diff options
| author | Damien Miller <djm@mindrot.org> | 1999-11-13 15:40:10 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 1999-11-13 15:40:10 +1100 |
| commit | 2cb210f0f729082a2cd3eb8f0c71b85f216a7d2c (patch) | |
| tree | d2902f45be2b6fd5674a6615835a6d2b7fa8039d | |
| parent | b0284386683cb71070da6afdaa6504b309f1d871 (diff) | |
- Added shadow password patch from Thomas Neumann <tom@smart.ruhr.de>
- Added ifdefs to auth-passwd.c to exclude it when PAM is enabled
| -rw-r--r-- | ChangeLog | 2 | ||||
| -rw-r--r-- | README | 1 | ||||
| -rw-r--r-- | auth-passwd.c | 35 | ||||
| -rw-r--r-- | configure.in | 2 |
4 files changed, 37 insertions, 3 deletions
@@ -9,6 +9,8 @@ totalsize, ok niels,aaron - Delay fork (-f option) in ssh until after port forwarded connections have been initialised. Patch from Jani Hakala <jahakala@cc.jyu.fi> + - Added shadow password patch from Thomas Neumann <tom@smart.ruhr.de> + - Added ifdefs to auth-passwd.c to exclude it when PAM is enabled 19991112 - Merged changes from OpenBSD CVS @@ -52,6 +52,7 @@ Nalin Dahyabhai <nalin.dahyabhai@pobox.com> - PAM environment patch Phil Hands <phil@hands.com> - Debian scripts, assorted patches Niels Kristian Bech Jensen <nkbj@image.dk> - Makefile patches Marc G. Fournier <marc.fournier@acadiau.ca> - Solaris patches +Thomas Neumann <tom@smart.ruhr.de> - Shadow passwords Miscellania - diff --git a/auth-passwd.c b/auth-passwd.c index 99d0af2b..ea824f5f 100644 --- a/auth-passwd.c +++ b/auth-passwd.c @@ -15,12 +15,20 @@ the password is valid for the user. */ #include "includes.h" -RCSID("$Id: auth-passwd.c,v 1.3 1999/11/11 06:57:39 damien Exp $"); +RCSID("$Id: auth-passwd.c,v 1.4 1999/11/13 04:40:10 damien Exp $"); #include "packet.h" #include "ssh.h" #include "servconf.h" #include "xmalloc.h" +#include "config.h" + +#ifdef HAVE_SHADOW_H +#include <shadow.h> +#endif + +#ifndef HAVE_PAM +/* Don't need anything from here if we are using PAM */ /* Tries to authenticate the user using password. Returns true if authentication succeeds. */ @@ -29,6 +37,9 @@ int auth_password(struct passwd *pw, const char *password) { extern ServerOptions options; char *encrypted_password; +#ifdef HAVE_SHADOW_H + struct spwd *spw; +#endif if (pw->pw_uid == 0 && options.permit_root_login == 2) { @@ -164,11 +175,31 @@ int auth_password(struct passwd *pw, const char *password) return 1; /* The user has no password and an empty password was tried. */ } +#ifdef HAVE_SHADOW_H + spw = getspnam(pw->pw_name); + if (spw == NULL) + return(0); + + if ((spw->sp_namp == NULL) || (strcmp(pw->pw_name, spw->sp_namp) != 0)) + fatal("Shadow lookup returned garbage."); + + if (strlen(spw->sp_pwdp) < 3) + return(0); + + /* Encrypt the candidate password using the proper salt. */ + encrypted_password = crypt(password, spw->sp_pwdp); + + /* Authentication is accepted if the encrypted passwords are identical. */ + return (strcmp(encrypted_password, spw->sp_pwdp) == 0); +#else /* !HAVE_SHADOW_H */ + /* Encrypt the candidate password using the proper salt. */ encrypted_password = crypt(password, (pw->pw_passwd[0] && pw->pw_passwd[1]) ? pw->pw_passwd : "xx"); - /* Authentication is accepted if the encrypted passwords are identical. */ return (strcmp(encrypted_password, pw->pw_passwd) == 0); +#endif /* !HAVE_SHADOW_H */ } + +#endif /* !HAVE_PAM */ diff --git a/configure.in b/configure.in index d80ac7c7..bd34e6dd 100644 --- a/configure.in +++ b/configure.in @@ -55,7 +55,7 @@ AC_CHECK_LIB(dl, dlopen, , ) AC_CHECK_LIB(pam, pam_authenticate, , ) dnl Checks for header files. -AC_CHECK_HEADERS(pty.h endian.h paths.h lastlog.h) +AC_CHECK_HEADERS(pty.h endian.h paths.h lastlog.h shadow.h) dnl Checks for library functions. AC_PROG_GCC_TRADITIONAL |