Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / aae6c614da614eb10ced16505f35410671c95d9d / . / auth-passwd.c
blob: efae0fd2b04e444b796e2826bb37c83d80db6f56 [file] [log] [blame]
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]1/*
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved
5 * Created: Sat Mar 18 05:11:38 1995 ylo
6 * Password authentication. This file contains the functions to check whether
7 * the password is valid for the user.
8 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]9
10#include "includes.h"
Damien Millerdd1c7ba1999-11-19 15:53:20 +1100[diff] [blame]11
12#ifndef HAVE_PAM
13
Damien Milleraae6c611999-12-06 11:47:28 +1100[diff] [blame^]14RCSID("$Id: auth-passwd.c,v 1.8 1999/12/06 00:47:28 damien Exp $");
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]15
16#include "packet.h"
17#include "ssh.h"
18#include "servconf.h"
19#include "xmalloc.h"
Damien Miller2cb210f1999-11-13 15:40:10 +1100[diff] [blame]20
21#ifdef HAVE_SHADOW_H
22#include <shadow.h>
23#endif
24
Damien Millerdd1c7ba1999-11-19 15:53:20 +1100[diff] [blame]25#ifdef HAVE_MD5_PASSWORDS
26#include "md5crypt.h"
27#endif
28
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]29/*
30 * Tries to authenticate the user using password. Returns true if
31 * authentication succeeds.
32 */
33int
34auth_password(struct passwd * pw, const char *password)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]35{
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]36 extern ServerOptions options;
37 char *encrypted_password;
Damien Miller2cb210f1999-11-13 15:40:10 +1100[diff] [blame]38#ifdef HAVE_SHADOW_H
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]39 struct spwd *spw;
Damien Miller2cb210f1999-11-13 15:40:10 +1100[diff] [blame]40#endif
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]41
Damien Miller5428f641999-11-25 11:54:57 +1100[diff] [blame]42 if (pw->pw_uid == 0 && options.permit_root_login == 2)
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]43 return 0;
Damien Miller5428f641999-11-25 11:54:57 +1100[diff] [blame]44 if (*password == '\0' && options.permit_empty_passwd == 0)
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]45 return 0;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]46 /* deny if no user. */
47 if (pw == NULL)
48 return 0;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]49
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]50#ifdef SKEY
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]51 if (options.skey_authentication == 1) {
Damien Milleraae6c611999-12-06 11:47:28 +1100[diff] [blame^]52 int ret = auth_skey_password(pw, password);
53 if (ret == 1 || ret == 0)
54 return ret;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]55 /* Fall back to ordinary passwd authentication. */
56 }
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]57#endif
Damien Milleraae6c611999-12-06 11:47:28 +1100[diff] [blame^]58#ifdef KRB4
59 if (options.kerberos_authentication == 1) {
60 int ret = auth_krb4_password(pw, password);
61 if (ret == 1 || ret == 0)
62 return ret;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]63 /* Fall back to ordinary passwd authentication. */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]64 }
Damien Milleraae6c611999-12-06 11:47:28 +1100[diff] [blame^]65#endif
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]66
67 /* Check for users with no password. */
Damien Miller5428f641999-11-25 11:54:57 +1100[diff] [blame]68 if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0)
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]69 return 1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]70
Damien Miller2cb210f1999-11-13 15:40:10 +1100[diff] [blame]71#ifdef HAVE_SHADOW_H
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]72 spw = getspnam(pw->pw_name);
73 if (spw == NULL)
74 return(0);
Damien Miller2cb210f1999-11-13 15:40:10 +1100[diff] [blame]75
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]76 if ((spw->sp_namp == NULL) || (strcmp(pw->pw_name, spw->sp_namp) != 0))
77 fatal("Shadow lookup returned garbage.");
Damien Miller2cb210f1999-11-13 15:40:10 +1100[diff] [blame]78
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]79 if (strlen(spw->sp_pwdp) < 3)
80 return(0);
Damien Miller2cb210f1999-11-13 15:40:10 +1100[diff] [blame]81
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]82 /* Encrypt the candidate password using the proper salt. */
Damien Millerdd1c7ba1999-11-19 15:53:20 +1100[diff] [blame]83#ifdef HAVE_MD5_PASSWORDS
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]84 if (is_md5_salt(spw->sp_pwdp))
85 encrypted_password = md5_crypt(password, spw->sp_pwdp);
86 else
87 encrypted_password = crypt(password, spw->sp_pwdp);
Damien Millerdd1c7ba1999-11-19 15:53:20 +1100[diff] [blame]88#else /* HAVE_MD5_PASSWORDS */
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]89 encrypted_password = crypt(password, spw->sp_pwdp);
Damien Millerdd1c7ba1999-11-19 15:53:20 +1100[diff] [blame]90#endif /* HAVE_MD5_PASSWORDS */
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]91 /* Authentication is accepted if the encrypted passwords are identical. */
92 return (strcmp(encrypted_password, spw->sp_pwdp) == 0);
Damien Miller2cb210f1999-11-13 15:40:10 +1100[diff] [blame]93#else /* !HAVE_SHADOW_H */
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]94 encrypted_password = crypt(password,
95 (pw->pw_passwd[0] && pw->pw_passwd[1]) ? pw->pw_passwd : "xx");
Damien Miller2cb210f1999-11-13 15:40:10 +1100[diff] [blame]96
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]97 /* Authentication is accepted if the encrypted passwords are identical. */
98 return (strcmp(encrypted_password, pw->pw_passwd) == 0);
Damien Miller2cb210f1999-11-13 15:40:10 +1100[diff] [blame]99#endif /* !HAVE_SHADOW_H */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]100}
Damien Miller2cb210f1999-11-13 15:40:10 +1100[diff] [blame]101#endif /* !HAVE_PAM */