aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssh/src/ssh_auth.erl
diff options
context:
space:
mode:
authorErlang/OTP <[email protected]>2014-10-23 10:53:04 +0200
committerErlang/OTP <[email protected]>2014-10-23 10:53:04 +0200
commitc530f3d4f851ab3844b67e4ccfbe724910bed4bd (patch)
tree64cabc24e1492c4efe434f7ef120561bc630dac4 /lib/ssh/src/ssh_auth.erl
parent5d49d05c3604f764736b10cfb287818d4b41efda (diff)
parentb7f24722a7346ae48b2d8d7a29dea9d381e669b7 (diff)
downloadotp-c530f3d4f851ab3844b67e4ccfbe724910bed4bd.tar.gz
otp-c530f3d4f851ab3844b67e4ccfbe724910bed4bd.tar.bz2
otp-c530f3d4f851ab3844b67e4ccfbe724910bed4bd.zip
Merge branch 'hans/ssh/scanning/OTP-12247' into maint-17
* hans/ssh/scanning/OTP-12247: ssh: fix ssh.appup.src. ssh: Corrected appup ssh: fix .app and .appup errors ssh: remove supervisors for crashed connection worker ssh: Print supervisor tree (on demand). ssh: prepare for release ssh: avoid terminated but not deleted children to be counted. ssh: simple info function (ssh_info:print/0). ssh: Gracefully handle bad handshake messages ssh: reduce amount of printouts ssh: Fix port scanner problems
Diffstat (limited to 'lib/ssh/src/ssh_auth.erl')
-rw-r--r--lib/ssh/src/ssh_auth.erl24
1 files changed, 22 insertions, 2 deletions
diff --git a/lib/ssh/src/ssh_auth.erl b/lib/ssh/src/ssh_auth.erl
index b4d406ba8d..45c4d52d7e 100644
--- a/lib/ssh/src/ssh_auth.erl
+++ b/lib/ssh/src/ssh_auth.erl
@@ -184,9 +184,8 @@ handle_userauth_request(#ssh_msg_service_request{name =
handle_userauth_request(#ssh_msg_userauth_request{user = User,
service = "ssh-connection",
method = "password",
- data = Data}, _,
+ data = <<?FALSE, ?UINT32(Sz), BinPwd:Sz/binary>>}, _,
#ssh{opts = Opts} = Ssh) ->
- <<_:8, ?UINT32(Sz), BinPwd:Sz/binary>> = Data,
Password = unicode:characters_to_list(BinPwd),
case check_password(User, Password, Opts) of
true ->
@@ -201,6 +200,27 @@ handle_userauth_request(#ssh_msg_userauth_request{user = User,
handle_userauth_request(#ssh_msg_userauth_request{user = User,
service = "ssh-connection",
+ method = "password",
+ data = <<?TRUE,
+ _/binary
+ %% ?UINT32(Sz1), OldBinPwd:Sz1/binary,
+ %% ?UINT32(Sz2), NewBinPwd:Sz2/binary
+ >>
+ }, _,
+ Ssh) ->
+ %% Password change without us having sent SSH_MSG_USERAUTH_PASSWD_CHANGEREQ (because we never do)
+ %% RFC 4252 says:
+ %% SSH_MSG_USERAUTH_FAILURE without partial success - The password
+ %% has not been changed. Either password changing was not supported,
+ %% or the old password was bad.
+
+ {not_authorized, {User, {error,"Password change not supported"}},
+ ssh_transport:ssh_packet(#ssh_msg_userauth_failure{
+ authentications = "",
+ partial_success = false}, Ssh)};
+
+handle_userauth_request(#ssh_msg_userauth_request{user = User,
+ service = "ssh-connection",
method = "none"}, _,
#ssh{userauth_supported_methods = Methods} = Ssh) ->
{not_authorized, {User, undefined},