diff options
author | Damien Miller <djm@mindrot.org> | 1999-11-25 11:54:57 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 1999-11-25 11:54:57 +1100 |
commit | 5428f646ad32da88ddd04a8c287d595524674fbf (patch) | |
tree | cc1f1e5d7852e1f44d41077f776abf7dab7ac06d /auth-passwd.c | |
parent | 9072e1889648988da38b7b81bce95291c1dc3a23 (diff) |
- More reformatting merged from OpenBSD CVS
- Merged OpenBSD CVS changes:
- [channels.c]
report from mrwizard@psu.edu via djm@ibs.com.au
- [channels.c]
set SO_REUSEADDR and SO_LINGER for forwarded ports.
chip@valinux.com via damien@ibs.com.au
- [nchan.c]
it's not an error() if shutdown_write failes in nchan.
- [readconf.c]
remove dead #ifdef-0-code
- [readconf.c servconf.c]
strcasecmp instead of tolower
- [scp.c]
progress meter overflow fix from damien@ibs.com.au
- [ssh-add.1 ssh-add.c]
SSH_ASKPASS support
- [ssh.1 ssh.c]
postpone fork_after_authentication until command execution,
request/patch from jahakala@cc.jyu.fi via damien@ibs.com.au
plus: use daemon() for backgrounding
Diffstat (limited to 'auth-passwd.c')
-rw-r--r-- | auth-passwd.c | 38 |
1 files changed, 19 insertions, 19 deletions
diff --git a/auth-passwd.c b/auth-passwd.c index d3914fca3..e5574ffbe 100644 --- a/auth-passwd.c +++ b/auth-passwd.c | |||
@@ -11,7 +11,7 @@ | |||
11 | 11 | ||
12 | #ifndef HAVE_PAM | 12 | #ifndef HAVE_PAM |
13 | 13 | ||
14 | RCSID("$Id: auth-passwd.c,v 1.6 1999/11/24 13:26:21 damien Exp $"); | 14 | RCSID("$Id: auth-passwd.c,v 1.7 1999/11/25 00:54:57 damien Exp $"); |
15 | 15 | ||
16 | #include "packet.h" | 16 | #include "packet.h" |
17 | #include "ssh.h" | 17 | #include "ssh.h" |
@@ -39,14 +39,10 @@ auth_password(struct passwd * pw, const char *password) | |||
39 | struct spwd *spw; | 39 | struct spwd *spw; |
40 | #endif | 40 | #endif |
41 | 41 | ||
42 | if (pw->pw_uid == 0 && options.permit_root_login == 2) { | 42 | if (pw->pw_uid == 0 && options.permit_root_login == 2) |
43 | /* Server does not permit root login with password */ | ||
44 | return 0; | 43 | return 0; |
45 | } | 44 | if (*password == '\0' && options.permit_empty_passwd == 0) |
46 | if (*password == '\0' && options.permit_empty_passwd == 0) { | ||
47 | /* Server does not permit empty password login */ | ||
48 | return 0; | 45 | return 0; |
49 | } | ||
50 | /* deny if no user. */ | 46 | /* deny if no user. */ |
51 | if (pw == NULL) | 47 | if (pw == NULL) |
52 | return 0; | 48 | return 0; |
@@ -74,8 +70,10 @@ auth_password(struct passwd * pw, const char *password) | |||
74 | #endif | 70 | #endif |
75 | 71 | ||
76 | #if defined(KRB4) | 72 | #if defined(KRB4) |
77 | /* Support for Kerberos v4 authentication - Dug Song | 73 | /* |
78 | <dugsong@UMICH.EDU> */ | 74 | * Support for Kerberos v4 authentication |
75 | * - Dug Song <dugsong@UMICH.EDU> | ||
76 | */ | ||
79 | if (options.kerberos_authentication) { | 77 | if (options.kerberos_authentication) { |
80 | AUTH_DAT adata; | 78 | AUTH_DAT adata; |
81 | KTEXT_ST tkt; | 79 | KTEXT_ST tkt; |
@@ -86,8 +84,10 @@ auth_password(struct passwd * pw, const char *password) | |||
86 | char realm[REALM_SZ]; | 84 | char realm[REALM_SZ]; |
87 | int r; | 85 | int r; |
88 | 86 | ||
89 | /* Try Kerberos password authentication only for non-root | 87 | /* |
90 | users and only if Kerberos is installed. */ | 88 | * Try Kerberos password authentication only for non-root |
89 | * users and only if Kerberos is installed. | ||
90 | */ | ||
91 | if (pw->pw_uid != 0 && krb_get_lrealm(realm, 1) == KSUCCESS) { | 91 | if (pw->pw_uid != 0 && krb_get_lrealm(realm, 1) == KSUCCESS) { |
92 | 92 | ||
93 | /* Set up our ticket file. */ | 93 | /* Set up our ticket file. */ |
@@ -144,14 +144,17 @@ auth_password(struct passwd * pw, const char *password) | |||
144 | goto kerberos_auth_failure; | 144 | goto kerberos_auth_failure; |
145 | } | 145 | } |
146 | } else if (r == KDC_PR_UNKNOWN) { | 146 | } else if (r == KDC_PR_UNKNOWN) { |
147 | /* Allow login if no rcmd service exists, | 147 | /* |
148 | but log the error. */ | 148 | * Allow login if no rcmd service exists, but |
149 | * log the error. | ||
150 | */ | ||
149 | log("Kerberos V4 TGT for %s unverifiable: %s; %s.%s " | 151 | log("Kerberos V4 TGT for %s unverifiable: %s; %s.%s " |
150 | "not registered, or srvtab is wrong?", pw->pw_name, | 152 | "not registered, or srvtab is wrong?", pw->pw_name, |
151 | krb_err_txt[r], KRB4_SERVICE_NAME, phost); | 153 | krb_err_txt[r], KRB4_SERVICE_NAME, phost); |
152 | } else { | 154 | } else { |
153 | /* TGT is bad, forget it. Possibly | 155 | /* |
154 | spoofed! */ | 156 | * TGT is bad, forget it. Possibly spoofed! |
157 | */ | ||
155 | packet_send_debug("WARNING: Kerberos V4 TGT " | 158 | packet_send_debug("WARNING: Kerberos V4 TGT " |
156 | "possibly spoofed for %s: %s", | 159 | "possibly spoofed for %s: %s", |
157 | pw->pw_name, krb_err_txt[r]); | 160 | pw->pw_name, krb_err_txt[r]); |
@@ -175,11 +178,8 @@ auth_password(struct passwd * pw, const char *password) | |||
175 | #endif /* KRB4 */ | 178 | #endif /* KRB4 */ |
176 | 179 | ||
177 | /* Check for users with no password. */ | 180 | /* Check for users with no password. */ |
178 | if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0) { | 181 | if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0) |
179 | packet_send_debug("Login permitted without a password " | ||
180 | "because the account has no password."); | ||
181 | return 1; | 182 | return 1; |
182 | } | ||
183 | 183 | ||
184 | #ifdef HAVE_SHADOW_H | 184 | #ifdef HAVE_SHADOW_H |
185 | spw = getspnam(pw->pw_name); | 185 | spw = getspnam(pw->pw_name); |