Support of noexistent user login for alternative auth.

Artur Artamonov freeartman at wechall.net
Wed Dec 19 15:57:22 WST 2012 

On Wed, 19 Dec 2012 09:55:49 +0200
Artur Artamonov <freeartman at wechall.net> wrote:

> This patch adds support of non existent users.
> Authentication goes trought PAM.
> There is used default user and default shell under with
> everything would be lunched.
> 
> There was problem same as in mentioned:
> http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2012q3/001304.html
> 

Forget add atachment

diff -upN a/common-session.c b/common-session.c
--- a/common-session.c	2012-02-23 15:47:05.000000000 +0200
+++ b/common-session.c	2012-12-06 10:06:19.475443391 +0200
@@ -444,7 +444,11 @@ void fill_passwd(const char* username) {
 	if (ses.authstate.pw_passwd)
 		m_free(ses.authstate.pw_passwd);
 
+#ifndef ENABLE_NON_EXISTENT_USERS
 	pw = getpwnam(username);
+#else
+	pw = getpwnam( DEFAULT_SHELL_OWNER );
+#endif
 	if (!pw) {
 		return;
 	}
diff -upN a/loginrec.c b/loginrec.c
--- a/loginrec.c	2012-02-23 15:47:06.000000000 +0200
+++ b/loginrec.c	2012-12-06 10:09:23.873018919 +0200
@@ -273,6 +273,9 @@ login_init_entry(struct logininfo *li, i
 	if (line)
 		line_fullname(li->line, line, sizeof(li->line));
 
+#ifdef ENABLE_NON_EXISTENT_USERS
+	username = DEFAULT_SHELL_OWNER;
+#endif
 	if (username) {
 		strlcpy(li->username, username, sizeof(li->username));
 		pw = getpwnam(li->username);
diff -upN a/options.h b/options.h
--- a/options.h	2012-02-23 15:47:06.000000000 +0200
+++ b/options.h	2012-12-06 10:09:08.709610855 +0200
@@ -294,6 +295,19 @@ be overridden at runtime with -I. 0 disa
 /* The default path. This will often get replaced by the shell */
 #define DEFAULT_PATH "/usr/bin:/bin"
 
+/* Default dropbear under with will be lunched user shell 
+used in combination with PAM authentification*/
+#ifdef ENABLE_SVR_PAM_AUTH
+
+#define ENABLE_NON_EXISTENT_USERS
+
+#ifdef ENABLE_NON_EXISTENT_USERS
+#define DEFAULT_SHELL_OWNER "dropbear"
+#define DROPBEAR_ENV_LOGIN_CLIENT "DROPBEAR_LOGIN_CLIENT"
+#endif
+
+#endif
+
 /* Some other defines (that mostly should be left alone) are defined
  * in sysoptions.h */
 #include "sysoptions.h"
diff -upN a/svr-auth.c b/svr-auth.c
--- a/svr-auth.c	2012-02-23 15:47:06.000000000 +0200
+++ b/svr-auth.c	2012-12-06 10:16:00.274971805 +0200
@@ -129,6 +129,10 @@ void recv_msg_userauth_request() {
 	servicename = buf_getstring(ses.payload, &servicelen);
 	methodname = buf_getstring(ses.payload, &methodlen);
 
+#ifdef ENABLE_NON_EXISTENT_USERS
+	setenv( DROPBEAR_ENV_LOGIN_CLIENT, username, 1 );
+#endif
+
 	/* only handle 'ssh-connection' currently */
 	if (servicelen != SSH_SERVICE_CONNECTION_LEN
 			&& (strncmp(servicename,
SSH_SERVICE_CONNECTION, diff -upN a/svr-authpam.c b/svr-authpam.c
--- a/svr-authpam.c	2012-02-23 15:47:06.000000000 +0200
+++ b/svr-authpam.c	2012-12-06 10:17:43.948815850 +0200
@@ -191,7 +191,11 @@ void svr_auth_pam() {
 	/* used to pass data to the PAM conversation function - don't
bother with
 	 * strdup() etc since these are touched only by our own
conversation
 	 * function (above) which takes care of it */
+#ifndef ENABLE_NON_EXISTENT_USERS
 	userData.user = ses.authstate.pw_name;
+#else
+	userData.user = getenv( DROPBEAR_ENV_LOGIN_CLIENT );
+#endif
 	userData.passwd = password;
 
 	/* Init pam */

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 610-nonexistentuser.patch
Type: text/x-patch
Size: 2791 bytes
Desc: not available
Url : http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20121219/06ecc38b/attachment.bin

More information about the Dropbear mailing list