2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * Created: Sat Mar 18 05:11:38 1995 ylo
6 * Password authentication. This file contains the functions to check whether
7 * the password is valid for the user.
21 #ifdef WITH_AIXAUTHENTICATE
28 #if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)
29 # include "md5crypt.h"
30 #endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */
33 * Tries to authenticate the user using password. Returns true if
34 * authentication succeeds.
37 auth_password(struct passwd * pw, const char *password)
39 extern ServerOptions options;
40 char *encrypted_password;
46 #ifdef WITH_AIXAUTHENTICATE
52 /* deny if no user. */
55 if (pw->pw_uid == 0 && options.permit_root_login == 2)
57 if (*password == '\0' && options.permit_empty_passwd == 0)
61 if (options.skey_authentication == 1) {
62 int ret = auth_skey_password(pw, password);
63 if (ret == 1 || ret == 0)
65 /* Fall back to ordinary passwd authentication. */
69 #ifdef WITH_AIXAUTHENTICATE
70 return (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0);
74 if (options.kerberos_authentication == 1) {
75 int ret = auth_krb4_password(pw, password);
76 if (ret == 1 || ret == 0)
78 /* Fall back to ordinary passwd authentication. */
82 /* Check for users with no password. */
83 if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0)
86 pw_password = pw->pw_passwd;
88 #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
89 spw = getspnam(pw->pw_name);
92 /* Check for users with no password. */
93 if (strcmp(password, "") == 0 && strcmp(spw->sp_pwdp, "") == 0)
96 pw_password = spw->sp_pwdp;
98 #endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
100 if (pw_password[0] != '\0')
105 #ifdef HAVE_MD5_PASSWORDS
106 if (is_md5_salt(salt))
107 encrypted_password = md5_crypt(password, salt);
109 encrypted_password = crypt(password, salt);
110 #else /* HAVE_MD5_PASSWORDS */
111 encrypted_password = crypt(password, salt);
112 #endif /* HAVE_MD5_PASSWORDS */
114 /* Authentication is accepted if the encrypted passwords are identical. */
115 return (strcmp(encrypted_password, pw_password) == 0);
117 #endif /* !USE_PAM */