version 1.29.2.1, 2004/02/28 03:51:32 |
version 1.30, 2003/11/04 08:54:09 |
|
|
#include "log.h" |
#include "log.h" |
#include "servconf.h" |
#include "servconf.h" |
#include "auth.h" |
#include "auth.h" |
#include "auth-options.h" |
|
|
|
|
|
extern ServerOptions options; |
extern ServerOptions options; |
int sys_auth_passwd(Authctxt *, const char *); |
|
|
|
static void |
|
disable_forwarding(void) |
|
{ |
|
no_port_forwarding_flag = 1; |
|
no_agent_forwarding_flag = 1; |
|
no_x11_forwarding_flag = 1; |
|
} |
|
|
|
/* |
/* |
* Tries to authenticate the user using password. Returns true if |
* Tries to authenticate the user using password. Returns true if |
* authentication succeeds. |
* authentication succeeds. |
|
|
/* Fall back to ordinary passwd authentication. */ |
/* Fall back to ordinary passwd authentication. */ |
} |
} |
#endif |
#endif |
return (sys_auth_passwd(authctxt, password) && ok); |
|
} |
|
|
|
#ifdef BSD_AUTH |
#ifdef BSD_AUTH |
int |
if (auth_userokay(pw->pw_name, authctxt->style, "auth-ssh", |
sys_auth_passwd(Authctxt *authctxt, const char *password) |
(char *)password) == 0) |
{ |
return 0; |
struct passwd *pw = authctxt->pw; |
else |
auth_session_t *as; |
return ok; |
|
|
as = auth_usercheck(pw->pw_name, authctxt->style, "auth-ssh", |
|
(char *)password); |
|
if (auth_getstate(as) & AUTH_PWEXPIRED) { |
|
auth_close(as); |
|
disable_forwarding(); |
|
authctxt->force_pwchange = 1; |
|
return (1); |
|
} else { |
|
return (auth_close(as)); |
|
} |
|
} |
|
#else |
#else |
int |
|
sys_auth_passwd(Authctxt *authctxt, const char *password) |
|
{ |
|
struct passwd *pw = authctxt->pw; |
|
char *encrypted_password; |
|
|
|
/* Check for users with no password. */ |
/* Check for users with no password. */ |
if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0) |
if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0) |
return (1); |
return ok; |
|
else { |
/* Encrypt the candidate password using the proper salt. */ |
/* Encrypt the candidate password using the proper salt. */ |
encrypted_password = crypt(password, |
char *encrypted_password = crypt(password, |
(pw->pw_passwd[0] && pw->pw_passwd[1]) ? |
(pw->pw_passwd[0] && pw->pw_passwd[1]) ? |
pw->pw_passwd : "xx"); |
pw->pw_passwd : "xx"); |
|
/* |
/* |
* Authentication is accepted if the encrypted passwords |
* Authentication is accepted if the encrypted passwords |
* are identical. |
* are identical. |
*/ |
*/ |
return (strcmp(encrypted_password, pw->pw_passwd) == 0) && ok; |
return (strcmp(encrypted_password, pw->pw_passwd) == 0); |
} |
} |
|
#endif |
#endif |
|
} |