diff options
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | auth-pam.c | 6 | ||||
-rw-r--r-- | auth-pam.h | 4 | ||||
-rw-r--r-- | auth-passwd.c | 83 | ||||
-rw-r--r-- | auth-sia.c | 6 | ||||
-rw-r--r-- | auth-sia.h | 2 | ||||
-rw-r--r-- | auth1.c | 15 | ||||
-rw-r--r-- | auth2.c | 12 |
8 files changed, 62 insertions, 72 deletions
@@ -1,3 +1,7 @@ +20020404 + - (stevesk) [auth-pam.c auth-pam.h auth-passwd.c auth-sia.c auth-sia.h + auth1.c auth2.c] PAM, OSF_SIA password auth cleanup; from djm. + 20020402 - (bal) Hand Sync of scp.c (reverted to upstream code) - deraadt@cvs.openbsd.org 2002/03/30 17:45:46 @@ -8147,4 +8151,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.2020 2002/04/03 03:36:54 mouring Exp $ +$Id: ChangeLog,v 1.2021 2002/04/04 19:02:28 stevesk Exp $ @@ -28,6 +28,7 @@ #include "ssh.h" #include "xmalloc.h" #include "log.h" +#include "auth.h" #include "auth-pam.h" #include "servconf.h" #include "canohost.h" @@ -35,7 +36,7 @@ extern char *__progname; -RCSID("$Id: auth-pam.c,v 1.42 2002/02/05 01:40:47 djm Exp $"); +RCSID("$Id: auth-pam.c,v 1.43 2002/04/04 19:02:28 stevesk Exp $"); #define NEW_AUTHTOK_MSG \ "Warning: Your password has expired, please change it now" @@ -199,10 +200,11 @@ void do_pam_cleanup_proc(void *context) } /* Attempt password authentation using PAM */ -int auth_pam_password(struct passwd *pw, const char *password) +int auth_pam_password(Authctxt *authctxt, const char *password) { extern ServerOptions options; int pam_retval; + struct passwd *pw = authctxt->pw; do_pam_set_conv(&conv); @@ -1,4 +1,4 @@ -/* $Id: auth-pam.h,v 1.11 2001/03/27 06:12:24 djm Exp $ */ +/* $Id: auth-pam.h,v 1.12 2002/04/04 19:02:28 stevesk Exp $ */ #include "includes.h" #ifdef USE_PAM @@ -7,7 +7,7 @@ void start_pam(const char *user); void finish_pam(void); -int auth_pam_password(struct passwd *pw, const char *password); +int auth_pam_password(Authctxt *authctxt, const char *password); char **fetch_pam_environment(void); int do_pam_authenticate(int flags); int do_pam_account(char *username, char *remote_user); diff --git a/auth-passwd.c b/auth-passwd.c index 095b9ba2..7f307383 100644 --- a/auth-passwd.c +++ b/auth-passwd.c @@ -38,47 +38,47 @@ #include "includes.h" RCSID("$OpenBSD: auth-passwd.c,v 1.24 2002/03/04 12:43:06 markus Exp $"); -#if !defined(USE_PAM) && !defined(HAVE_OSF_SIA) - #include "packet.h" #include "log.h" #include "servconf.h" #include "auth.h" -#ifdef HAVE_CRYPT_H -# include <crypt.h> -#endif -#ifdef WITH_AIXAUTHENTICATE -# include <login.h> -#endif -#ifdef __hpux -# include <hpsecurity.h> -# include <prot.h> -#endif -#ifdef HAVE_SCO_PROTECTED_PW -# include <sys/security.h> -# include <sys/audit.h> -# include <prot.h> -#endif /* HAVE_SCO_PROTECTED_PW */ -#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) -# include <shadow.h> -#endif -#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) -# include <sys/label.h> -# include <sys/audit.h> -# include <pwdadj.h> -#endif -#if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) -# include "md5crypt.h" -#endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */ - -#ifdef HAVE_CYGWIN -#undef ERROR -#include <windows.h> -#include <sys/cygwin.h> -#define is_winnt (GetVersion() < 0x80000000) -#endif - +#if !defined(USE_PAM) && !defined(HAVE_OSF_SIA) +/* Don't need any of these headers for the PAM or SIA cases */ +# ifdef HAVE_CRYPT_H +# include <crypt.h> +# endif +# ifdef WITH_AIXAUTHENTICATE +# include <login.h> +# endif +# ifdef __hpux +# include <hpsecurity.h> +# include <prot.h> +# endif +# ifdef HAVE_SCO_PROTECTED_PW +# include <sys/security.h> +# include <sys/audit.h> +# include <prot.h> +# endif /* HAVE_SCO_PROTECTED_PW */ +# if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) +# include <shadow.h> +# endif +# if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) +# include <sys/label.h> +# include <sys/audit.h> +# include <pwdadj.h> +# endif +# if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) +# include "md5crypt.h" +# endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */ + +# ifdef HAVE_CYGWIN +# undef ERROR +# include <windows.h> +# include <sys/cygwin.h> +# define is_winnt (GetVersion() < 0x80000000) +# endif +#endif /* !USE_PAM && !HAVE_OSF_SIA */ extern ServerOptions options; @@ -89,6 +89,15 @@ extern ServerOptions options; int auth_password(Authctxt *authctxt, const char *password) { +#if defined(USE_PAM) + if (*password == '\0' && options.permit_empty_passwd == 0) + return 0; + return auth_pam_password(authctxt, password); +#elif defined(HAVE_OSF_SIA) + if (*password == '\0' && options.permit_empty_passwd == 0) + return 0; + return auth_sia_password(authctxt, password); +#else struct passwd * pw = authctxt->pw; char *encrypted_password; char *pw_password; @@ -221,5 +230,5 @@ auth_password(Authctxt *authctxt, const char *password) /* Authentication is accepted if the encrypted passwords are identical. */ return (strcmp(encrypted_password, pw_password) == 0); -} #endif /* !USE_PAM && !HAVE_OSF_SIA */ +} @@ -6,6 +6,7 @@ #include "log.h" #include "servconf.h" #include "canohost.h" +#include "auth.h" #include <sia.h> #include <siad.h> @@ -23,15 +24,16 @@ extern char **saved_argv; extern int errno; int -auth_sia_password(char *user, char *pass) +auth_sia_password(Authctxt *authctxt, char *pass) { int ret; SIAENTITY *ent = NULL; const char *host; + char *user = authctxt->user; host = get_canonical_hostname(options.verify_reverse_mapping); - if (!user || !pass) + if (!user || !pass || pass[0] == '\0') return(0); if (sia_ses_init(&ent, saved_argc, saved_argv, host, user, NULL, 0, @@ -2,7 +2,7 @@ #ifdef HAVE_OSF_SIA -int auth_sia_password(char *user, char *pass); +int auth_sia_password(Authctxt *authctxt, char *pass); void session_setup_sia(char *user, char *tty); #endif /* HAVE_OSF_SIA */ @@ -84,13 +84,7 @@ do_authloop(Authctxt *authctxt) #if defined(KRB4) || defined(KRB5) (!options.kerberos_authentication || options.kerberos_or_local_passwd) && #endif -#ifdef USE_PAM - auth_pam_password(pw, "")) { -#elif defined(HAVE_OSF_SIA) - 0) { -#else PRIVSEP(auth_password(authctxt, ""))) { -#endif auth_log(authctxt, 1, "without authentication", ""); return; } @@ -246,17 +240,8 @@ do_authloop(Authctxt *authctxt) password = packet_get_string(&dlen); packet_check_eom(); -#ifdef USE_PAM - /* Do PAM auth with password */ - authenticated = auth_pam_password(pw, password); -#elif defined(HAVE_OSF_SIA) - /* Do SIA auth with password */ - authenticated = auth_sia_password(authctxt->user, - password); -#else /* !USE_PAM && !HAVE_OSF_SIA */ /* Try authentication with the password. */ authenticated = PRIVSEP(auth_password(authctxt, password)); -#endif /* USE_PAM */ memset(password, 0, strlen(password)); xfree(password); @@ -329,13 +329,7 @@ userauth_none(Authctxt *authctxt) if (check_nt_auth(1, authctxt->pw) == 0) return(0); #endif -#ifdef USE_PAM - return auth_pam_password(authctxt->pw, ""); -#elif defined(HAVE_OSF_SIA) - return 0; -#else /* !HAVE_OSF_SIA && !USE_PAM */ return PRIVSEP(auth_password(authctxt, "")); -#endif /* USE_PAM */ } static int @@ -354,13 +348,7 @@ userauth_passwd(Authctxt *authctxt) #ifdef HAVE_CYGWIN check_nt_auth(1, authctxt->pw) && #endif -#ifdef USE_PAM - auth_pam_password(authctxt->pw, password) == 1) -#elif defined(HAVE_OSF_SIA) - auth_sia_password(authctxt->user, password) == 1) -#else /* !USE_PAM && !HAVE_OSF_SIA */ PRIVSEP(auth_password(authctxt, password)) == 1) -#endif /* USE_PAM */ authenticated = 1; memset(password, 0, len); xfree(password); |