auth-passwd.c

   1 /*
   2  * Author: Tatu Ylonen <ylo@cs.hut.fi>
   3  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
   4  *                    All rights reserved
   5  * Created: Sat Mar 18 05:11:38 1995 ylo
   6  * Password authentication.  This file contains the functions to check whether
   7  * the password is valid for the user.
   8  */
   9
  10 #include "includes.h"
  11
  12 #ifndef USE_PAM
  13
  14 RCSID("$Id$");
  15
  16 #include "packet.h"
  17 #include "ssh.h"
  18 #include "servconf.h"
  19 #include "xmalloc.h"
  20
  21 #ifdef WITH_AIXAUTHENTICATE
  22 #include <login.h>
  23 #endif
  24
  25 #ifdef HAVE_SHADOW_H
  26 # include <shadow.h>
  27 #endif
  28 #if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)
  29 # include "md5crypt.h"
  30 #endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */
  31
  32 /*
  33  * Tries to authenticate the user using password.  Returns true if
  34  * authentication succeeds.
  35  */
  36 int
  37 auth_password(struct passwd * pw, const char *password)
  38 {
  39         extern ServerOptions options;
  40         char *encrypted_password;
  41         char *pw_password;
  42         char *salt;
  43 #ifdef HAVE_SHADOW_H
  44         struct spwd *spw;
  45 #endif
  46 #ifdef WITH_AIXAUTHENTICATE
  47         char *authmsg;
  48         char *loginmsg;
  49         int reenter = 1;
  50 #endif
  51
  52         /* deny if no user. */
  53         if (pw == NULL)
  54                 return 0;
  55         if (pw->pw_uid == 0 && options.permit_root_login == 2)
  56                 return 0;
  57         if (*password == '\0' && options.permit_empty_passwd == 0)
  58                 return 0;
  59
  60 #ifdef SKEY
  61         if (options.skey_authentication == 1) {
  62                 int ret = auth_skey_password(pw, password);
  63                 if (ret == 1 || ret == 0)
  64                         return ret;
  65                 /* Fall back to ordinary passwd authentication. */
  66         }
  67 #endif
  68
  69 #ifdef WITH_AIXAUTHENTICATE
  70         return (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0);
  71 #endif
  72
  73 #ifdef KRB4
  74         if (options.kerberos_authentication == 1) {
  75                 int ret = auth_krb4_password(pw, password);
  76                 if (ret == 1 || ret == 0)
  77                         return ret;
  78                 /* Fall back to ordinary passwd authentication. */
  79         }
  80 #endif
  81
  82         /* Check for users with no password. */
  83         if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0)
  84                 return 1;
  85
  86         pw_password = pw->pw_passwd;
  87
  88 #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
  89         spw = getspnam(pw->pw_name);
  90         if (spw != NULL)
  91         {
  92                 /* Check for users with no password. */
  93                 if (strcmp(password, "") == 0 && strcmp(spw->sp_pwdp, "") == 0)
  94                         return 1;
  95
  96                 pw_password = spw->sp_pwdp;
  97         }
  98 #endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
  99
 100         if (pw_password[0] != '\0')
 101                 salt = pw_password;
 102         else
 103                 salt = "xx";
 104
 105 #ifdef HAVE_MD5_PASSWORDS
 106         if (is_md5_salt(salt))
 107                 encrypted_password = md5_crypt(password, salt);
 108         else
 109                 encrypted_password = crypt(password, salt);
 110 #else /* HAVE_MD5_PASSWORDS */
 111         encrypted_password = crypt(password, salt);
 112 #endif /* HAVE_MD5_PASSWORDS */
 113
 114         /* Authentication is accepted if the encrypted passwords are identical. */
 115         return (strcmp(encrypted_password, pw_password) == 0);
 116 }
 117 #endif /* !USE_PAM */