===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/auth-passwd.c,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- src/usr.bin/ssh/auth-passwd.c	1999/11/23 22:25:52	1.10
+++ src/usr.bin/ssh/auth-passwd.c	1999/11/24 00:26:00	1.11
@@ -1,30 +1,24 @@
 /*
+ * Author: Tatu Ylonen <ylo@cs.hut.fi>
+ * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+ *                    All rights reserved
+ * Created: Sat Mar 18 05:11:38 1995 ylo
+ * Password authentication.  This file contains the functions to check whether
+ * the password is valid for the user.
+ */
 
-auth-passwd.c
-
-Author: Tatu Ylonen <ylo@cs.hut.fi>
-
-Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
-                   All rights reserved
-
-Created: Sat Mar 18 05:11:38 1995 ylo
-
-Password authentication.  This file contains the functions to check whether
-the password is valid for the user.
-
-*/
-
 #include "includes.h"
-RCSID("$Id: auth-passwd.c,v 1.10 1999/11/23 22:25:52 markus Exp $");
+RCSID("$Id: auth-passwd.c,v 1.11 1999/11/24 00:26:00 deraadt Exp $");
 
 #include "packet.h"
 #include "ssh.h"
 #include "servconf.h"
 #include "xmalloc.h"
 
-/* Tries to authenticate the user using password.  Returns true if
-   authentication succeeds. */
-
+/*
+ * Tries to authenticate the user using password.  Returns true if
+ * authentication succeeds.
+ */
 int 
 auth_password(struct passwd * pw, const char *password)
 {
@@ -48,7 +42,8 @@
 		if (strncasecmp(password, "s/key", 5) == 0) {
 			char *skeyinfo = skey_keyinfo(pw->pw_name);
 			if (skeyinfo == NULL) {
-				debug("generating fake skeyinfo for %.100s.", pw->pw_name);
+				debug("generating fake skeyinfo for %.100s.",
+				    pw->pw_name);
 				skeyinfo = skey_fake_keyinfo(pw->pw_name);
 			}
 			if (skeyinfo != NULL)
@@ -83,25 +78,31 @@
 
 			/* Set up our ticket file. */
 			if (!krb4_init(pw->pw_uid)) {
-				log("Couldn't initialize Kerberos ticket file for %s!", pw->pw_name);
+				log("Couldn't initialize Kerberos ticket file for %s!",
+				    pw->pw_name);
 				goto kerberos_auth_failure;
 			}
 			/* Try to get TGT using our password. */
-			r = krb_get_pw_in_tkt((char *) pw->pw_name, "", realm, "krbtgt", realm,
-				    	      DEFAULT_TKT_LIFE, (char *) password);
+			r = krb_get_pw_in_tkt((char *) pw->pw_name, "",
+			    realm, "krbtgt", realm,
+			    DEFAULT_TKT_LIFE, (char *) password);
 			if (r != INTK_OK) {
-				packet_send_debug("Kerberos V4 password authentication for %s "
-						  "failed: %s", pw->pw_name, krb_err_txt[r]);
+				packet_send_debug("Kerberos V4 password "
+				    "authentication for %s failed: %s",
+				    pw->pw_name, krb_err_txt[r]);
 				goto kerberos_auth_failure;
 			}
 			/* Successful authentication. */
 			chown(tkt_string(), pw->pw_uid, pw->pw_gid);
 
-			/* Now that we have a TGT, try to get a local
-			   "rcmd" ticket to ensure that we are not talking
-			   to a bogus Kerberos server. */
+			/*
+			 * Now that we have a TGT, try to get a local
+			 * "rcmd" ticket to ensure that we are not talking
+			 * to a bogus Kerberos server.
+			 */
 			(void) gethostname(localhost, sizeof(localhost));
-			(void) strlcpy(phost, (char *) krb_get_phost(localhost), INST_SZ);
+			(void) strlcpy(phost, (char *) krb_get_phost(localhost),
+			    INST_SZ);
 			r = krb_mk_req(&tkt, KRB4_SERVICE_NAME, phost, realm, 33);
 
 			if (r == KSUCCESS) {
@@ -109,14 +110,20 @@
 					log("Couldn't get local host address!");
 					goto kerberos_auth_failure;
 				}
-				memmove((void *) &faddr, (void *) hp->h_addr, sizeof(faddr));
+				memmove((void *) &faddr, (void *) hp->h_addr,
+				    sizeof(faddr));
 
 				/* Verify our "rcmd" ticket. */
-				r = krb_rd_req(&tkt, KRB4_SERVICE_NAME, phost, faddr, &adata, "");
+				r = krb_rd_req(&tkt, KRB4_SERVICE_NAME, phost,
+				    faddr, &adata, "");
 				if (r == RD_AP_UNDEC) {
-					/* Probably didn't have a srvtab on localhost. Allow login. */
-					log("Kerberos V4 TGT for %s unverifiable, no srvtab installed? "
-					    "krb_rd_req: %s", pw->pw_name, krb_err_txt[r]);
+					/*
+					 * Probably didn't have a srvtab on
+					 * localhost. Allow login.
+					 */
+					log("Kerberos V4 TGT for %s unverifiable, "
+					    "no srvtab installed? krb_rd_req: %s",
+					    pw->pw_name, krb_err_txt[r]);
 				} else if (r != KSUCCESS) {
 					log("Kerberos V4 %s ticket unverifiable: %s",
 					    KRB4_SERVICE_NAME, krb_err_txt[r]);
@@ -131,8 +138,9 @@
 			} else {
 				/* TGT is bad, forget it. Possibly
 				   spoofed! */
-				packet_send_debug("WARNING: Kerberos V4 TGT possibly spoofed for"
-						  "%s: %s", pw->pw_name, krb_err_txt[r]);
+				packet_send_debug("WARNING: Kerberos V4 TGT "
+				    "possibly spoofed for %s: %s",
+				    pw->pw_name, krb_err_txt[r]);
 				goto kerberos_auth_failure;
 			}
 
@@ -154,12 +162,13 @@
 
 	/* Check for users with no password. */
 	if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0) {
-		packet_send_debug("Login permitted without a password because the account has no password.");
+		packet_send_debug("Login permitted without a password "
+		    "because the account has no password.");
 		return 1;
 	}
 	/* Encrypt the candidate password using the proper salt. */
 	encrypted_password = crypt(password,
-				   (pw->pw_passwd[0] && pw->pw_passwd[1]) ? pw->pw_passwd : "xx");
+	    (pw->pw_passwd[0] && pw->pw_passwd[1]) ? pw->pw_passwd : "xx");
 
 	/* Authentication is accepted if the encrypted passwords are identical. */
 	return (strcmp(encrypted_password, pw->pw_passwd) == 0);