summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog2
-rw-r--r--README1
-rw-r--r--auth-passwd.c35
-rw-r--r--configure.in2
4 files changed, 37 insertions, 3 deletions
diff --git a/ChangeLog b/ChangeLog
index 242b29d94..1ac4dfee8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -9,6 +9,8 @@
9 totalsize, ok niels,aaron 9 totalsize, ok niels,aaron
10 - Delay fork (-f option) in ssh until after port forwarded connections 10 - Delay fork (-f option) in ssh until after port forwarded connections
11 have been initialised. Patch from Jani Hakala <jahakala@cc.jyu.fi> 11 have been initialised. Patch from Jani Hakala <jahakala@cc.jyu.fi>
12 - Added shadow password patch from Thomas Neumann <tom@smart.ruhr.de>
13 - Added ifdefs to auth-passwd.c to exclude it when PAM is enabled
12 14
1319991112 1519991112
14 - Merged changes from OpenBSD CVS 16 - Merged changes from OpenBSD CVS
diff --git a/README b/README
index 5cf0b4496..f60f59604 100644
--- a/README
+++ b/README
@@ -52,6 +52,7 @@ Nalin Dahyabhai <nalin.dahyabhai@pobox.com> - PAM environment patch
52Phil Hands <phil@hands.com> - Debian scripts, assorted patches 52Phil Hands <phil@hands.com> - Debian scripts, assorted patches
53Niels Kristian Bech Jensen <nkbj@image.dk> - Makefile patches 53Niels Kristian Bech Jensen <nkbj@image.dk> - Makefile patches
54Marc G. Fournier <marc.fournier@acadiau.ca> - Solaris patches 54Marc G. Fournier <marc.fournier@acadiau.ca> - Solaris patches
55Thomas Neumann <tom@smart.ruhr.de> - Shadow passwords
55 56
56Miscellania - 57Miscellania -
57 58
diff --git a/auth-passwd.c b/auth-passwd.c
index 99d0af2be..ea824f5f4 100644
--- a/auth-passwd.c
+++ b/auth-passwd.c
@@ -15,12 +15,20 @@ the password is valid for the user.
15*/ 15*/
16 16
17#include "includes.h" 17#include "includes.h"
18RCSID("$Id: auth-passwd.c,v 1.3 1999/11/11 06:57:39 damien Exp $"); 18RCSID("$Id: auth-passwd.c,v 1.4 1999/11/13 04:40:10 damien Exp $");
19 19
20#include "packet.h" 20#include "packet.h"
21#include "ssh.h" 21#include "ssh.h"
22#include "servconf.h" 22#include "servconf.h"
23#include "xmalloc.h" 23#include "xmalloc.h"
24#include "config.h"
25
26#ifdef HAVE_SHADOW_H
27#include <shadow.h>
28#endif
29
30#ifndef HAVE_PAM
31/* Don't need anything from here if we are using PAM */
24 32
25/* Tries to authenticate the user using password. Returns true if 33/* Tries to authenticate the user using password. Returns true if
26 authentication succeeds. */ 34 authentication succeeds. */
@@ -29,6 +37,9 @@ int auth_password(struct passwd *pw, const char *password)
29{ 37{
30 extern ServerOptions options; 38 extern ServerOptions options;
31 char *encrypted_password; 39 char *encrypted_password;
40#ifdef HAVE_SHADOW_H
41 struct spwd *spw;
42#endif
32 43
33 if (pw->pw_uid == 0 && options.permit_root_login == 2) 44 if (pw->pw_uid == 0 && options.permit_root_login == 2)
34 { 45 {
@@ -164,11 +175,31 @@ int auth_password(struct passwd *pw, const char *password)
164 return 1; /* The user has no password and an empty password was tried. */ 175 return 1; /* The user has no password and an empty password was tried. */
165 } 176 }
166 177
178#ifdef HAVE_SHADOW_H
179 spw = getspnam(pw->pw_name);
180 if (spw == NULL)
181 return(0);
182
183 if ((spw->sp_namp == NULL) || (strcmp(pw->pw_name, spw->sp_namp) != 0))
184 fatal("Shadow lookup returned garbage.");
185
186 if (strlen(spw->sp_pwdp) < 3)
187 return(0);
188
189 /* Encrypt the candidate password using the proper salt. */
190 encrypted_password = crypt(password, spw->sp_pwdp);
191
192 /* Authentication is accepted if the encrypted passwords are identical. */
193 return (strcmp(encrypted_password, spw->sp_pwdp) == 0);
194#else /* !HAVE_SHADOW_H */
195
167 /* Encrypt the candidate password using the proper salt. */ 196 /* Encrypt the candidate password using the proper salt. */
168 encrypted_password = crypt(password, 197 encrypted_password = crypt(password,
169 (pw->pw_passwd[0] && pw->pw_passwd[1]) ? 198 (pw->pw_passwd[0] && pw->pw_passwd[1]) ?
170 pw->pw_passwd : "xx"); 199 pw->pw_passwd : "xx");
171
172 /* Authentication is accepted if the encrypted passwords are identical. */ 200 /* Authentication is accepted if the encrypted passwords are identical. */
173 return (strcmp(encrypted_password, pw->pw_passwd) == 0); 201 return (strcmp(encrypted_password, pw->pw_passwd) == 0);
202#endif /* !HAVE_SHADOW_H */
174} 203}
204
205#endif /* !HAVE_PAM */
diff --git a/configure.in b/configure.in
index d80ac7c7f..bd34e6ddc 100644
--- a/configure.in
+++ b/configure.in
@@ -55,7 +55,7 @@ AC_CHECK_LIB(dl, dlopen, , )
55AC_CHECK_LIB(pam, pam_authenticate, , ) 55AC_CHECK_LIB(pam, pam_authenticate, , )
56 56
57dnl Checks for header files. 57dnl Checks for header files.
58AC_CHECK_HEADERS(pty.h endian.h paths.h lastlog.h) 58AC_CHECK_HEADERS(pty.h endian.h paths.h lastlog.h shadow.h)
59 59
60dnl Checks for library functions. 60dnl Checks for library functions.
61AC_PROG_GCC_TRADITIONAL 61AC_PROG_GCC_TRADITIONAL