From 2e1b082dfbc5dcdae80957a3d889abe9fa480d77 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Sat, 25 Dec 1999 10:11:29 +1100
Subject: - Prepare for 1.2.1pre20

19991225
 - More fixes from Andre Lucas <andre.lucas@dial.pipex.com>
 - Cleanup of auth-passwd.c for shadow and MD5 passwords
 - Cleanup and bugfix of PAM authentication code

19991223
 - Merged later HPUX patch from Andre Lucas
   <andre.lucas@dial.pipex.com>
 - Above patch included better utmpx support from Ben Taylor
   <bent@clark.net>:
---
 sshd.c | 43 +++++++++++++++++++++++++------------------
 1 file changed, 25 insertions(+), 18 deletions(-)

(limited to 'sshd.c')

diff --git a/sshd.c b/sshd.c
index 448ca596..9c570ab8 100644
--- a/sshd.c
+++ b/sshd.c
@@ -11,7 +11,7 @@
  */
 
 #include "includes.h"
-RCSID("$Id: sshd.c,v 1.39 1999/12/14 04:43:03 damien Exp $");
+RCSID("$Id: sshd.c,v 1.40 1999/12/24 23:11:29 damien Exp $");
 
 #ifdef HAVE_POLL_H
 # include <poll.h>
@@ -146,6 +146,7 @@ void do_child(const char *command, struct passwd * pw, const char *term,
 #ifdef HAVE_LIBPAM
 static int pamconv(int num_msg, const struct pam_message **msg,
 	  struct pam_response **resp, void *appdata_ptr);
+int do_pam_auth(const char *user, const char *password);
 void do_pam_account(char *username, char *remote_user);
 void do_pam_session(char *username, char *ttyname);
 void pam_cleanup_proc(void *context);
@@ -237,6 +238,23 @@ void pam_cleanup_proc(void *context)
 	}
 }
 
+int do_pam_auth(const char *user, const char *password)
+{
+	int pam_retval;
+	
+	pampasswd = password;
+	
+	pam_retval = pam_authenticate((pam_handle_t *)pamh, 0);
+	if (pam_retval == PAM_SUCCESS) {
+		log("PAM Password authentication accepted for user \"%.100s\"", user);
+		return 1;
+	} else {
+		log("PAM Password authentication for \"%.100s\" failed: %s", 
+			user, PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
+		return 0;
+	}
+}
+
 void do_pam_account(char *username, char *remote_user)
 {
 	int pam_retval;
@@ -1292,7 +1310,11 @@ do_authentication(char *user)
 #ifdef KRB4
 	    (!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
 #endif /* KRB4 */
+#ifdef HAVE_LIBPAM
+	    do_pam_auth(pw->pw_name, "")) {
+#else /* HAVE_LIBPAM */
 	    auth_password(pw, "")) {
+#endif /* HAVE_LIBPAM */
 		/* Authentication with empty password succeeded. */
 		log("Login for user %s from %.100s, accepted without authentication.",
 		    pw->pw_name, get_remote_ipaddr());
@@ -1503,29 +1525,14 @@ do_authloop(struct passwd * pw)
 
 #ifdef HAVE_LIBPAM
 			/* Do PAM auth with password */
-			pampasswd = password;
-			pam_retval = pam_authenticate((pam_handle_t *)pamh, 0);
-			if (pam_retval == PAM_SUCCESS) {
-				log("PAM Password authentication accepted for user \"%.100s\"", pw->pw_name);
-				memset(password, 0, strlen(password));
-				xfree(password);
-				authenticated = 1;
-				break;
-			}
-
-			log("PAM Password authentication for \"%.100s\" failed: %s", 
-				pw->pw_name, PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
-			memset(password, 0, strlen(password));
-			xfree(password);
-			break;
+			authenticated = do_pam_auth(pw->pw_name, password);
 #else /* HAVE_LIBPAM */
 			/* Try authentication with the password. */
 			authenticated = auth_password(pw, password);
-
+#endif /* HAVE_LIBPAM */
 			memset(password, 0, strlen(password));
 			xfree(password);
 			break;
-#endif /* HAVE_LIBPAM */
 
 #ifdef SKEY
 		case SSH_CMSG_AUTH_TIS:
-- 
cgit v1.2.1