1263970Sdes/* $OpenBSD: auth2-passwd.c,v 1.11 2014/02/02 03:44:31 djm Exp $ */ 298675Sdes/* 398675Sdes * Copyright (c) 2000 Markus Friedl. All rights reserved. 498675Sdes * 598675Sdes * Redistribution and use in source and binary forms, with or without 698675Sdes * modification, are permitted provided that the following conditions 798675Sdes * are met: 898675Sdes * 1. Redistributions of source code must retain the above copyright 998675Sdes * notice, this list of conditions and the following disclaimer. 1098675Sdes * 2. Redistributions in binary form must reproduce the above copyright 1198675Sdes * notice, this list of conditions and the following disclaimer in the 1298675Sdes * documentation and/or other materials provided with the distribution. 1398675Sdes * 1498675Sdes * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 1598675Sdes * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 1698675Sdes * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 1798675Sdes * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 1898675Sdes * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 1998675Sdes * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 2098675Sdes * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 2198675Sdes * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 2298675Sdes * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 2398675Sdes * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 2498675Sdes */ 2598675Sdes 2698675Sdes#include "includes.h" 2798675Sdes 28162852Sdes#include <sys/types.h> 29162852Sdes 30162852Sdes#include <string.h> 31162852Sdes#include <stdarg.h> 32162852Sdes 3398675Sdes#include "xmalloc.h" 3498675Sdes#include "packet.h" 3598675Sdes#include "log.h" 36162852Sdes#include "key.h" 37162852Sdes#include "hostfile.h" 3898675Sdes#include "auth.h" 39162852Sdes#include "buffer.h" 40162852Sdes#ifdef GSSAPI 41162852Sdes#include "ssh-gss.h" 42162852Sdes#endif 4398675Sdes#include "monitor_wrap.h" 4498675Sdes#include "servconf.h" 4598675Sdes 4698675Sdes/* import */ 4798675Sdesextern ServerOptions options; 4898675Sdes 4998675Sdesstatic int 5098675Sdesuserauth_passwd(Authctxt *authctxt) 5198675Sdes{ 52126274Sdes char *password, *newpass; 5398675Sdes int authenticated = 0; 5498675Sdes int change; 55126274Sdes u_int len, newlen; 56126274Sdes 5798675Sdes change = packet_get_char(); 58126274Sdes password = packet_get_string(&len); 59126274Sdes if (change) { 60126274Sdes /* discard new password from packet */ 61126274Sdes newpass = packet_get_string(&newlen); 62263970Sdes explicit_bzero(newpass, newlen); 63263970Sdes free(newpass); 64126274Sdes } 65126274Sdes packet_check_eom(); 66126274Sdes 6798675Sdes if (change) 68124208Sdes logit("password change not supported"); 69146998Sdes else if (PRIVSEP(auth_password(authctxt, password)) == 1) 70146998Sdes authenticated = 1; 71263970Sdes explicit_bzero(password, len); 72263970Sdes free(password); 7398675Sdes return authenticated; 7498675Sdes} 7598675Sdes 7698675SdesAuthmethod method_passwd = { 7798675Sdes "password", 7898675Sdes userauth_passwd, 7998675Sdes &options.password_authentication 8098675Sdes}; 81