diff options
| author | Damien Miller <djm@mindrot.org> | 1999-11-25 11:54:57 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 1999-11-25 11:54:57 +1100 |
| commit | 5428f646ad32da88ddd04a8c287d595524674fbf (patch) | |
| tree | cc1f1e5d7852e1f44d41077f776abf7dab7ac06d /auth-passwd.c | |
| parent | 9072e1889648988da38b7b81bce95291c1dc3a23 (diff) | |
| download | openssh-git-5428f646ad32da88ddd04a8c287d595524674fbf.tar.gz | |
- More reformatting merged from OpenBSD CVS
- Merged OpenBSD CVS changes:
- [channels.c]
report from mrwizard@psu.edu via djm@ibs.com.au
- [channels.c]
set SO_REUSEADDR and SO_LINGER for forwarded ports.
chip@valinux.com via damien@ibs.com.au
- [nchan.c]
it's not an error() if shutdown_write failes in nchan.
- [readconf.c]
remove dead #ifdef-0-code
- [readconf.c servconf.c]
strcasecmp instead of tolower
- [scp.c]
progress meter overflow fix from damien@ibs.com.au
- [ssh-add.1 ssh-add.c]
SSH_ASKPASS support
- [ssh.1 ssh.c]
postpone fork_after_authentication until command execution,
request/patch from jahakala@cc.jyu.fi via damien@ibs.com.au
plus: use daemon() for backgrounding
Diffstat (limited to 'auth-passwd.c')
| -rw-r--r-- | auth-passwd.c | 38 |
1 files changed, 19 insertions, 19 deletions
diff --git a/auth-passwd.c b/auth-passwd.c index d3914fca..e5574ffb 100644 --- a/auth-passwd.c +++ b/auth-passwd.c @@ -11,7 +11,7 @@ #ifndef HAVE_PAM -RCSID("$Id: auth-passwd.c,v 1.6 1999/11/24 13:26:21 damien Exp $"); +RCSID("$Id: auth-passwd.c,v 1.7 1999/11/25 00:54:57 damien Exp $"); #include "packet.h" #include "ssh.h" @@ -39,14 +39,10 @@ auth_password(struct passwd * pw, const char *password) struct spwd *spw; #endif - if (pw->pw_uid == 0 && options.permit_root_login == 2) { - /* Server does not permit root login with password */ + if (pw->pw_uid == 0 && options.permit_root_login == 2) return 0; - } - if (*password == '\0' && options.permit_empty_passwd == 0) { - /* Server does not permit empty password login */ + if (*password == '\0' && options.permit_empty_passwd == 0) return 0; - } /* deny if no user. */ if (pw == NULL) return 0; @@ -74,8 +70,10 @@ auth_password(struct passwd * pw, const char *password) #endif #if defined(KRB4) - /* Support for Kerberos v4 authentication - Dug Song - <dugsong@UMICH.EDU> */ + /* + * Support for Kerberos v4 authentication + * - Dug Song <dugsong@UMICH.EDU> + */ if (options.kerberos_authentication) { AUTH_DAT adata; KTEXT_ST tkt; @@ -86,8 +84,10 @@ auth_password(struct passwd * pw, const char *password) char realm[REALM_SZ]; int r; - /* Try Kerberos password authentication only for non-root - users and only if Kerberos is installed. */ + /* + * Try Kerberos password authentication only for non-root + * users and only if Kerberos is installed. + */ if (pw->pw_uid != 0 && krb_get_lrealm(realm, 1) == KSUCCESS) { /* Set up our ticket file. */ @@ -144,14 +144,17 @@ auth_password(struct passwd * pw, const char *password) goto kerberos_auth_failure; } } else if (r == KDC_PR_UNKNOWN) { - /* Allow login if no rcmd service exists, - but log the error. */ + /* + * Allow login if no rcmd service exists, but + * log the error. + */ log("Kerberos V4 TGT for %s unverifiable: %s; %s.%s " "not registered, or srvtab is wrong?", pw->pw_name, krb_err_txt[r], KRB4_SERVICE_NAME, phost); } else { - /* TGT is bad, forget it. Possibly - spoofed! */ + /* + * TGT is bad, forget it. Possibly spoofed! + */ packet_send_debug("WARNING: Kerberos V4 TGT " "possibly spoofed for %s: %s", pw->pw_name, krb_err_txt[r]); @@ -175,11 +178,8 @@ auth_password(struct passwd * pw, const char *password) #endif /* KRB4 */ /* Check for users with no password. */ - if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0) { - packet_send_debug("Login permitted without a password " - "because the account has no password."); + if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0) return 1; - } #ifdef HAVE_SHADOW_H spw = getspnam(pw->pw_name); |