auth-passwd.c revision 73400 
138889Sjdp/*
2130561Sobrien * Author: Tatu Ylonen <ylo@cs.hut.fi>
3218822Sdim * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
438889Sjdp *                    All rights reserved
538889Sjdp * Password authentication.  This file contains the functions to check whether
660484Sobrien * the password is valid for the user.
738889Sjdp *
860484Sobrien * As far as I am concerned, the code I have written for this software
938889Sjdp * can be used freely for any purpose.  Any derived versions of this
1038889Sjdp * software must be clearly marked as such, and if the derived work is
1138889Sjdp * incompatible with the protocol description in the RFC file, it must be
12130561Sobrien * called by a name other than "ssh" or "Secure Shell".
1338889Sjdp *
1438889Sjdp *
1538889Sjdp * Copyright (c) 1999 Dug Song.  All rights reserved.
1638889Sjdp *
1738889Sjdp * Redistribution and use in source and binary forms, with or without
1838889Sjdp * modification, are permitted provided that the following conditions
1938889Sjdp * are met:
2038889Sjdp * 1. Redistributions of source code must retain the above copyright
2138889Sjdp *    notice, this list of conditions and the following disclaimer.
2238889Sjdp * 2. Redistributions in binary form must reproduce the above copyright
2338889Sjdp *    notice, this list of conditions and the following disclaimer in the
2438889Sjdp *    documentation and/or other materials provided with the distribution.
2538889Sjdp *
2638889Sjdp * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
2760484Sobrien * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
2860484Sobrien * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
2960484Sobrien * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
3060484Sobrien * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
3160484Sobrien * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
3260484Sobrien * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
3360484Sobrien * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
3460484Sobrien * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
3560484Sobrien * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
3660484Sobrien *
3760484Sobrien *
3860484Sobrien * Copyright (c) 2000 Markus Friedl.  All rights reserved.
3938889Sjdp *
4038889Sjdp * Redistribution and use in source and binary forms, with or without
4138889Sjdp * modification, are permitted provided that the following conditions
4238889Sjdp * are met:
4338889Sjdp * 1. Redistributions of source code must retain the above copyright
44104834Sobrien *    notice, this list of conditions and the following disclaimer.
45104834Sobrien * 2. Redistributions in binary form must reproduce the above copyright
46104834Sobrien *    notice, this list of conditions and the following disclaimer in the
47130561Sobrien *    documentation and/or other materials provided with the distribution.
48104834Sobrien *
49130561Sobrien * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
50104834Sobrien * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
51104834Sobrien * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
52104834Sobrien * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
53104834Sobrien * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
54104834Sobrien * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
55104834Sobrien * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
56218822Sdim * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
57218822Sdim * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
58218822Sdim * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
59104834Sobrien */
60104834Sobrien
61104834Sobrien#include "includes.h"
62104834SobrienRCSID("$OpenBSD: auth-passwd.c,v 1.18 2000/10/03 18:03:03 markus Exp $");
63218822SdimRCSID("$FreeBSD: head/crypto/openssh/auth-passwd.c 73400 2001-03-04 02:22:04Z assar $");
64218822Sdim
65104834Sobrien#include "packet.h"
66104834Sobrien#include "ssh.h"
67104834Sobrien#include "servconf.h"
68104834Sobrien#include "xmalloc.h"
69104834Sobrien
70/*
71 * Tries to authenticate the user using password.  Returns true if
72 * authentication succeeds.
73 */
74int
75auth_password(struct passwd * pw, const char *password)
76{
77	extern ServerOptions options;
78	char *encrypted_password;
79
80	/* deny if no user. */
81	if (pw == NULL)
82		return 0;
83	if (pw->pw_uid == 0 && options.permit_root_login == 2)
84		return 0;
85	if (*password == '\0' && options.permit_empty_passwd == 0)
86		return 0;
87
88#ifdef SKEY_VIA_PASSWD_IS_DISABLED
89	if (options.skey_authentication == 1) {
90		int ret = auth_skey_password(pw, password);
91		if (ret == 1 || ret == 0)
92			return ret;
93		/* Fall back to ordinary passwd authentication. */
94	}
95#endif
96#ifdef KRB5
97	if (options.kerberos_authentication == 1) {
98	  	if (auth_krb5_password(pw, password))
99		  	return 1;
100		/* Fall back to ordinary passwd authentication. */
101	}
102
103#endif /* KRB5 */
104#ifdef KRB4
105	if (options.kerberos_authentication == 1) {
106		int ret = auth_krb4_password(pw, password);
107		if (ret == 1 || ret == 0)
108			return ret;
109		/* Fall back to ordinary passwd authentication. */
110	}
111#endif
112
113	/* Check for users with no password. */
114	if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0)
115		return 1;
116	/* Encrypt the candidate password using the proper salt. */
117	encrypted_password = crypt(password,
118	    (pw->pw_passwd[0] && pw->pw_passwd[1]) ? pw->pw_passwd : "xx");
119
120	/* Authentication is accepted if the encrypted passwords are identical. */
121	return (strcmp(encrypted_password, pw->pw_passwd) == 0);
122}
123