1 /* 2 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * All rights reserved 5 * Created: Sat Mar 18 05:11:38 1995 ylo 6 * Password authentication. This file contains the functions to check whether 7 * the password is valid for the user. 8 * 9 * $FreeBSD$ 10 */ 11 12 #include "includes.h" 13 RCSID("$Id: auth-passwd.c,v 1.14 1999/12/29 12:47:46 markus Exp $"); 14 15 #include "packet.h" 16 #include "ssh.h" 17 #include "servconf.h" 18 #include "xmalloc.h" 19 20 /* 21 * Tries to authenticate the user using password. Returns true if 22 * authentication succeeds. 23 */ 24 int 25 auth_password(struct passwd * pw, const char *password) 26 { 27 extern ServerOptions options; 28 char *encrypted_password; 29 30 /* deny if no user. */ 31 if (pw == NULL) 32 return 0; 33 if (pw->pw_uid == 0 && options.permit_root_login == 2) 34 return 0; 35 if (*password == '\0' && options.permit_empty_passwd == 0) 36 return 0; 37 38 #ifdef SKEY 39 if (options.skey_authentication == 1) { 40 int ret = auth_skey_password(pw, password); 41 if (ret == 1 || ret == 0) 42 return ret; 43 /* Fall back to ordinary passwd authentication. */ 44 } 45 #endif 46 #ifdef KRB5 47 if (options.krb5_authentication == 1) { 48 if (auth_krb5_password(pw, password)) 49 return 1; 50 /* Fall back to ordinary passwd authentication. */ 51 } 52 53 #endif /* KRB5 */ 54 #ifdef KRB4 55 if (options.krb4_authentication == 1) { 56 int ret = auth_krb4_password(pw, password); 57 if (ret == 1 || ret == 0) 58 return ret; 59 /* Fall back to ordinary passwd authentication. */ 60 } 61 #endif 62 63 /* Check for users with no password. */ 64 if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0) 65 return 1; 66 /* Encrypt the candidate password using the proper salt. */ 67 encrypted_password = crypt(password, 68 (pw->pw_passwd[0] && pw->pw_passwd[1]) ? pw->pw_passwd : "xx"); 69 70 /* Authentication is accepted if the encrypted passwords are identical. */ 71 return (strcmp(encrypted_password, pw->pw_passwd) == 0); 72 } 73