- (djm) Reorganise PAM & SIA password handling to eliminate some common code

author: Damien Miller <djm@mindrot.org> 2003-01-22 15:42:26 +1100
committer: Damien Miller <djm@mindrot.org> 2003-01-22 15:42:26 +1100
commit: 2101bfc4e1dbe1dc475d71158b1c24c6d2e2e412 (patch)
tree: b9012d184941802b5f9fa188a3a530410513c755 /auth-passwd.c
parent: 53d81483f0bcea8af2207583bb6e83c187d522fc (diff)
1 files changed, 44 insertions, 45 deletions
diff --git a/auth-passwd.c b/auth-passwd.c
index 185db7d6d..cbf093f0d 100644
--- a/auth-passwd.c
+++ b/auth-passwd.c
@@ -92,52 +92,51 @@ extern char *aixloginmsg;
 int
 auth_password(Authctxt *authctxt, const char *password)
 {
-#if defined(USE_PAM)
+#if !defined(USE_PAM) && !defined(HAVE_OSF_SIA)
-        if (*password == '\0' && options.permit_empty_passwd == 0)
-                return 0;
-        return auth_pam_password(authctxt, password);
-#elif defined(HAVE_OSF_SIA)
-        if (*password == '\0' && options.permit_empty_passwd == 0)
-                return 0;
-        return auth_sia_password(authctxt, password);
-#else
        struct passwd * pw = authctxt->pw;
        char *encrypted_password;
        char *pw_password;
        char *salt;
-#if defined(__hpux) || defined(HAVE_SECUREWARE)
+# if defined(__hpux) || defined(HAVE_SECUREWARE)
        struct pr_passwd *spw;
-#endif /* __hpux || HAVE_SECUREWARE */
+# endif /* __hpux || HAVE_SECUREWARE */
-#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
+# if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
        struct spwd *spw;
-#endif
+# endif
-#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
+# if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
        struct passwd_adjunct *spw;
-#endif
+# endif
-#ifdef WITH_AIXAUTHENTICATE
+# ifdef WITH_AIXAUTHENTICATE
        char *authmsg;
        int authsuccess;
        int reenter = 1;
-#endif
+# endif
+#endif /* !defined(USE_PAM) && !defined(HAVE_OSF_SIA) */
        /* deny if no user. */
        if (pw == NULL)
                return 0;
 #ifndef HAVE_CYGWIN
-       if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
+       if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_NO_PASSWD)
                return 0;
 #endif
        if (*password == '\0' && options.permit_empty_passwd == 0)
                return 0;
-#ifdef KRB5
+#if defined(USE_PAM)
+        return auth_pam_password(authctxt, password);
+#elif defined(HAVE_OSF_SIA)
+        return auth_sia_password(authctxt, password);
+#else
+# ifdef KRB5
        if (options.kerberos_authentication == 1) {
                int ret = auth_krb5_password(authctxt, password);
                if (ret == 1 || ret == 0)
                        return ret;
                /* Fall back to ordinary passwd authentication. */
        }
-#endif
+# endif
-#ifdef HAVE_CYGWIN
+# ifdef HAVE_CYGWIN
        if (is_winnt) {
                HANDLE hToken = cygwin_logon_user(pw, password);
@@ -146,8 +145,8 @@ auth_password(Authctxt *authctxt, const char *password)
                cygwin_set_impersonation_token(hToken);
                return 1;
        }
-#endif
+# endif
-#ifdef WITH_AIXAUTHENTICATE
+# ifdef WITH_AIXAUTHENTICATE
        authsuccess = (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0);
        if (authsuccess)
@@ -158,47 +157,47 @@ auth_password(Authctxt *authctxt, const char *password)
                                aixloginmsg = NULL;
        return(authsuccess);
-#endif
+# endif
-#ifdef KRB4
+# ifdef KRB4
        if (options.kerberos_authentication == 1) {
                int ret = auth_krb4_password(authctxt, password);
                if (ret == 1 || ret == 0)
                        return ret;
                /* Fall back to ordinary passwd authentication. */
        }
-#endif
+# endif
-#ifdef BSD_AUTH
+# ifdef BSD_AUTH
        if (auth_userokay(pw->pw_name, authctxt->style, "auth-ssh",
            (char *)password) == 0)
                return 0;
        else
                return 1;
-#endif
+# endif
        pw_password = pw->pw_passwd;
        /*
         * Various interfaces to shadow or protected password data
         */
-#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
+# if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
        spw = getspnam(pw->pw_name);
        if (spw != NULL)
                pw_password = spw->sp_pwdp;
-#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
+# endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
-#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
+# if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
        if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL)
                pw_password = spw->pwa_passwd;
-#endif /* defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) */
+# endif /* defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) */
-#ifdef HAVE_SECUREWARE
+# ifdef HAVE_SECUREWARE
        if ((spw = getprpwnam(pw->pw_name)) != NULL)
                pw_password = spw->ufld.fd_encrypt;
-#endif /* HAVE_SECUREWARE */
+# endif /* HAVE_SECUREWARE */
-#if defined(__hpux) && !defined(HAVE_SECUREWARE)
+# if defined(__hpux) && !defined(HAVE_SECUREWARE)
        if (iscomsec() && (spw = getprpwnam(pw->pw_name)) != NULL)
                pw_password = spw->ufld.fd_encrypt;
-#endif /* defined(__hpux) && !defined(HAVE_SECUREWARE) */
+# endif /* defined(__hpux) && !defined(HAVE_SECUREWARE) */
        /* Check for users with no password. */
        if ((password[0] == '\0') && (pw_password[0] == '\0'))
@@ -209,25 +208,25 @@ auth_password(Authctxt *authctxt, const char *password)
        else
                salt = "xx";
-#ifdef HAVE_MD5_PASSWORDS
+# ifdef HAVE_MD5_PASSWORDS
        if (is_md5_salt(salt))
                encrypted_password = md5_crypt(password, salt);
        else
                encrypted_password = crypt(password, salt);
-#else /* HAVE_MD5_PASSWORDS */
+# else /* HAVE_MD5_PASSWORDS */
-# if defined(__hpux) && !defined(HAVE_SECUREWARE)
+#  if defined(__hpux) && !defined(HAVE_SECUREWARE)
        if (iscomsec())
                encrypted_password = bigcrypt(password, salt);
        else
                encrypted_password = crypt(password, salt);
-# else
-#  ifdef HAVE_SECUREWARE
-        encrypted_password = bigcrypt(password, salt);
 #  else
+#   ifdef HAVE_SECUREWARE
+        encrypted_password = bigcrypt(password, salt);
+#   else
        encrypted_password = crypt(password, salt);
-#  endif /* HAVE_SECUREWARE */
+#   endif /* HAVE_SECUREWARE */
-# endif /* __hpux && !defined(HAVE_SECUREWARE) */
+#  endif /* __hpux && !defined(HAVE_SECUREWARE) */
-#endif /* HAVE_MD5_PASSWORDS */
+# endif /* HAVE_MD5_PASSWORDS */
        /* Authentication is accepted if the encrypted passwords are identical. */
        return (strcmp(encrypted_password, pw_password) == 0);
author	Damien Miller <djm@mindrot.org>	2003-01-22 15:42:26 +1100
committer	Damien Miller <djm@mindrot.org>	2003-01-22 15:42:26 +1100
commit	2101bfc4e1dbe1dc475d71158b1c24c6d2e2e412 (patch)
tree	b9012d184941802b5f9fa188a3a530410513c755 /auth-passwd.c
parent	53d81483f0bcea8af2207583bb6e83c187d522fc (diff)

diff --git a/auth-passwd.c b/auth-passwd.c index 185db7d6d..cbf093f0d 100644 --- a/auth-passwd.c +++ b/auth-passwd.c
@@ -92,52 +92,51 @@ extern char *aixloginmsg;
92	int	92	int
93	auth_password(Authctxt authctxt, const char password)	93	auth_password(Authctxt authctxt, const char password)
94	{	94	{
95	#if defined(USE_PAM)	95	#if !defined(USE_PAM) && !defined(HAVE_OSF_SIA)
96	if (*password == '\0' && options.permit_empty_passwd == 0)
97	return 0;
98	return auth_pam_password(authctxt, password);
99	#elif defined(HAVE_OSF_SIA)
100	if (*password == '\0' && options.permit_empty_passwd == 0)
101	return 0;
102	return auth_sia_password(authctxt, password);
103	#else
104	struct passwd * pw = authctxt->pw;	96	struct passwd * pw = authctxt->pw;
105	char *encrypted_password;	97	char *encrypted_password;
106	char *pw_password;	98	char *pw_password;
107	char *salt;	99	char *salt;
108	#if defined(__hpux) \|\| defined(HAVE_SECUREWARE)	100	# if defined(__hpux) \|\| defined(HAVE_SECUREWARE)
109	struct pr_passwd *spw;	101	struct pr_passwd *spw;
110	#endif /* __hpux \|\| HAVE_SECUREWARE */	102	# endif /* __hpux \|\| HAVE_SECUREWARE */
111	#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)	103	# if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
112	struct spwd *spw;	104	struct spwd *spw;
113	#endif	105	# endif
114	#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)	106	# if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
115	struct passwd_adjunct *spw;	107	struct passwd_adjunct *spw;
116	#endif	108	# endif
117	#ifdef WITH_AIXAUTHENTICATE	109	# ifdef WITH_AIXAUTHENTICATE
118	char *authmsg;	110	char *authmsg;
119	int authsuccess;	111	int authsuccess;
120	int reenter = 1;	112	int reenter = 1;
121	#endif	113	# endif
		114	#endif /* !defined(USE_PAM) && !defined(HAVE_OSF_SIA) */
122		115
123	/* deny if no user. */	116	/* deny if no user. */
124	if (pw == NULL)	117	if (pw == NULL)
125	return 0;	118	return 0;
126	#ifndef HAVE_CYGWIN	119	#ifndef HAVE_CYGWIN
127	if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)	120	if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_NO_PASSWD)
128	return 0;	121	return 0;
129	#endif	122	#endif
130	if (*password == '\0' && options.permit_empty_passwd == 0)	123	if (*password == '\0' && options.permit_empty_passwd == 0)
131	return 0;	124	return 0;
132	#ifdef KRB5	125
		126	#if defined(USE_PAM)
		127	return auth_pam_password(authctxt, password);
		128	#elif defined(HAVE_OSF_SIA)
		129	return auth_sia_password(authctxt, password);
		130	#else
		131	# ifdef KRB5
133	if (options.kerberos_authentication == 1) {	132	if (options.kerberos_authentication == 1) {
134	int ret = auth_krb5_password(authctxt, password);	133	int ret = auth_krb5_password(authctxt, password);
135	if (ret == 1 \|\| ret == 0)	134	if (ret == 1 \|\| ret == 0)
136	return ret;	135	return ret;
137	/* Fall back to ordinary passwd authentication. */	136	/* Fall back to ordinary passwd authentication. */
138	}	137	}
139	#endif	138	# endif
140	#ifdef HAVE_CYGWIN	139	# ifdef HAVE_CYGWIN
141	if (is_winnt) {	140	if (is_winnt) {
142	HANDLE hToken = cygwin_logon_user(pw, password);	141	HANDLE hToken = cygwin_logon_user(pw, password);
143		142
@@ -146,8 +145,8 @@ auth_password(Authctxt authctxt, const char password)
146	cygwin_set_impersonation_token(hToken);	145	cygwin_set_impersonation_token(hToken);
147	return 1;	146	return 1;
148	}	147	}
149	#endif	148	# endif
150	#ifdef WITH_AIXAUTHENTICATE	149	# ifdef WITH_AIXAUTHENTICATE
151	authsuccess = (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0);	150	authsuccess = (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0);
152		151
153	if (authsuccess)	152	if (authsuccess)
@@ -158,47 +157,47 @@ auth_password(Authctxt authctxt, const char password)
158	aixloginmsg = NULL;	157	aixloginmsg = NULL;
159		158
160	return(authsuccess);	159	return(authsuccess);
161	#endif	160	# endif
162	#ifdef KRB4	161	# ifdef KRB4
163	if (options.kerberos_authentication == 1) {	162	if (options.kerberos_authentication == 1) {
164	int ret = auth_krb4_password(authctxt, password);	163	int ret = auth_krb4_password(authctxt, password);
165	if (ret == 1 \|\| ret == 0)	164	if (ret == 1 \|\| ret == 0)
166	return ret;	165	return ret;
167	/* Fall back to ordinary passwd authentication. */	166	/* Fall back to ordinary passwd authentication. */
168	}	167	}
169	#endif	168	# endif
170	#ifdef BSD_AUTH	169	# ifdef BSD_AUTH
171	if (auth_userokay(pw->pw_name, authctxt->style, "auth-ssh",	170	if (auth_userokay(pw->pw_name, authctxt->style, "auth-ssh",
172	(char *)password) == 0)	171	(char *)password) == 0)
173	return 0;	172	return 0;
174	else	173	else
175	return 1;	174	return 1;
176	#endif	175	# endif
177	pw_password = pw->pw_passwd;	176	pw_password = pw->pw_passwd;
178		177
179	/*	178	/*
180	* Various interfaces to shadow or protected password data	179	* Various interfaces to shadow or protected password data
181	*/	180	*/
182	#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)	181	# if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
183	spw = getspnam(pw->pw_name);	182	spw = getspnam(pw->pw_name);
184	if (spw != NULL)	183	if (spw != NULL)
185	pw_password = spw->sp_pwdp;	184	pw_password = spw->sp_pwdp;
186	#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */	185	# endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
187		186
188	#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)	187	# if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
189	if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL)	188	if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL)
190	pw_password = spw->pwa_passwd;	189	pw_password = spw->pwa_passwd;
191	#endif /* defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) */	190	# endif /* defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) */
192		191
193	#ifdef HAVE_SECUREWARE	192	# ifdef HAVE_SECUREWARE
194	if ((spw = getprpwnam(pw->pw_name)) != NULL)	193	if ((spw = getprpwnam(pw->pw_name)) != NULL)
195	pw_password = spw->ufld.fd_encrypt;	194	pw_password = spw->ufld.fd_encrypt;
196	#endif /* HAVE_SECUREWARE */	195	# endif /* HAVE_SECUREWARE */
197		196
198	#if defined(__hpux) && !defined(HAVE_SECUREWARE)	197	# if defined(__hpux) && !defined(HAVE_SECUREWARE)
199	if (iscomsec() && (spw = getprpwnam(pw->pw_name)) != NULL)	198	if (iscomsec() && (spw = getprpwnam(pw->pw_name)) != NULL)
200	pw_password = spw->ufld.fd_encrypt;	199	pw_password = spw->ufld.fd_encrypt;
201	#endif /* defined(__hpux) && !defined(HAVE_SECUREWARE) */	200	# endif /* defined(__hpux) && !defined(HAVE_SECUREWARE) */
202		201
203	/* Check for users with no password. */	202	/* Check for users with no password. */
204	if ((password[0] == '\0') && (pw_password[0] == '\0'))	203	if ((password[0] == '\0') && (pw_password[0] == '\0'))
@@ -209,25 +208,25 @@ auth_password(Authctxt authctxt, const char password)
209	else	208	else
210	salt = "xx";	209	salt = "xx";
211		210
212	#ifdef HAVE_MD5_PASSWORDS	211	# ifdef HAVE_MD5_PASSWORDS
213	if (is_md5_salt(salt))	212	if (is_md5_salt(salt))
214	encrypted_password = md5_crypt(password, salt);	213	encrypted_password = md5_crypt(password, salt);
215	else	214	else
216	encrypted_password = crypt(password, salt);	215	encrypted_password = crypt(password, salt);
217	#else /* HAVE_MD5_PASSWORDS */	216	# else /* HAVE_MD5_PASSWORDS */
218	# if defined(__hpux) && !defined(HAVE_SECUREWARE)	217	# if defined(__hpux) && !defined(HAVE_SECUREWARE)
219	if (iscomsec())	218	if (iscomsec())
220	encrypted_password = bigcrypt(password, salt);	219	encrypted_password = bigcrypt(password, salt);
221	else	220	else
222	encrypted_password = crypt(password, salt);	221	encrypted_password = crypt(password, salt);
223	# else
224	# ifdef HAVE_SECUREWARE
225	encrypted_password = bigcrypt(password, salt);
226	# else	222	# else
		223	# ifdef HAVE_SECUREWARE
		224	encrypted_password = bigcrypt(password, salt);
		225	# else
227	encrypted_password = crypt(password, salt);	226	encrypted_password = crypt(password, salt);
228	# endif /* HAVE_SECUREWARE */	227	# endif /* HAVE_SECUREWARE */
229	# endif /* __hpux && !defined(HAVE_SECUREWARE) */	228	# endif /* __hpux && !defined(HAVE_SECUREWARE) */
230	#endif /* HAVE_MD5_PASSWORDS */	229	# endif /* HAVE_MD5_PASSWORDS */
231		230
232	/* Authentication is accepted if the encrypted passwords are identical. */	231	/* Authentication is accepted if the encrypted passwords are identical. */
233	return (strcmp(encrypted_password, pw_password) == 0);	232	return (strcmp(encrypted_password, pw_password) == 0);