2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * Created: Sat Mar 18 05:11:38 1995 ylo
6 * Password authentication. This file contains the functions to check whether
7 * the password is valid for the user.
24 #if defined(HAVE_CRYPT_H) && !defined(CRYPT_H_BREAKS_BUILD)
26 #endif /* defined(HAVE_CRYPT_H) && !defined(CRYPT_H_BREAKS_BUILD) */
27 #if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)
28 # include "md5crypt.h"
29 #endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */
32 * Tries to authenticate the user using password. Returns true if
33 * authentication succeeds.
36 auth_password(struct passwd * pw, const char *password)
38 extern ServerOptions options;
39 char *encrypted_password;
46 /* deny if no user. */
49 if (pw->pw_uid == 0 && options.permit_root_login == 2)
51 if (*password == '\0' && options.permit_empty_passwd == 0)
55 if (options.skey_authentication == 1) {
56 int ret = auth_skey_password(pw, password);
57 if (ret == 1 || ret == 0)
59 /* Fall back to ordinary passwd authentication. */
63 if (options.kerberos_authentication == 1) {
64 int ret = auth_krb4_password(pw, password);
65 if (ret == 1 || ret == 0)
67 /* Fall back to ordinary passwd authentication. */
71 /* Check for users with no password. */
72 if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0)
75 pw_password = pw->pw_passwd;
77 #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
78 spw = getspnam(pw->pw_name);
81 /* Check for users with no password. */
82 if (strcmp(password, "") == 0 && strcmp(spw->sp_pwdp, "") == 0)
85 pw_password = spw->sp_pwdp;
87 #endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
89 if (pw_password[0] != '\0')
94 #ifdef HAVE_MD5_PASSWORDS
95 if (is_md5_salt(salt))
96 encrypted_password = md5_crypt(password, salt);
98 encrypted_password = crypt(password, salt);
99 #else /* HAVE_MD5_PASSWORDS */
100 encrypted_password = crypt(password, salt);
101 #endif /* HAVE_MD5_PASSWORDS */
103 /* Authentication is accepted if the encrypted passwords are identical. */
104 return (strcmp(encrypted_password, pw_password) == 0);
106 #endif /* !USE_PAM */