- (stevesk) [auth-pam.c auth-pam.h auth-passwd.c auth-sia.c auth-sia.h

auth1.c auth2.c] PAM, OSF_SIA password auth cleanup; from djm.
author: Kevin Steves <stevesk@pobox.com> 2002-04-04 19:02:28 +0000
committer: Kevin Steves <stevesk@pobox.com> 2002-04-04 19:02:28 +0000
commit: e683e7643997118ac51b18c073a6aba410c0cc3c (patch)
tree: f2a98c2979198a89e00eb5cdd3d6fbf0fb986377
parent: af40bc6a72013e9eec74ec99e21dab9342ac9880 (diff)
8 files changed, 62 insertions, 72 deletions
diff --git a/ChangeLog b/ChangeLog
index 15b7a3540..108ba4d50 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+20020404
+ - (stevesk) [auth-pam.c auth-pam.h auth-passwd.c auth-sia.c auth-sia.h
+    auth1.c auth2.c] PAM, OSF_SIA password auth cleanup; from djm.
 20020402
 - (bal) Hand Sync of scp.c (reverted to upstream code)
   - deraadt@cvs.openbsd.org 2002/03/30 17:45:46
@@ -8147,4 +8151,4 @@
 - Wrote replacements for strlcpy and mkdtemp
 - Released 1.0pre1
-$Id: ChangeLog,v 1.2020 2002/04/03 03:36:54 mouring Exp $
+$Id: ChangeLog,v 1.2021 2002/04/04 19:02:28 stevesk Exp $
diff --git a/auth-pam.c b/auth-pam.c
index d97d981c4..daa83c72a 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -28,6 +28,7 @@
 #include "ssh.h"
 #include "xmalloc.h"
 #include "log.h"
+#include "auth.h"
 #include "auth-pam.h"
 #include "servconf.h"
 #include "canohost.h"
@@ -35,7 +36,7 @@
 extern char *__progname;
-RCSID("$Id: auth-pam.c,v 1.42 2002/02/05 01:40:47 djm Exp $");
+RCSID("$Id: auth-pam.c,v 1.43 2002/04/04 19:02:28 stevesk Exp $");
 #define NEW_AUTHTOK_MSG \
        "Warning: Your password has expired, please change it now"
@@ -199,10 +200,11 @@ void do_pam_cleanup_proc(void *context)
 }
 /* Attempt password authentation using PAM */
-int auth_pam_password(struct passwd *pw, const char *password)
+int auth_pam_password(Authctxt *authctxt, const char *password)
 {
        extern ServerOptions options;
        int pam_retval;
+        struct passwd *pw = authctxt->pw;
        do_pam_set_conv(&conv);
diff --git a/auth-pam.h b/auth-pam.h
index c249b5396..6b1f35add 100644
--- a/auth-pam.h
+++ b/auth-pam.h
@@ -1,4 +1,4 @@
-/* $Id: auth-pam.h,v 1.11 2001/03/27 06:12:24 djm Exp $ */
+/* $Id: auth-pam.h,v 1.12 2002/04/04 19:02:28 stevesk Exp $ */
 #include "includes.h"
 #ifdef USE_PAM
@@ -7,7 +7,7 @@
 void start_pam(const char *user);
 void finish_pam(void);
-int auth_pam_password(struct passwd *pw, const char *password);
+int auth_pam_password(Authctxt *authctxt, const char *password);
 char **fetch_pam_environment(void);
 int do_pam_authenticate(int flags);
 int do_pam_account(char *username, char *remote_user);
diff --git a/auth-passwd.c b/auth-passwd.c
index 095b9ba27..7f3073839 100644
--- a/auth-passwd.c
+++ b/auth-passwd.c
@@ -38,47 +38,47 @@
 #include "includes.h"
 RCSID("$OpenBSD: auth-passwd.c,v 1.24 2002/03/04 12:43:06 markus Exp $");
-#if !defined(USE_PAM) && !defined(HAVE_OSF_SIA)
 #include "packet.h"
 #include "log.h"
 #include "servconf.h"
 #include "auth.h"
-#ifdef HAVE_CRYPT_H
+#if !defined(USE_PAM) && !defined(HAVE_OSF_SIA)
-# include <crypt.h>
+/* Don't need any of these headers for the PAM or SIA cases */
-#endif
+# ifdef HAVE_CRYPT_H
-#ifdef WITH_AIXAUTHENTICATE
+#  include <crypt.h>
-# include <login.h>
+# endif
-#endif
+# ifdef WITH_AIXAUTHENTICATE
-#ifdef __hpux
+#  include <login.h>
-# include <hpsecurity.h>
+# endif
-# include <prot.h>
+# ifdef __hpux
-#endif
+#  include <hpsecurity.h>
-#ifdef HAVE_SCO_PROTECTED_PW
+#  include <prot.h>
-# include <sys/security.h>
+# endif
-# include <sys/audit.h>
+# ifdef HAVE_SCO_PROTECTED_PW
-# include <prot.h>
+#  include <sys/security.h>
-#endif /* HAVE_SCO_PROTECTED_PW */
+#  include <sys/audit.h>
-#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
+#  include <prot.h>
-# include <shadow.h>
+# endif /* HAVE_SCO_PROTECTED_PW */
-#endif
+# if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
-#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
+#  include <shadow.h>
-# include <sys/label.h>
+# endif
-# include <sys/audit.h>
+# if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
-# include <pwdadj.h>
+#  include <sys/label.h>
-#endif
+#  include <sys/audit.h>
-#if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)
+#  include <pwdadj.h>
-# include "md5crypt.h"
+# endif
-#endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */
+# if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)
+#  include "md5crypt.h"
-#ifdef HAVE_CYGWIN
+# endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */
-#undef ERROR
-#include <windows.h>
+# ifdef HAVE_CYGWIN
-#include <sys/cygwin.h>
+#  undef ERROR
-#define is_winnt       (GetVersion() < 0x80000000)
+#  include <windows.h>
-#endif
+#  include <sys/cygwin.h>
+#  define is_winnt       (GetVersion() < 0x80000000)
+# endif
+#endif /* !USE_PAM && !HAVE_OSF_SIA */
 extern ServerOptions options;
@@ -89,6 +89,15 @@ extern ServerOptions options;
 int
 auth_password(Authctxt *authctxt, const char *password)
 {
+#if defined(USE_PAM)
+        if (*password == '\0' && options.permit_empty_passwd == 0)
+                return 0;
+        return auth_pam_password(authctxt, password);
+#elif defined(HAVE_OSF_SIA)
+        if (*password == '\0' && options.permit_empty_passwd == 0)
+                return 0;
+        return auth_sia_password(authctxt, password);
+#else
        struct passwd * pw = authctxt->pw;
        char *encrypted_password;
        char *pw_password;
@@ -221,5 +230,5 @@ auth_password(Authctxt *authctxt, const char *password)
        /* Authentication is accepted if the encrypted passwords are identical. */
        return (strcmp(encrypted_password, pw_password) == 0);
-}
 #endif /* !USE_PAM && !HAVE_OSF_SIA */
+}
diff --git a/auth-sia.c b/auth-sia.c
index 8585f5d6b..2bace5d47 100644
--- a/auth-sia.c
+++ b/auth-sia.c
@@ -6,6 +6,7 @@
 #include "log.h"
 #include "servconf.h"
 #include "canohost.h"
+#include "auth.h"
 #include <sia.h>
 #include <siad.h>
@@ -23,15 +24,16 @@ extern char **saved_argv;
 extern int errno;
 int
-auth_sia_password(char *user, char *pass)
+auth_sia_password(Authctxt *authctxt, char *pass)
 {
        int ret;
        SIAENTITY *ent = NULL;
        const char *host;
+        char *user = authctxt->user;
        host = get_canonical_hostname(options.verify_reverse_mapping);
-        if (!user || !pass)
+        if (!user || !pass || pass[0] == '\0')
                return(0);
        if (sia_ses_init(&ent, saved_argc, saved_argv, host, user, NULL, 0,
diff --git a/auth-sia.h b/auth-sia.h
index eaa933322..4ae8d8991 100644
--- a/auth-sia.h
+++ b/auth-sia.h
@@ -2,7 +2,7 @@
 #ifdef HAVE_OSF_SIA
-int     auth_sia_password(char *user, char *pass);
+int     auth_sia_password(Authctxt *authctxt, char *pass);
 void    session_setup_sia(char *user, char *tty);
 #endif /* HAVE_OSF_SIA */
diff --git a/auth1.c b/auth1.c
index 89ae47df2..55dbf78fa 100644
--- a/auth1.c
+++ b/auth1.c
@@ -84,13 +84,7 @@ do_authloop(Authctxt *authctxt)
 #if defined(KRB4) || defined(KRB5)
            (!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
 #endif
-#ifdef USE_PAM
-            auth_pam_password(pw, "")) {
-#elif defined(HAVE_OSF_SIA)
-            0) {
-#else
            PRIVSEP(auth_password(authctxt, ""))) {
-#endif
                auth_log(authctxt, 1, "without authentication", "");
                return;
        }
@@ -246,17 +240,8 @@ do_authloop(Authctxt *authctxt)
                        password = packet_get_string(&dlen);
                        packet_check_eom();
-#ifdef USE_PAM
-                        /* Do PAM auth with password */
-                        authenticated = auth_pam_password(pw, password);
-#elif defined(HAVE_OSF_SIA)
-                        /* Do SIA auth with password */
-                        authenticated = auth_sia_password(authctxt->user, 
-                            password);
-#else /* !USE_PAM && !HAVE_OSF_SIA */
                        /* Try authentication with the password. */
                        authenticated = PRIVSEP(auth_password(authctxt, password));
-#endif /* USE_PAM */
                        memset(password, 0, strlen(password));
                        xfree(password);
diff --git a/auth2.c b/auth2.c
index 3377fde8b..eadaa7135 100644
--- a/auth2.c
+++ b/auth2.c
@@ -329,13 +329,7 @@ userauth_none(Authctxt *authctxt)
        if (check_nt_auth(1, authctxt->pw) == 0)
                return(0);
 #endif
-#ifdef USE_PAM
-        return auth_pam_password(authctxt->pw, "");
-#elif defined(HAVE_OSF_SIA)
-        return 0;
-#else /* !HAVE_OSF_SIA && !USE_PAM */
        return PRIVSEP(auth_password(authctxt, ""));
-#endif /* USE_PAM */
 }
 static int
@@ -354,13 +348,7 @@ userauth_passwd(Authctxt *authctxt)
 #ifdef HAVE_CYGWIN
            check_nt_auth(1, authctxt->pw) &&
 #endif
-#ifdef USE_PAM
-            auth_pam_password(authctxt->pw, password) == 1)
-#elif defined(HAVE_OSF_SIA)
-            auth_sia_password(authctxt->user, password) == 1)
-#else /* !USE_PAM && !HAVE_OSF_SIA */
            PRIVSEP(auth_password(authctxt, password)) == 1)
-#endif /* USE_PAM */
                authenticated = 1;
        memset(password, 0, len);
        xfree(password);
author	Kevin Steves <stevesk@pobox.com>	2002-04-04 19:02:28 +0000
committer	Kevin Steves <stevesk@pobox.com>	2002-04-04 19:02:28 +0000
commit	e683e7643997118ac51b18c073a6aba410c0cc3c (patch)
tree	f2a98c2979198a89e00eb5cdd3d6fbf0fb986377
parent	af40bc6a72013e9eec74ec99e21dab9342ac9880 (diff)

diff --git a/ChangeLog b/ChangeLog index 15b7a3540..108ba4d50 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -1,3 +1,7 @@
		1	20020404
		2	- (stevesk) [auth-pam.c auth-pam.h auth-passwd.c auth-sia.c auth-sia.h
		3	auth1.c auth2.c] PAM, OSF_SIA password auth cleanup; from djm.
		4
1	20020402	5	20020402
2	- (bal) Hand Sync of scp.c (reverted to upstream code)	6	- (bal) Hand Sync of scp.c (reverted to upstream code)
3	- deraadt@cvs.openbsd.org 2002/03/30 17:45:46	7	- deraadt@cvs.openbsd.org 2002/03/30 17:45:46
@@ -8147,4 +8151,4 @@
8147	- Wrote replacements for strlcpy and mkdtemp	8151	- Wrote replacements for strlcpy and mkdtemp
8148	- Released 1.0pre1	8152	- Released 1.0pre1
8149		8153
8150	$Id: ChangeLog,v 1.2020 2002/04/03 03:36:54 mouring Exp $	8154	$Id: ChangeLog,v 1.2021 2002/04/04 19:02:28 stevesk Exp $


diff --git a/auth-pam.c b/auth-pam.c index d97d981c4..daa83c72a 100644 --- a/auth-pam.c +++ b/auth-pam.c
@@ -28,6 +28,7 @@
28	#include "ssh.h"	28	#include "ssh.h"
29	#include "xmalloc.h"	29	#include "xmalloc.h"
30	#include "log.h"	30	#include "log.h"
		31	#include "auth.h"
31	#include "auth-pam.h"	32	#include "auth-pam.h"
32	#include "servconf.h"	33	#include "servconf.h"
33	#include "canohost.h"	34	#include "canohost.h"
@@ -35,7 +36,7 @@
35		36
36	extern char *__progname;	37	extern char *__progname;
37		38
38	RCSID("$Id: auth-pam.c,v 1.42 2002/02/05 01:40:47 djm Exp $");	39	RCSID("$Id: auth-pam.c,v 1.43 2002/04/04 19:02:28 stevesk Exp $");
39		40
40	#define NEW_AUTHTOK_MSG \	41	#define NEW_AUTHTOK_MSG \
41	"Warning: Your password has expired, please change it now"	42	"Warning: Your password has expired, please change it now"
@@ -199,10 +200,11 @@ void do_pam_cleanup_proc(void *context)
199	}	200	}
200		201
201	/* Attempt password authentation using PAM */	202	/* Attempt password authentation using PAM */
202	int auth_pam_password(struct passwd pw, const char password)	203	int auth_pam_password(Authctxt authctxt, const char password)
203	{	204	{
204	extern ServerOptions options;	205	extern ServerOptions options;
205	int pam_retval;	206	int pam_retval;
		207	struct passwd *pw = authctxt->pw;
206		208
207	do_pam_set_conv(&conv);	209	do_pam_set_conv(&conv);
208		210


diff --git a/auth-pam.h b/auth-pam.h index c249b5396..6b1f35add 100644 --- a/auth-pam.h +++ b/auth-pam.h
@@ -1,4 +1,4 @@
1	/* $Id: auth-pam.h,v 1.11 2001/03/27 06:12:24 djm Exp $ */	1	/* $Id: auth-pam.h,v 1.12 2002/04/04 19:02:28 stevesk Exp $ */
2		2
3	#include "includes.h"	3	#include "includes.h"
4	#ifdef USE_PAM	4	#ifdef USE_PAM
@@ -7,7 +7,7 @@
7		7
8	void start_pam(const char *user);	8	void start_pam(const char *user);
9	void finish_pam(void);	9	void finish_pam(void);
10	int auth_pam_password(struct passwd pw, const char password);	10	int auth_pam_password(Authctxt authctxt, const char password);
11	char **fetch_pam_environment(void);	11	char **fetch_pam_environment(void);
12	int do_pam_authenticate(int flags);	12	int do_pam_authenticate(int flags);
13	int do_pam_account(char username, char remote_user);	13	int do_pam_account(char username, char remote_user);


diff --git a/auth-passwd.c b/auth-passwd.c index 095b9ba27..7f3073839 100644 --- a/auth-passwd.c +++ b/auth-passwd.c
@@ -38,47 +38,47 @@
38	#include "includes.h"	38	#include "includes.h"
39	RCSID("$OpenBSD: auth-passwd.c,v 1.24 2002/03/04 12:43:06 markus Exp $");	39	RCSID("$OpenBSD: auth-passwd.c,v 1.24 2002/03/04 12:43:06 markus Exp $");
40		40
41	#if !defined(USE_PAM) && !defined(HAVE_OSF_SIA)
42
43	#include "packet.h"	41	#include "packet.h"
44	#include "log.h"	42	#include "log.h"
45	#include "servconf.h"	43	#include "servconf.h"
46	#include "auth.h"	44	#include "auth.h"
47		45
48	#ifdef HAVE_CRYPT_H	46	#if !defined(USE_PAM) && !defined(HAVE_OSF_SIA)
49	# include <crypt.h>	47	/* Don't need any of these headers for the PAM or SIA cases */
50	#endif	48	# ifdef HAVE_CRYPT_H
51	#ifdef WITH_AIXAUTHENTICATE	49	# include <crypt.h>
52	# include <login.h>	50	# endif
53	#endif	51	# ifdef WITH_AIXAUTHENTICATE
54	#ifdef __hpux	52	# include <login.h>
55	# include <hpsecurity.h>	53	# endif
56	# include <prot.h>	54	# ifdef __hpux
57	#endif	55	# include <hpsecurity.h>
58	#ifdef HAVE_SCO_PROTECTED_PW	56	# include <prot.h>
59	# include <sys/security.h>	57	# endif
60	# include <sys/audit.h>	58	# ifdef HAVE_SCO_PROTECTED_PW
61	# include <prot.h>	59	# include <sys/security.h>
62	#endif /* HAVE_SCO_PROTECTED_PW */	60	# include <sys/audit.h>
63	#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)	61	# include <prot.h>
64	# include <shadow.h>	62	# endif /* HAVE_SCO_PROTECTED_PW */
65	#endif	63	# if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
66	#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)	64	# include <shadow.h>
67	# include <sys/label.h>	65	# endif
68	# include <sys/audit.h>	66	# if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
69	# include <pwdadj.h>	67	# include <sys/label.h>
70	#endif	68	# include <sys/audit.h>
71	#if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)	69	# include <pwdadj.h>
72	# include "md5crypt.h"	70	# endif
73	#endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */	71	# if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)
74		72	# include "md5crypt.h"
75	#ifdef HAVE_CYGWIN	73	# endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */
76	#undef ERROR	74
77	#include <windows.h>	75	# ifdef HAVE_CYGWIN
78	#include <sys/cygwin.h>	76	# undef ERROR
79	#define is_winnt (GetVersion() < 0x80000000)	77	# include <windows.h>
80	#endif	78	# include <sys/cygwin.h>
81		79	# define is_winnt (GetVersion() < 0x80000000)
		80	# endif
		81	#endif /* !USE_PAM && !HAVE_OSF_SIA */
82		82
83	extern ServerOptions options;	83	extern ServerOptions options;
84		84
@@ -89,6 +89,15 @@ extern ServerOptions options;
89	int	89	int
90	auth_password(Authctxt authctxt, const char password)	90	auth_password(Authctxt authctxt, const char password)
91	{	91	{
		92	#if defined(USE_PAM)
		93	if (*password == '\0' && options.permit_empty_passwd == 0)
		94	return 0;
		95	return auth_pam_password(authctxt, password);
		96	#elif defined(HAVE_OSF_SIA)
		97	if (*password == '\0' && options.permit_empty_passwd == 0)
		98	return 0;
		99	return auth_sia_password(authctxt, password);
		100	#else
92	struct passwd * pw = authctxt->pw;	101	struct passwd * pw = authctxt->pw;
93	char *encrypted_password;	102	char *encrypted_password;
94	char *pw_password;	103	char *pw_password;
@@ -221,5 +230,5 @@ auth_password(Authctxt authctxt, const char password)
221		230
222	/* Authentication is accepted if the encrypted passwords are identical. */	231	/* Authentication is accepted if the encrypted passwords are identical. */
223	return (strcmp(encrypted_password, pw_password) == 0);	232	return (strcmp(encrypted_password, pw_password) == 0);
224	}
225	#endif /* !USE_PAM && !HAVE_OSF_SIA */	233	#endif /* !USE_PAM && !HAVE_OSF_SIA */
		234	}


diff --git a/auth-sia.c b/auth-sia.c index 8585f5d6b..2bace5d47 100644 --- a/auth-sia.c +++ b/auth-sia.c
@@ -6,6 +6,7 @@
6	#include "log.h"	6	#include "log.h"
7	#include "servconf.h"	7	#include "servconf.h"
8	#include "canohost.h"	8	#include "canohost.h"
		9	#include "auth.h"
9		10
10	#include <sia.h>	11	#include <sia.h>
11	#include <siad.h>	12	#include <siad.h>
@@ -23,15 +24,16 @@ extern char **saved_argv;
23	extern int errno;	24	extern int errno;
24		25
25	int	26	int
26	auth_sia_password(char user, char pass)	27	auth_sia_password(Authctxt authctxt, char pass)
27	{	28	{
28	int ret;	29	int ret;
29	SIAENTITY *ent = NULL;	30	SIAENTITY *ent = NULL;
30	const char *host;	31	const char *host;
		32	char *user = authctxt->user;
31		33
32	host = get_canonical_hostname(options.verify_reverse_mapping);	34	host = get_canonical_hostname(options.verify_reverse_mapping);
33		35
34	if (!user \|\| !pass)	36	if (!user \|\| !pass \|\| pass[0] == '\0')
35	return(0);	37	return(0);
36		38
37	if (sia_ses_init(&ent, saved_argc, saved_argv, host, user, NULL, 0,	39	if (sia_ses_init(&ent, saved_argc, saved_argv, host, user, NULL, 0,


diff --git a/auth-sia.h b/auth-sia.h index eaa933322..4ae8d8991 100644 --- a/auth-sia.h +++ b/auth-sia.h
@@ -2,7 +2,7 @@
2		2
3	#ifdef HAVE_OSF_SIA	3	#ifdef HAVE_OSF_SIA
4		4
5	int auth_sia_password(char user, char pass);	5	int auth_sia_password(Authctxt authctxt, char pass);
6	void session_setup_sia(char user, char tty);	6	void session_setup_sia(char user, char tty);
7		7
8	#endif /* HAVE_OSF_SIA */	8	#endif /* HAVE_OSF_SIA */


diff --git a/auth1.c b/auth1.c index 89ae47df2..55dbf78fa 100644 --- a/auth1.c +++ b/auth1.c
@@ -84,13 +84,7 @@ do_authloop(Authctxt *authctxt)
84	#if defined(KRB4) \|\| defined(KRB5)	84	#if defined(KRB4) \|\| defined(KRB5)
85	(!options.kerberos_authentication \|\| options.kerberos_or_local_passwd) &&	85	(!options.kerberos_authentication \|\| options.kerberos_or_local_passwd) &&
86	#endif	86	#endif
87	#ifdef USE_PAM
88	auth_pam_password(pw, "")) {
89	#elif defined(HAVE_OSF_SIA)
90	0) {
91	#else
92	PRIVSEP(auth_password(authctxt, ""))) {	87	PRIVSEP(auth_password(authctxt, ""))) {
93	#endif
94	auth_log(authctxt, 1, "without authentication", "");	88	auth_log(authctxt, 1, "without authentication", "");
95	return;	89	return;
96	}	90	}
@@ -246,17 +240,8 @@ do_authloop(Authctxt *authctxt)
246	password = packet_get_string(&dlen);	240	password = packet_get_string(&dlen);
247	packet_check_eom();	241	packet_check_eom();
248		242
249	#ifdef USE_PAM
250	/* Do PAM auth with password */
251	authenticated = auth_pam_password(pw, password);
252	#elif defined(HAVE_OSF_SIA)
253	/* Do SIA auth with password */
254	authenticated = auth_sia_password(authctxt->user,
255	password);
256	#else /* !USE_PAM && !HAVE_OSF_SIA */
257	/* Try authentication with the password. */	243	/* Try authentication with the password. */
258	authenticated = PRIVSEP(auth_password(authctxt, password));	244	authenticated = PRIVSEP(auth_password(authctxt, password));
259	#endif /* USE_PAM */
260		245
261	memset(password, 0, strlen(password));	246	memset(password, 0, strlen(password));
262	xfree(password);	247	xfree(password);


diff --git a/auth2.c b/auth2.c index 3377fde8b..eadaa7135 100644 --- a/auth2.c +++ b/auth2.c
@@ -329,13 +329,7 @@ userauth_none(Authctxt *authctxt)
329	if (check_nt_auth(1, authctxt->pw) == 0)	329	if (check_nt_auth(1, authctxt->pw) == 0)
330	return(0);	330	return(0);
331	#endif	331	#endif
332	#ifdef USE_PAM
333	return auth_pam_password(authctxt->pw, "");
334	#elif defined(HAVE_OSF_SIA)
335	return 0;
336	#else /* !HAVE_OSF_SIA && !USE_PAM */
337	return PRIVSEP(auth_password(authctxt, ""));	332	return PRIVSEP(auth_password(authctxt, ""));
338	#endif /* USE_PAM */
339	}	333	}
340		334
341	static int	335	static int
@@ -354,13 +348,7 @@ userauth_passwd(Authctxt *authctxt)
354	#ifdef HAVE_CYGWIN	348	#ifdef HAVE_CYGWIN
355	check_nt_auth(1, authctxt->pw) &&	349	check_nt_auth(1, authctxt->pw) &&
356	#endif	350	#endif
357	#ifdef USE_PAM
358	auth_pam_password(authctxt->pw, password) == 1)
359	#elif defined(HAVE_OSF_SIA)
360	auth_sia_password(authctxt->user, password) == 1)
361	#else /* !USE_PAM && !HAVE_OSF_SIA */
362	PRIVSEP(auth_password(authctxt, password)) == 1)	351	PRIVSEP(auth_password(authctxt, password)) == 1)
363	#endif /* USE_PAM */
364	authenticated = 1;	352	authenticated = 1;
365	memset(password, 0, len);	353	memset(password, 0, len);
366	xfree(password);	354	xfree(password);