diff options
author | Erlang/OTP <[email protected]> | 2014-10-23 10:53:04 +0200 |
---|---|---|
committer | Erlang/OTP <[email protected]> | 2014-10-23 10:53:04 +0200 |
commit | c530f3d4f851ab3844b67e4ccfbe724910bed4bd (patch) | |
tree | 64cabc24e1492c4efe434f7ef120561bc630dac4 /lib/ssh/src/ssh_auth.erl | |
parent | 5d49d05c3604f764736b10cfb287818d4b41efda (diff) | |
parent | b7f24722a7346ae48b2d8d7a29dea9d381e669b7 (diff) | |
download | otp-c530f3d4f851ab3844b67e4ccfbe724910bed4bd.tar.gz otp-c530f3d4f851ab3844b67e4ccfbe724910bed4bd.tar.bz2 otp-c530f3d4f851ab3844b67e4ccfbe724910bed4bd.zip |
Merge branch 'hans/ssh/scanning/OTP-12247' into maint-17
* hans/ssh/scanning/OTP-12247:
ssh: fix ssh.appup.src.
ssh: Corrected appup
ssh: fix .app and .appup errors
ssh: remove supervisors for crashed connection worker
ssh: Print supervisor tree (on demand).
ssh: prepare for release
ssh: avoid terminated but not deleted children to be counted.
ssh: simple info function (ssh_info:print/0).
ssh: Gracefully handle bad handshake messages
ssh: reduce amount of printouts
ssh: Fix port scanner problems
Diffstat (limited to 'lib/ssh/src/ssh_auth.erl')
-rw-r--r-- | lib/ssh/src/ssh_auth.erl | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/lib/ssh/src/ssh_auth.erl b/lib/ssh/src/ssh_auth.erl index b4d406ba8d..45c4d52d7e 100644 --- a/lib/ssh/src/ssh_auth.erl +++ b/lib/ssh/src/ssh_auth.erl @@ -184,9 +184,8 @@ handle_userauth_request(#ssh_msg_service_request{name = handle_userauth_request(#ssh_msg_userauth_request{user = User, service = "ssh-connection", method = "password", - data = Data}, _, + data = <<?FALSE, ?UINT32(Sz), BinPwd:Sz/binary>>}, _, #ssh{opts = Opts} = Ssh) -> - <<_:8, ?UINT32(Sz), BinPwd:Sz/binary>> = Data, Password = unicode:characters_to_list(BinPwd), case check_password(User, Password, Opts) of true -> @@ -201,6 +200,27 @@ handle_userauth_request(#ssh_msg_userauth_request{user = User, handle_userauth_request(#ssh_msg_userauth_request{user = User, service = "ssh-connection", + method = "password", + data = <<?TRUE, + _/binary + %% ?UINT32(Sz1), OldBinPwd:Sz1/binary, + %% ?UINT32(Sz2), NewBinPwd:Sz2/binary + >> + }, _, + Ssh) -> + %% Password change without us having sent SSH_MSG_USERAUTH_PASSWD_CHANGEREQ (because we never do) + %% RFC 4252 says: + %% SSH_MSG_USERAUTH_FAILURE without partial success - The password + %% has not been changed. Either password changing was not supported, + %% or the old password was bad. + + {not_authorized, {User, {error,"Password change not supported"}}, + ssh_transport:ssh_packet(#ssh_msg_userauth_failure{ + authentications = "", + partial_success = false}, Ssh)}; + +handle_userauth_request(#ssh_msg_userauth_request{user = User, + service = "ssh-connection", method = "none"}, _, #ssh{userauth_supported_methods = Methods} = Ssh) -> {not_authorized, {User, undefined}, |