From 2e1b082dfbc5dcdae80957a3d889abe9fa480d77 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 25 Dec 1999 10:11:29 +1100 Subject: - Prepare for 1.2.1pre20 19991225 - More fixes from Andre Lucas - Cleanup of auth-passwd.c for shadow and MD5 passwords - Cleanup and bugfix of PAM authentication code 19991223 - Merged later HPUX patch from Andre Lucas - Above patch included better utmpx support from Ben Taylor : --- auth-passwd.c | 47 ++++++++++++++++++----------------------------- 1 file changed, 18 insertions(+), 29 deletions(-) (limited to 'auth-passwd.c') diff --git a/auth-passwd.c b/auth-passwd.c index fc0809e16..058dde82b 100644 --- a/auth-passwd.c +++ b/auth-passwd.c @@ -9,9 +9,9 @@ #include "includes.h" -#ifndef HAVE_PAM +#ifndef HAVE_LIBPAM -RCSID("$Id: auth-passwd.c,v 1.10 1999/12/21 10:03:09 damien Exp $"); +RCSID("$Id: auth-passwd.c,v 1.11 1999/12/24 23:11:29 damien Exp $"); #include "packet.h" #include "ssh.h" @@ -35,6 +35,8 @@ auth_password(struct passwd * pw, const char *password) { extern ServerOptions options; char *encrypted_password; + char *pw_password; + char *salt; #ifdef HAVE_SHADOW_H struct spwd *spw; #endif @@ -68,48 +70,35 @@ auth_password(struct passwd * pw, const char *password) if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0) return 1; + pw_password = pw->pw_passwd; + #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) spw = getspnam(pw->pw_name); - if (spw == NULL) + if (spw == NULL) return(0); - if ((spw->sp_namp == NULL) || (strcmp(pw->pw_name, spw->sp_namp) != 0)) - fatal("Shadow lookup returned garbage."); - /* Check for users with no password. */ if (strcmp(password, "") == 0 && strcmp(spw->sp_pwdp, "") == 0) return 1; - if (strlen(spw->sp_pwdp) < 3) - return(0); + pw_password = spw->sp_pwdp; +#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */ - /* Encrypt the candidate password using the proper salt. */ -#ifdef HAVE_MD5_PASSWORDS - if (is_md5_salt(spw->sp_pwdp)) - encrypted_password = md5_crypt(password, spw->sp_pwdp); + if (pw_password[0] != '\0') + salt = pw_password; else - encrypted_password = crypt(password, spw->sp_pwdp); -#else /* HAVE_MD5_PASSWORDS */ - encrypted_password = crypt(password, spw->sp_pwdp); -#endif /* HAVE_MD5_PASSWORDS */ - /* Authentication is accepted if the encrypted passwords are identical. */ - return (strcmp(encrypted_password, spw->sp_pwdp) == 0); -#else /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */ - - if (strlen(pw->pw_passwd) < 3) - return(0); + salt = "xx"; #ifdef HAVE_MD5_PASSWORDS - if (is_md5_salt(pw->pw_passwd)) - encrypted_password = md5_crypt(password, pw->pw_passwd); + if (is_md5_salt(salt)) + encrypted_password = md5_crypt(password, salt); else - encrypted_password = crypt(password, pw->pw_passwd); + encrypted_password = crypt(password, salt); #else /* HAVE_MD5_PASSWORDS */ - encrypted_password = crypt(password, pw->pw_passwd); + encrypted_password = crypt(password, salt); #endif /* HAVE_MD5_PASSWORDS */ /* Authentication is accepted if the encrypted passwords are identical. */ - return (strcmp(encrypted_password, pw->pw_passwd) == 0); -#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */ + return (strcmp(encrypted_password, pw_password) == 0); } -#endif /* !HAVE_PAM */ +#endif /* !HAVE_LIBPAM */ -- cgit v1.2.3