| version 1.11, 1999/11/24 00:26:00 |
version 1.12, 1999/11/24 19:53:43 |
|
|
| extern ServerOptions options; |
extern ServerOptions options; |
| char *encrypted_password; |
char *encrypted_password; |
| |
|
| if (pw->pw_uid == 0 && options.permit_root_login == 2) { |
if (pw->pw_uid == 0 && options.permit_root_login == 2) |
| /* Server does not permit root login with password */ |
|
| return 0; |
return 0; |
| } |
if (*password == '\0' && options.permit_empty_passwd == 0) |
| if (*password == '\0' && options.permit_empty_passwd == 0) { |
|
| /* Server does not permit empty password login */ |
|
| return 0; |
return 0; |
| } |
|
| /* deny if no user. */ |
/* deny if no user. */ |
| if (pw == NULL) |
if (pw == NULL) |
| return 0; |
return 0; |
|
|
| #endif |
#endif |
| |
|
| #if defined(KRB4) |
#if defined(KRB4) |
| /* Support for Kerberos v4 authentication - Dug Song |
/* |
| <dugsong@UMICH.EDU> */ |
* Support for Kerberos v4 authentication |
| |
* - Dug Song <dugsong@UMICH.EDU> |
| |
*/ |
| if (options.kerberos_authentication) { |
if (options.kerberos_authentication) { |
| AUTH_DAT adata; |
AUTH_DAT adata; |
| KTEXT_ST tkt; |
KTEXT_ST tkt; |
|
|
| char realm[REALM_SZ]; |
char realm[REALM_SZ]; |
| int r; |
int r; |
| |
|
| /* Try Kerberos password authentication only for non-root |
/* |
| users and only if Kerberos is installed. */ |
* Try Kerberos password authentication only for non-root |
| |
* users and only if Kerberos is installed. |
| |
*/ |
| if (pw->pw_uid != 0 && krb_get_lrealm(realm, 1) == KSUCCESS) { |
if (pw->pw_uid != 0 && krb_get_lrealm(realm, 1) == KSUCCESS) { |
| |
|
| /* Set up our ticket file. */ |
/* Set up our ticket file. */ |
|
|
| goto kerberos_auth_failure; |
goto kerberos_auth_failure; |
| } |
} |
| } else if (r == KDC_PR_UNKNOWN) { |
} else if (r == KDC_PR_UNKNOWN) { |
| /* Allow login if no rcmd service exists, |
/* |
| but log the error. */ |
* Allow login if no rcmd service exists, but |
| |
* log the error. |
| |
*/ |
| log("Kerberos V4 TGT for %s unverifiable: %s; %s.%s " |
log("Kerberos V4 TGT for %s unverifiable: %s; %s.%s " |
| "not registered, or srvtab is wrong?", pw->pw_name, |
"not registered, or srvtab is wrong?", pw->pw_name, |
| krb_err_txt[r], KRB4_SERVICE_NAME, phost); |
krb_err_txt[r], KRB4_SERVICE_NAME, phost); |
| } else { |
} else { |
| /* TGT is bad, forget it. Possibly |
/* |
| spoofed! */ |
* TGT is bad, forget it. Possibly spoofed! |
| |
*/ |
| packet_send_debug("WARNING: Kerberos V4 TGT " |
packet_send_debug("WARNING: Kerberos V4 TGT " |
| "possibly spoofed for %s: %s", |
"possibly spoofed for %s: %s", |
| pw->pw_name, krb_err_txt[r]); |
pw->pw_name, krb_err_txt[r]); |
|
|
| #endif /* KRB4 */ |
#endif /* KRB4 */ |
| |
|
| /* Check for users with no password. */ |
/* Check for users with no password. */ |
| if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0) { |
if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0) |
| packet_send_debug("Login permitted without a password " |
|
| "because the account has no password."); |
|
| return 1; |
return 1; |
| } |
|
| /* Encrypt the candidate password using the proper salt. */ |
/* Encrypt the candidate password using the proper salt. */ |
| encrypted_password = crypt(password, |
encrypted_password = crypt(password, |
| (pw->pw_passwd[0] && pw->pw_passwd[1]) ? pw->pw_passwd : "xx"); |
(pw->pw_passwd[0] && pw->pw_passwd[1]) ? pw->pw_passwd : "xx"); |
![[BACK]](/icons/back.gif){kind=icon}
Return to auth-passwd.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh