ok = authctxt->valid;
/* deny if no user. */
if (pw == NULL)
return 0;
if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
- return 0;
+ ok = 0;
if (*password == '\0' && options.permit_empty_passwd == 0)
return 0;
#ifdef KRB5
if (options.kerberos_authentication == 1) {
int ret = auth_krb5_password(authctxt, password);
if (ret == 1 || ret == 0)
- return ret;
+ return ret && ok;
/* Fall back to ordinary passwd authentication. */
}
#endif
@@ -75,11 +76,11 @@ auth_password(Authctxt *authctxt, const char *password)
(char *)password) == 0)
return 0;
else
- return 1;
+ return ok;
#else
/* Check for users with no password. */
if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0)
- return 1;
+ return ok;
else {
/* Encrypt the candidate password using the proper salt. */
char *encrypted_password = crypt(password,
@@ -89,7 +90,7 @@ auth_password(Authctxt *authctxt, const char *password)
* Authentication is accepted if the encrypted passwords
* are identical.
*/
- return (strcmp(encrypted_password, pw->pw_passwd) == 0);
+ return (strcmp(encrypted_password, pw->pw_passwd) == 0) && ok;
}
#endif
}
diff --git a/usr.bin/ssh/auth.c b/usr.bin/ssh/auth.c
index 89882c56b5e..4b66fa09ae3 100644
--- a/usr.bin/ssh/auth.c
+++ b/usr.bin/ssh/auth.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth.c,v 1.48 2003/06/02 09:17:34 markus Exp $");
+RCSID("$OpenBSD: auth.c,v 1.49 2003/08/26 09:58:43 markus Exp $");
#include <libgen.h>
@@ -471,3 +471,22 @@ auth_debug_reset(void)
auth_debug_init = 1;
}
}
+
+struct passwd *
+fakepw(void)
+{
+ static struct passwd fake;
+
+ memset(&fake, 0, sizeof(fake));
+ fake.pw_name = "NOUSER";
+ fake.pw_passwd =
+ "$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK";
+ fake.pw_gecos = "NOUSER";
+ fake.pw_uid = -1;
+ fake.pw_gid = -1;
+ fake.pw_class = "";
+ fake.pw_dir = "/nonexist";
+ fake.pw_shell = "/nonexist";
+
+ return (&fake);
+}
diff --git a/usr.bin/ssh/auth.h b/usr.bin/ssh/auth.h
index 54116301ee4..14d66d23c01 100644
--- a/usr.bin/ssh/auth.h
+++ b/usr.bin/ssh/auth.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.h,v 1.44 2003/08/22 10:56:08 markus Exp $ */
+/* $OpenBSD: auth.h,v 1.45 2003/08/26 09:58:43 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -171,6 +171,8 @@ void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2)));
void auth_debug_send(void);
void auth_debug_reset(void);
+struct passwd *fakepw(void);
+
#define AUTH_FAIL_MAX 6
#define AUTH_FAIL_LOG (AUTH_FAIL_MAX/2)
#define AUTH_FAIL_MSG "Too many authentication failures for %.100s"
diff --git a/usr.bin/ssh/auth1.c b/usr.bin/ssh/auth1.c
index dea027f3023..bcd4ab01411 100644
--- a/usr.bin/ssh/auth1.c
+++ b/usr.bin/ssh/auth1.c
@@ -10,7 +10,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth1.c,v 1.50 2003/08/13 08:46:30 markus Exp $");
+RCSID("$OpenBSD: auth1.c,v 1.51 2003/08/26 09:58:43 markus Exp $");
#include "xmalloc.h"
#include "rsa.h"
@@ -315,8 +315,10 @@ do_authentication(void)
/* Verify that the user is a valid user. */
if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL)
authctxt->valid = 1;
- else
+ else {
debug("do_authentication: illegal user %s", user);
+ authctxt->pw = fakepw();
+ }
setproctitle("%s%s", authctxt->pw ? user : "unknown",
use_privsep ? " [net]" : "");
diff --git a/usr.bin/ssh/auth2-none.c b/usr.bin/ssh/auth2-none.c
index 1b557b96c24..58df8d33b09 100644
--- a/usr.bin/ssh/auth2-none.c
+++ b/usr.bin/ssh/auth2-none.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth2-none.c,v 1.5 2003/07/31 09:21:02 markus Exp $");
+RCSID("$OpenBSD: auth2-none.c,v 1.6 2003/08/26 09:58:43 markus Exp $");
#include "auth.h"
#include "xmalloc.h"
@@ -96,7 +96,7 @@ userauth_none(Authctxt *authctxt)
none_enabled = 0;
packet_check_eom();
userauth_banner();
- if (options.password_authentication && authctxt->valid)
+ if (options.password_authentication)
return (PRIVSEP(auth_password(authctxt, "")));
return (0);
}
diff --git a/usr.bin/ssh/auth2-passwd.c b/usr.bin/ssh/auth2-passwd.c
index a6d6b379147..7a659a2e126 100644
--- a/usr.bin/ssh/auth2-passwd.c
+++ b/usr.bin/ssh/auth2-passwd.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth2-passwd.c,v 1.3 2003/04/08 20:21:28 itojun Exp $");
+RCSID("$OpenBSD: auth2-passwd.c,v 1.4 2003/08/26 09:58:43 markus Exp $");
#include "xmalloc.h"
#include "packet.h"
@@ -47,8 +47,7 @@ userauth_passwd(Authctxt *authctxt)
logit("password change not supported");
password = packet_get_string(&len);
packet_check_eom();
- if (authctxt->valid &&
- PRIVSEP(auth_password(authctxt, password)) == 1)
+ if (PRIVSEP(auth_password(authctxt, password)) == 1)
authenticated = 1;
memset(password, 0, len);
xfree(password);
diff --git a/usr.bin/ssh/auth2.c b/usr.bin/ssh/auth2.c
index 192f4aaddb1..15da377c590 100644
--- a/usr.bin/ssh/auth2.c
+++ b/usr.bin/ssh/auth2.c
@@ -23,7 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.101 2003/08/22 13:22:27 markus Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.102 2003/08/26 09:58:43 markus Exp $");
#include "ssh2.h"
#include "xmalloc.h"
@@ -164,6 +164,7 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
debug2("input_userauth_request: setting up authctxt for %s", user);
} else {
logit("input_userauth_request: illegal user %s", user);
+ authctxt->pw = fakepw();
}
setproctitle("%s%s", authctxt->pw ? user : "unknown",
use_privsep ? " [net]" : "");
diff --git a/usr.bin/ssh/monitor.c b/usr.bin/ssh/monitor.c
index 017ca931eb9..9b16c4d2f1e 100644
--- a/usr.bin/ssh/monitor.c
+++ b/usr.bin/ssh/monitor.c
@@ -25,7 +25,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: monitor.c,v 1.47 2003/08/24 17:36:52 deraadt Exp $");
+RCSID("$OpenBSD: monitor.c,v 1.48 2003/08/26 09:58:43 markus Exp $");
#include <openssl/dh.h>
@@ -615,7 +615,7 @@ mm_answer_authpassword(int socket, Buffer *m)
passwd = buffer_get_string(m, &plen);
/* Only authenticate if the context is valid */
authenticated = options.password_authentication &&
- authctxt->valid && auth_password(authctxt, passwd);
+ auth_password(authctxt, passwd);
memset(passwd, 0, strlen(passwd));
xfree(passwd);