2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * Created: Sat Mar 18 05:11:38 1995 ylo
6 * Password authentication. This file contains the functions to check whether
7 * the password is valid for the user.
25 #ifdef HAVE_MD5_PASSWORDS
30 * Tries to authenticate the user using password. Returns true if
31 * authentication succeeds.
34 auth_password(struct passwd * pw, const char *password)
36 extern ServerOptions options;
37 char *encrypted_password;
42 if (pw->pw_uid == 0 && options.permit_root_login == 2)
44 if (*password == '\0' && options.permit_empty_passwd == 0)
46 /* deny if no user. */
51 if (options.skey_authentication == 1) {
52 int ret = auth_skey_password(pw, password);
53 if (ret == 1 || ret == 0)
55 /* Fall back to ordinary passwd authentication. */
59 if (options.kerberos_authentication == 1) {
60 int ret = auth_krb4_password(pw, password);
61 if (ret == 1 || ret == 0)
63 /* Fall back to ordinary passwd authentication. */
67 /* Check for users with no password. */
68 if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0)
71 #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
72 spw = getspnam(pw->pw_name);
76 if ((spw->sp_namp == NULL) || (strcmp(pw->pw_name, spw->sp_namp) != 0))
77 fatal("Shadow lookup returned garbage.");
79 /* Check for users with no password. */
80 if (strcmp(password, "") == 0 && strcmp(spw->sp_pwdp, "") == 0)
83 if (strlen(spw->sp_pwdp) < 3)
86 /* Encrypt the candidate password using the proper salt. */
87 #ifdef HAVE_MD5_PASSWORDS
88 if (is_md5_salt(spw->sp_pwdp))
89 encrypted_password = md5_crypt(password, spw->sp_pwdp);
91 encrypted_password = crypt(password, spw->sp_pwdp);
92 #else /* HAVE_MD5_PASSWORDS */
93 encrypted_password = crypt(password, spw->sp_pwdp);
94 #endif /* HAVE_MD5_PASSWORDS */
95 /* Authentication is accepted if the encrypted passwords are identical. */
96 return (strcmp(encrypted_password, spw->sp_pwdp) == 0);
97 #else /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
99 if (strlen(pw->pw_passwd) < 3)
102 #ifdef HAVE_MD5_PASSWORDS
103 if (is_md5_salt(pw->pw_passwd))
104 encrypted_password = md5_crypt(password, pw->pw_passwd);
106 encrypted_password = crypt(password, pw->pw_passwd);
107 #else /* HAVE_MD5_PASSWORDS */
108 encrypted_password = crypt(password, pw->pw_passwd);
109 #endif /* HAVE_MD5_PASSWORDS */
111 /* Authentication is accepted if the encrypted passwords are identical. */
112 return (strcmp(encrypted_password, pw->pw_passwd) == 0);
113 #endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
115 #endif /* !HAVE_PAM */