Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / bac2d8aa5e642a70045e713853b13d020b9c5d57 / . / auth-passwd.c
blob: 850e258342e68af4531e4f2ce004f50001c7c861 [file] [log] [blame]
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]1/*
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved
5 * Created: Sat Mar 18 05:11:38 1995 ylo
6 * Password authentication. This file contains the functions to check whether
7 * the password is valid for the user.
8 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]9
10#include "includes.h"
Damien Millerdd1c7ba1999-11-19 15:53:20 +1100[diff] [blame]11
Damien Miller6536c7d2000-06-22 21:32:31 +1000[diff] [blame]12RCSID("$OpenBSD: auth-passwd.c,v 1.16 2000/06/20 01:39:38 markus Exp $");
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]13
Damien Millerb8c656e2000-06-28 15:22:41 +1000[diff] [blame]14#if !defined(USE_PAM) && !defined(HAVE_OSF_SIA)
15
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]16#include "packet.h"
17#include "ssh.h"
18#include "servconf.h"
19#include "xmalloc.h"
Damien Miller2cb210f1999-11-13 15:40:10 +1100[diff] [blame]20
Damien Miller1fa154b2000-01-23 10:32:03 +1100[diff] [blame]21#ifdef WITH_AIXAUTHENTICATE
Damien Miller1bead332000-04-30 00:47:29 +1000[diff] [blame]22# include <login.h>
Damien Miller1fa154b2000-01-23 10:32:03 +1100[diff] [blame]23#endif
Damien Miller1bead332000-04-30 00:47:29 +1000[diff] [blame]24#ifdef HAVE_HPUX_TRUSTED_SYSTEM_PW
25# include <hpsecurity.h>
26# include <prot.h>
27#endif
Damien Miller2cb210f1999-11-13 15:40:10 +1100[diff] [blame]28#ifdef HAVE_SHADOW_H
Damien Millerbeb4ba51999-12-28 15:09:35 +1100[diff] [blame]29# include <shadow.h>
Damien Miller2cb210f1999-11-13 15:40:10 +1100[diff] [blame]30#endif
Damien Millerdfc83f42000-05-20 15:02:59 +1000[diff] [blame]31#ifdef HAVE_GETPWANAM
32# include <sys/label.h>
33# include <sys/audit.h>
34# include <pwdadj.h>
35#endif
Damien Millerbeb4ba51999-12-28 15:09:35 +1100[diff] [blame]36#if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)
37# include "md5crypt.h"
38#endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */
Damien Millerdd1c7ba1999-11-19 15:53:20 +1100[diff] [blame]39
Damien Millerbac2d8a2000-09-05 16:13:06 +1100[diff] [blame^]40#ifdef HAVE_CYGWIN
41#undef ERROR
42#include <windows.h>
43#include <sys/cygwin.h>
44#define is_winnt (GetVersion() < 0x80000000)
45#endif
46
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]47/*
48 * Tries to authenticate the user using password. Returns true if
49 * authentication succeeds.
50 */
Damien Miller4af51302000-04-16 11:18:38 +1000[diff] [blame]51int
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]52auth_password(struct passwd * pw, const char *password)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]53{
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]54 extern ServerOptions options;
55 char *encrypted_password;
Damien Miller2e1b0821999-12-25 10:11:29 +1100[diff] [blame]56 char *pw_password;
57 char *salt;
Damien Miller2cb210f1999-11-13 15:40:10 +1100[diff] [blame]58#ifdef HAVE_SHADOW_H
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]59 struct spwd *spw;
Damien Miller2cb210f1999-11-13 15:40:10 +1100[diff] [blame]60#endif
Damien Millerdfc83f42000-05-20 15:02:59 +1000[diff] [blame]61#ifdef HAVE_GETPWANAM
62 struct passwd_adjunct *spw;
63#endif
Damien Miller1fa154b2000-01-23 10:32:03 +1100[diff] [blame]64#ifdef WITH_AIXAUTHENTICATE
65 char *authmsg;
66 char *loginmsg;
67 int reenter = 1;
68#endif
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]69
Damien Millerece22a81999-12-30 09:48:15 +1100[diff] [blame]70 /* deny if no user. */
71 if (pw == NULL)
72 return 0;
Damien Millerbac2d8a2000-09-05 16:13:06 +1100[diff] [blame^]73#ifndef HAVE_CYGWIN
Damien Miller5428f641999-11-25 11:54:57 +1100[diff] [blame]74 if (pw->pw_uid == 0 && options.permit_root_login == 2)
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]75 return 0;
Damien Millerbac2d8a2000-09-05 16:13:06 +1100[diff] [blame^]76#endif
77#ifdef HAVE_CYGWIN
78 /*
79 * Empty password is only possible on NT if the user has _really_
80 * an empty password and authentication is done, though.
81 */
82 if (!is_winnt)
83#endif
Damien Miller5428f641999-11-25 11:54:57 +1100[diff] [blame]84 if (*password == '\0' && options.permit_empty_passwd == 0)
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]85 return 0;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]86
Damien Millerbac2d8a2000-09-05 16:13:06 +1100[diff] [blame^]87#ifdef HAVE_CYGWIN
88 if (is_winnt) {
89 HANDLE hToken = cygwin_logon_user(pw, password);
90
91 if (hToken == INVALID_HANDLE_VALUE)
92 return 0;
93 cygwin_set_impersonation_token(hToken);
94 return 1;
95 }
96#endif
97
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]98#ifdef SKEY
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]99 if (options.skey_authentication == 1) {
Damien Milleraae6c611999-12-06 11:47:28 +1100[diff] [blame]100 int ret = auth_skey_password(pw, password);
101 if (ret == 1 || ret == 0)
102 return ret;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]103 /* Fall back to ordinary passwd authentication. */
104 }
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]105#endif
Damien Miller1fa154b2000-01-23 10:32:03 +1100[diff] [blame]106
107#ifdef WITH_AIXAUTHENTICATE
108 return (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0);
109#endif
110
Damien Milleraae6c611999-12-06 11:47:28 +1100[diff] [blame]111#ifdef KRB4
112 if (options.kerberos_authentication == 1) {
113 int ret = auth_krb4_password(pw, password);
114 if (ret == 1 || ret == 0)
115 return ret;
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]116 /* Fall back to ordinary passwd authentication. */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]117 }
Damien Milleraae6c611999-12-06 11:47:28 +1100[diff] [blame]118#endif
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]119
120 /* Check for users with no password. */
Damien Miller5428f641999-11-25 11:54:57 +1100[diff] [blame]121 if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0)
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]122 return 1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]123
Damien Miller2e1b0821999-12-25 10:11:29 +1100[diff] [blame]124 pw_password = pw->pw_passwd;
125
Damien Millercb7e5f91999-12-21 21:03:09 +1100[diff] [blame]126#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
Damien Miller95def091999-11-25 00:26:21 +1100[diff] [blame]127 spw = getspnam(pw->pw_name);
Damien Miller8eb0fd61999-12-31 08:49:13 +1100[diff] [blame]128 if (spw != NULL)
129 {
130 /* Check for users with no password. */
131 if (strcmp(password, "") == 0 && strcmp(spw->sp_pwdp, "") == 0)
132 return 1;
Damien Miller2cb210f1999-11-13 15:40:10 +1100[diff] [blame]133
Damien Miller8eb0fd61999-12-31 08:49:13 +1100[diff] [blame]134 pw_password = spw->sp_pwdp;
135 }
Damien Millercb7e5f91999-12-21 21:03:09 +1100[diff] [blame]136#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
Damien Millerdfc83f42000-05-20 15:02:59 +1000[diff] [blame]137#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
138 if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL)
139 {
140 /* Check for users with no password. */
141 if (strcmp(password, "") == 0 && strcmp(spw->pwa_passwd, "") == 0)
142 return 1;
143
144 pw_password = spw->pwa_passwd;
145 }
146#endif /* defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) */
Damien Miller2e1b0821999-12-25 10:11:29 +1100[diff] [blame]147
148 if (pw_password[0] != '\0')
149 salt = pw_password;
150 else
151 salt = "xx";
152
153#ifdef HAVE_MD5_PASSWORDS
154 if (is_md5_salt(salt))
155 encrypted_password = md5_crypt(password, salt);
156 else
157 encrypted_password = crypt(password, salt);
158#else /* HAVE_MD5_PASSWORDS */
Damien Miller1bead332000-04-30 00:47:29 +1000[diff] [blame]159# ifdef HAVE_HPUX_TRUSTED_SYSTEM_PW
160 encrypted_password = bigcrypt(password, salt);
161# else
Damien Miller2e1b0821999-12-25 10:11:29 +1100[diff] [blame]162 encrypted_password = crypt(password, salt);
Damien Miller1bead332000-04-30 00:47:29 +1000[diff] [blame]163# endif /* HAVE_HPUX_TRUSTED_SYSTEM_PW */
Damien Miller2e1b0821999-12-25 10:11:29 +1100[diff] [blame]164#endif /* HAVE_MD5_PASSWORDS */
165
166 /* Authentication is accepted if the encrypted passwords are identical. */
167 return (strcmp(encrypted_password, pw_password) == 0);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000[diff] [blame]168}
Damien Millerb8c656e2000-06-28 15:22:41 +1000[diff] [blame]169#endif /* !USE_PAM && !HAVE_OSF_SIA */