=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/auth-passwd.c,v retrieving revision 1.29.2.1 retrieving revision 1.30 diff -u -r1.29.2.1 -r1.30 --- src/usr.bin/ssh/auth-passwd.c 2004/02/28 03:51:32 1.29.2.1 +++ src/usr.bin/ssh/auth-passwd.c 2003/11/04 08:54:09 1.30 @@ -36,25 +36,16 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-passwd.c,v 1.29.2.1 2004/02/28 03:51:32 brad Exp $"); +RCSID("$OpenBSD: auth-passwd.c,v 1.30 2003/11/04 08:54:09 djm Exp $"); #include "packet.h" #include "log.h" #include "servconf.h" #include "auth.h" -#include "auth-options.h" + extern ServerOptions options; -int sys_auth_passwd(Authctxt *, const char *); -static void -disable_forwarding(void) -{ - no_port_forwarding_flag = 1; - no_agent_forwarding_flag = 1; - no_x11_forwarding_flag = 1; -} - /* * Tries to authenticate the user using password. Returns true if * authentication succeeds. @@ -77,47 +68,26 @@ /* Fall back to ordinary passwd authentication. */ } #endif - return (sys_auth_passwd(authctxt, password) && ok); -} - #ifdef BSD_AUTH -int -sys_auth_passwd(Authctxt *authctxt, const char *password) -{ - struct passwd *pw = authctxt->pw; - auth_session_t *as; - - as = auth_usercheck(pw->pw_name, authctxt->style, "auth-ssh", - (char *)password); - if (auth_getstate(as) & AUTH_PWEXPIRED) { - auth_close(as); - disable_forwarding(); - authctxt->force_pwchange = 1; - return (1); - } else { - return (auth_close(as)); - } -} + if (auth_userokay(pw->pw_name, authctxt->style, "auth-ssh", + (char *)password) == 0) + return 0; + else + return ok; #else -int -sys_auth_passwd(Authctxt *authctxt, const char *password) -{ - struct passwd *pw = authctxt->pw; - char *encrypted_password; - /* Check for users with no password. */ if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0) - return (1); - - /* Encrypt the candidate password using the proper salt. */ - encrypted_password = crypt(password, - (pw->pw_passwd[0] && pw->pw_passwd[1]) ? - pw->pw_passwd : "xx"); - - /* - * Authentication is accepted if the encrypted passwords - * are identical. - */ - return (strcmp(encrypted_password, pw->pw_passwd) == 0); -} + return ok; + else { + /* Encrypt the candidate password using the proper salt. */ + char *encrypted_password = crypt(password, + (pw->pw_passwd[0] && pw->pw_passwd[1]) ? + pw->pw_passwd : "xx"); + /* + * Authentication is accepted if the encrypted passwords + * are identical. + */ + return (strcmp(encrypted_password, pw->pw_passwd) == 0) && ok; + } #endif +}