=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/auth-passwd.c,v retrieving revision 1.27 retrieving revision 1.27.2.1 diff -u -r1.27 -r1.27.2.1 --- src/usr.bin/ssh/auth-passwd.c 2002/05/24 16:45:16 1.27 +++ src/usr.bin/ssh/auth-passwd.c 2003/09/16 21:20:24 1.27.2.1 @@ -36,7 +36,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-passwd.c,v 1.27 2002/05/24 16:45:16 stevesk Exp $"); +RCSID("$OpenBSD: auth-passwd.c,v 1.27.2.1 2003/09/16 21:20:24 brad Exp $"); #include "packet.h" #include "log.h" @@ -54,40 +54,33 @@ auth_password(Authctxt *authctxt, const char *password) { struct passwd * pw = authctxt->pw; + int ok = authctxt->valid; /* deny if no user. */ if (pw == NULL) return 0; if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) - return 0; + ok = 0; if (*password == '\0' && options.permit_empty_passwd == 0) return 0; #ifdef KRB5 if (options.kerberos_authentication == 1) { int ret = auth_krb5_password(authctxt, password); if (ret == 1 || ret == 0) - return ret; + return ret && ok; /* Fall back to ordinary passwd authentication. */ } #endif -#ifdef KRB4 - if (options.kerberos_authentication == 1) { - int ret = auth_krb4_password(authctxt, password); - if (ret == 1 || ret == 0) - return ret; - /* Fall back to ordinary passwd authentication. */ - } -#endif #ifdef BSD_AUTH if (auth_userokay(pw->pw_name, authctxt->style, "auth-ssh", (char *)password) == 0) return 0; else - return 1; + return ok; #else /* Check for users with no password. */ if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0) - return 1; + return ok; else { /* Encrypt the candidate password using the proper salt. */ char *encrypted_password = crypt(password, @@ -97,7 +90,7 @@ * Authentication is accepted if the encrypted passwords * are identical. */ - return (strcmp(encrypted_password, pw->pw_passwd) == 0); + return (strcmp(encrypted_password, pw->pw_passwd) == 0) && ok; } #endif }