- Added shadow password patch from Thomas Neumann <tom@smart.ruhr.de>

- Added ifdefs to auth-passwd.c to exclude it when PAM is enabled
author: Damien Miller <djm@mindrot.org> 1999-11-13 15:40:10 +1100
committer: Damien Miller <djm@mindrot.org> 1999-11-13 15:40:10 +1100
commit: 2cb210f0f729082a2cd3eb8f0c71b85f216a7d2c (patch)
tree: d2902f45be2b6fd5674a6615835a6d2b7fa8039d /auth-passwd.c
parent: b0284386683cb71070da6afdaa6504b309f1d871 (diff)
1 files changed, 33 insertions, 2 deletions
diff --git a/auth-passwd.c b/auth-passwd.c
index 99d0af2be..ea824f5f4 100644
--- a/auth-passwd.c
+++ b/auth-passwd.c
@@ -15,12 +15,20 @@ the password is valid for the user.
 */
 #include "includes.h"
-RCSID("$Id: auth-passwd.c,v 1.3 1999/11/11 06:57:39 damien Exp $");
+RCSID("$Id: auth-passwd.c,v 1.4 1999/11/13 04:40:10 damien Exp $");
 #include "packet.h"
 #include "ssh.h"
 #include "servconf.h"
 #include "xmalloc.h"
+#include "config.h"
+#ifdef HAVE_SHADOW_H
+#include <shadow.h>
+#endif
+#ifndef HAVE_PAM
+/* Don't need anything from here if we are using PAM */
 /* Tries to authenticate the user using password.  Returns true if
   authentication succeeds. */
@@ -29,6 +37,9 @@ int auth_password(struct passwd *pw, const char *password)
 {
  extern ServerOptions options;
  char *encrypted_password;
+#ifdef HAVE_SHADOW_H
+  struct spwd *spw;
+#endif
  if (pw->pw_uid == 0 && options.permit_root_login == 2)
  {
@@ -164,11 +175,31 @@ int auth_password(struct passwd *pw, const char *password)
      return 1; /* The user has no password and an empty password was tried. */
    }
+#ifdef HAVE_SHADOW_H
+  spw = getspnam(pw->pw_name);
+  if (spw == NULL)
+    return(0);
+  if ((spw->sp_namp == NULL) || (strcmp(pw->pw_name, spw->sp_namp) != 0))
+    fatal("Shadow lookup returned garbage.");
+  if (strlen(spw->sp_pwdp) < 3)
+    return(0);
+  /* Encrypt the candidate password using the proper salt. */
+  encrypted_password = crypt(password, spw->sp_pwdp);
+  /* Authentication is accepted if the encrypted passwords are identical. */
+  return (strcmp(encrypted_password, spw->sp_pwdp) == 0);
+#else /* !HAVE_SHADOW_H */
  /* Encrypt the candidate password using the proper salt. */
  encrypted_password = crypt(password, 
                             (pw->pw_passwd[0] && pw->pw_passwd[1]) ?
                             pw->pw_passwd : "xx");
  /* Authentication is accepted if the encrypted passwords are identical. */
  return (strcmp(encrypted_password, pw->pw_passwd) == 0);
+#endif /* !HAVE_SHADOW_H */
 }
+#endif /* !HAVE_PAM */
author	Damien Miller <djm@mindrot.org>	1999-11-13 15:40:10 +1100
committer	Damien Miller <djm@mindrot.org>	1999-11-13 15:40:10 +1100
commit	2cb210f0f729082a2cd3eb8f0c71b85f216a7d2c (patch)
tree	d2902f45be2b6fd5674a6615835a6d2b7fa8039d /auth-passwd.c
parent	b0284386683cb71070da6afdaa6504b309f1d871 (diff)

diff --git a/auth-passwd.c b/auth-passwd.c index 99d0af2be..ea824f5f4 100644 --- a/auth-passwd.c +++ b/auth-passwd.c
@@ -15,12 +15,20 @@ the password is valid for the user.
15	*/	15	*/
16		16
17	#include "includes.h"	17	#include "includes.h"
18	RCSID("$Id: auth-passwd.c,v 1.3 1999/11/11 06:57:39 damien Exp $");	18	RCSID("$Id: auth-passwd.c,v 1.4 1999/11/13 04:40:10 damien Exp $");
19		19
20	#include "packet.h"	20	#include "packet.h"
21	#include "ssh.h"	21	#include "ssh.h"
22	#include "servconf.h"	22	#include "servconf.h"
23	#include "xmalloc.h"	23	#include "xmalloc.h"
		24	#include "config.h"
		25
		26	#ifdef HAVE_SHADOW_H
		27	#include <shadow.h>
		28	#endif
		29
		30	#ifndef HAVE_PAM
		31	/* Don't need anything from here if we are using PAM */
24		32
25	/* Tries to authenticate the user using password. Returns true if	33	/* Tries to authenticate the user using password. Returns true if
26	authentication succeeds. */	34	authentication succeeds. */
@@ -29,6 +37,9 @@ int auth_password(struct passwd pw, const char password)
29	{	37	{
30	extern ServerOptions options;	38	extern ServerOptions options;
31	char *encrypted_password;	39	char *encrypted_password;
		40	#ifdef HAVE_SHADOW_H
		41	struct spwd *spw;
		42	#endif
32		43
33	if (pw->pw_uid == 0 && options.permit_root_login == 2)	44	if (pw->pw_uid == 0 && options.permit_root_login == 2)
34	{	45	{
@@ -164,11 +175,31 @@ int auth_password(struct passwd pw, const char password)
164	return 1; /* The user has no password and an empty password was tried. */	175	return 1; /* The user has no password and an empty password was tried. */
165	}	176	}
166		177
		178	#ifdef HAVE_SHADOW_H
		179	spw = getspnam(pw->pw_name);
		180	if (spw == NULL)
		181	return(0);
		182
		183	if ((spw->sp_namp == NULL) \|\| (strcmp(pw->pw_name, spw->sp_namp) != 0))
		184	fatal("Shadow lookup returned garbage.");
		185
		186	if (strlen(spw->sp_pwdp) < 3)
		187	return(0);
		188
		189	/* Encrypt the candidate password using the proper salt. */
		190	encrypted_password = crypt(password, spw->sp_pwdp);
		191
		192	/* Authentication is accepted if the encrypted passwords are identical. */
		193	return (strcmp(encrypted_password, spw->sp_pwdp) == 0);
		194	#else /* !HAVE_SHADOW_H */
		195
167	/* Encrypt the candidate password using the proper salt. */	196	/* Encrypt the candidate password using the proper salt. */
168	encrypted_password = crypt(password,	197	encrypted_password = crypt(password,
169	(pw->pw_passwd[0] && pw->pw_passwd[1]) ?	198	(pw->pw_passwd[0] && pw->pw_passwd[1]) ?
170	pw->pw_passwd : "xx");	199	pw->pw_passwd : "xx");
171
172	/* Authentication is accepted if the encrypted passwords are identical. */	200	/* Authentication is accepted if the encrypted passwords are identical. */
173	return (strcmp(encrypted_password, pw->pw_passwd) == 0);	201	return (strcmp(encrypted_password, pw->pw_passwd) == 0);
		202	#endif /* !HAVE_SHADOW_H */
174	}	203	}
		204
		205	#endif /* !HAVE_PAM */