| version 1.27, 2002/05/24 16:45:16 |
version 1.27.4.2, 2004/03/04 18:18:15 |
|
|
| #include "log.h" |
#include "log.h" |
| #include "servconf.h" |
#include "servconf.h" |
| #include "auth.h" |
#include "auth.h" |
| |
#include "auth-options.h" |
| |
|
| |
|
| extern ServerOptions options; |
extern ServerOptions options; |
| |
int sys_auth_passwd(Authctxt *, const char *); |
| |
|
| |
static void |
| |
disable_forwarding(void) |
| |
{ |
| |
no_port_forwarding_flag = 1; |
| |
no_agent_forwarding_flag = 1; |
| |
no_x11_forwarding_flag = 1; |
| |
} |
| |
|
| /* |
/* |
| * Tries to authenticate the user using password. Returns true if |
* Tries to authenticate the user using password. Returns true if |
| * authentication succeeds. |
* authentication succeeds. |
|
|
| auth_password(Authctxt *authctxt, const char *password) |
auth_password(Authctxt *authctxt, const char *password) |
| { |
{ |
| struct passwd * pw = authctxt->pw; |
struct passwd * pw = authctxt->pw; |
| |
int ok = authctxt->valid; |
| |
|
| /* deny if no user. */ |
|
| if (pw == NULL) |
|
| return 0; |
|
| if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) |
if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) |
| return 0; |
ok = 0; |
| if (*password == '\0' && options.permit_empty_passwd == 0) |
if (*password == '\0' && options.permit_empty_passwd == 0) |
| return 0; |
return 0; |
| #ifdef KRB5 |
#ifdef KRB5 |
| if (options.kerberos_authentication == 1) { |
if (options.kerberos_authentication == 1) { |
| int ret = auth_krb5_password(authctxt, password); |
int ret = auth_krb5_password(authctxt, password); |
| if (ret == 1 || ret == 0) |
if (ret == 1 || ret == 0) |
| return ret; |
return ret && ok; |
| /* Fall back to ordinary passwd authentication. */ |
/* Fall back to ordinary passwd authentication. */ |
| } |
} |
| #endif |
#endif |
| #ifdef KRB4 |
return (sys_auth_passwd(authctxt, password) && ok); |
| if (options.kerberos_authentication == 1) { |
} |
| int ret = auth_krb4_password(authctxt, password); |
|
| if (ret == 1 || ret == 0) |
|
| return ret; |
|
| /* Fall back to ordinary passwd authentication. */ |
|
| } |
|
| #endif |
|
| #ifdef BSD_AUTH |
#ifdef BSD_AUTH |
| if (auth_userokay(pw->pw_name, authctxt->style, "auth-ssh", |
int |
| (char *)password) == 0) |
sys_auth_passwd(Authctxt *authctxt, const char *password) |
| return 0; |
{ |
| else |
struct passwd *pw = authctxt->pw; |
| return 1; |
auth_session_t *as; |
| |
|
| |
as = auth_usercheck(pw->pw_name, authctxt->style, "auth-ssh", |
| |
(char *)password); |
| |
if (auth_getstate(as) & AUTH_PWEXPIRED) { |
| |
auth_close(as); |
| |
disable_forwarding(); |
| |
authctxt->force_pwchange = 1; |
| |
return (1); |
| |
} else { |
| |
return (auth_close(as)); |
| |
} |
| |
} |
| #else |
#else |
| |
int |
| |
sys_auth_passwd(Authctxt *authctxt, const char *password) |
| |
{ |
| |
struct passwd *pw = authctxt->pw; |
| |
char *encrypted_password; |
| |
|
| /* Check for users with no password. */ |
/* Check for users with no password. */ |
| if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0) |
if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0) |
| return 1; |
return (1); |
| else { |
|
| /* Encrypt the candidate password using the proper salt. */ |
/* Encrypt the candidate password using the proper salt. */ |
| char *encrypted_password = crypt(password, |
encrypted_password = crypt(password, |
| (pw->pw_passwd[0] && pw->pw_passwd[1]) ? |
(pw->pw_passwd[0] && pw->pw_passwd[1]) ? |
| pw->pw_passwd : "xx"); |
pw->pw_passwd : "xx"); |
| /* |
|
| * Authentication is accepted if the encrypted passwords |
/* |
| * are identical. |
* Authentication is accepted if the encrypted passwords |
| */ |
* are identical. |
| return (strcmp(encrypted_password, pw->pw_passwd) == 0); |
*/ |
| } |
return (strcmp(encrypted_password, pw->pw_passwd) == 0); |
| #endif |
|
| } |
} |
| |
#endif |
![[BACK]](/icons/back.gif){kind=icon}
Return to auth-passwd.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh