2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * Created: Sat Mar 18 05:11:38 1995 ylo
6 * Password authentication. This file contains the functions to check whether
7 * the password is valid for the user.
25 #ifdef HAVE_MD5_PASSWORDS
30 * Tries to authenticate the user using password. Returns true if
31 * authentication succeeds.
34 auth_password(struct passwd * pw, const char *password)
36 extern ServerOptions options;
37 char *encrypted_password;
44 if (pw->pw_uid == 0 && options.permit_root_login == 2)
46 if (*password == '\0' && options.permit_empty_passwd == 0)
48 /* deny if no user. */
53 if (options.skey_authentication == 1) {
54 int ret = auth_skey_password(pw, password);
55 if (ret == 1 || ret == 0)
57 /* Fall back to ordinary passwd authentication. */
61 if (options.kerberos_authentication == 1) {
62 int ret = auth_krb4_password(pw, password);
63 if (ret == 1 || ret == 0)
65 /* Fall back to ordinary passwd authentication. */
69 /* Check for users with no password. */
70 if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0)
73 pw_password = pw->pw_passwd;
75 #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
76 spw = getspnam(pw->pw_name);
80 /* Check for users with no password. */
81 if (strcmp(password, "") == 0 && strcmp(spw->sp_pwdp, "") == 0)
84 pw_password = spw->sp_pwdp;
85 #endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
87 if (pw_password[0] != '\0')
92 #ifdef HAVE_MD5_PASSWORDS
93 if (is_md5_salt(salt))
94 encrypted_password = md5_crypt(password, salt);
96 encrypted_password = crypt(password, salt);
97 #else /* HAVE_MD5_PASSWORDS */
98 encrypted_password = crypt(password, salt);
99 #endif /* HAVE_MD5_PASSWORDS */
101 /* Authentication is accepted if the encrypted passwords are identical. */
102 return (strcmp(encrypted_password, pw_password) == 0);
104 #endif /* !HAVE_LIBPAM */