Module Name: src
Committed By: drochner
Date: Fri Dec 16 17:35:09 UTC 2011
Modified Files:
src/lib/libpam/modules/pam_ssh: pam_ssh.c
Log Message:
disallow empty passphrases per default, and implement the "nullok"
option to allow it if the administator wishes, from FreeBSD
To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.19 src/lib/libpam/modules/pam_ssh/pam_ssh.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/lib/libpam/modules/pam_ssh/pam_ssh.c
diff -u src/lib/libpam/modules/pam_ssh/pam_ssh.c:1.18 src/lib/libpam/modules/pam_ssh/pam_ssh.c:1.19
--- src/lib/libpam/modules/pam_ssh/pam_ssh.c:1.18 Fri Dec 16 17:30:12 2011
+++ src/lib/libpam/modules/pam_ssh/pam_ssh.c Fri Dec 16 17:35:09 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: pam_ssh.c,v 1.18 2011/12/16 17:30:12 drochner Exp $ */
+/* $NetBSD: pam_ssh.c,v 1.19 2011/12/16 17:35:09 drochner Exp $ */
/*-
* Copyright (c) 2003 Networks Associates Technology, Inc.
@@ -38,7 +38,7 @@
#ifdef __FreeBSD__
__FBSDID("$FreeBSD: src/lib/libpam/modules/pam_ssh/pam_ssh.c,v 1.40 2004/02/10 10:13:21 des Exp $");
#else
-__RCSID("$NetBSD: pam_ssh.c,v 1.18 2011/12/16 17:30:12 drochner Exp $");
+__RCSID("$NetBSD: pam_ssh.c,v 1.19 2011/12/16 17:35:09 drochner Exp $");
#endif
#include <sys/param.h>
@@ -97,7 +97,8 @@ static const char *const pam_ssh_agent_e
* struct pam_ssh_key containing the key and its comment.
*/
static struct pam_ssh_key *
-pam_ssh_load_key(const char *dir, const char *kfn, const char *passphrase)
+pam_ssh_load_key(const char *dir, const char *kfn, const char *passphrase,
+ int nullok)
{
struct pam_ssh_key *psk;
char fn[PATH_MAX];
@@ -107,7 +108,22 @@ pam_ssh_load_key(const char *dir, const
if (snprintf(fn, sizeof(fn), "%s/%s", dir, kfn) > (int)sizeof(fn))
return (NULL);
comment = NULL;
- key = key_load_private(fn, passphrase, &comment);
+ /*
+ * If the key is unencrypted, OpenSSL ignores the passphrase, so
+ * it will seem like the user typed in the right one. This allows
+ * a user to circumvent nullok by providing a dummy passphrase.
+ * Verify that the key really *is* encrypted by trying to load it
+ * with an empty passphrase, and if the key is not encrypted,
+ * accept only an empty passphrase.
+ */
+ key = key_load_private(fn, "", &comment);
+ if (key != NULL && !(*passphrase == '\0' && nullok)) {
+ key_free(key);
+ free(comment);
+ return (NULL);
+ }
+ if (key == NULL)
+ key = key_load_private(fn, passphrase, &comment);
if (key == NULL) {
openpam_log(PAM_LOG_DEBUG, "failed to load key from %s", fn);
if (comment != NULL)
@@ -149,9 +165,11 @@ pam_sm_authenticate(pam_handle_t *pamh,
const void *item;
struct passwd *pwd, pwres;
struct pam_ssh_key *psk;
- int nkeys, pam_err, pass;
+ int nkeys, nullok, pam_err, pass;
char pwbuf[1024];
+ nullok = (openpam_get_option(pamh, "nullok") != NULL);
+
/* PEM is not loaded by default */
OpenSSL_add_all_algorithms();
@@ -170,6 +188,7 @@ pam_sm_authenticate(pam_handle_t *pamh,
if (pam_err != PAM_SUCCESS)
return (pam_err);
+ nkeys = 0;
pass = (pam_get_item(pamh, PAM_AUTHTOK, &item) == PAM_SUCCESS &&
item != NULL);
load_keys:
@@ -182,9 +201,8 @@ pam_sm_authenticate(pam_handle_t *pamh,
}
/* try to load keys from all keyfiles we know of */
- nkeys = 0;
for (kfn = pam_ssh_keyfiles; *kfn != NULL; ++kfn) {
- psk = pam_ssh_load_key(pwd->pw_dir, *kfn, passphrase);
+ psk = pam_ssh_load_key(pwd->pw_dir, *kfn, passphrase, nullok);
if (psk != NULL) {
pam_set_data(pamh, *kfn, psk, pam_ssh_free_key);
++nkeys;
