auth-passwd.c revision 57429
191094Sdes/* 2115619Sdes * Author: Tatu Ylonen <ylo@cs.hut.fi> 391094Sdes * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 491094Sdes * All rights reserved 591094Sdes * Created: Sat Mar 18 05:11:38 1995 ylo 699158Sdes * Password authentication. This file contains the functions to check whether 799158Sdes * the password is valid for the user. 899158Sdes */ 991094Sdes 1091094Sdes#include "includes.h" 1191094SdesRCSID("$Id: auth-passwd.c,v 1.14 1999/12/29 12:47:46 markus Exp $"); 1291094Sdes 1391094Sdes#include "packet.h" 1491094Sdes#include "ssh.h" 1591094Sdes#include "servconf.h" 1691094Sdes#include "xmalloc.h" 1791094Sdes 1891094Sdes/* 1991094Sdes * Tries to authenticate the user using password. Returns true if 2091094Sdes * authentication succeeds. 2191094Sdes */ 2291094Sdesint 2391094Sdesauth_password(struct passwd * pw, const char *password) 2491094Sdes{ 2591094Sdes extern ServerOptions options; 2691094Sdes char *encrypted_password; 2791094Sdes 2891094Sdes /* deny if no user. */ 2991094Sdes if (pw == NULL) 3091094Sdes return 0; 3191094Sdes if (pw->pw_uid == 0 && options.permit_root_login == 2) 3291094Sdes return 0; 3391094Sdes if (*password == '\0' && options.permit_empty_passwd == 0) 34141098Sdes return 0; 3591094Sdes 3691094Sdes#ifdef SKEY 3791097Sdes if (options.skey_authentication == 1) { 3891094Sdes int ret = auth_skey_password(pw, password); 3991094Sdes if (ret == 1 || ret == 0) 4091094Sdes return ret; 4191796Sdes /* Fall back to ordinary passwd authentication. */ 4291094Sdes } 4391094Sdes#endif 4491094Sdes#ifdef KRB4 4591094Sdes if (options.kerberos_authentication == 1) { 4691094Sdes int ret = auth_krb4_password(pw, password); 4791094Sdes if (ret == 1 || ret == 0) 48114536Sdes return ret; 49114536Sdes /* Fall back to ordinary passwd authentication. */ 50115619Sdes } 5191094Sdes#endif 5291094Sdes 5391100Sdes /* Check for users with no password. */ 5491100Sdes if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0) 55115619Sdes return 1; 5691094Sdes /* Encrypt the candidate password using the proper salt. */ 5791094Sdes encrypted_password = crypt(password, 5891094Sdes (pw->pw_passwd[0] && pw->pw_passwd[1]) ? pw->pw_passwd : "xx"); 59115619Sdes 6091094Sdes /* Authentication is accepted if the encrypted passwords are identical. */ 6191094Sdes return (strcmp(encrypted_password, pw->pw_passwd) == 0); 62115619Sdes} 6391094Sdes