[Dropbear] Question about username/password authentication

Matt Johnston matt at ucc.asn.au
Mon Sep 11 15:55:27 WST 2006


On Mon, Sep 11, 2006 at 10:35:23AM +0800, Vincent wrote:
> Drar Matt:
> I'm porting Dropbear 0.48.1 into my embedded linux system.
> My authentication policy is to replase default /etc/password with my own 
> username/password library.
> 
> But in svr-authpasswd.c, function void svr_auth_password(),
> I don't know where can I found the clear text input password for my check.
> 
> Can you advise me ? Or tell  me which function in which file is the correct 
> way to integrate my own library.

Look at 
http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2006q3/000416.html
for what I've suggested previously. 

In svr-auth.c the call to getpwnam() returns the struct passwd 
for the user. Various other parts of Dropbear rely on this
being populated with pw_uid, pw_shell, pw_dir etc, so you'll
have to fill that out manually even if you're not using
/etc/passwd.

svr_auth_password() then gets the cleartext password from
the authentication packet with "password = buf_getstring("
then crypt()s it and compares it with the stored
ses.authstate.pw->pw_passwd.

To implement your own policy, replace the getpwnam() call in
checkusername() with something of your own, that just checks
that the username is valid and fills out the pw_ values. You
could probably hardcode the values there if all users log in
with the same userid/shell. 

Then you'll want to replace
svr_auth_password() with something that uses the 
password = buf_getstring(...) and checks the
user/password combination with your own code.

Let me know if you have any problems.

Cheers,
Matt


More information about the Dropbear mailing list