diff options
| author | Damien Miller <djm@mindrot.org> | 1999-12-25 10:11:29 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 1999-12-25 10:11:29 +1100 |
| commit | 2e1b082dfbc5dcdae80957a3d889abe9fa480d77 (patch) | |
| tree | c2bfe8d4115d22146448ce829fb7b16e9b762b4f /sshd.c | |
| parent | 1b0c228ec48d54705474701b6486f1593539a88a (diff) | |
- Prepare for 1.2.1pre20
19991225
- More fixes from Andre Lucas <andre.lucas@dial.pipex.com>
- Cleanup of auth-passwd.c for shadow and MD5 passwords
- Cleanup and bugfix of PAM authentication code
19991223
- Merged later HPUX patch from Andre Lucas
<andre.lucas@dial.pipex.com>
- Above patch included better utmpx support from Ben Taylor
<bent@clark.net>:
Diffstat (limited to 'sshd.c')
| -rw-r--r-- | sshd.c | 43 |
1 files changed, 25 insertions, 18 deletions
| @@ -11,7 +11,7 @@ | |||
| 11 | */ | 11 | */ |
| 12 | 12 | ||
| 13 | #include "includes.h" | 13 | #include "includes.h" |
| 14 | RCSID("$Id: sshd.c,v 1.39 1999/12/14 04:43:03 damien Exp $"); | 14 | RCSID("$Id: sshd.c,v 1.40 1999/12/24 23:11:29 damien Exp $"); |
| 15 | 15 | ||
| 16 | #ifdef HAVE_POLL_H | 16 | #ifdef HAVE_POLL_H |
| 17 | # include <poll.h> | 17 | # include <poll.h> |
| @@ -146,6 +146,7 @@ void do_child(const char *command, struct passwd * pw, const char *term, | |||
| 146 | #ifdef HAVE_LIBPAM | 146 | #ifdef HAVE_LIBPAM |
| 147 | static int pamconv(int num_msg, const struct pam_message **msg, | 147 | static int pamconv(int num_msg, const struct pam_message **msg, |
| 148 | struct pam_response **resp, void *appdata_ptr); | 148 | struct pam_response **resp, void *appdata_ptr); |
| 149 | int do_pam_auth(const char *user, const char *password); | ||
| 149 | void do_pam_account(char *username, char *remote_user); | 150 | void do_pam_account(char *username, char *remote_user); |
| 150 | void do_pam_session(char *username, char *ttyname); | 151 | void do_pam_session(char *username, char *ttyname); |
| 151 | void pam_cleanup_proc(void *context); | 152 | void pam_cleanup_proc(void *context); |
| @@ -237,6 +238,23 @@ void pam_cleanup_proc(void *context) | |||
| 237 | } | 238 | } |
| 238 | } | 239 | } |
| 239 | 240 | ||
| 241 | int do_pam_auth(const char *user, const char *password) | ||
| 242 | { | ||
| 243 | int pam_retval; | ||
| 244 | |||
| 245 | pampasswd = password; | ||
| 246 | |||
| 247 | pam_retval = pam_authenticate((pam_handle_t *)pamh, 0); | ||
| 248 | if (pam_retval == PAM_SUCCESS) { | ||
| 249 | log("PAM Password authentication accepted for user \"%.100s\"", user); | ||
| 250 | return 1; | ||
| 251 | } else { | ||
| 252 | log("PAM Password authentication for \"%.100s\" failed: %s", | ||
| 253 | user, PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); | ||
| 254 | return 0; | ||
| 255 | } | ||
| 256 | } | ||
| 257 | |||
| 240 | void do_pam_account(char *username, char *remote_user) | 258 | void do_pam_account(char *username, char *remote_user) |
| 241 | { | 259 | { |
| 242 | int pam_retval; | 260 | int pam_retval; |
| @@ -1292,7 +1310,11 @@ do_authentication(char *user) | |||
| 1292 | #ifdef KRB4 | 1310 | #ifdef KRB4 |
| 1293 | (!options.kerberos_authentication || options.kerberos_or_local_passwd) && | 1311 | (!options.kerberos_authentication || options.kerberos_or_local_passwd) && |
| 1294 | #endif /* KRB4 */ | 1312 | #endif /* KRB4 */ |
| 1313 | #ifdef HAVE_LIBPAM | ||
| 1314 | do_pam_auth(pw->pw_name, "")) { | ||
| 1315 | #else /* HAVE_LIBPAM */ | ||
| 1295 | auth_password(pw, "")) { | 1316 | auth_password(pw, "")) { |
| 1317 | #endif /* HAVE_LIBPAM */ | ||
| 1296 | /* Authentication with empty password succeeded. */ | 1318 | /* Authentication with empty password succeeded. */ |
| 1297 | log("Login for user %s from %.100s, accepted without authentication.", | 1319 | log("Login for user %s from %.100s, accepted without authentication.", |
| 1298 | pw->pw_name, get_remote_ipaddr()); | 1320 | pw->pw_name, get_remote_ipaddr()); |
| @@ -1503,29 +1525,14 @@ do_authloop(struct passwd * pw) | |||
| 1503 | 1525 | ||
| 1504 | #ifdef HAVE_LIBPAM | 1526 | #ifdef HAVE_LIBPAM |
| 1505 | /* Do PAM auth with password */ | 1527 | /* Do PAM auth with password */ |
| 1506 | pampasswd = password; | 1528 | authenticated = do_pam_auth(pw->pw_name, password); |
| 1507 | pam_retval = pam_authenticate((pam_handle_t *)pamh, 0); | ||
| 1508 | if (pam_retval == PAM_SUCCESS) { | ||
| 1509 | log("PAM Password authentication accepted for user \"%.100s\"", pw->pw_name); | ||
| 1510 | memset(password, 0, strlen(password)); | ||
| 1511 | xfree(password); | ||
| 1512 | authenticated = 1; | ||
| 1513 | break; | ||
| 1514 | } | ||
| 1515 | |||
| 1516 | log("PAM Password authentication for \"%.100s\" failed: %s", | ||
| 1517 | pw->pw_name, PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); | ||
| 1518 | memset(password, 0, strlen(password)); | ||
| 1519 | xfree(password); | ||
| 1520 | break; | ||
| 1521 | #else /* HAVE_LIBPAM */ | 1529 | #else /* HAVE_LIBPAM */ |
| 1522 | /* Try authentication with the password. */ | 1530 | /* Try authentication with the password. */ |
| 1523 | authenticated = auth_password(pw, password); | 1531 | authenticated = auth_password(pw, password); |
| 1524 | 1532 | #endif /* HAVE_LIBPAM */ | |
| 1525 | memset(password, 0, strlen(password)); | 1533 | memset(password, 0, strlen(password)); |
| 1526 | xfree(password); | 1534 | xfree(password); |
| 1527 | break; | 1535 | break; |
| 1528 | #endif /* HAVE_LIBPAM */ | ||
| 1529 | 1536 | ||
| 1530 | #ifdef SKEY | 1537 | #ifdef SKEY |
| 1531 | case SSH_CMSG_AUTH_TIS: | 1538 | case SSH_CMSG_AUTH_TIS: |