- Prepare for 1.2.1pre20

19991225 - More fixes from Andre Lucas <andre.lucas@dial.pipex.com> - Cleanup of auth-passwd.c for shadow and MD5 passwords - Cleanup and bugfix of PAM authentication code 19991223 - Merged later HPUX patch from Andre Lucas <andre.lucas@dial.pipex.com> - Above patch included better utmpx support from Ben Taylor <bent@clark.net>:
author: Damien Miller <djm@mindrot.org> 1999-12-25 10:11:29 +1100
committer: Damien Miller <djm@mindrot.org> 1999-12-25 10:11:29 +1100
commit: 2e1b082dfbc5dcdae80957a3d889abe9fa480d77 (patch)
tree: c2bfe8d4115d22146448ce829fb7b16e9b762b4f
parent: 1b0c228ec48d54705474701b6486f1593539a88a (diff)
13 files changed, 197 insertions, 129 deletions
diff --git a/ChangeLog b/ChangeLog
index 256711ebd..394ebc899 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+19991225
+ - More fixes from Andre Lucas <andre.lucas@dial.pipex.com>
+ - Cleanup of auth-passwd.c for shadow and MD5 passwords
+ - Cleanup and bugfix of PAM authentication code
+19991223
+ - Merged later HPUX patch from Andre Lucas 
+   <andre.lucas@dial.pipex.com>
+ - Above patch included better utmpx support from Ben Taylor
+   <bent@clark.net>:
 19991222
 - Fix undefined fd_set type in ssh.h from Povl H. Pedersen 
   <pope@netguide.dk>
diff --git a/acconfig.h b/acconfig.h
index b02abbafe..1e706ff58 100644
--- a/acconfig.h
+++ b/acconfig.h
@@ -30,6 +30,9 @@
 /* Define is utmpx.h has a ut_host field */
 #undef HAVE_HOST_IN_UTMPX
+/* Define is utmpx.h has a syslen field */
+#undef HAVE_SYSLEN_IN_UTMPX
 /* Define if you want to use utmpx */
 #undef USE_UTMPX
@@ -63,6 +66,9 @@
 /* Define if xauth is found in your path */
 #undef XAUTH_PATH
+/* Define if rsh is found in your path */
+#undef RSH_PATH
 /* Define if you want to allow MD5 passwords */
 #undef HAVE_MD5_PASSWORDS
@@ -76,6 +82,9 @@
 /* to pam_strerror */
 #undef HAVE_OLD_PAM
+/* Set this to your mail directory if you don't have maillock.h */
+#undef MAIL_DIRECTORY
 /* Data types */
 #undef HAVE_QUAD_T
 #undef HAVE_INTXX_T
@@ -197,36 +206,19 @@ enum
 # endif
 #endif
-/* Use utmpx if supported */
-#if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
-# define UTMP_STR utmpx
-#else 
-# ifdef HAVE_UTMP_H
-#  define UTMP_STR utmp
-# endif
-#endif
 #ifndef _PATH_UTMP
-# if defined(UTMPX_FILE) && defined(USE_UTMPX)
+# ifdef UTMP_FILE
-#  define _PATH_UTMP UTMPX_FILE
+#  define _PATH_UTMP UTMP_FILE
 # else
-#  ifdef UTMP_FILE
+#  define _PATH_UTMP "/var/adm/utmp"
-#   define _PATH_UTMP UTMP_FILE
-#  else
-#   define _PATH_UTMP "/var/adm/utmp"
-#  endif
 # endif
 #endif
 #ifndef _PATH_WTMP
-# if defined(WTMPX_FILE) && defined(USE_UTMPX)
+# ifdef WTMP_FILE
-#  define _PATH_WTMP WTMPX_FILE
+#  define _PATH_WTMP WTMP_FILE
 # else
-#  ifdef WTMP_FILE
+#  define _PATH_WTMP "/var/adm/wtmp"
-#   define _PATH_WTMP WTMP_FILE
-#  else
-#   define _PATH_WTMP "/var/adm/wtmp"
-#  endif
 # endif
 #endif
@@ -242,16 +234,14 @@ enum
 # define _PATH_DEVNULL "/dev/null"
 #endif
-#ifndef _PATH_MAILDIR
+#ifndef MAILDIR
-# ifdef MAILDIR
+# define MAILDIR MAIL_DIRECTORY
-#  define _PATH_MAILDIR MAILDIR
-# else
-#  ifdef MAIL_DIRECTORY
-#   define _PATH_MAILDIR MAIL_DIRECTORY
-#  endif
-# endif
 #endif
+#if !defined(_PATH_MAILDIR) && defined(MAILDIR)
+# define _PATH_MAILDIR MAILDIR
+#endif /* !defined(_PATH_MAILDIR) && defined(MAILDIR) */
 #ifndef MAX
 # define MAX(a,b) (((a)>(b))?(a):(b))
 # define MIN(a,b) (((a)<(b))?(a):(b))
@@ -287,3 +277,13 @@ enum
 #if !defined(HAVE_SETEUID) && defined(HAVE_SETREUID)
 # define seteuid(a) setreuid(-1,a)
 #endif /* !defined(HAVE_SETEUID) && defined(HAVE_SETREUID) */
+#ifndef HAVE_INNETGR
+# define innetgr(a,b,c,d) (0)
+#endif /* HAVE_INNETGR */
+#ifndef _PATH_RSH
+# ifdef RSH_PATH
+#  define _PATH_RSH RSH_PATH
+# endif /* RSH_PATH */
+#endif /* _PATH_RSH */
diff --git a/auth-passwd.c b/auth-passwd.c
index fc0809e16..058dde82b 100644
--- a/auth-passwd.c
+++ b/auth-passwd.c
@@ -9,9 +9,9 @@
 #include "includes.h"
-#ifndef HAVE_PAM
+#ifndef HAVE_LIBPAM
-RCSID("$Id: auth-passwd.c,v 1.10 1999/12/21 10:03:09 damien Exp $");
+RCSID("$Id: auth-passwd.c,v 1.11 1999/12/24 23:11:29 damien Exp $");
 #include "packet.h"
 #include "ssh.h"
@@ -35,6 +35,8 @@ auth_password(struct passwd * pw, const char *password)
 {
        extern ServerOptions options;
        char *encrypted_password;
+        char *pw_password;
+        char *salt;
 #ifdef HAVE_SHADOW_H
        struct spwd *spw;
 #endif
@@ -68,48 +70,35 @@ auth_password(struct passwd * pw, const char *password)
        if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0)
                return 1;
+        pw_password = pw->pw_passwd;
 #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
        spw = getspnam(pw->pw_name);
-        if (spw == NULL)
+        if (spw == NULL) 
                return(0);
-        if ((spw->sp_namp == NULL) || (strcmp(pw->pw_name, spw->sp_namp) != 0))
-                fatal("Shadow lookup returned garbage.");
        /* Check for users with no password. */
        if (strcmp(password, "") == 0 && strcmp(spw->sp_pwdp, "") == 0)
                return 1;
-        if (strlen(spw->sp_pwdp) < 3)
+        pw_password = spw->sp_pwdp;
-                return(0);
+#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
-        /* Encrypt the candidate password using the proper salt. */
+        if (pw_password[0] != '\0')
-#ifdef HAVE_MD5_PASSWORDS
+                salt = pw_password;
-        if (is_md5_salt(spw->sp_pwdp))
-                encrypted_password = md5_crypt(password, spw->sp_pwdp);
        else
-                encrypted_password = crypt(password, spw->sp_pwdp);
+                salt = "xx";
-#else /* HAVE_MD5_PASSWORDS */    
-        encrypted_password = crypt(password, spw->sp_pwdp);
-#endif /* HAVE_MD5_PASSWORDS */    
-        /* Authentication is accepted if the encrypted passwords are identical. */
-        return (strcmp(encrypted_password, spw->sp_pwdp) == 0);
-#else /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
-        if (strlen(pw->pw_passwd) < 3)
-                return(0);
 #ifdef HAVE_MD5_PASSWORDS
-        if (is_md5_salt(pw->pw_passwd))
+        if (is_md5_salt(salt))
-                encrypted_password = md5_crypt(password, pw->pw_passwd);
+                encrypted_password = md5_crypt(password, salt);
        else
-                encrypted_password = crypt(password, pw->pw_passwd);
+                encrypted_password = crypt(password, salt);
 #else /* HAVE_MD5_PASSWORDS */    
-        encrypted_password = crypt(password, pw->pw_passwd);
+        encrypted_password = crypt(password, salt);
 #endif /* HAVE_MD5_PASSWORDS */    
        /* Authentication is accepted if the encrypted passwords are identical. */
-        return (strcmp(encrypted_password, pw->pw_passwd) == 0);
+        return (strcmp(encrypted_password, pw_password) == 0);
-#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
 }
-#endif /* !HAVE_PAM */
+#endif /* !HAVE_LIBPAM */
diff --git a/bsd-login.c b/bsd-login.c
index c0f4c1ab0..d81e46914 100644
--- a/bsd-login.c
+++ b/bsd-login.c
@@ -54,53 +54,63 @@ static char *rcsid = "$OpenBSD: login.c,v 1.5 1998/07/13 02:11:12 millert Exp $"
 #include <stdio.h>
 #include <string.h>
+#if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
+void
+login(utp,utx)
+        struct utmp *utp;
+        struct utmpx *utx;
+#else /* defined(HAVE_UTMPX_H) && defined(USE_UTMPX) */
 void
 login(utp)
-        struct UTMP_STR *utp;
+        struct utmp *utp;
+#endif /* defined(HAVE_UTMPX_H) && defined(USE_UTMPX) */
 {
-        struct UTMP_STR old_ut;
+        struct utmp old_ut;
+#if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
+        struct utmpx *old_utx;
+#endif /* defined(HAVE_UTMPX_H) && defined(USE_UTMPX) */
        register int fd;
        int tty;
 #ifndef UT_LINESIZE
 # define UT_LINESIZE (sizeof(old_ut.ut_line))
-# if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
+# define UT_NAMESIZE (sizeof(old_ut.ut_name))
-#  define UT_NAMESIZE (sizeof(old_ut.ut_user))
-# else
-#  define UT_NAMESIZE (sizeof(old_ut.ut_name))
-# endif
 # ifdef HAVE_HOST_IN_UTMP
 #  define UT_HOSTSIZE (sizeof(old_ut.ut_host))
 # endif
-# if defined(HAVE_HOST_IN_UTMPX) && defined(USE_UTMPX)
-#  define UT_HOSTSIZE (sizeof(old_ut.ut_host))
-# endif
 #endif
        tty = ttyslot();
        if (tty > 0 && (fd = open(_PATH_UTMP, O_RDWR|O_CREAT, 0644)) >= 0) {
-#if defined(HAVE_HOST_IN_UTMP) || defined(HAVE_HOST_IN_UTMPX)
+#if defined(HAVE_HOST_IN_UTMP)
-                (void)lseek(fd, (off_t)(tty * sizeof(struct UTMP_STR)), SEEK_SET);
+                (void)lseek(fd, (off_t)(tty * sizeof(struct utmp)), SEEK_SET);
                /*
                 * Prevent luser from zero'ing out ut_host.
                 * If the new ut_line is empty but the old one is not
                 * and ut_line and ut_name match, preserve the old ut_line.
                 */
-                if (read(fd, &old_ut, sizeof(struct UTMP_STR)) ==
+                if (read(fd, &old_ut, sizeof(struct utmp)) ==
-                    sizeof(struct UTMP_STR) && utp->ut_host[0] == '\0' &&
+                    sizeof(struct utmp) && utp->ut_host[0] == '\0' &&
                    old_ut.ut_host[0] != '\0' &&
                    strncmp(old_ut.ut_line, utp->ut_line, UT_LINESIZE) == 0 &&
                    strncmp(old_ut.ut_name, utp->ut_name, UT_NAMESIZE) == 0)
                        (void)memcpy(utp->ut_host, old_ut.ut_host, UT_HOSTSIZE);
-#endif /* defined(HAVE_HOST_IN_UTMP) || defined(HAVE_HOST_IN_UTMPX) */
+#endif /* defined(HAVE_HOST_IN_UTMP) */
-                (void)lseek(fd, (off_t)(tty * sizeof(struct UTMP_STR)), SEEK_SET);
+                (void)lseek(fd, (off_t)(tty * sizeof(struct utmp)), SEEK_SET);
-                (void)write(fd, utp, sizeof(struct UTMP_STR));
+                (void)write(fd, utp, sizeof(struct utmp));
                (void)close(fd);
        }
        if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) >= 0) {
-                (void)write(fd, utp, sizeof(struct UTMP_STR));
+                (void)write(fd, utp, sizeof(struct utmp));
                (void)close(fd);
        }
+#if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
+        old_utx = pututxline(utx);
+# ifdef HAVE_UPDWTMPX
+        updwtmpx(_PATH_WTMPX, utx);
+# endif /* HAVE_UPDWTMPX */
+        endutxent();
+#endif /* defined(HAVE_UTMPX_H) && defined(USE_UTMPX) */
 }
 #endif /* HAVE_LOGIN */
diff --git a/bsd-login.h b/bsd-login.h
index 8891ae342..f26f47084 100644
--- a/bsd-login.h
+++ b/bsd-login.h
@@ -1,13 +1,22 @@
 #ifndef _BSD_LOGIN_H
-#define _BSD_LOGIN_H
+# define _BSD_LOGIN_H
-#include "config.h"
+# include "config.h"
-#ifndef HAVE_LOGIN
+# ifndef HAVE_LOGIN
-#include <utmp.h>
+#  include <utmp.h>
-void login(struct UTMP_STR *utp);
+#  if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
+#   include <utmpx.h>
-#endif /* !HAVE_LOGIN */
+void login(struct utmp *utp, struct utmpx *utx);
+#   else /* defined(HAVE_UTMPX_H) && defined(USE_UTMPX) */
+void login(struct utmp *utp);
+#  endif /* defined(HAVE_UTMPX_H) && defined(USE_UTMPX) */
+# endif /* !HAVE_LOGIN */
 #endif /* _BSD_LOGIN_H */
diff --git a/configure.in b/configure.in
index b5ffee79e..7bb96270a 100644
--- a/configure.in
+++ b/configure.in
@@ -9,10 +9,25 @@ AC_PROG_CPP
 AC_PROG_RANLIB
 AC_PROG_INSTALL
 AC_CHECK_PROG(AR, ar, ar)
-dnl Check for the path to xauth
 AC_PATH_PROG(xauth_path, xauth)
-AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
+dnl Use ip address instead of hostname in $DISPLAY
+AC_ARG_WITH(rsh,
+        [  --with-rsh=PATH         Specify path to remote shell program ],
+        [
+                AC_DEFINE_UNQUOTED(RSH_PATH, "$withval")
+        ],
+        [
+                AC_PATH_PROG(rsh_path, rsh)
+        ]
+)
+if test ! -z "$xauth_path" ; then
+        AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
+fi
+if test ! -z "$rsh_path" ; then
+        AC_DEFINE_UNQUOTED(RSH_PATH, "$rsh_path")
+fi
 dnl Checks for compiler characteristics
 if test "$GCC" = "yes"; then CFLAGS="$CFLAGS -Wall"; fi
@@ -27,6 +42,7 @@ case "$host" in
        fi
        CFLAGS="$CFLAGS -D_HPUX_SOURCE"
        AC_DEFINE(IPADDR_IN_DISPLAY)
+        AC_DEFINE(USE_UTMPX)
        AC_MSG_CHECKING(for HPUX trusted system password database)
        if test -f /tcb/files/auth/system/default; then
                AC_MSG_RESULT(yes)
@@ -80,15 +96,22 @@ AC_CHECK_LIB(util, login, AC_DEFINE(HAVE_LIBUTIL_LOGIN) LIBS="$LIBS -lutil")
 AC_CHECK_LIB(nsl, yp_match, , )
 AC_CHECK_LIB(socket, main, , )
-dnl libdl is needed by PAM on Redhat systems
+dnl Use ip address instead of hostname in $DISPLAY
-AC_CHECK_LIB(dl, dlopen, , )
+AC_ARG_WITH(pam,
-AC_CHECK_LIB(pam, pam_authenticate, , )
+        [  --without-pam           Disable PAM support ],
+        [
+                if test "x$withval" != "xno" ; then
+                        AC_CHECK_LIB(dl, dlopen, , )
+                        AC_CHECK_LIB(pam, pam_authenticate, , )
+                fi
+        ]
+)
 dnl Checks for header files.
-AC_CHECK_HEADERS(endian.h lastlog.h login.h maillock.h netgroup.h paths.h poll.h pty.h shadow_h util.h utmp.h utmpx.h sys/bsdtty.h sys/poll.h sys/select.h sys/stropts.h sys/time.h)
+AC_CHECK_HEADERS(endian.h lastlog.h login.h maillock.h netgroup.h paths.h poll.h pty.h shadow.h util.h utmp.h utmpx.h sys/bsdtty.h sys/poll.h sys/select.h sys/stropts.h sys/time.h sys/ttcompat.h)
 dnl Checks for library functions.
-AC_CHECK_FUNCS(arc4random mkdtemp openpty _getpty setenv seteuid setlogin setproctitle setreuid snprintf strlcat strlcpy vsnprintf)
+AC_CHECK_FUNCS(arc4random updwtmpx mkdtemp openpty _getpty innetgr setenv seteuid setlogin setproctitle setreuid snprintf strlcat strlcpy vsnprintf)
 AC_CHECK_FUNC(login, 
        [AC_DEFINE(HAVE_LOGIN)],
@@ -220,19 +243,21 @@ if test -z "$RANDOM_POOL" -a -z "$EGD_POOL"; then
        AC_MSG_ERROR([No random device found, and no EGD random pool specified])
 fi
-dnl Check for ut_host field in utmp
 AC_MSG_CHECKING([whether utmp.h has ut_host field])
 AC_EGREP_HEADER(ut_host, utmp.h, 
        [AC_DEFINE(HAVE_HOST_IN_UTMP) AC_MSG_RESULT(yes); ], 
        [AC_MSG_RESULT(no)]
 )
-dnl Check for ut_host field in utmpx
 AC_MSG_CHECKING([whether utmpx.h has ut_host field])
 AC_EGREP_HEADER(ut_host, utmpx.h, 
        [AC_DEFINE(HAVE_HOST_IN_UTMPX) AC_MSG_RESULT(yes); ], 
        [AC_MSG_RESULT(no)]
 )
+AC_MSG_CHECKING([whether utmpx.h has syslen field])
+AC_EGREP_HEADER(syslen, utmpx.h, 
+        [AC_DEFINE(HAVE_SYSLEN_IN_UTMPX) AC_MSG_RESULT(yes); ], 
+        [AC_MSG_RESULT(no)]
+)
 dnl Look for lastlog location
 AC_ARG_WITH(lastlog,
diff --git a/includes.h b/includes.h
index 308e674c0..0538bfbc3 100644
--- a/includes.h
+++ b/includes.h
@@ -81,6 +81,7 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
 #include "bsd-mktemp.h"
 #include "bsd-snprintf.h"
 #include "bsd-daemon.h"
+#include "bsd-login.h"
 /* Define this to be the path of the xauth program. */
 #ifndef XAUTH_PATH
diff --git a/login.c b/login.c
index fb9c8f871..c551da898 100644
--- a/login.c
+++ b/login.c
@@ -18,7 +18,7 @@
 */
 #include "includes.h"
-RCSID("$Id: login.c,v 1.10 1999/12/22 05:09:48 damien Exp $");
+RCSID("$Id: login.c,v 1.11 1999/12/24 23:11:29 damien Exp $");
 #if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
 # include <utmpx.h>
@@ -133,28 +133,44 @@ record_login(int pid, const char *ttyname, const char *user, uid_t uid,
        struct lastlog ll;
        char *lastlog;
 #endif /* defined(_PATH_LASTLOG) && !defined(DISABLE_LASTLOG) */
-        struct UTMP_STR u;
+        struct utmp u;
-        const char *utmp, *wtmp;
+#if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
+        struct utmpx utx;
+#endif
        /* Construct an utmp/wtmp entry. */
        memset(&u, 0, sizeof(u));
        strncpy(u.ut_line, ttyname + 5, sizeof(u.ut_line));
-#if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
+        u.ut_pid = (pid_t)pid;
-        u.ut_tv.tv_sec = time(NULL);
-        strncpy(u.ut_user, user, sizeof(u.ut_name));
-#else
        u.ut_time = time(NULL);
        strncpy(u.ut_name, user, sizeof(u.ut_name));
-#endif
+        u.ut_type = (uid == -1)?DEAD_PROCESS:USER_PROCESS;
-#if defined(HAVE_HOST_IN_UTMP) || defined(HAVE_HOST_IN_UTMPX)
+#if defined(HAVE_HOST_IN_UTMP)
        strncpy(u.ut_host, host, sizeof(u.ut_host));
 #endif
-        /* Figure out the file names. */
+#if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
-        utmp = _PATH_UTMP;
+        memset(&utx, 0, sizeof(utx));
-        wtmp = _PATH_WTMP;
+        strncpy(utx.ut_user, user, sizeof(utx.ut_name));
+        strncpy(utx.ut_line, ttyname + 5, sizeof(utx.ut_line));
+        utx.ut_pid = (pid_t)pid;
+        utx.ut_tv.tv_sec = time(NULL);
+        u.ut_type = (uid == -1)?DEAD_PROCESS:USER_PROCESS;
+#ifdef HAVE_HOST_IN_UTMPX
+#ifdef HAVE_SYSLEN_IN_UTMPX
+        utx.ut_syslen = strlen(host);
+        strncpy(utx.ut_host, host, utx.ut_syslen );
+#else
+        strncpy(utx.ut_host, host, sizeof(utx.ut_host));
+#endif /* HAVE_SYSLEN_IN_UTMPX */
+#endif
+#endif /* defined(HAVE_UTMPX_H) && defined(USE_UTMPX) */
+#if defined(HAVE_UTMPX_H) && defined(USE_UTMPX) && !defined(HAVE_LOGIN)
+        login(&u, &utx);
+#else /* defined(HAVE_UTMPX_H) && defined(USE_UTMPX) */
        login(&u);
+#endif /* defined(HAVE_UTMPX_H) && defined(USE_UTMPX) */
 #if defined(_PATH_LASTLOG) && !defined(DISABLE_LASTLOG)
        lastlog = _PATH_LASTLOG;
diff --git a/packages/redhat/openssh.spec b/packages/redhat/openssh.spec
index d036f5c37..a3e51bb81 100644
--- a/packages/redhat/openssh.spec
+++ b/packages/redhat/openssh.spec
@@ -1,6 +1,6 @@
 Summary: OpenSSH free Secure Shell (SSH) implementation
 Name: openssh
-Version: 1.2.1pre19
+Version: 1.2.1pre20
 Release: 1
 Packager: Damien Miller <djm@ibs.com.au>
 Source0: openssh-%{version}.tar.gz
diff --git a/packages/redhat/sshd.pam b/packages/redhat/sshd.pam
index f466f9ba3..f01055022 100644
--- a/packages/redhat/sshd.pam
+++ b/packages/redhat/sshd.pam
@@ -1,5 +1,5 @@
 #%PAM-1.0
-auth       required     /lib/security/pam_pwdb.so shadow
+auth       required     /lib/security/pam_pwdb.so shadow nowait
 auth       required     /lib/security/pam_nologin.so
 account    required     /lib/security/pam_pwdb.so
 password   required     /lib/security/pam_cracklib.so
diff --git a/packages/suse/openssh.spec b/packages/suse/openssh.spec
index 4632763c6..c649ef235 100644
--- a/packages/suse/openssh.spec
+++ b/packages/suse/openssh.spec
@@ -1,6 +1,6 @@
 Summary: OpenSSH, a free Secure Shell (SSH) implementation
 Name: openssh
-Version: 1.2.1pre19
+Version: 1.2.1pre20
 Release: 1
 Source0: openssh-%{version}.tar.gz
 Copyright: BSD
diff --git a/sshd.c b/sshd.c
index 448ca5968..9c570ab8a 100644
--- a/sshd.c
+++ b/sshd.c
@@ -11,7 +11,7 @@
 */
 #include "includes.h"
-RCSID("$Id: sshd.c,v 1.39 1999/12/14 04:43:03 damien Exp $");
+RCSID("$Id: sshd.c,v 1.40 1999/12/24 23:11:29 damien Exp $");
 #ifdef HAVE_POLL_H
 # include <poll.h>
@@ -146,6 +146,7 @@ void do_child(const char *command, struct passwd * pw, const char *term,
 #ifdef HAVE_LIBPAM
 static int pamconv(int num_msg, const struct pam_message **msg,
          struct pam_response **resp, void *appdata_ptr);
+int do_pam_auth(const char *user, const char *password);
 void do_pam_account(char *username, char *remote_user);
 void do_pam_session(char *username, char *ttyname);
 void pam_cleanup_proc(void *context);
@@ -237,6 +238,23 @@ void pam_cleanup_proc(void *context)
        }
 }
+int do_pam_auth(const char *user, const char *password)
+{
+        int pam_retval;
+        
+        pampasswd = password;
+        
+        pam_retval = pam_authenticate((pam_handle_t *)pamh, 0);
+        if (pam_retval == PAM_SUCCESS) {
+                log("PAM Password authentication accepted for user \"%.100s\"", user);
+                return 1;
+        } else {
+                log("PAM Password authentication for \"%.100s\" failed: %s", 
+                        user, PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
+                return 0;
+        }
+}
 void do_pam_account(char *username, char *remote_user)
 {
        int pam_retval;
@@ -1292,7 +1310,11 @@ do_authentication(char *user)
 #ifdef KRB4
            (!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
 #endif /* KRB4 */
+#ifdef HAVE_LIBPAM
+            do_pam_auth(pw->pw_name, "")) {
+#else /* HAVE_LIBPAM */
            auth_password(pw, "")) {
+#endif /* HAVE_LIBPAM */
                /* Authentication with empty password succeeded. */
                log("Login for user %s from %.100s, accepted without authentication.",
                    pw->pw_name, get_remote_ipaddr());
@@ -1503,29 +1525,14 @@ do_authloop(struct passwd * pw)
 #ifdef HAVE_LIBPAM
                        /* Do PAM auth with password */
-                        pampasswd = password;
+                        authenticated = do_pam_auth(pw->pw_name, password);
-                        pam_retval = pam_authenticate((pam_handle_t *)pamh, 0);
-                        if (pam_retval == PAM_SUCCESS) {
-                                log("PAM Password authentication accepted for user \"%.100s\"", pw->pw_name);
-                                memset(password, 0, strlen(password));
-                                xfree(password);
-                                authenticated = 1;
-                                break;
-                        }
-                        log("PAM Password authentication for \"%.100s\" failed: %s", 
-                                pw->pw_name, PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
-                        memset(password, 0, strlen(password));
-                        xfree(password);
-                        break;
 #else /* HAVE_LIBPAM */
                        /* Try authentication with the password. */
                        authenticated = auth_password(pw, password);
+#endif /* HAVE_LIBPAM */
                        memset(password, 0, strlen(password));
                        xfree(password);
                        break;
-#endif /* HAVE_LIBPAM */
 #ifdef SKEY
                case SSH_CMSG_AUTH_TIS:
diff --git a/sshd.pam.generic b/sshd.pam.generic
index 4ec2a2a00..8c4f32daf 100644
--- a/sshd.pam.generic
+++ b/sshd.pam.generic
@@ -1,5 +1,5 @@
 #%PAM-1.0
-auth       required     /lib/security/pam_unix.so shadow
+auth       required     /lib/security/pam_unix.so shadow nowait
 auth       required     /lib/security/pam_nologin.so
 account    required     /lib/security/pam_unix.so
 password   required     /lib/security/pam_cracklib.so
author	Damien Miller <djm@mindrot.org>	1999-12-25 10:11:29 +1100
committer	Damien Miller <djm@mindrot.org>	1999-12-25 10:11:29 +1100
commit	2e1b082dfbc5dcdae80957a3d889abe9fa480d77 (patch)
tree	c2bfe8d4115d22146448ce829fb7b16e9b762b4f
parent	1b0c228ec48d54705474701b6486f1593539a88a (diff)