version 1.11, 1999/11/24 00:26:00 |
version 1.12, 1999/11/24 19:53:43 |
|
|
extern ServerOptions options; |
extern ServerOptions options; |
char *encrypted_password; |
char *encrypted_password; |
|
|
if (pw->pw_uid == 0 && options.permit_root_login == 2) { |
if (pw->pw_uid == 0 && options.permit_root_login == 2) |
/* Server does not permit root login with password */ |
|
return 0; |
return 0; |
} |
if (*password == '\0' && options.permit_empty_passwd == 0) |
if (*password == '\0' && options.permit_empty_passwd == 0) { |
|
/* Server does not permit empty password login */ |
|
return 0; |
return 0; |
} |
|
/* deny if no user. */ |
/* deny if no user. */ |
if (pw == NULL) |
if (pw == NULL) |
return 0; |
return 0; |
|
|
#endif |
#endif |
|
|
#if defined(KRB4) |
#if defined(KRB4) |
/* Support for Kerberos v4 authentication - Dug Song |
/* |
<dugsong@UMICH.EDU> */ |
* Support for Kerberos v4 authentication |
|
* - Dug Song <dugsong@UMICH.EDU> |
|
*/ |
if (options.kerberos_authentication) { |
if (options.kerberos_authentication) { |
AUTH_DAT adata; |
AUTH_DAT adata; |
KTEXT_ST tkt; |
KTEXT_ST tkt; |
|
|
char realm[REALM_SZ]; |
char realm[REALM_SZ]; |
int r; |
int r; |
|
|
/* Try Kerberos password authentication only for non-root |
/* |
users and only if Kerberos is installed. */ |
* Try Kerberos password authentication only for non-root |
|
* users and only if Kerberos is installed. |
|
*/ |
if (pw->pw_uid != 0 && krb_get_lrealm(realm, 1) == KSUCCESS) { |
if (pw->pw_uid != 0 && krb_get_lrealm(realm, 1) == KSUCCESS) { |
|
|
/* Set up our ticket file. */ |
/* Set up our ticket file. */ |
|
|
goto kerberos_auth_failure; |
goto kerberos_auth_failure; |
} |
} |
} else if (r == KDC_PR_UNKNOWN) { |
} else if (r == KDC_PR_UNKNOWN) { |
/* Allow login if no rcmd service exists, |
/* |
but log the error. */ |
* Allow login if no rcmd service exists, but |
|
* log the error. |
|
*/ |
log("Kerberos V4 TGT for %s unverifiable: %s; %s.%s " |
log("Kerberos V4 TGT for %s unverifiable: %s; %s.%s " |
"not registered, or srvtab is wrong?", pw->pw_name, |
"not registered, or srvtab is wrong?", pw->pw_name, |
krb_err_txt[r], KRB4_SERVICE_NAME, phost); |
krb_err_txt[r], KRB4_SERVICE_NAME, phost); |
} else { |
} else { |
/* TGT is bad, forget it. Possibly |
/* |
spoofed! */ |
* TGT is bad, forget it. Possibly spoofed! |
|
*/ |
packet_send_debug("WARNING: Kerberos V4 TGT " |
packet_send_debug("WARNING: Kerberos V4 TGT " |
"possibly spoofed for %s: %s", |
"possibly spoofed for %s: %s", |
pw->pw_name, krb_err_txt[r]); |
pw->pw_name, krb_err_txt[r]); |
|
|
#endif /* KRB4 */ |
#endif /* KRB4 */ |
|
|
/* Check for users with no password. */ |
/* Check for users with no password. */ |
if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0) { |
if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0) |
packet_send_debug("Login permitted without a password " |
|
"because the account has no password."); |
|
return 1; |
return 1; |
} |
|
/* Encrypt the candidate password using the proper salt. */ |
/* Encrypt the candidate password using the proper salt. */ |
encrypted_password = crypt(password, |
encrypted_password = crypt(password, |
(pw->pw_passwd[0] && pw->pw_passwd[1]) ? pw->pw_passwd : "xx"); |
(pw->pw_passwd[0] && pw->pw_passwd[1]) ? pw->pw_passwd : "xx"); |