auth-passwd.c revision 57430
1/* 2 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * All rights reserved 5 * Created: Sat Mar 18 05:11:38 1995 ylo 6 * Password authentication. This file contains the functions to check whether 7 * the password is valid for the user. 8 */ 9 10#include "includes.h" 11RCSID("$Id: auth-passwd.c,v 1.14 1999/12/29 12:47:46 markus Exp $"); 12 13#include "packet.h" 14#include "ssh.h" 15#include "servconf.h" 16#include "xmalloc.h" 17 18/* 19 * Tries to authenticate the user using password. Returns true if 20 * authentication succeeds. 21 */ 22int 23auth_password(struct passwd * pw, const char *password) 24{ 25 extern ServerOptions options; 26 char *encrypted_password; 27 28 /* deny if no user. */ 29 if (pw == NULL) 30 return 0; 31 if (pw->pw_uid == 0 && options.permit_root_login == 2) 32 return 0; 33 if (*password == '\0' && options.permit_empty_passwd == 0) 34 return 0; 35 36#ifdef SKEY 37 if (options.skey_authentication == 1) { 38 int ret = auth_skey_password(pw, password); 39 if (ret == 1 || ret == 0) 40 return ret; 41 /* Fall back to ordinary passwd authentication. */ 42 } 43#endif 44#ifdef KRB4 45 if (options.kerberos_authentication == 1) { 46 int ret = auth_krb4_password(pw, password); 47 if (ret == 1 || ret == 0) 48 return ret; 49 /* Fall back to ordinary passwd authentication. */ 50 } 51#endif 52 53 /* Check for users with no password. */ 54 if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0) 55 return 1; 56 /* Encrypt the candidate password using the proper salt. */ 57 encrypted_password = crypt(password, 58 (pw->pw_passwd[0] && pw->pw_passwd[1]) ? pw->pw_passwd : "xx"); 59 60 /* Authentication is accepted if the encrypted passwords are identical. */ 61 return (strcmp(encrypted_password, pw->pw_passwd) == 0); 62} 63