[Dropbear] Question about username/password authentication
Matt Johnston
matt at ucc.asn.au
Mon Sep 11 15:55:27 WST 2006
On Mon, Sep 11, 2006 at 10:35:23AM +0800, Vincent wrote:
> Drar Matt:
> I'm porting Dropbear 0.48.1 into my embedded linux system.
> My authentication policy is to replase default /etc/password with my own
> username/password library.
>
> But in svr-authpasswd.c, function void svr_auth_password(),
> I don't know where can I found the clear text input password for my check.
>
> Can you advise me ? Or tell me which function in which file is the correct
> way to integrate my own library.
Look at
http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2006q3/000416.html
for what I've suggested previously.
In svr-auth.c the call to getpwnam() returns the struct passwd
for the user. Various other parts of Dropbear rely on this
being populated with pw_uid, pw_shell, pw_dir etc, so you'll
have to fill that out manually even if you're not using
/etc/passwd.
svr_auth_password() then gets the cleartext password from
the authentication packet with "password = buf_getstring("
then crypt()s it and compares it with the stored
ses.authstate.pw->pw_passwd.
To implement your own policy, replace the getpwnam() call in
checkusername() with something of your own, that just checks
that the username is valid and fills out the pw_ values. You
could probably hardcode the values there if all users log in
with the same userid/shell.
Then you'll want to replace
svr_auth_password() with something that uses the
password = buf_getstring(...) and checks the
user/password combination with your own code.
Let me know if you have any problems.
Cheers,
Matt
More information about the Dropbear
mailing list