Blame - auth-passwd.c - platform/external/openssh

blob: 93756e9e64ff80b573ed750d508827f254e7d003 [file] [log] [blame]

Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1	/*
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2	* Author: Tatu Ylonen <ylo@cs.hut.fi>
				3	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
				4	* All rights reserved
				5	* Created: Sat Mar 18 05:11:38 1995 ylo
				6	* Password authentication. This file contains the functions to check whether
				7	* the password is valid for the user.
				8	*/
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	9
				10	#include "includes.h"
Damien Miller	dd1c7ba	1999-11-19 15:53:20 +1100	[diff] [blame]	11
Damien Miller	6536c7d	2000-06-22 21:32:31 +1000	[diff] [blame]	12	RCSID("$OpenBSD: auth-passwd.c,v 1.16 2000/06/20 01:39:38 markus Exp $");
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	13
Damien Miller	b8c656e	2000-06-28 15:22:41 +1000	[diff] [blame^]	14	#if !defined(USE_PAM) && !defined(HAVE_OSF_SIA)
				15
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	16	#include "packet.h"
				17	#include "ssh.h"
				18	#include "servconf.h"
				19	#include "xmalloc.h"
Damien Miller	2cb210f	1999-11-13 15:40:10 +1100	[diff] [blame]	20
Damien Miller	1fa154b	2000-01-23 10:32:03 +1100	[diff] [blame]	21	#ifdef WITH_AIXAUTHENTICATE
Damien Miller	1bead33	2000-04-30 00:47:29 +1000	[diff] [blame]	22	# include <login.h>
Damien Miller	1fa154b	2000-01-23 10:32:03 +1100	[diff] [blame]	23	#endif
Damien Miller	1bead33	2000-04-30 00:47:29 +1000	[diff] [blame]	24	#ifdef HAVE_HPUX_TRUSTED_SYSTEM_PW
				25	# include <hpsecurity.h>
				26	# include <prot.h>
				27	#endif
Damien Miller	2cb210f	1999-11-13 15:40:10 +1100	[diff] [blame]	28	#ifdef HAVE_SHADOW_H
Damien Miller	beb4ba5	1999-12-28 15:09:35 +1100	[diff] [blame]	29	# include <shadow.h>
Damien Miller	2cb210f	1999-11-13 15:40:10 +1100	[diff] [blame]	30	#endif
Damien Miller	dfc83f4	2000-05-20 15:02:59 +1000	[diff] [blame]	31	#ifdef HAVE_GETPWANAM
				32	# include <sys/label.h>
				33	# include <sys/audit.h>
				34	# include <pwdadj.h>
				35	#endif
Damien Miller	beb4ba5	1999-12-28 15:09:35 +1100	[diff] [blame]	36	#if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)
				37	# include "md5crypt.h"
				38	#endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */
Damien Miller	dd1c7ba	1999-11-19 15:53:20 +1100	[diff] [blame]	39
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	40	/*
				41	* Tries to authenticate the user using password. Returns true if
				42	* authentication succeeds.
				43	*/
Damien Miller	4af5130	2000-04-16 11:18:38 +1000	[diff] [blame]	44	int
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	45	auth_password(struct passwd * pw, const char *password)
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	46	{
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	47	extern ServerOptions options;
				48	char *encrypted_password;
Damien Miller	2e1b082	1999-12-25 10:11:29 +1100	[diff] [blame]	49	char *pw_password;
				50	char *salt;
Damien Miller	2cb210f	1999-11-13 15:40:10 +1100	[diff] [blame]	51	#ifdef HAVE_SHADOW_H
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	52	struct spwd *spw;
Damien Miller	2cb210f	1999-11-13 15:40:10 +1100	[diff] [blame]	53	#endif
Damien Miller	dfc83f4	2000-05-20 15:02:59 +1000	[diff] [blame]	54	#ifdef HAVE_GETPWANAM
				55	struct passwd_adjunct *spw;
				56	#endif
Damien Miller	1fa154b	2000-01-23 10:32:03 +1100	[diff] [blame]	57	#ifdef WITH_AIXAUTHENTICATE
				58	char *authmsg;
				59	char *loginmsg;
				60	int reenter = 1;
				61	#endif
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	62
Damien Miller	ece22a8	1999-12-30 09:48:15 +1100	[diff] [blame]	63	/* deny if no user. */
				64	if (pw == NULL)
				65	return 0;
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	66	if (pw->pw_uid == 0 && options.permit_root_login == 2)
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	67	return 0;
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	68	if (*password == '\0' && options.permit_empty_passwd == 0)
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	69	return 0;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	70
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	71	#ifdef SKEY
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	72	if (options.skey_authentication == 1) {
Damien Miller	aae6c61	1999-12-06 11:47:28 +1100	[diff] [blame]	73	int ret = auth_skey_password(pw, password);
				74	if (ret == 1 \|\| ret == 0)
				75	return ret;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	76	/* Fall back to ordinary passwd authentication. */
				77	}
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	78	#endif
Damien Miller	1fa154b	2000-01-23 10:32:03 +1100	[diff] [blame]	79
				80	#ifdef WITH_AIXAUTHENTICATE
				81	return (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0);
				82	#endif
				83
Damien Miller	aae6c61	1999-12-06 11:47:28 +1100	[diff] [blame]	84	#ifdef KRB4
				85	if (options.kerberos_authentication == 1) {
				86	int ret = auth_krb4_password(pw, password);
				87	if (ret == 1 \|\| ret == 0)
				88	return ret;
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	89	/* Fall back to ordinary passwd authentication. */
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	90	}
Damien Miller	aae6c61	1999-12-06 11:47:28 +1100	[diff] [blame]	91	#endif
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	92
				93	/* Check for users with no password. */
Damien Miller	5428f64	1999-11-25 11:54:57 +1100	[diff] [blame]	94	if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0)
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	95	return 1;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	96
Damien Miller	2e1b082	1999-12-25 10:11:29 +1100	[diff] [blame]	97	pw_password = pw->pw_passwd;
				98
Damien Miller	cb7e5f9	1999-12-21 21:03:09 +1100	[diff] [blame]	99	#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	100	spw = getspnam(pw->pw_name);
Damien Miller	8eb0fd6	1999-12-31 08:49:13 +1100	[diff] [blame]	101	if (spw != NULL)
				102	{
				103	/* Check for users with no password. */
				104	if (strcmp(password, "") == 0 && strcmp(spw->sp_pwdp, "") == 0)
				105	return 1;
Damien Miller	2cb210f	1999-11-13 15:40:10 +1100	[diff] [blame]	106
Damien Miller	8eb0fd6	1999-12-31 08:49:13 +1100	[diff] [blame]	107	pw_password = spw->sp_pwdp;
				108	}
Damien Miller	cb7e5f9	1999-12-21 21:03:09 +1100	[diff] [blame]	109	#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
Damien Miller	dfc83f4	2000-05-20 15:02:59 +1000	[diff] [blame]	110	#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
				111	if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL)
				112	{
				113	/* Check for users with no password. */
				114	if (strcmp(password, "") == 0 && strcmp(spw->pwa_passwd, "") == 0)
				115	return 1;
				116
				117	pw_password = spw->pwa_passwd;
				118	}
				119	#endif /* defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) */
Damien Miller	2e1b082	1999-12-25 10:11:29 +1100	[diff] [blame]	120
				121	if (pw_password[0] != '\0')
				122	salt = pw_password;
				123	else
				124	salt = "xx";
				125
				126	#ifdef HAVE_MD5_PASSWORDS
				127	if (is_md5_salt(salt))
				128	encrypted_password = md5_crypt(password, salt);
				129	else
				130	encrypted_password = crypt(password, salt);
				131	#else /* HAVE_MD5_PASSWORDS */
Damien Miller	1bead33	2000-04-30 00:47:29 +1000	[diff] [blame]	132	# ifdef HAVE_HPUX_TRUSTED_SYSTEM_PW
				133	encrypted_password = bigcrypt(password, salt);
				134	# else
Damien Miller	2e1b082	1999-12-25 10:11:29 +1100	[diff] [blame]	135	encrypted_password = crypt(password, salt);
Damien Miller	1bead33	2000-04-30 00:47:29 +1000	[diff] [blame]	136	# endif /* HAVE_HPUX_TRUSTED_SYSTEM_PW */
Damien Miller	2e1b082	1999-12-25 10:11:29 +1100	[diff] [blame]	137	#endif /* HAVE_MD5_PASSWORDS */
				138
				139	/* Authentication is accepted if the encrypted passwords are identical. */
				140	return (strcmp(encrypted_password, pw_password) == 0);
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	141	}
Damien Miller	b8c656e	2000-06-28 15:22:41 +1000	[diff] [blame^]	142	#endif /* !USE_PAM && !HAVE_OSF_SIA */