[BACK]Return to auth-passwd.c CVS log [TXT][DIR] Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/auth-passwd.c between version 1.29 and 1.29.2.1

version 1.29, 2003/08/26 09:58:43 version 1.29.2.1, 2004/02/28 03:51:32
Line 42 
Line 42 
 #include "log.h"  #include "log.h"
 #include "servconf.h"  #include "servconf.h"
 #include "auth.h"  #include "auth.h"
   #include "auth-options.h"
   
   
 extern ServerOptions options;  extern ServerOptions options;
   int sys_auth_passwd(Authctxt *, const char *);
   
   static void
   disable_forwarding(void)
   {
           no_port_forwarding_flag = 1;
           no_agent_forwarding_flag = 1;
           no_x11_forwarding_flag = 1;
   }
   
 /*  /*
  * Tries to authenticate the user using password.  Returns true if   * Tries to authenticate the user using password.  Returns true if
  * authentication succeeds.   * authentication succeeds.
Line 56 
Line 65 
         struct passwd * pw = authctxt->pw;          struct passwd * pw = authctxt->pw;
         int ok = authctxt->valid;          int ok = authctxt->valid;
   
         /* deny if no user. */  
         if (pw == NULL)  
                 return 0;  
         if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)          if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
                 ok = 0;                  ok = 0;
         if (*password == '\0' && options.permit_empty_passwd == 0)          if (*password == '\0' && options.permit_empty_passwd == 0)
Line 71 
Line 77 
                 /* Fall back to ordinary passwd authentication. */                  /* Fall back to ordinary passwd authentication. */
         }          }
 #endif  #endif
           return (sys_auth_passwd(authctxt, password) && ok);
   }
   
 #ifdef BSD_AUTH  #ifdef BSD_AUTH
         if (auth_userokay(pw->pw_name, authctxt->style, "auth-ssh",  int
             (char *)password) == 0)  sys_auth_passwd(Authctxt *authctxt, const char *password)
                 return 0;  {
         else          struct passwd *pw = authctxt->pw;
                 return ok;          auth_session_t *as;
   
           as = auth_usercheck(pw->pw_name, authctxt->style, "auth-ssh",
               (char *)password);
           if (auth_getstate(as) & AUTH_PWEXPIRED) {
                   auth_close(as);
                   disable_forwarding();
                   authctxt->force_pwchange = 1;
                   return (1);
           } else {
                   return (auth_close(as));
           }
   }
 #else  #else
   int
   sys_auth_passwd(Authctxt *authctxt, const char *password)
   {
           struct passwd *pw = authctxt->pw;
           char *encrypted_password;
   
         /* Check for users with no password. */          /* Check for users with no password. */
         if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0)          if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0)
                 return ok;                  return (1);
         else {  
                 /* Encrypt the candidate password using the proper salt. */          /* Encrypt the candidate password using the proper salt. */
                 char *encrypted_password = crypt(password,          encrypted_password = crypt(password,
                     (pw->pw_passwd[0] && pw->pw_passwd[1]) ?              (pw->pw_passwd[0] && pw->pw_passwd[1]) ?
                     pw->pw_passwd : "xx");              pw->pw_passwd : "xx");
                 /*  
                  * Authentication is accepted if the encrypted passwords          /*
                  * are identical.           * Authentication is accepted if the encrypted passwords
                  */           * are identical.
                 return (strcmp(encrypted_password, pw->pw_passwd) == 0) && ok;           */
         }          return (strcmp(encrypted_password, pw->pw_passwd) == 0);
 #endif  
 }  }
   #endif
Legend:
Removed from v.1.29  
changed lines
  Added in v.1.29.2.1