1 files changed, 25 insertions, 18 deletions
diff --git a/sshd.c b/sshd.c
index 448ca5968..9c570ab8a 100644
--- a/sshd.c
+++ b/sshd.c
@@ -11,7 +11,7 @@
 */
 #include "includes.h"
-RCSID("$Id: sshd.c,v 1.39 1999/12/14 04:43:03 damien Exp $");
+RCSID("$Id: sshd.c,v 1.40 1999/12/24 23:11:29 damien Exp $");
 #ifdef HAVE_POLL_H
 # include <poll.h>
@@ -146,6 +146,7 @@ void do_child(const char *command, struct passwd * pw, const char *term,
 #ifdef HAVE_LIBPAM
 static int pamconv(int num_msg, const struct pam_message **msg,
          struct pam_response **resp, void *appdata_ptr);
+int do_pam_auth(const char *user, const char *password);
 void do_pam_account(char *username, char *remote_user);
 void do_pam_session(char *username, char *ttyname);
 void pam_cleanup_proc(void *context);
@@ -237,6 +238,23 @@ void pam_cleanup_proc(void *context)
        }
 }
+int do_pam_auth(const char *user, const char *password)
+{
+        int pam_retval;
+        
+        pampasswd = password;
+        
+        pam_retval = pam_authenticate((pam_handle_t *)pamh, 0);
+        if (pam_retval == PAM_SUCCESS) {
+                log("PAM Password authentication accepted for user \"%.100s\"", user);
+                return 1;
+        } else {
+                log("PAM Password authentication for \"%.100s\" failed: %s", 
+                        user, PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
+                return 0;
+        }
+}
 void do_pam_account(char *username, char *remote_user)
 {
        int pam_retval;
@@ -1292,7 +1310,11 @@ do_authentication(char *user)
 #ifdef KRB4
            (!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
 #endif /* KRB4 */
+#ifdef HAVE_LIBPAM
+            do_pam_auth(pw->pw_name, "")) {
+#else /* HAVE_LIBPAM */
            auth_password(pw, "")) {
+#endif /* HAVE_LIBPAM */
                /* Authentication with empty password succeeded. */
                log("Login for user %s from %.100s, accepted without authentication.",
                    pw->pw_name, get_remote_ipaddr());
@@ -1503,29 +1525,14 @@ do_authloop(struct passwd * pw)
 #ifdef HAVE_LIBPAM
                        /* Do PAM auth with password */
-                        pampasswd = password;
+                        authenticated = do_pam_auth(pw->pw_name, password);
-                        pam_retval = pam_authenticate((pam_handle_t *)pamh, 0);
-                        if (pam_retval == PAM_SUCCESS) {
-                                log("PAM Password authentication accepted for user \"%.100s\"", pw->pw_name);
-                                memset(password, 0, strlen(password));
-                                xfree(password);
-                                authenticated = 1;
-                                break;
-                        }
-                        log("PAM Password authentication for \"%.100s\" failed: %s", 
-                                pw->pw_name, PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
-                        memset(password, 0, strlen(password));
-                        xfree(password);
-                        break;
 #else /* HAVE_LIBPAM */
                        /* Try authentication with the password. */
                        authenticated = auth_password(pw, password);
+#endif /* HAVE_LIBPAM */
                        memset(password, 0, strlen(password));
                        xfree(password);
                        break;
-#endif /* HAVE_LIBPAM */
 #ifdef SKEY
                case SSH_CMSG_AUTH_TIS:

diff --git a/sshd.c b/sshd.c index 448ca5968..9c570ab8a 100644 --- a/sshd.c +++ b/sshd.c
@@ -11,7 +11,7 @@
11	*/	11	*/
12		12
13	#include "includes.h"	13	#include "includes.h"
14	RCSID("$Id: sshd.c,v 1.39 1999/12/14 04:43:03 damien Exp $");	14	RCSID("$Id: sshd.c,v 1.40 1999/12/24 23:11:29 damien Exp $");
15		15
16	#ifdef HAVE_POLL_H	16	#ifdef HAVE_POLL_H
17	# include <poll.h>	17	# include <poll.h>
@@ -146,6 +146,7 @@ void do_child(const char command, struct passwd pw, const char *term,
146	#ifdef HAVE_LIBPAM	146	#ifdef HAVE_LIBPAM
147	static int pamconv(int num_msg, const struct pam_message **msg,	147	static int pamconv(int num_msg, const struct pam_message **msg,
148	struct pam_response *resp, void appdata_ptr);	148	struct pam_response *resp, void appdata_ptr);
		149	int do_pam_auth(const char user, const char password);
149	void do_pam_account(char username, char remote_user);	150	void do_pam_account(char username, char remote_user);
150	void do_pam_session(char username, char ttyname);	151	void do_pam_session(char username, char ttyname);
151	void pam_cleanup_proc(void *context);	152	void pam_cleanup_proc(void *context);
@@ -237,6 +238,23 @@ void pam_cleanup_proc(void *context)
237	}	238	}
238	}	239	}
239		240
		241	int do_pam_auth(const char user, const char password)
		242	{
		243	int pam_retval;
		244
		245	pampasswd = password;
		246
		247	pam_retval = pam_authenticate((pam_handle_t *)pamh, 0);
		248	if (pam_retval == PAM_SUCCESS) {
		249	log("PAM Password authentication accepted for user \"%.100s\"", user);
		250	return 1;
		251	} else {
		252	log("PAM Password authentication for \"%.100s\" failed: %s",
		253	user, PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
		254	return 0;
		255	}
		256	}
		257
240	void do_pam_account(char username, char remote_user)	258	void do_pam_account(char username, char remote_user)
241	{	259	{
242	int pam_retval;	260	int pam_retval;
@@ -1292,7 +1310,11 @@ do_authentication(char *user)
1292	#ifdef KRB4	1310	#ifdef KRB4
1293	(!options.kerberos_authentication \|\| options.kerberos_or_local_passwd) &&	1311	(!options.kerberos_authentication \|\| options.kerberos_or_local_passwd) &&
1294	#endif /* KRB4 */	1312	#endif /* KRB4 */
		1313	#ifdef HAVE_LIBPAM
		1314	do_pam_auth(pw->pw_name, "")) {
		1315	#else /* HAVE_LIBPAM */
1295	auth_password(pw, "")) {	1316	auth_password(pw, "")) {
		1317	#endif /* HAVE_LIBPAM */
1296	/* Authentication with empty password succeeded. */	1318	/* Authentication with empty password succeeded. */
1297	log("Login for user %s from %.100s, accepted without authentication.",	1319	log("Login for user %s from %.100s, accepted without authentication.",
1298	pw->pw_name, get_remote_ipaddr());	1320	pw->pw_name, get_remote_ipaddr());
@@ -1503,29 +1525,14 @@ do_authloop(struct passwd * pw)
1503		1525
1504	#ifdef HAVE_LIBPAM	1526	#ifdef HAVE_LIBPAM
1505	/* Do PAM auth with password */	1527	/* Do PAM auth with password */
1506	pampasswd = password;	1528	authenticated = do_pam_auth(pw->pw_name, password);
1507	pam_retval = pam_authenticate((pam_handle_t *)pamh, 0);
1508	if (pam_retval == PAM_SUCCESS) {
1509	log("PAM Password authentication accepted for user \"%.100s\"", pw->pw_name);
1510	memset(password, 0, strlen(password));
1511	xfree(password);
1512	authenticated = 1;
1513	break;
1514	}
1515
1516	log("PAM Password authentication for \"%.100s\" failed: %s",
1517	pw->pw_name, PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
1518	memset(password, 0, strlen(password));
1519	xfree(password);
1520	break;
1521	#else /* HAVE_LIBPAM */	1529	#else /* HAVE_LIBPAM */
1522	/* Try authentication with the password. */	1530	/* Try authentication with the password. */
1523	authenticated = auth_password(pw, password);	1531	authenticated = auth_password(pw, password);
1524		1532	#endif /* HAVE_LIBPAM */
1525	memset(password, 0, strlen(password));	1533	memset(password, 0, strlen(password));
1526	xfree(password);	1534	xfree(password);
1527	break;	1535	break;
1528	#endif /* HAVE_LIBPAM */
1529		1536
1530	#ifdef SKEY	1537	#ifdef SKEY
1531	case SSH_CMSG_AUTH_TIS:	1538	case SSH_CMSG_AUTH_TIS: