ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-03-16 00:17:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Allow configuring "allow blank password option" at runtime

Browse Source 
Changes this from a compile-time switch to a command-line option.

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
This commit is contained in:
Paul Eggleton 2013-02-12 15:52:57 +00:00
parent f5be0fb218
commit 1205fa68df
5 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
options.h
View File

@ -180,11 +180,6 @@ much traffic. */
#define ENABLE_SVR_PUBKEY_OPTIONS #define ENABLE_SVR_PUBKEY_OPTIONS
#endif #endif
/* Define this to allow logging in to accounts that have no password specified.
* Public key logins are allowed for blank-password accounts regardless of this
* setting. */
/* #define ALLOW_BLANK_PASSWORD */
#define ENABLE_CLI_PASSWORD_AUTH #define ENABLE_CLI_PASSWORD_AUTH
#define ENABLE_CLI_PUBKEY_AUTH #define ENABLE_CLI_PUBKEY_AUTH
#define ENABLE_CLI_INTERACT_AUTH #define ENABLE_CLI_INTERACT_AUTH

1
runopts.h
View File

@ -89,6 +89,7 @@ typedef struct svr_runopts {
int noauthpass; int noauthpass;
int norootpass; int norootpass;
int allowblankpass;
#ifdef ENABLE_SVR_REMOTETCPFWD #ifdef ENABLE_SVR_REMOTETCPFWD
int noremotetcp; int noremotetcp;

5
svr-auth.c
View File

@ -154,8 +154,8 @@ void recv_msg_userauth_request() {
strncmp(methodname, AUTH_METHOD_NONE, strncmp(methodname, AUTH_METHOD_NONE,
AUTH_METHOD_NONE_LEN) == 0) { AUTH_METHOD_NONE_LEN) == 0) {
TRACE(("recv_msg_userauth_request: 'none' request")) TRACE(("recv_msg_userauth_request: 'none' request"))
#ifdef ALLOW_BLANK_PASSWORD if (svr_opts.allowblankpass
if (!svr_opts.noauthpass && !svr_opts.noauthpass
&& !(svr_opts.norootpass && ses.authstate.pw_uid == 0) && !(svr_opts.norootpass && ses.authstate.pw_uid == 0)
&& ses.authstate.pw_passwd[0] == '\0') && ses.authstate.pw_passwd[0] == '\0')
{ {
@ -167,7 +167,6 @@ void recv_msg_userauth_request() {
goto out; goto out;
} }
else else
#endif
{ {
send_msg_userauth_failure(0, 0); send_msg_userauth_failure(0, 0);
goto out; goto out;

1
svr-authpasswd.c
View File

@ -29,6 +29,7 @@
#include "buffer.h" #include "buffer.h"
#include "dbutil.h" #include "dbutil.h"
#include "auth.h" #include "auth.h"
#include "runopts.h"
#ifdef ENABLE_SVR_PASSWORD_AUTH #ifdef ENABLE_SVR_PASSWORD_AUTH

5
svr-runopts.c
View File

@ -63,6 +63,7 @@ static void printhelp(const char * progname) {
#if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH) #if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH)
"-s Disable password logins\n" "-s Disable password logins\n"
"-g Disable password logins for root\n" "-g Disable password logins for root\n"
"-B Allow blank password logins\n"
#endif #endif
#ifdef ENABLE_SVR_LOCALTCPFWD #ifdef ENABLE_SVR_LOCALTCPFWD
"-j Disable local port forwarding\n" "-j Disable local port forwarding\n"
@ -115,6 +116,7 @@ void svr_getopts(int argc, char ** argv) {
svr_opts.norootlogin = 0; svr_opts.norootlogin = 0;
svr_opts.noauthpass = 0; svr_opts.noauthpass = 0;
svr_opts.norootpass = 0; svr_opts.norootpass = 0;
svr_opts.allowblankpass = 0;
svr_opts.inetdmode = 0; svr_opts.inetdmode = 0;
svr_opts.portcount = 0; svr_opts.portcount = 0;
svr_opts.hostkey = NULL; svr_opts.hostkey = NULL;
@ -234,6 +236,9 @@ void svr_getopts(int argc, char ** argv) {
case 'g': case 'g':
svr_opts.norootpass = 1; svr_opts.norootpass = 1;
break; break;
case 'B':
svr_opts.allowblankpass = 1;
break;
#endif #endif
case 'h': case 'h':
printhelp(argv[0]); printhelp(argv[0]);