X-Git-Url: http://andersk.mit.edu/gitweb/gssapi-openssh.git/blobdiff_plain/6a9b319871ee85eeada2a0511e9436d0bfa6aab8..196fbaad2b9568f127b7070b562f40ba71078d71:/openssh/auth-passwd.c diff --git a/openssh/auth-passwd.c b/openssh/auth-passwd.c index 9901d48..988297c 100644 --- a/openssh/auth-passwd.c +++ b/openssh/auth-passwd.c @@ -36,54 +36,52 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-passwd.c,v 1.27 2002/05/24 16:45:16 stevesk Exp $"); +RCSID("$OpenBSD: auth-passwd.c,v 1.23 2001/06/26 16:15:23 dugsong Exp $"); + +#if !defined(USE_PAM) && !defined(HAVE_OSF_SIA) #include "packet.h" +#include "xmalloc.h" #include "log.h" #include "servconf.h" #include "auth.h" -#if !defined(USE_PAM) && !defined(HAVE_OSF_SIA) -/* Don't need any of these headers for the PAM or SIA cases */ -# ifdef HAVE_CRYPT_H -# include -# endif -# ifdef WITH_AIXAUTHENTICATE -# include -# endif -# ifdef __hpux -# include -# include -# endif -# ifdef HAVE_SECUREWARE -# include -# include -# include -# endif /* HAVE_SECUREWARE */ -# if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) -# include -# endif -# if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) -# include -# include -# include -# endif -# if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) -# include "md5crypt.h" -# endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */ - -# ifdef HAVE_CYGWIN -# undef ERROR -# include -# include -# define is_winnt (GetVersion() < 0x80000000) -# endif -#endif /* !USE_PAM && !HAVE_OSF_SIA */ - -extern ServerOptions options; +#ifdef HAVE_CRYPT_H +# include +#endif #ifdef WITH_AIXAUTHENTICATE -extern char *aixloginmsg; +# include +#endif +#ifdef __hpux +# include +# include +#endif +#ifdef HAVE_SCO_PROTECTED_PW +# include +# include +# include +#endif /* HAVE_SCO_PROTECTED_PW */ +#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) +# include #endif +#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) +# include +# include +# include +#endif +#if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) +# include "md5crypt.h" +#endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */ + +#ifdef HAVE_CYGWIN +#undef ERROR +#include +#include +#define is_winnt (GetVersion() < 0x80000000) +#endif + + +extern ServerOptions options; /* * Tries to authenticate the user using password. Returns true if @@ -93,25 +91,26 @@ int auth_password(Authctxt *authctxt, const char *password) { struct passwd * pw = authctxt->pw; -#if !defined(USE_PAM) && !defined(HAVE_OSF_SIA) char *encrypted_password; char *pw_password; char *salt; -# if defined(__hpux) || defined(HAVE_SECUREWARE) +#ifdef __hpux + struct pr_passwd *spw; +#endif +#ifdef HAVE_SCO_PROTECTED_PW struct pr_passwd *spw; -# endif /* __hpux || HAVE_SECUREWARE */ -# if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) +#endif /* HAVE_SCO_PROTECTED_PW */ +#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) struct spwd *spw; -# endif -# if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) +#endif +#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) struct passwd_adjunct *spw; -# endif -# ifdef WITH_AIXAUTHENTICATE +#endif +#ifdef WITH_AIXAUTHENTICATE char *authmsg; - int authsuccess; + char *loginmsg; int reenter = 1; -# endif -#endif /* !defined(USE_PAM) && !defined(HAVE_OSF_SIA) */ +#endif /* deny if no user. */ if (pw == NULL) @@ -119,24 +118,25 @@ auth_password(Authctxt *authctxt, const char *password) #ifndef HAVE_CYGWIN if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) return 0; +#endif +#ifdef HAVE_CYGWIN + /* + * Empty password is only possible on NT if the user has _really_ + * an empty password and authentication is done, though. + */ + if (!is_winnt) #endif if (*password == '\0' && options.permit_empty_passwd == 0) return 0; - -#if defined(USE_PAM) - return auth_pam_password(authctxt, password); -#elif defined(HAVE_OSF_SIA) - return auth_sia_password(authctxt, password); -#else -# ifdef KRB5 +#ifdef KRB5 if (options.kerberos_authentication == 1) { int ret = auth_krb5_password(authctxt, password); if (ret == 1 || ret == 0) return ret; /* Fall back to ordinary passwd authentication. */ } -# endif -# ifdef HAVE_CYGWIN +#endif +#ifdef HAVE_CYGWIN if (is_winnt) { HANDLE hToken = cygwin_logon_user(pw, password); @@ -145,59 +145,51 @@ auth_password(Authctxt *authctxt, const char *password) cygwin_set_impersonation_token(hToken); return 1; } -# endif -# ifdef WITH_AIXAUTHENTICATE - authsuccess = (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0); - - if (authsuccess) - /* We don't have a pty yet, so just label the line as "ssh" */ - if (loginsuccess(authctxt->user, - get_canonical_hostname(options.verify_reverse_mapping), - "ssh", &aixloginmsg) < 0) - aixloginmsg = NULL; - - return(authsuccess); -# endif -# ifdef KRB4 +#endif +#ifdef WITH_AIXAUTHENTICATE + return (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0); +#endif +#ifdef KRB4 if (options.kerberos_authentication == 1) { int ret = auth_krb4_password(authctxt, password); if (ret == 1 || ret == 0) return ret; /* Fall back to ordinary passwd authentication. */ } -# endif -# ifdef BSD_AUTH +#endif +#ifdef BSD_AUTH if (auth_userokay(pw->pw_name, authctxt->style, "auth-ssh", (char *)password) == 0) return 0; else return 1; -# endif +#endif pw_password = pw->pw_passwd; /* * Various interfaces to shadow or protected password data */ -# if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) +#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) spw = getspnam(pw->pw_name); if (spw != NULL) pw_password = spw->sp_pwdp; -# endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */ +#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */ + +#ifdef HAVE_SCO_PROTECTED_PW + spw = getprpwnam(pw->pw_name); + if (spw != NULL) + pw_password = spw->ufld.fd_encrypt; +#endif /* HAVE_SCO_PROTECTED_PW */ -# if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) +#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL) pw_password = spw->pwa_passwd; -# endif /* defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) */ +#endif /* defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) */ -# ifdef HAVE_SECUREWARE - if ((spw = getprpwnam(pw->pw_name)) != NULL) - pw_password = spw->ufld.fd_encrypt; -# endif /* HAVE_SECUREWARE */ - -# if defined(__hpux) && !defined(HAVE_SECUREWARE) +#if defined(__hpux) if (iscomsec() && (spw = getprpwnam(pw->pw_name)) != NULL) pw_password = spw->ufld.fd_encrypt; -# endif /* defined(__hpux) && !defined(HAVE_SECUREWARE) */ +#endif /* defined(__hpux) */ /* Check for users with no password. */ if ((password[0] == '\0') && (pw_password[0] == '\0')) @@ -208,27 +200,23 @@ auth_password(Authctxt *authctxt, const char *password) else salt = "xx"; -# ifdef HAVE_MD5_PASSWORDS +#ifdef HAVE_MD5_PASSWORDS if (is_md5_salt(salt)) encrypted_password = md5_crypt(password, salt); else encrypted_password = crypt(password, salt); -# else /* HAVE_MD5_PASSWORDS */ -# if defined(__hpux) && !defined(HAVE_SECUREWARE) +#else /* HAVE_MD5_PASSWORDS */ +# ifdef __hpux if (iscomsec()) encrypted_password = bigcrypt(password, salt); else encrypted_password = crypt(password, salt); -# else -# ifdef HAVE_SECUREWARE - encrypted_password = bigcrypt(password, salt); -# else +# else encrypted_password = crypt(password, salt); -# endif /* HAVE_SECUREWARE */ -# endif /* __hpux && !defined(HAVE_SECUREWARE) */ -# endif /* HAVE_MD5_PASSWORDS */ +# endif /* __hpux */ +#endif /* HAVE_MD5_PASSWORDS */ /* Authentication is accepted if the encrypted passwords are identical. */ return (strcmp(encrypted_password, pw_password) == 0); -#endif /* !USE_PAM && !HAVE_OSF_SIA */ } +#endif /* !USE_PAM && !HAVE_OSF_SIA */