diff options
author | Damien Miller <djm@mindrot.org> | 1999-12-25 10:11:29 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 1999-12-25 10:11:29 +1100 |
commit | 2e1b082dfbc5dcdae80957a3d889abe9fa480d77 (patch) | |
tree | c2bfe8d4115d22146448ce829fb7b16e9b762b4f /auth-passwd.c | |
parent | 1b0c228ec48d54705474701b6486f1593539a88a (diff) | |
download | openssh-git-2e1b082dfbc5dcdae80957a3d889abe9fa480d77.tar.gz |
- Prepare for 1.2.1pre20V_1_2_1_PRE20
19991225
- More fixes from Andre Lucas <andre.lucas@dial.pipex.com>
- Cleanup of auth-passwd.c for shadow and MD5 passwords
- Cleanup and bugfix of PAM authentication code
19991223
- Merged later HPUX patch from Andre Lucas
<andre.lucas@dial.pipex.com>
- Above patch included better utmpx support from Ben Taylor
<bent@clark.net>:
Diffstat (limited to 'auth-passwd.c')
-rw-r--r-- | auth-passwd.c | 47 |
1 files changed, 18 insertions, 29 deletions
diff --git a/auth-passwd.c b/auth-passwd.c index fc0809e1..058dde82 100644 --- a/auth-passwd.c +++ b/auth-passwd.c @@ -9,9 +9,9 @@ #include "includes.h" -#ifndef HAVE_PAM +#ifndef HAVE_LIBPAM -RCSID("$Id: auth-passwd.c,v 1.10 1999/12/21 10:03:09 damien Exp $"); +RCSID("$Id: auth-passwd.c,v 1.11 1999/12/24 23:11:29 damien Exp $"); #include "packet.h" #include "ssh.h" @@ -35,6 +35,8 @@ auth_password(struct passwd * pw, const char *password) { extern ServerOptions options; char *encrypted_password; + char *pw_password; + char *salt; #ifdef HAVE_SHADOW_H struct spwd *spw; #endif @@ -68,48 +70,35 @@ auth_password(struct passwd * pw, const char *password) if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0) return 1; + pw_password = pw->pw_passwd; + #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) spw = getspnam(pw->pw_name); - if (spw == NULL) + if (spw == NULL) return(0); - if ((spw->sp_namp == NULL) || (strcmp(pw->pw_name, spw->sp_namp) != 0)) - fatal("Shadow lookup returned garbage."); - /* Check for users with no password. */ if (strcmp(password, "") == 0 && strcmp(spw->sp_pwdp, "") == 0) return 1; - if (strlen(spw->sp_pwdp) < 3) - return(0); + pw_password = spw->sp_pwdp; +#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */ - /* Encrypt the candidate password using the proper salt. */ -#ifdef HAVE_MD5_PASSWORDS - if (is_md5_salt(spw->sp_pwdp)) - encrypted_password = md5_crypt(password, spw->sp_pwdp); + if (pw_password[0] != '\0') + salt = pw_password; else - encrypted_password = crypt(password, spw->sp_pwdp); -#else /* HAVE_MD5_PASSWORDS */ - encrypted_password = crypt(password, spw->sp_pwdp); -#endif /* HAVE_MD5_PASSWORDS */ - /* Authentication is accepted if the encrypted passwords are identical. */ - return (strcmp(encrypted_password, spw->sp_pwdp) == 0); -#else /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */ - - if (strlen(pw->pw_passwd) < 3) - return(0); + salt = "xx"; #ifdef HAVE_MD5_PASSWORDS - if (is_md5_salt(pw->pw_passwd)) - encrypted_password = md5_crypt(password, pw->pw_passwd); + if (is_md5_salt(salt)) + encrypted_password = md5_crypt(password, salt); else - encrypted_password = crypt(password, pw->pw_passwd); + encrypted_password = crypt(password, salt); #else /* HAVE_MD5_PASSWORDS */ - encrypted_password = crypt(password, pw->pw_passwd); + encrypted_password = crypt(password, salt); #endif /* HAVE_MD5_PASSWORDS */ /* Authentication is accepted if the encrypted passwords are identical. */ - return (strcmp(encrypted_password, pw->pw_passwd) == 0); -#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */ + return (strcmp(encrypted_password, pw_password) == 0); } -#endif /* !HAVE_PAM */ +#endif /* !HAVE_LIBPAM */ |