diff options
| author | Damien Miller <djm@mindrot.org> | 1999-12-25 10:11:29 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 1999-12-25 10:11:29 +1100 |
| commit | 2e1b082dfbc5dcdae80957a3d889abe9fa480d77 (patch) | |
| tree | c2bfe8d4115d22146448ce829fb7b16e9b762b4f /sshd.c | |
| parent | 1b0c228ec48d54705474701b6486f1593539a88a (diff) | |
- Prepare for 1.2.1pre20V_1_2_1_PRE20
19991225
- More fixes from Andre Lucas <andre.lucas@dial.pipex.com>
- Cleanup of auth-passwd.c for shadow and MD5 passwords
- Cleanup and bugfix of PAM authentication code
19991223
- Merged later HPUX patch from Andre Lucas
<andre.lucas@dial.pipex.com>
- Above patch included better utmpx support from Ben Taylor
<bent@clark.net>:
Diffstat (limited to 'sshd.c')
| -rw-r--r-- | sshd.c | 43 |
1 files changed, 25 insertions, 18 deletions
@@ -11,7 +11,7 @@ */ #include "includes.h" -RCSID("$Id: sshd.c,v 1.39 1999/12/14 04:43:03 damien Exp $"); +RCSID("$Id: sshd.c,v 1.40 1999/12/24 23:11:29 damien Exp $"); #ifdef HAVE_POLL_H # include <poll.h> @@ -146,6 +146,7 @@ void do_child(const char *command, struct passwd * pw, const char *term, #ifdef HAVE_LIBPAM static int pamconv(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr); +int do_pam_auth(const char *user, const char *password); void do_pam_account(char *username, char *remote_user); void do_pam_session(char *username, char *ttyname); void pam_cleanup_proc(void *context); @@ -237,6 +238,23 @@ void pam_cleanup_proc(void *context) } } +int do_pam_auth(const char *user, const char *password) +{ + int pam_retval; + + pampasswd = password; + + pam_retval = pam_authenticate((pam_handle_t *)pamh, 0); + if (pam_retval == PAM_SUCCESS) { + log("PAM Password authentication accepted for user \"%.100s\"", user); + return 1; + } else { + log("PAM Password authentication for \"%.100s\" failed: %s", + user, PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); + return 0; + } +} + void do_pam_account(char *username, char *remote_user) { int pam_retval; @@ -1292,7 +1310,11 @@ do_authentication(char *user) #ifdef KRB4 (!options.kerberos_authentication || options.kerberos_or_local_passwd) && #endif /* KRB4 */ +#ifdef HAVE_LIBPAM + do_pam_auth(pw->pw_name, "")) { +#else /* HAVE_LIBPAM */ auth_password(pw, "")) { +#endif /* HAVE_LIBPAM */ /* Authentication with empty password succeeded. */ log("Login for user %s from %.100s, accepted without authentication.", pw->pw_name, get_remote_ipaddr()); @@ -1503,29 +1525,14 @@ do_authloop(struct passwd * pw) #ifdef HAVE_LIBPAM /* Do PAM auth with password */ - pampasswd = password; - pam_retval = pam_authenticate((pam_handle_t *)pamh, 0); - if (pam_retval == PAM_SUCCESS) { - log("PAM Password authentication accepted for user \"%.100s\"", pw->pw_name); - memset(password, 0, strlen(password)); - xfree(password); - authenticated = 1; - break; - } - - log("PAM Password authentication for \"%.100s\" failed: %s", - pw->pw_name, PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); - memset(password, 0, strlen(password)); - xfree(password); - break; + authenticated = do_pam_auth(pw->pw_name, password); #else /* HAVE_LIBPAM */ /* Try authentication with the password. */ authenticated = auth_password(pw, password); - +#endif /* HAVE_LIBPAM */ memset(password, 0, strlen(password)); xfree(password); break; -#endif /* HAVE_LIBPAM */ #ifdef SKEY case SSH_CMSG_AUTH_TIS: |