auth1.c auth2.c] PAM, OSF_SIA password auth cleanup; from djm.
+20020404
+ - (stevesk) [auth-pam.c auth-pam.h auth-passwd.c auth-sia.c auth-sia.h
+ auth1.c auth2.c] PAM, OSF_SIA password auth cleanup; from djm.
+
20020402
- (bal) Hand Sync of scp.c (reverted to upstream code)
- deraadt@cvs.openbsd.org 2002/03/30 17:45:46
#include "ssh.h"
#include "xmalloc.h"
#include "log.h"
+#include "auth.h"
#include "auth-pam.h"
#include "servconf.h"
#include "canohost.h"
}
/* Attempt password authentation using PAM */
-int auth_pam_password(struct passwd *pw, const char *password)
+int auth_pam_password(Authctxt *authctxt, const char *password)
{
extern ServerOptions options;
int pam_retval;
+ struct passwd *pw = authctxt->pw;
do_pam_set_conv(&conv);
void start_pam(const char *user);
void finish_pam(void);
-int auth_pam_password(struct passwd *pw, const char *password);
+int auth_pam_password(Authctxt *authctxt, const char *password);
char **fetch_pam_environment(void);
int do_pam_authenticate(int flags);
int do_pam_account(char *username, char *remote_user);
#include "includes.h"
RCSID("$OpenBSD: auth-passwd.c,v 1.24 2002/03/04 12:43:06 markus Exp $");
-#if !defined(USE_PAM) && !defined(HAVE_OSF_SIA)
-
#include "packet.h"
#include "log.h"
#include "servconf.h"
#include "auth.h"
-#ifdef HAVE_CRYPT_H
-# include <crypt.h>
-#endif
-#ifdef WITH_AIXAUTHENTICATE
-# include <login.h>
-#endif
-#ifdef __hpux
-# include <hpsecurity.h>
-# include <prot.h>
-#endif
-#ifdef HAVE_SCO_PROTECTED_PW
-# include <sys/security.h>
-# include <sys/audit.h>
-# include <prot.h>
-#endif /* HAVE_SCO_PROTECTED_PW */
-#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
-# include <shadow.h>
-#endif
-#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
-# include <sys/label.h>
-# include <sys/audit.h>
-# include <pwdadj.h>
-#endif
-#if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)
-# include "md5crypt.h"
-#endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */
-
-#ifdef HAVE_CYGWIN
-#undef ERROR
-#include <windows.h>
-#include <sys/cygwin.h>
-#define is_winnt (GetVersion() < 0x80000000)
-#endif
-
+#if !defined(USE_PAM) && !defined(HAVE_OSF_SIA)
+/* Don't need any of these headers for the PAM or SIA cases */
+# ifdef HAVE_CRYPT_H
+# include <crypt.h>
+# endif
+# ifdef WITH_AIXAUTHENTICATE
+# include <login.h>
+# endif
+# ifdef __hpux
+# include <hpsecurity.h>
+# include <prot.h>
+# endif
+# ifdef HAVE_SCO_PROTECTED_PW
+# include <sys/security.h>
+# include <sys/audit.h>
+# include <prot.h>
+# endif /* HAVE_SCO_PROTECTED_PW */
+# if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
+# include <shadow.h>
+# endif
+# if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
+# include <sys/label.h>
+# include <sys/audit.h>
+# include <pwdadj.h>
+# endif
+# if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)
+# include "md5crypt.h"
+# endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */
+
+# ifdef HAVE_CYGWIN
+# undef ERROR
+# include <windows.h>
+# include <sys/cygwin.h>
+# define is_winnt (GetVersion() < 0x80000000)
+# endif
+#endif /* !USE_PAM && !HAVE_OSF_SIA */
extern ServerOptions options;
int
auth_password(Authctxt *authctxt, const char *password)
{
+#if defined(USE_PAM)
+ if (*password == '\0' && options.permit_empty_passwd == 0)
+ return 0;
+ return auth_pam_password(authctxt, password);
+#elif defined(HAVE_OSF_SIA)
+ if (*password == '\0' && options.permit_empty_passwd == 0)
+ return 0;
+ return auth_sia_password(authctxt, password);
+#else
struct passwd * pw = authctxt->pw;
char *encrypted_password;
char *pw_password;
/* Authentication is accepted if the encrypted passwords are identical. */
return (strcmp(encrypted_password, pw_password) == 0);
-}
#endif /* !USE_PAM && !HAVE_OSF_SIA */
+}
#include "log.h"
#include "servconf.h"
#include "canohost.h"
+#include "auth.h"
#include <sia.h>
#include <siad.h>
extern int errno;
int
-auth_sia_password(char *user, char *pass)
+auth_sia_password(Authctxt *authctxt, char *pass)
{
int ret;
SIAENTITY *ent = NULL;
const char *host;
+ char *user = authctxt->user;
host = get_canonical_hostname(options.verify_reverse_mapping);
- if (!user || !pass)
+ if (!user || !pass || pass[0] == '\0')
return(0);
if (sia_ses_init(&ent, saved_argc, saved_argv, host, user, NULL, 0,
#ifdef HAVE_OSF_SIA
-int auth_sia_password(char *user, char *pass);
+int auth_sia_password(Authctxt *authctxt, char *pass);
void session_setup_sia(char *user, char *tty);
#endif /* HAVE_OSF_SIA */
#if defined(KRB4) || defined(KRB5)
(!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
#endif
-#ifdef USE_PAM
- auth_pam_password(pw, "")) {
-#elif defined(HAVE_OSF_SIA)
- 0) {
-#else
PRIVSEP(auth_password(authctxt, ""))) {
-#endif
auth_log(authctxt, 1, "without authentication", "");
return;
}
password = packet_get_string(&dlen);
packet_check_eom();
-#ifdef USE_PAM
- /* Do PAM auth with password */
- authenticated = auth_pam_password(pw, password);
-#elif defined(HAVE_OSF_SIA)
- /* Do SIA auth with password */
- authenticated = auth_sia_password(authctxt->user,
- password);
-#else /* !USE_PAM && !HAVE_OSF_SIA */
/* Try authentication with the password. */
authenticated = PRIVSEP(auth_password(authctxt, password));
-#endif /* USE_PAM */
memset(password, 0, strlen(password));
xfree(password);
if (check_nt_auth(1, authctxt->pw) == 0)
return(0);
#endif
-#ifdef USE_PAM
- return auth_pam_password(authctxt->pw, "");
-#elif defined(HAVE_OSF_SIA)
- return 0;
-#else /* !HAVE_OSF_SIA && !USE_PAM */
return PRIVSEP(auth_password(authctxt, ""));
-#endif /* USE_PAM */
}
static int
#ifdef HAVE_CYGWIN
check_nt_auth(1, authctxt->pw) &&
#endif
-#ifdef USE_PAM
- auth_pam_password(authctxt->pw, password) == 1)
-#elif defined(HAVE_OSF_SIA)
- auth_sia_password(authctxt->user, password) == 1)
-#else /* !USE_PAM && !HAVE_OSF_SIA */
PRIVSEP(auth_password(authctxt, password)) == 1)
-#endif /* USE_PAM */
authenticated = 1;
memset(password, 0, len);
xfree(password);
andersk / openssh.git / commitdiff
