version 1.18.2.6, 2002/03/08 17:04:41 |
version 1.19, 2001/01/18 16:59:59 |
|
|
RCSID("$OpenBSD$"); |
RCSID("$OpenBSD$"); |
|
|
#include "packet.h" |
#include "packet.h" |
#include "log.h" |
#include "ssh.h" |
#include "servconf.h" |
#include "servconf.h" |
|
#include "xmalloc.h" |
|
|
#include "auth.h" |
#include "auth.h" |
|
|
|
|
extern ServerOptions options; |
|
|
|
/* |
/* |
* Tries to authenticate the user using password. Returns true if |
* Tries to authenticate the user using password. Returns true if |
* authentication succeeds. |
* authentication succeeds. |
*/ |
*/ |
int |
int |
auth_password(Authctxt *authctxt, const char *password) |
auth_password(struct passwd * pw, const char *password) |
{ |
{ |
struct passwd * pw = authctxt->pw; |
extern ServerOptions options; |
char *encrypted_password; |
char *encrypted_password; |
|
|
/* deny if no user. */ |
/* deny if no user. */ |
if (pw == NULL) |
if (pw == NULL) |
return 0; |
return 0; |
if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) |
if (pw->pw_uid == 0 && options.permit_root_login == 2) |
return 0; |
return 0; |
if (*password == '\0' && options.permit_empty_passwd == 0) |
if (*password == '\0' && options.permit_empty_passwd == 0) |
return 0; |
return 0; |
#ifdef KRB5 |
|
if (options.kerberos_authentication == 1) { |
|
int ret = auth_krb5_password(authctxt, password); |
|
if (ret == 1 || ret == 0) |
|
return ret; |
|
/* Fall back to ordinary passwd authentication. */ |
|
} |
|
#endif |
|
#ifdef KRB4 |
#ifdef KRB4 |
if (options.kerberos_authentication == 1) { |
if (options.kerberos_authentication == 1) { |
int ret = auth_krb4_password(authctxt, password); |
int ret = auth_krb4_password(pw, password); |
if (ret == 1 || ret == 0) |
if (ret == 1 || ret == 0) |
return ret; |
return ret; |
/* Fall back to ordinary passwd authentication. */ |
/* Fall back to ordinary passwd authentication. */ |
} |
} |
#endif |
#endif |
#ifdef BSD_AUTH |
|
if (auth_userokay(pw->pw_name, authctxt->style, "auth-ssh", |
|
(char *)password) == 0) |
|
return 0; |
|
else |
|
return 1; |
|
#endif |
|
/* Check for users with no password. */ |
/* Check for users with no password. */ |
if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0) |
if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0) |
return 1; |
return 1; |