diff options
author | Darren Tucker <dtucker@zip.com.au> | 2004-05-30 22:04:56 +1000 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2004-05-30 22:04:56 +1000 |
commit | e061b1598a99c7c978f2e05f6d7aa86b6dba9d73 (patch) | |
tree | e627bbeaeec5602ef7e53f37ba34333ddc6edffa /auth-pam.c | |
parent | 450a158d7ef01e44723802e28a65348375718a2c (diff) |
- (dtucker) [auth-pam.c] Use an invalid password for root if
PermitRootLogin != yes or the login is invalid, to prevent leaking
information. Based on Openwall's owl-always-auth patch. ok djm@
Diffstat (limited to 'auth-pam.c')
-rw-r--r-- | auth-pam.c | 12 |
1 files changed, 11 insertions, 1 deletions
@@ -31,7 +31,7 @@ /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ #include "includes.h" -RCSID("$Id: auth-pam.c,v 1.103 2004/05/30 10:43:59 dtucker Exp $"); +RCSID("$Id: auth-pam.c,v 1.104 2004/05/30 12:04:56 dtucker Exp $"); #ifdef USE_PAM #if defined(HAVE_SECURITY_PAM_APPL_H) @@ -1021,6 +1021,7 @@ sshpam_auth_passwd(Authctxt *authctxt, const char *password) { int flags = (options.permit_empty_passwd == 0 ? PAM_DISALLOW_NULL_AUTHTOK : 0); + static char badpw[] = "\b\n\r\177INCORRECT"; if (!options.use_pam || sshpam_handle == NULL) fatal("PAM: %s called when PAM disabled or failed to " @@ -1029,6 +1030,15 @@ sshpam_auth_passwd(Authctxt *authctxt, const char *password) sshpam_password = password; sshpam_authctxt = authctxt; + /* + * If the user logging in is invalid, or is root but is not permitted + * by PermitRootLogin, use an invalid password to prevent leaking + * information via timing (eg if the PAM config has a delay on fail). + */ + if (!authctxt->valid || (authctxt->pw->pw_uid == 0 && + options.permit_root_login != PERMIT_YES)) + sshpam_password = badpw; + sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, (const void *)&passwd_conv); if (sshpam_err != PAM_SUCCESS) |