Return immediate success for blank passwords if allowed

common-session.c

@@ -453,6 +453,16 @@ void fill_passwd(const char* username) {
 	ses.authstate.pw_name = m_strdup(pw->pw_name);
 	ses.authstate.pw_dir = m_strdup(pw->pw_dir);
 	ses.authstate.pw_shell = m_strdup(pw->pw_shell);
-	ses.authstate.pw_passwd = m_strdup(pw->pw_passwd);
+	{
+		char *passwd_crypt = pw->pw_passwd;
+#ifdef HAVE_SHADOW_H
+		/* get the shadow password if possible */
+		struct spwd *spasswd = getspnam(ses.authstate.pw_name);
+		if (spasswd && spasswd->sp_pwdp) {
+			passwd_crypt = spasswd->sp_pwdp;
+		}
+#endif
+		ses.authstate.pw_passwd = m_strdup(passwd_crypt);
+	}
 }
 

svr-auth.c

@@ -141,15 +141,6 @@ void recv_msg_userauth_request() {
 		dropbear_exit("unknown service in auth");
 	}
 
-	/* user wants to know what methods are supported */
-	if (methodlen == AUTH_METHOD_NONE_LEN &&
-			strncmp(methodname, AUTH_METHOD_NONE,
-				AUTH_METHOD_NONE_LEN) == 0) {
-		TRACE(("recv_msg_userauth_request: 'none' request"))
-		send_msg_userauth_failure(0, 0);
-		goto out;
-	}
-	
 	/* check username is good before continuing */
 	if (checkusername(username, userlen) == DROPBEAR_FAILURE) {
 		/* username is invalid/no shell/etc - send failure */
@@ -158,6 +149,31 @@ void recv_msg_userauth_request() {
 		goto out;
 	}
 
+	/* user wants to know what methods are supported */
+	if (methodlen == AUTH_METHOD_NONE_LEN &&
+			strncmp(methodname, AUTH_METHOD_NONE,
+				AUTH_METHOD_NONE_LEN) == 0) {
+		TRACE(("recv_msg_userauth_request: 'none' request"))
+#ifdef ALLOW_BLANK_PASSWORD
+		if (!svr_opts.noauthpass 
+				&& !(svr_opts.norootpass && ses.authstate.pw_uid == 0) 
+				&& ses.authstate.pw_passwd == '\0') 
+		{
+			dropbear_log(LOG_NOTICE, 
+					"Auth succeeded with blank password for '%s' from %s",
+					ses.authstate.pw_name,
+					svr_ses.addrstring);
+			send_msg_userauth_success();
+			goto out;
+		}
+		else
+#endif
+		{
+			send_msg_userauth_failure(0, 0);
+			goto out;
+		}
+	}
+	
 #ifdef ENABLE_SVR_PASSWORD_AUTH
 	if (!svr_opts.noauthpass &&
 			!(svr_opts.norootpass && ses.authstate.pw_uid == 0) ) {
@@ -205,8 +221,7 @@ out:
 }
 
 
-/* Check that the username exists, has a non-empty password, and has a valid
+/* Check that the username exists and isn't disallowed (root), and has a valid shell.
- * shell.
  * returns DROPBEAR_SUCCESS on valid username, DROPBEAR_FAILURE on failure */
 static int checkusername(unsigned char *username, unsigned int userlen) {
 

svr-authpasswd.c

@@ -36,9 +36,6 @@
  * appropriate */
 void svr_auth_password() {
 	
-#ifdef HAVE_SHADOW_H
-	struct spwd *spasswd = NULL;
-#endif
 	char * passwdcrypt = NULL; /* the crypt from /etc/passwd or /etc/shadow */
 	char * testcrypt = NULL; /* crypt generated from the user's password sent */
 	unsigned char * password;
@@ -48,13 +45,6 @@ void svr_auth_password() {
 	unsigned int changepw;
 
 	passwdcrypt = ses.authstate.pw_passwd;
-#ifdef HAVE_SHADOW_H
-	/* get the shadow password if possible */
-	spasswd = getspnam(ses.authstate.pw_name);
-	if (spasswd != NULL && spasswd->sp_pwdp != NULL) {
-		passwdcrypt = spasswd->sp_pwdp;
-	}
-#endif
 
 #ifdef DEBUG_HACKCRYPT
 	/* debugging crypt for non-root testing with shadows */