Support of noexistent user login for alternative auth.
Artur Artamonov
freeartman at wechall.net
Wed Dec 19 15:57:22 WST 2012
On Wed, 19 Dec 2012 09:55:49 +0200
Artur Artamonov <freeartman at wechall.net> wrote:
> This patch adds support of non existent users.
> Authentication goes trought PAM.
> There is used default user and default shell under with
> everything would be lunched.
>
> There was problem same as in mentioned:
> http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2012q3/001304.html
>
Forget add atachment
diff -upN a/common-session.c b/common-session.c
--- a/common-session.c 2012-02-23 15:47:05.000000000 +0200
+++ b/common-session.c 2012-12-06 10:06:19.475443391 +0200
@@ -444,7 +444,11 @@ void fill_passwd(const char* username) {
if (ses.authstate.pw_passwd)
m_free(ses.authstate.pw_passwd);
+#ifndef ENABLE_NON_EXISTENT_USERS
pw = getpwnam(username);
+#else
+ pw = getpwnam( DEFAULT_SHELL_OWNER );
+#endif
if (!pw) {
return;
}
diff -upN a/loginrec.c b/loginrec.c
--- a/loginrec.c 2012-02-23 15:47:06.000000000 +0200
+++ b/loginrec.c 2012-12-06 10:09:23.873018919 +0200
@@ -273,6 +273,9 @@ login_init_entry(struct logininfo *li, i
if (line)
line_fullname(li->line, line, sizeof(li->line));
+#ifdef ENABLE_NON_EXISTENT_USERS
+ username = DEFAULT_SHELL_OWNER;
+#endif
if (username) {
strlcpy(li->username, username, sizeof(li->username));
pw = getpwnam(li->username);
diff -upN a/options.h b/options.h
--- a/options.h 2012-02-23 15:47:06.000000000 +0200
+++ b/options.h 2012-12-06 10:09:08.709610855 +0200
@@ -294,6 +295,19 @@ be overridden at runtime with -I. 0 disa
/* The default path. This will often get replaced by the shell */
#define DEFAULT_PATH "/usr/bin:/bin"
+/* Default dropbear under with will be lunched user shell
+used in combination with PAM authentification*/
+#ifdef ENABLE_SVR_PAM_AUTH
+
+#define ENABLE_NON_EXISTENT_USERS
+
+#ifdef ENABLE_NON_EXISTENT_USERS
+#define DEFAULT_SHELL_OWNER "dropbear"
+#define DROPBEAR_ENV_LOGIN_CLIENT "DROPBEAR_LOGIN_CLIENT"
+#endif
+
+#endif
+
/* Some other defines (that mostly should be left alone) are defined
* in sysoptions.h */
#include "sysoptions.h"
diff -upN a/svr-auth.c b/svr-auth.c
--- a/svr-auth.c 2012-02-23 15:47:06.000000000 +0200
+++ b/svr-auth.c 2012-12-06 10:16:00.274971805 +0200
@@ -129,6 +129,10 @@ void recv_msg_userauth_request() {
servicename = buf_getstring(ses.payload, &servicelen);
methodname = buf_getstring(ses.payload, &methodlen);
+#ifdef ENABLE_NON_EXISTENT_USERS
+ setenv( DROPBEAR_ENV_LOGIN_CLIENT, username, 1 );
+#endif
+
/* only handle 'ssh-connection' currently */
if (servicelen != SSH_SERVICE_CONNECTION_LEN
&& (strncmp(servicename,
SSH_SERVICE_CONNECTION, diff -upN a/svr-authpam.c b/svr-authpam.c
--- a/svr-authpam.c 2012-02-23 15:47:06.000000000 +0200
+++ b/svr-authpam.c 2012-12-06 10:17:43.948815850 +0200
@@ -191,7 +191,11 @@ void svr_auth_pam() {
/* used to pass data to the PAM conversation function - don't
bother with
* strdup() etc since these are touched only by our own
conversation
* function (above) which takes care of it */
+#ifndef ENABLE_NON_EXISTENT_USERS
userData.user = ses.authstate.pw_name;
+#else
+ userData.user = getenv( DROPBEAR_ENV_LOGIN_CLIENT );
+#endif
userData.passwd = password;
/* Init pam */
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 610-nonexistentuser.patch
Type: text/x-patch
Size: 2791 bytes
Desc: not available
Url : http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20121219/06ecc38b/attachment.bin
More information about the Dropbear
mailing list