auth-passwd.c revision 73400
138889Sjdp/* 2130561Sobrien * Author: Tatu Ylonen <ylo@cs.hut.fi> 3218822Sdim * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 438889Sjdp * All rights reserved 538889Sjdp * Password authentication. This file contains the functions to check whether 660484Sobrien * the password is valid for the user. 738889Sjdp * 860484Sobrien * As far as I am concerned, the code I have written for this software 938889Sjdp * can be used freely for any purpose. Any derived versions of this 1038889Sjdp * software must be clearly marked as such, and if the derived work is 1138889Sjdp * incompatible with the protocol description in the RFC file, it must be 12130561Sobrien * called by a name other than "ssh" or "Secure Shell". 1338889Sjdp * 1438889Sjdp * 1538889Sjdp * Copyright (c) 1999 Dug Song. All rights reserved. 1638889Sjdp * 1738889Sjdp * Redistribution and use in source and binary forms, with or without 1838889Sjdp * modification, are permitted provided that the following conditions 1938889Sjdp * are met: 2038889Sjdp * 1. Redistributions of source code must retain the above copyright 2138889Sjdp * notice, this list of conditions and the following disclaimer. 2238889Sjdp * 2. Redistributions in binary form must reproduce the above copyright 2338889Sjdp * notice, this list of conditions and the following disclaimer in the 2438889Sjdp * documentation and/or other materials provided with the distribution. 2538889Sjdp * 2638889Sjdp * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 2760484Sobrien * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 2860484Sobrien * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 2960484Sobrien * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 3060484Sobrien * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 3160484Sobrien * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 3260484Sobrien * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 3360484Sobrien * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 3460484Sobrien * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 3560484Sobrien * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 3660484Sobrien * 3760484Sobrien * 3860484Sobrien * Copyright (c) 2000 Markus Friedl. All rights reserved. 3938889Sjdp * 4038889Sjdp * Redistribution and use in source and binary forms, with or without 4138889Sjdp * modification, are permitted provided that the following conditions 4238889Sjdp * are met: 4338889Sjdp * 1. Redistributions of source code must retain the above copyright 44104834Sobrien * notice, this list of conditions and the following disclaimer. 45104834Sobrien * 2. Redistributions in binary form must reproduce the above copyright 46104834Sobrien * notice, this list of conditions and the following disclaimer in the 47130561Sobrien * documentation and/or other materials provided with the distribution. 48104834Sobrien * 49130561Sobrien * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 50104834Sobrien * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 51104834Sobrien * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 52104834Sobrien * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 53104834Sobrien * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 54104834Sobrien * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 55104834Sobrien * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 56218822Sdim * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 57218822Sdim * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 58218822Sdim * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 59104834Sobrien */ 60104834Sobrien 61104834Sobrien#include "includes.h" 62104834SobrienRCSID("$OpenBSD: auth-passwd.c,v 1.18 2000/10/03 18:03:03 markus Exp $"); 63218822SdimRCSID("$FreeBSD: head/crypto/openssh/auth-passwd.c 73400 2001-03-04 02:22:04Z assar $"); 64218822Sdim 65104834Sobrien#include "packet.h" 66104834Sobrien#include "ssh.h" 67104834Sobrien#include "servconf.h" 68104834Sobrien#include "xmalloc.h" 69104834Sobrien 70/* 71 * Tries to authenticate the user using password. Returns true if 72 * authentication succeeds. 73 */ 74int 75auth_password(struct passwd * pw, const char *password) 76{ 77 extern ServerOptions options; 78 char *encrypted_password; 79 80 /* deny if no user. */ 81 if (pw == NULL) 82 return 0; 83 if (pw->pw_uid == 0 && options.permit_root_login == 2) 84 return 0; 85 if (*password == '\0' && options.permit_empty_passwd == 0) 86 return 0; 87 88#ifdef SKEY_VIA_PASSWD_IS_DISABLED 89 if (options.skey_authentication == 1) { 90 int ret = auth_skey_password(pw, password); 91 if (ret == 1 || ret == 0) 92 return ret; 93 /* Fall back to ordinary passwd authentication. */ 94 } 95#endif 96#ifdef KRB5 97 if (options.kerberos_authentication == 1) { 98 if (auth_krb5_password(pw, password)) 99 return 1; 100 /* Fall back to ordinary passwd authentication. */ 101 } 102 103#endif /* KRB5 */ 104#ifdef KRB4 105 if (options.kerberos_authentication == 1) { 106 int ret = auth_krb4_password(pw, password); 107 if (ret == 1 || ret == 0) 108 return ret; 109 /* Fall back to ordinary passwd authentication. */ 110 } 111#endif 112 113 /* Check for users with no password. */ 114 if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0) 115 return 1; 116 /* Encrypt the candidate password using the proper salt. */ 117 encrypted_password = crypt(password, 118 (pw->pw_passwd[0] && pw->pw_passwd[1]) ? pw->pw_passwd : "xx"); 119 120 /* Authentication is accepted if the encrypted passwords are identical. */ 121 return (strcmp(encrypted_password, pw->pw_passwd) == 0); 122} 123