auth-passwd.c revision 57429
157429Smarkm/* 257429Smarkm * Author: Tatu Ylonen <ylo@cs.hut.fi> 357429Smarkm * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 457429Smarkm * All rights reserved 557429Smarkm * Created: Sat Mar 18 05:11:38 1995 ylo 657429Smarkm * Password authentication. This file contains the functions to check whether 757429Smarkm * the password is valid for the user. 857429Smarkm */ 957429Smarkm 1057429Smarkm#include "includes.h" 1157429SmarkmRCSID("$Id: auth-passwd.c,v 1.14 1999/12/29 12:47:46 markus Exp $"); 1257429Smarkm 1357429Smarkm#include "packet.h" 1457429Smarkm#include "ssh.h" 1557429Smarkm#include "servconf.h" 1657429Smarkm#include "xmalloc.h" 1757429Smarkm 1857429Smarkm/* 1957429Smarkm * Tries to authenticate the user using password. Returns true if 2057429Smarkm * authentication succeeds. 2157429Smarkm */ 2257429Smarkmint 2357429Smarkmauth_password(struct passwd * pw, const char *password) 2457429Smarkm{ 2557429Smarkm extern ServerOptions options; 2657429Smarkm char *encrypted_password; 2757429Smarkm 2857429Smarkm /* deny if no user. */ 2957429Smarkm if (pw == NULL) 3057429Smarkm return 0; 3157429Smarkm if (pw->pw_uid == 0 && options.permit_root_login == 2) 3257429Smarkm return 0; 3357429Smarkm if (*password == '\0' && options.permit_empty_passwd == 0) 3457429Smarkm return 0; 3557429Smarkm 3657429Smarkm#ifdef SKEY 3757429Smarkm if (options.skey_authentication == 1) { 3857429Smarkm int ret = auth_skey_password(pw, password); 3957429Smarkm if (ret == 1 || ret == 0) 4057429Smarkm return ret; 4157429Smarkm /* Fall back to ordinary passwd authentication. */ 4257429Smarkm } 4357429Smarkm#endif 4457429Smarkm#ifdef KRB4 4557429Smarkm if (options.kerberos_authentication == 1) { 4657429Smarkm int ret = auth_krb4_password(pw, password); 4757429Smarkm if (ret == 1 || ret == 0) 4857429Smarkm return ret; 4957429Smarkm /* Fall back to ordinary passwd authentication. */ 5057429Smarkm } 5157429Smarkm#endif 5257429Smarkm 5357429Smarkm /* Check for users with no password. */ 5457429Smarkm if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0) 5557429Smarkm return 1; 5657429Smarkm /* Encrypt the candidate password using the proper salt. */ 5757429Smarkm encrypted_password = crypt(password, 5857429Smarkm (pw->pw_passwd[0] && pw->pw_passwd[1]) ? pw->pw_passwd : "xx"); 5957429Smarkm 6057429Smarkm /* Authentication is accepted if the encrypted passwords are identical. */ 6157429Smarkm return (strcmp(encrypted_password, pw->pw_passwd) == 0); 6257429Smarkm} 63