- Prevent typedefs from being compiled more than once. Report from

[openssh.git] / auth-passwd.c

diff --git a/auth-passwd.c b/auth-passwd.c
index 913e4012330583900eec84237f79c86ce33213fa..2ac86242c65b3062a1f30b3a7b49a2359d722ff0 100644 (file)
--- a/auth-passwd.c
+++ b/auth-passwd.c
@@ -9,7 +9,7 @@
 
 #include "includes.h"
 
-#ifndef HAVE_PAM
+#ifndef USE_PAM
 
 RCSID("$Id$");
 
@@ -19,12 +19,14 @@ RCSID("$Id$");
 #include "xmalloc.h"
 
 #ifdef HAVE_SHADOW_H
-#include <shadow.h>
-#endif
-
-#ifdef HAVE_MD5_PASSWORDS
-#include "md5crypt.h"
+# include <shadow.h>
 #endif
+#if defined(HAVE_CRYPT_H) && !defined(CRYPT_H_BREAKS_BUILD)
+# include <crypt.h>
+#endif /* defined(HAVE_CRYPT_H) && !defined(CRYPT_H_BREAKS_BUILD) */
+#if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)
+# include "md5crypt.h"
+#endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */
 
 /*
  * Tries to authenticate the user using password.  Returns true if
@@ -35,17 +37,19 @@ auth_password(struct passwd * pw, const char *password)
 {
        extern ServerOptions options;
        char *encrypted_password;
+       char *pw_password;
+       char *salt;
 #ifdef HAVE_SHADOW_H
        struct spwd *spw;
 #endif
 
+       /* deny if no user. */
+       if (pw == NULL)
+               return 0;
        if (pw->pw_uid == 0 && options.permit_root_login == 2)
                return 0;
        if (*password == '\0' && options.permit_empty_passwd == 0)
                return 0;
-       /* deny if no user. */
-       if (pw == NULL)
-               return 0;
 
 #ifdef SKEY
        if (options.skey_authentication == 1) {
@@ -68,38 +72,35 @@ auth_password(struct passwd * pw, const char *password)
        if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0)
                return 1;
 
-#ifdef HAVE_SHADOW_H
-       spw = getspnam(pw->pw_name);
-       if (spw == NULL)
-               return(0);
+       pw_password = pw->pw_passwd;
 
-       if ((spw->sp_namp == NULL) || (strcmp(pw->pw_name, spw->sp_namp) != 0))
-               fatal("Shadow lookup returned garbage.");
+#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
+       spw = getspnam(pw->pw_name);
+       if (spw != NULL) 
+       {
+               /* Check for users with no password. */
+               if (strcmp(password, "") == 0 && strcmp(spw->sp_pwdp, "") == 0)
+                       return 1;
 
-       /* Check for users with no password. */
-       if (strcmp(password, "") == 0 && strcmp(spw->sp_pwdp, "") == 0)
-               return 1;
+               pw_password = spw->sp_pwdp;
+       }
+#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
 
-       if (strlen(spw->sp_pwdp) < 3)
-               return(0);
+       if (pw_password[0] != '\0')
+               salt = pw_password;
+       else
+               salt = "xx";
 
-       /* Encrypt the candidate password using the proper salt. */
 #ifdef HAVE_MD5_PASSWORDS
-       if (is_md5_salt(spw->sp_pwdp))
-               encrypted_password = md5_crypt(password, spw->sp_pwdp);
+       if (is_md5_salt(salt))
+               encrypted_password = md5_crypt(password, salt);
        else
-               encrypted_password = crypt(password, spw->sp_pwdp);
+               encrypted_password = crypt(password, salt);
 #else /* HAVE_MD5_PASSWORDS */    
-       encrypted_password = crypt(password, spw->sp_pwdp);
+       encrypted_password = crypt(password, salt);
 #endif /* HAVE_MD5_PASSWORDS */    
-       /* Authentication is accepted if the encrypted passwords are identical. */
-       return (strcmp(encrypted_password, spw->sp_pwdp) == 0);
-#else /* !HAVE_SHADOW_H */
-       encrypted_password = crypt(password,
-           (pw->pw_passwd[0] && pw->pw_passwd[1]) ? pw->pw_passwd : "xx");
 
        /* Authentication is accepted if the encrypted passwords are identical. */
-       return (strcmp(encrypted_password, pw->pw_passwd) == 0);
-#endif /* !HAVE_SHADOW_H */
+       return (strcmp(encrypted_password, pw_password) == 0);
 }
-#endif /* !HAVE_PAM */
+#endif /* !USE_PAM */