summaryrefslogtreecommitdiff
path: root/auth-passwd.c
diff options
context:
space:
mode:
Diffstat (limited to 'auth-passwd.c')
-rw-r--r--auth-passwd.c87
1 files changed, 43 insertions, 44 deletions
diff --git a/auth-passwd.c b/auth-passwd.c
index 185db7d6d..9901d4842 100644
--- a/auth-passwd.c
+++ b/auth-passwd.c
@@ -92,33 +92,26 @@ extern char *aixloginmsg;
92int 92int
93auth_password(Authctxt *authctxt, const char *password) 93auth_password(Authctxt *authctxt, const char *password)
94{ 94{
95#if defined(USE_PAM)
96 if (*password == '\0' && options.permit_empty_passwd == 0)
97 return 0;
98 return auth_pam_password(authctxt, password);
99#elif defined(HAVE_OSF_SIA)
100 if (*password == '\0' && options.permit_empty_passwd == 0)
101 return 0;
102 return auth_sia_password(authctxt, password);
103#else
104 struct passwd * pw = authctxt->pw; 95 struct passwd * pw = authctxt->pw;
96#if !defined(USE_PAM) && !defined(HAVE_OSF_SIA)
105 char *encrypted_password; 97 char *encrypted_password;
106 char *pw_password; 98 char *pw_password;
107 char *salt; 99 char *salt;
108#if defined(__hpux) || defined(HAVE_SECUREWARE) 100# if defined(__hpux) || defined(HAVE_SECUREWARE)
109 struct pr_passwd *spw; 101 struct pr_passwd *spw;
110#endif /* __hpux || HAVE_SECUREWARE */ 102# endif /* __hpux || HAVE_SECUREWARE */
111#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) 103# if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
112 struct spwd *spw; 104 struct spwd *spw;
113#endif 105# endif
114#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) 106# if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
115 struct passwd_adjunct *spw; 107 struct passwd_adjunct *spw;
116#endif 108# endif
117#ifdef WITH_AIXAUTHENTICATE 109# ifdef WITH_AIXAUTHENTICATE
118 char *authmsg; 110 char *authmsg;
119 int authsuccess; 111 int authsuccess;
120 int reenter = 1; 112 int reenter = 1;
121#endif 113# endif
114#endif /* !defined(USE_PAM) && !defined(HAVE_OSF_SIA) */
122 115
123 /* deny if no user. */ 116 /* deny if no user. */
124 if (pw == NULL) 117 if (pw == NULL)
@@ -129,15 +122,21 @@ auth_password(Authctxt *authctxt, const char *password)
129#endif 122#endif
130 if (*password == '\0' && options.permit_empty_passwd == 0) 123 if (*password == '\0' && options.permit_empty_passwd == 0)
131 return 0; 124 return 0;
132#ifdef KRB5 125
126#if defined(USE_PAM)
127 return auth_pam_password(authctxt, password);
128#elif defined(HAVE_OSF_SIA)
129 return auth_sia_password(authctxt, password);
130#else
131# ifdef KRB5
133 if (options.kerberos_authentication == 1) { 132 if (options.kerberos_authentication == 1) {
134 int ret = auth_krb5_password(authctxt, password); 133 int ret = auth_krb5_password(authctxt, password);
135 if (ret == 1 || ret == 0) 134 if (ret == 1 || ret == 0)
136 return ret; 135 return ret;
137 /* Fall back to ordinary passwd authentication. */ 136 /* Fall back to ordinary passwd authentication. */
138 } 137 }
139#endif 138# endif
140#ifdef HAVE_CYGWIN 139# ifdef HAVE_CYGWIN
141 if (is_winnt) { 140 if (is_winnt) {
142 HANDLE hToken = cygwin_logon_user(pw, password); 141 HANDLE hToken = cygwin_logon_user(pw, password);
143 142
@@ -146,8 +145,8 @@ auth_password(Authctxt *authctxt, const char *password)
146 cygwin_set_impersonation_token(hToken); 145 cygwin_set_impersonation_token(hToken);
147 return 1; 146 return 1;
148 } 147 }
149#endif 148# endif
150#ifdef WITH_AIXAUTHENTICATE 149# ifdef WITH_AIXAUTHENTICATE
151 authsuccess = (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0); 150 authsuccess = (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0);
152 151
153 if (authsuccess) 152 if (authsuccess)
@@ -158,47 +157,47 @@ auth_password(Authctxt *authctxt, const char *password)
158 aixloginmsg = NULL; 157 aixloginmsg = NULL;
159 158
160 return(authsuccess); 159 return(authsuccess);
161#endif 160# endif
162#ifdef KRB4 161# ifdef KRB4
163 if (options.kerberos_authentication == 1) { 162 if (options.kerberos_authentication == 1) {
164 int ret = auth_krb4_password(authctxt, password); 163 int ret = auth_krb4_password(authctxt, password);
165 if (ret == 1 || ret == 0) 164 if (ret == 1 || ret == 0)
166 return ret; 165 return ret;
167 /* Fall back to ordinary passwd authentication. */ 166 /* Fall back to ordinary passwd authentication. */
168 } 167 }
169#endif 168# endif
170#ifdef BSD_AUTH 169# ifdef BSD_AUTH
171 if (auth_userokay(pw->pw_name, authctxt->style, "auth-ssh", 170 if (auth_userokay(pw->pw_name, authctxt->style, "auth-ssh",
172 (char *)password) == 0) 171 (char *)password) == 0)
173 return 0; 172 return 0;
174 else 173 else
175 return 1; 174 return 1;
176#endif 175# endif
177 pw_password = pw->pw_passwd; 176 pw_password = pw->pw_passwd;
178 177
179 /* 178 /*
180 * Various interfaces to shadow or protected password data 179 * Various interfaces to shadow or protected password data
181 */ 180 */
182#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) 181# if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
183 spw = getspnam(pw->pw_name); 182 spw = getspnam(pw->pw_name);
184 if (spw != NULL) 183 if (spw != NULL)
185 pw_password = spw->sp_pwdp; 184 pw_password = spw->sp_pwdp;
186#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */ 185# endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
187 186
188#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) 187# if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
189 if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL) 188 if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL)
190 pw_password = spw->pwa_passwd; 189 pw_password = spw->pwa_passwd;
191#endif /* defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) */ 190# endif /* defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) */
192 191
193#ifdef HAVE_SECUREWARE 192# ifdef HAVE_SECUREWARE
194 if ((spw = getprpwnam(pw->pw_name)) != NULL) 193 if ((spw = getprpwnam(pw->pw_name)) != NULL)
195 pw_password = spw->ufld.fd_encrypt; 194 pw_password = spw->ufld.fd_encrypt;
196#endif /* HAVE_SECUREWARE */ 195# endif /* HAVE_SECUREWARE */
197 196
198#if defined(__hpux) && !defined(HAVE_SECUREWARE) 197# if defined(__hpux) && !defined(HAVE_SECUREWARE)
199 if (iscomsec() && (spw = getprpwnam(pw->pw_name)) != NULL) 198 if (iscomsec() && (spw = getprpwnam(pw->pw_name)) != NULL)
200 pw_password = spw->ufld.fd_encrypt; 199 pw_password = spw->ufld.fd_encrypt;
201#endif /* defined(__hpux) && !defined(HAVE_SECUREWARE) */ 200# endif /* defined(__hpux) && !defined(HAVE_SECUREWARE) */
202 201
203 /* Check for users with no password. */ 202 /* Check for users with no password. */
204 if ((password[0] == '\0') && (pw_password[0] == '\0')) 203 if ((password[0] == '\0') && (pw_password[0] == '\0'))
@@ -209,25 +208,25 @@ auth_password(Authctxt *authctxt, const char *password)
209 else 208 else
210 salt = "xx"; 209 salt = "xx";
211 210
212#ifdef HAVE_MD5_PASSWORDS 211# ifdef HAVE_MD5_PASSWORDS
213 if (is_md5_salt(salt)) 212 if (is_md5_salt(salt))
214 encrypted_password = md5_crypt(password, salt); 213 encrypted_password = md5_crypt(password, salt);
215 else 214 else
216 encrypted_password = crypt(password, salt); 215 encrypted_password = crypt(password, salt);
217#else /* HAVE_MD5_PASSWORDS */ 216# else /* HAVE_MD5_PASSWORDS */
218# if defined(__hpux) && !defined(HAVE_SECUREWARE) 217# if defined(__hpux) && !defined(HAVE_SECUREWARE)
219 if (iscomsec()) 218 if (iscomsec())
220 encrypted_password = bigcrypt(password, salt); 219 encrypted_password = bigcrypt(password, salt);
221 else 220 else
222 encrypted_password = crypt(password, salt); 221 encrypted_password = crypt(password, salt);
223# else
224# ifdef HAVE_SECUREWARE
225 encrypted_password = bigcrypt(password, salt);
226# else 222# else
223# ifdef HAVE_SECUREWARE
224 encrypted_password = bigcrypt(password, salt);
225# else
227 encrypted_password = crypt(password, salt); 226 encrypted_password = crypt(password, salt);
228# endif /* HAVE_SECUREWARE */ 227# endif /* HAVE_SECUREWARE */
229# endif /* __hpux && !defined(HAVE_SECUREWARE) */ 228# endif /* __hpux && !defined(HAVE_SECUREWARE) */
230#endif /* HAVE_MD5_PASSWORDS */ 229# endif /* HAVE_MD5_PASSWORDS */
231 230
232 /* Authentication is accepted if the encrypted passwords are identical. */ 231 /* Authentication is accepted if the encrypted passwords are identical. */
233 return (strcmp(encrypted_password, pw_password) == 0); 232 return (strcmp(encrypted_password, pw_password) == 0);