tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
openssh-portable/auth-passwd.c

217 lines
6.2 KiB
C
Raw Normal View History

Initial revision
1999-10-27 05:42:43 +02:00
/*
- Merged very large OpenBSD source code reformat - OpenBSD CVS updates - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c] [ssh.h sshd.8 sshd.c] syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c] tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE messages. allows use of s/key in windows (ttssh, securecrt) and ssh-1.2.27 clients without 'ssh -v', ok: niels@ - [sshd.8] -V, for fallback to openssh in SSH2 compatibility mode - [sshd.c] fix sigchld race; cjc5@po.cwru.edu
1999-11-24 14:26:21 +01:00
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
* Password authentication. This file contains the functions to check whether
* the password is valid for the user.
- (djm) Merge OpenBSD changes: - markus@cvs.openbsd.org 2000/09/05 02:59:57 [session.c] print hostname (not hushlogin) - markus@cvs.openbsd.org 2000/09/05 13:18:48 [authfile.c ssh-add.c] enable ssh-add -d for DSA keys - markus@cvs.openbsd.org 2000/09/05 13:20:49 [sftp-server.c] cleanup - markus@cvs.openbsd.org 2000/09/06 03:46:41 [authfile.h] prototype - deraadt@cvs.openbsd.org 2000/09/07 14:27:56 [ALL] cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate. - markus@cvs.openbsd.org 2000/09/07 14:40:30 [channels.c channels.h clientloop.c serverloop.c ssh.c] cleanup window and packet sizes for ssh2 flow control; ok niels - markus@cvs.openbsd.org 2000/09/07 14:53:00 [scp.c] typo - markus@cvs.openbsd.org 2000/09/07 15:13:37 [auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c] [authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h] [pty.c readconf.c] some more Copyright fixes - markus@cvs.openbsd.org 2000/09/08 03:02:51 [README.openssh2] bye bye - deraadt@cvs.openbsd.org 2000/09/11 18:38:33 [LICENCE cipher.c] a few more comments about it being ARC4 not RC4 - markus@cvs.openbsd.org 2000/09/12 14:53:11 [log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c] multiple debug levels - markus@cvs.openbsd.org 2000/09/14 14:25:15 [clientloop.c] typo - deraadt@cvs.openbsd.org 2000/09/15 01:13:51 [ssh-agent.c] check return value for setenv(3) for failure, and deal appropriately
2000-09-16 04:29:08 +02:00
*
* As far as I am concerned, the code I have written for this software
* can be used freely for any purpose. Any derived versions of this
* software must be clearly marked as such, and if the derived work is
* incompatible with the protocol description in the RFC file, it must be
* called by a name other than "ssh" or "Secure Shell".
*
* Copyright (c) 1999 Dug Song. All rights reserved.
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- Merged very large OpenBSD source code reformat - OpenBSD CVS updates - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c] [ssh.h sshd.8 sshd.c] syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c] tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE messages. allows use of s/key in windows (ttssh, securecrt) and ssh-1.2.27 clients without 'ssh -v', ok: niels@ - [sshd.8] -V, for fallback to openssh in SSH2 compatibility mode - [sshd.c] fix sigchld race; cjc5@po.cwru.edu
1999-11-24 14:26:21 +01:00
*/
Initial revision
1999-10-27 05:42:43 +02:00
#include "includes.h"
- (bal) auth-chall.c auth-passwd.c auth.h auth1.c auth2.c session.c CVS ID resync
2001-03-22 02:22:03 +01:00
RCSID("$OpenBSD: auth-passwd.c,v 1.22 2001/03/20 18:57:04 markus Exp $");
Initial revision
1999-10-27 05:42:43 +02:00
- (djm) Added patch from Chris Adams <cmadams@hiwaay.net> to add OSF SIA support. Enable using "USE_SIA=1 ./configure [options]"
2000-06-28 07:22:41 +02:00
#if !defined(USE_PAM) && !defined(HAVE_OSF_SIA)
Initial revision
1999-10-27 05:42:43 +02:00
#include "packet.h"
#include "xmalloc.h"
Hopefully things did not get mixed around too much. It compiles under Linux and works. So that is at least a good sign. =) 20010122 - (bal) OpenBSD Resync - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus [servconf.c ssh.h sshd.c] only auth-chall.c needs #ifdef SKEY - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c packet.c pathname.h readconf.c scp.c servconf.c serverloop.c session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h ssh1.h sshconnect1.c sshd.c ttymodes.c] move ssh1 definitions to ssh1.h, pathnames to pathnames.h - markus@cvs.openbsd.org 2001/01/19 16:48:14 [sshd.8] fix typo; from stevesk@ - markus@cvs.openbsd.org 2001/01/19 16:50:58 [ssh-dss.c] clear and free digest, make consistent with other code (use dlen); from stevesk@ - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus [auth-options.c auth-options.h auth-rsa.c auth2.c] pass the filename to auth_parse_options() - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001 [readconf.c] fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com - stevesk@cvs.openbsd.org 2001/01/20 18:20:29 [sshconnect2.c] dh_new_group() does not return NULL. ok markus@ - markus@cvs.openbsd.org 2001/01/20 21:33:42 [ssh-add.c] do not loop forever if askpass does not exist; from andrew@pimlott.ne.mediaone.net - djm@cvs.openbsd.org 2001/01/20 23:00:56 [servconf.c] Check for NULL return from strdelim; ok markus - djm@cvs.openbsd.org 2001/01/20 23:02:07 [readconf.c] KNF; ok markus - jakob@cvs.openbsd.org 2001/01/21 9:00:33 [ssh-keygen.1] remove -R flag; ok markus@ - markus@cvs.openbsd.org 2001/01/21 19:05:40 [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c bufaux.c bufaux.h buffer.c canahost.c canahost.h channels.c cipher.c cli.c clientloop.c clientloop.h compat.c compress.c deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c key.c key.h log-client.c log-server.c log.c log.h login.c login.h match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h ttysmodes.c uidswap.c xmalloc.c] split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch] - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve conflict when compiling for non-kerb install - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes on 1/19.
2001-01-22 06:34:40 +01:00
#include "log.h"
#include "servconf.h"
Please grep through the source and look for 'ISSUE' comments and verify that I was able to get all the portable bits in the right location. As for the SKEY comment there is an email out to Markus as to how it should be resolved. Until then I just #ifdef SKEY/#endif out the whole block. - (bal) OpenBSD Resync - markus@cvs.openbsd.org 2001/01/18 16:20:21 [log-client.c log-server.c log.c readconf.c servconf.c ssh.1 ssh.h sshd.8 sshd.c] log() is at pri=LOG_INFO, since LOG_NOTICE goes to /dev/console on many systems - markus@cvs.openbsd.org 2001/01/18 16:59:59 [auth-passwd.c auth.c auth.h auth1.c auth2.c serverloop.c session.c session.h sshconnect1.c] 1) removes fake skey from sshd, since this will be much harder with /usr/libexec/auth/login_XXX 2) share/unify code used in ssh-1 and ssh-2 authentication (server side) 3) make addition of BSD_AUTH and other challenge reponse methods easier. - markus@cvs.openbsd.org 2001/01/18 17:12:43 [auth-chall.c auth2-chall.c] rename *-skey.c *-chall.c since the files are not skey specific
2001-01-19 05:26:52 +01:00
#include "auth.h"
- AIX patch from Matt Richards <v2matt@btv.ibm.com> and David Rankin <drankin@bohemians.lexington.ky.us>
2000-01-23 00:32:03 +01:00
#ifdef WITH_AIXAUTHENTICATE
- Merge HP-UX fixes and TCB support from Ged Lodder <lodder@yacc.com.au>
2000-04-29 16:47:29 +02:00
# include <login.h>
#endif
- (djm) Cleanup auth-passwd.c and unify HP/UX authentication. Patch from Kevin Steves <stevesk@sweden.hp.com>
2000-09-16 06:55:52 +02:00
#ifdef __hpux
- Merge HP-UX fixes and TCB support from Ged Lodder <lodder@yacc.com.au>
2000-04-29 16:47:29 +02:00
# include <hpsecurity.h>
# include <prot.h>
- AIX patch from Matt Richards <v2matt@btv.ibm.com> and David Rankin <drankin@bohemians.lexington.ky.us>
2000-01-23 00:32:03 +01:00
#endif
- (djm) Merged big SCO portability patch from Tim Rice <tim@multitalents.net>
2000-09-29 14:01:36 +02:00
#ifdef HAVE_SCO_PROTECTED_PW
# include <sys/security.h>
# include <sys/audit.h>
# include <prot.h>
#endif /* HAVE_SCO_PROTECTED_PW */
- (djm) Cleanup auth-passwd.c and unify HP/UX authentication. Patch from Kevin Steves <stevesk@sweden.hp.com>
2000-09-16 06:55:52 +02:00
#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
- Portability fixes for Irix 5.3 (now compiles OK!) - autoconf and other misc cleanups
1999-12-28 05:09:35 +01:00
# include <shadow.h>
- Added non-PAM MD5 password support patch from Tudor Bosman <tudorb@jm.nu>
1999-11-19 05:53:20 +01:00
#endif
- (djm) Cleanup auth-passwd.c and unify HP/UX authentication. Patch from Kevin Steves <stevesk@sweden.hp.com>
2000-09-16 06:55:52 +02:00
#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
- SunOS 4.x support from Todd C. Miller <Todd.Miller@courtesan.com>
2000-05-20 07:02:59 +02:00
# include <sys/label.h>
# include <sys/audit.h>
# include <pwdadj.h>
#endif
- Portability fixes for Irix 5.3 (now compiles OK!) - autoconf and other misc cleanups
1999-12-28 05:09:35 +01:00
#if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)
# include "md5crypt.h"
#endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */
- Added non-PAM MD5 password support patch from Tudor Bosman <tudorb@jm.nu>
1999-11-19 05:53:20 +01:00
- (djm) Merge cygwin support from Corinna Vinschen <vinschen@cygnus.com>
2000-09-05 07:13:06 +02:00
#ifdef HAVE_CYGWIN
#undef ERROR
#include <windows.h>
#include <sys/cygwin.h>
#define is_winnt (GetVersion() < 0x80000000)
#endif
- (djm) Merge BSD_AUTH support from Markus Friedl and David J. MacKenzie enable with --with-bsd-auth.
2001-02-18 07:01:00 +01:00
extern ServerOptions options;
- Merged very large OpenBSD source code reformat - OpenBSD CVS updates - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c] [ssh.h sshd.8 sshd.c] syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c] tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE messages. allows use of s/key in windows (ttssh, securecrt) and ssh-1.2.27 clients without 'ssh -v', ok: niels@ - [sshd.8] -V, for fallback to openssh in SSH2 compatibility mode - [sshd.c] fix sigchld race; cjc5@po.cwru.edu
1999-11-24 14:26:21 +01:00
/*
* Tries to authenticate the user using password. Returns true if
* authentication succeeds.
*/
- OpenBSD CVS updates. [ssh.1 ssh.c] - ssh -2 [auth.c channels.c clientloop.c packet.c packet.h serverloop.c] [session.c sshconnect.c] - check payload for (illegal) extra data [ALL] - whitespace cleanup
2000-04-16 03:18:38 +02:00
int
- (djm) Merge BSD_AUTH support from Markus Friedl and David J. MacKenzie enable with --with-bsd-auth.
2001-02-18 07:01:00 +01:00
auth_password(Authctxt *authctxt, const char *password)
Initial revision
1999-10-27 05:42:43 +02:00
{
- (djm) Merge BSD_AUTH support from Markus Friedl and David J. MacKenzie enable with --with-bsd-auth.
2001-02-18 07:01:00 +01:00
struct passwd * pw = authctxt->pw;
- Merged very large OpenBSD source code reformat - OpenBSD CVS updates - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c] [ssh.h sshd.8 sshd.c] syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c] tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE messages. allows use of s/key in windows (ttssh, securecrt) and ssh-1.2.27 clients without 'ssh -v', ok: niels@ - [sshd.8] -V, for fallback to openssh in SSH2 compatibility mode - [sshd.c] fix sigchld race; cjc5@po.cwru.edu
1999-11-24 14:26:21 +01:00
char *encrypted_password;
- Prepare for 1.2.1pre20 19991225 - More fixes from Andre Lucas <andre.lucas@dial.pipex.com> - Cleanup of auth-passwd.c for shadow and MD5 passwords - Cleanup and bugfix of PAM authentication code 19991223 - Merged later HPUX patch from Andre Lucas <andre.lucas@dial.pipex.com> - Above patch included better utmpx support from Ben Taylor <bent@clark.net>:
1999-12-25 00:11:29 +01:00
char *pw_password;
char *salt;
- (djm) Cleanup auth-passwd.c and unify HP/UX authentication. Patch from Kevin Steves <stevesk@sweden.hp.com>
2000-09-16 06:55:52 +02:00
#ifdef __hpux
struct pr_passwd *spw;
#endif
- (djm) Merged big SCO portability patch from Tim Rice <tim@multitalents.net>
2000-09-29 14:01:36 +02:00
#ifdef HAVE_SCO_PROTECTED_PW
struct pr_passwd *spw;
#endif /* HAVE_SCO_PROTECTED_PW */
- (djm) Cleanup auth-passwd.c and unify HP/UX authentication. Patch from Kevin Steves <stevesk@sweden.hp.com>
2000-09-16 06:55:52 +02:00
#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
- Merged very large OpenBSD source code reformat - OpenBSD CVS updates - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c] [ssh.h sshd.8 sshd.c] syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c] tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE messages. allows use of s/key in windows (ttssh, securecrt) and ssh-1.2.27 clients without 'ssh -v', ok: niels@ - [sshd.8] -V, for fallback to openssh in SSH2 compatibility mode - [sshd.c] fix sigchld race; cjc5@po.cwru.edu
1999-11-24 14:26:21 +01:00
struct spwd *spw;
- Added shadow password patch from Thomas Neumann <tom@smart.ruhr.de> - Added ifdefs to auth-passwd.c to exclude it when PAM is enabled
1999-11-13 05:40:10 +01:00
#endif
- (djm) Cleanup auth-passwd.c and unify HP/UX authentication. Patch from Kevin Steves <stevesk@sweden.hp.com>
2000-09-16 06:55:52 +02:00
#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
- SunOS 4.x support from Todd C. Miller <Todd.Miller@courtesan.com>
2000-05-20 07:02:59 +02:00
struct passwd_adjunct *spw;
#endif
- AIX patch from Matt Richards <v2matt@btv.ibm.com> and David Rankin <drankin@bohemians.lexington.ky.us>
2000-01-23 00:32:03 +01:00
#ifdef WITH_AIXAUTHENTICATE
char *authmsg;
char *loginmsg;
int reenter = 1;
#endif
Initial revision
1999-10-27 05:42:43 +02:00
- OpenBSD CVS updates: - [auth-passwd.c] check for NULL 1st
1999-12-29 23:48:15 +01:00
/* deny if no user. */
if (pw == NULL)
return 0;
- (djm) Merge cygwin support from Corinna Vinschen <vinschen@cygnus.com>
2000-09-05 07:13:06 +02:00
#ifndef HAVE_CYGWIN
- markus@cvs.openbsd.org 2001/02/12 16:16:23 [auth-passwd.c auth.c auth.h auth1.c auth2.c servconf.c servconf.h ssh-keygen.c sshd.8] PermitRootLogin={yes,without-password,forced-commands-only,no} (before this change, root could login even if PermitRootLogin==no)
2001-02-15 04:08:27 +01:00
if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
- Merged very large OpenBSD source code reformat - OpenBSD CVS updates - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c] [ssh.h sshd.8 sshd.c] syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c] tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE messages. allows use of s/key in windows (ttssh, securecrt) and ssh-1.2.27 clients without 'ssh -v', ok: niels@ - [sshd.8] -V, for fallback to openssh in SSH2 compatibility mode - [sshd.c] fix sigchld race; cjc5@po.cwru.edu
1999-11-24 14:26:21 +01:00
return 0;
- (djm) Merge cygwin support from Corinna Vinschen <vinschen@cygnus.com>
2000-09-05 07:13:06 +02:00
#endif
#ifdef HAVE_CYGWIN
/*
* Empty password is only possible on NT if the user has _really_
* an empty password and authentication is done, though.
*/
- stevesk@cvs.openbsd.org 2001/02/04 08:32:27 [many files; did this manually to our top-level source dir] unexpand and remove end-of-line whitespace; ok markus@
2001-02-05 13:42:17 +01:00
if (!is_winnt)
- (djm) Merge cygwin support from Corinna Vinschen <vinschen@cygnus.com>
2000-09-05 07:13:06 +02:00
#endif
- More reformatting merged from OpenBSD CVS - Merged OpenBSD CVS changes: - [channels.c] report from mrwizard@psu.edu via djm@ibs.com.au - [channels.c] set SO_REUSEADDR and SO_LINGER for forwarded ports. chip@valinux.com via damien@ibs.com.au - [nchan.c] it's not an error() if shutdown_write failes in nchan. - [readconf.c] remove dead #ifdef-0-code - [readconf.c servconf.c] strcasecmp instead of tolower - [scp.c] progress meter overflow fix from damien@ibs.com.au - [ssh-add.1 ssh-add.c] SSH_ASKPASS support - [ssh.1 ssh.c] postpone fork_after_authentication until command execution, request/patch from jahakala@cc.jyu.fi via damien@ibs.com.au plus: use daemon() for backgrounding
1999-11-25 01:54:57 +01:00
if (*password == '\0' && options.permit_empty_passwd == 0)
- Merged very large OpenBSD source code reformat - OpenBSD CVS updates - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c] [ssh.h sshd.8 sshd.c] syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c] tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE messages. allows use of s/key in windows (ttssh, securecrt) and ssh-1.2.27 clients without 'ssh -v', ok: niels@ - [sshd.8] -V, for fallback to openssh in SSH2 compatibility mode - [sshd.c] fix sigchld race; cjc5@po.cwru.edu
1999-11-24 14:26:21 +01:00
return 0;
- (djm) Merge BSD_AUTH support from Markus Friedl and David J. MacKenzie enable with --with-bsd-auth.
2001-02-18 07:01:00 +01:00
#ifdef BSD_AUTH
if (auth_userokay(pw->pw_name, authctxt->style, "auth-ssh",
(char *)password) == 0)
return 0;
else
return 1;
#endif
Initial revision
1999-10-27 05:42:43 +02:00
- (djm) Merge cygwin support from Corinna Vinschen <vinschen@cygnus.com>
2000-09-05 07:13:06 +02:00
#ifdef HAVE_CYGWIN
if (is_winnt) {
HANDLE hToken = cygwin_logon_user(pw, password);
if (hToken == INVALID_HANDLE_VALUE)
return 0;
cygwin_set_impersonation_token(hToken);
return 1;
}
#endif
- AIX patch from Matt Richards <v2matt@btv.ibm.com> and David Rankin <drankin@bohemians.lexington.ky.us>
2000-01-23 00:32:03 +01:00
#ifdef WITH_AIXAUTHENTICATE
return (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0);
#endif
- Merged OpenBSD CVS changes: - [auth-krb4.c auth-passwd.c auth-skey.c ssh. move skey-auth from auth-passwd.c to auth-s - [auth-rsa.c] warn only about mismatch if key is _used_ warn about keysize-mismatch with log() not channels.c readconf.c readconf.h ssh.c ssh. ports are u_short - [hostfile.c] indent, shorter warning - [nchan.c] use error() for internal errors - [packet.c] set loglevel for SSH_MSG_DISCONNECT to log( serverloop.c indent - [ssh-add.1 ssh-add.c ssh.h] document , reasonable default - [ssh.1] CheckHostIP is not available for connects v - [sshconnect.c] typo easier to read client code for passwd and s turn of checkhostip for proxy connects, sin
1999-12-06 01:47:28 +01:00
#ifdef KRB4
if (options.kerberos_authentication == 1) {
int ret = auth_krb4_password(pw, password);
if (ret == 1 || ret == 0)
return ret;
- Merged very large OpenBSD source code reformat - OpenBSD CVS updates - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c] [ssh.h sshd.8 sshd.c] syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c] tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE messages. allows use of s/key in windows (ttssh, securecrt) and ssh-1.2.27 clients without 'ssh -v', ok: niels@ - [sshd.8] -V, for fallback to openssh in SSH2 compatibility mode - [sshd.c] fix sigchld race; cjc5@po.cwru.edu
1999-11-24 14:26:21 +01:00
/* Fall back to ordinary passwd authentication. */
Initial revision
1999-10-27 05:42:43 +02:00
}
- Merged OpenBSD CVS changes: - [auth-krb4.c auth-passwd.c auth-skey.c ssh. move skey-auth from auth-passwd.c to auth-s - [auth-rsa.c] warn only about mismatch if key is _used_ warn about keysize-mismatch with log() not channels.c readconf.c readconf.h ssh.c ssh. ports are u_short - [hostfile.c] indent, shorter warning - [nchan.c] use error() for internal errors - [packet.c] set loglevel for SSH_MSG_DISCONNECT to log( serverloop.c indent - [ssh-add.1 ssh-add.c ssh.h] document , reasonable default - [ssh.1] CheckHostIP is not available for connects v - [sshconnect.c] typo easier to read client code for passwd and s turn of checkhostip for proxy connects, sin
1999-12-06 01:47:28 +01:00
#endif
- Merged very large OpenBSD source code reformat - OpenBSD CVS updates - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c] [ssh.h sshd.8 sshd.c] syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c] tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE messages. allows use of s/key in windows (ttssh, securecrt) and ssh-1.2.27 clients without 'ssh -v', ok: niels@ - [sshd.8] -V, for fallback to openssh in SSH2 compatibility mode - [sshd.c] fix sigchld race; cjc5@po.cwru.edu
1999-11-24 14:26:21 +01:00
- (djm) Shadow expiry check fix from Pavel Troller <patrol@omni.sinus.cz> - (djm) Re-enable int64_t types - we need them for sftp - (djm) Use libexecdir from configure , rather than libexecdir/ssh - (djm) Update Redhat SPEC file accordingly - (djm) Add Kevin Steves <stevesk@sweden.hp.com> HP/UX contrib files - (djm) Add Charles Levert <charles@comm.polymtl.ca> getpgrp patch - (djm) Fix password auth on HP/UX 10.20. Patch from Dirk De Wachter <Dirk.DeWachter@rug.ac.be> - (djm) Fixprogs and entropy list fixes from Larry Jones <larry.jones@sdrc.com> - (djm) Fix for SuSE spec file from Takashi YOSHIDA <tyoshida@gemini.rc.kyushu-u.ac.jp>
2000-09-16 06:39:56 +02:00
- (djm) Cleanup auth-passwd.c and unify HP/UX authentication. Patch from Kevin Steves <stevesk@sweden.hp.com>
2000-09-16 06:55:52 +02:00
pw_password = pw->pw_passwd;
Initial revision
1999-10-27 05:42:43 +02:00
- (djm) Cleanup auth-passwd.c and unify HP/UX authentication. Patch from Kevin Steves <stevesk@sweden.hp.com>
2000-09-16 06:55:52 +02:00
/*
* Various interfaces to shadow or protected password data
*/
- Fix DISABLE_SHADOW support - Allow MD5 passwords even if shadow passwords are disabled
1999-12-21 11:03:09 +01:00
#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
- Merged very large OpenBSD source code reformat - OpenBSD CVS updates - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c] [ssh.h sshd.8 sshd.c] syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c] tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE messages. allows use of s/key in windows (ttssh, securecrt) and ssh-1.2.27 clients without 'ssh -v', ok: niels@ - [sshd.8] -V, for fallback to openssh in SSH2 compatibility mode - [sshd.c] fix sigchld race; cjc5@po.cwru.edu
1999-11-24 14:26:21 +01:00
spw = getspnam(pw->pw_name);
- stevesk@cvs.openbsd.org 2001/02/04 08:32:27 [many files; did this manually to our top-level source dir] unexpand and remove end-of-line whitespace; ok markus@
2001-02-05 13:42:17 +01:00
if (spw != NULL)
- Fix password support on systems with a mixture of shadowed and non-shadowed passwords (e.g. NIS). Report and fix from HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
1999-12-30 22:49:13 +01:00
pw_password = spw->sp_pwdp;
- Prepare for 1.2.1pre20 19991225 - More fixes from Andre Lucas <andre.lucas@dial.pipex.com> - Cleanup of auth-passwd.c for shadow and MD5 passwords - Cleanup and bugfix of PAM authentication code 19991223 - Merged later HPUX patch from Andre Lucas <andre.lucas@dial.pipex.com> - Above patch included better utmpx support from Ben Taylor <bent@clark.net>:
1999-12-25 00:11:29 +01:00
#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
- (djm) Merged big SCO portability patch from Tim Rice <tim@multitalents.net>
2000-09-29 14:01:36 +02:00
#ifdef HAVE_SCO_PROTECTED_PW
spw = getprpwnam(pw->pw_name);
- stevesk@cvs.openbsd.org 2001/02/04 08:32:27 [many files; did this manually to our top-level source dir] unexpand and remove end-of-line whitespace; ok markus@
2001-02-05 13:42:17 +01:00
if (spw != NULL)
- (djm) Merged big SCO portability patch from Tim Rice <tim@multitalents.net>
2000-09-29 14:01:36 +02:00
pw_password = spw->ufld.fd_encrypt;
#endif /* HAVE_SCO_PROTECTED_PW */
- SunOS 4.x support from Todd C. Miller <Todd.Miller@courtesan.com>
2000-05-20 07:02:59 +02:00
#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL)
pw_password = spw->pwa_passwd;
#endif /* defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) */
- (djm) Merged big SCO portability patch from Tim Rice <tim@multitalents.net>
2000-09-29 14:01:36 +02:00
- (djm) Cleanup auth-passwd.c and unify HP/UX authentication. Patch from Kevin Steves <stevesk@sweden.hp.com>
2000-09-16 06:55:52 +02:00
#if defined(__hpux)
if (iscomsec() && (spw = getprpwnam(pw->pw_name)) != NULL)
pw_password = spw->ufld.fd_encrypt;
#endif /* defined(__hpux) */
/* Check for users with no password. */
if ((password[0] == '\0') && (pw_password[0] == '\0'))
return 1;
- Added shadow password patch from Thomas Neumann <tom@smart.ruhr.de> - Added ifdefs to auth-passwd.c to exclude it when PAM is enabled
1999-11-13 05:40:10 +01:00
- Prepare for 1.2.1pre20 19991225 - More fixes from Andre Lucas <andre.lucas@dial.pipex.com> - Cleanup of auth-passwd.c for shadow and MD5 passwords - Cleanup and bugfix of PAM authentication code 19991223 - Merged later HPUX patch from Andre Lucas <andre.lucas@dial.pipex.com> - Above patch included better utmpx support from Ben Taylor <bent@clark.net>:
1999-12-25 00:11:29 +01:00
if (pw_password[0] != '\0')
salt = pw_password;
- Merged very large OpenBSD source code reformat - OpenBSD CVS updates - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c] [ssh.h sshd.8 sshd.c] syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c] tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE messages. allows use of s/key in windows (ttssh, securecrt) and ssh-1.2.27 clients without 'ssh -v', ok: niels@ - [sshd.8] -V, for fallback to openssh in SSH2 compatibility mode - [sshd.c] fix sigchld race; cjc5@po.cwru.edu
1999-11-24 14:26:21 +01:00
else
- Prepare for 1.2.1pre20 19991225 - More fixes from Andre Lucas <andre.lucas@dial.pipex.com> - Cleanup of auth-passwd.c for shadow and MD5 passwords - Cleanup and bugfix of PAM authentication code 19991223 - Merged later HPUX patch from Andre Lucas <andre.lucas@dial.pipex.com> - Above patch included better utmpx support from Ben Taylor <bent@clark.net>:
1999-12-25 00:11:29 +01:00
salt = "xx";
- Fix DISABLE_SHADOW support - Allow MD5 passwords even if shadow passwords are disabled
1999-12-21 11:03:09 +01:00
#ifdef HAVE_MD5_PASSWORDS
- Prepare for 1.2.1pre20 19991225 - More fixes from Andre Lucas <andre.lucas@dial.pipex.com> - Cleanup of auth-passwd.c for shadow and MD5 passwords - Cleanup and bugfix of PAM authentication code 19991223 - Merged later HPUX patch from Andre Lucas <andre.lucas@dial.pipex.com> - Above patch included better utmpx support from Ben Taylor <bent@clark.net>:
1999-12-25 00:11:29 +01:00
if (is_md5_salt(salt))
encrypted_password = md5_crypt(password, salt);
- Fix DISABLE_SHADOW support - Allow MD5 passwords even if shadow passwords are disabled
1999-12-21 11:03:09 +01:00
else
- Prepare for 1.2.1pre20 19991225 - More fixes from Andre Lucas <andre.lucas@dial.pipex.com> - Cleanup of auth-passwd.c for shadow and MD5 passwords - Cleanup and bugfix of PAM authentication code 19991223 - Merged later HPUX patch from Andre Lucas <andre.lucas@dial.pipex.com> - Above patch included better utmpx support from Ben Taylor <bent@clark.net>:
1999-12-25 00:11:29 +01:00
encrypted_password = crypt(password, salt);
- stevesk@cvs.openbsd.org 2001/02/04 08:32:27 [many files; did this manually to our top-level source dir] unexpand and remove end-of-line whitespace; ok markus@
2001-02-05 13:42:17 +01:00
#else /* HAVE_MD5_PASSWORDS */
- (djm) Cleanup auth-passwd.c and unify HP/UX authentication. Patch from Kevin Steves <stevesk@sweden.hp.com>
2000-09-16 06:55:52 +02:00
# ifdef __hpux
if (iscomsec())
encrypted_password = bigcrypt(password, salt);
else
encrypted_password = crypt(password, salt);
- Merge HP-UX fixes and TCB support from Ged Lodder <lodder@yacc.com.au>
2000-04-29 16:47:29 +02:00
# else
- Prepare for 1.2.1pre20 19991225 - More fixes from Andre Lucas <andre.lucas@dial.pipex.com> - Cleanup of auth-passwd.c for shadow and MD5 passwords - Cleanup and bugfix of PAM authentication code 19991223 - Merged later HPUX patch from Andre Lucas <andre.lucas@dial.pipex.com> - Above patch included better utmpx support from Ben Taylor <bent@clark.net>:
1999-12-25 00:11:29 +01:00
encrypted_password = crypt(password, salt);
- (djm) Cleanup auth-passwd.c and unify HP/UX authentication. Patch from Kevin Steves <stevesk@sweden.hp.com>
2000-09-16 06:55:52 +02:00
# endif /* __hpux */
- stevesk@cvs.openbsd.org 2001/02/04 08:32:27 [many files; did this manually to our top-level source dir] unexpand and remove end-of-line whitespace; ok markus@
2001-02-05 13:42:17 +01:00
#endif /* HAVE_MD5_PASSWORDS */
- Added shadow password patch from Thomas Neumann <tom@smart.ruhr.de> - Added ifdefs to auth-passwd.c to exclude it when PAM is enabled
1999-11-13 05:40:10 +01:00
- Merged very large OpenBSD source code reformat - OpenBSD CVS updates - [channels.c cipher.c compat.c log-client.c scp.c serverloop.c] [ssh.h sshd.8 sshd.c] syslog changes: * Unified Logmessage for all auth-types, for success and for failed * Standard connections get only ONE line in the LOG when level==LOG: Auth-attempts are logged only, if authentication is: a) successfull or b) with passwd or c) we had more than AUTH_FAIL_LOG failues * many log() became verbose() * old behaviour with level=VERBOSE - [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c] tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE messages. allows use of s/key in windows (ttssh, securecrt) and ssh-1.2.27 clients without 'ssh -v', ok: niels@ - [sshd.8] -V, for fallback to openssh in SSH2 compatibility mode - [sshd.c] fix sigchld race; cjc5@po.cwru.edu
1999-11-24 14:26:21 +01:00
/* Authentication is accepted if the encrypted passwords are identical. */
- Prepare for 1.2.1pre20 19991225 - More fixes from Andre Lucas <andre.lucas@dial.pipex.com> - Cleanup of auth-passwd.c for shadow and MD5 passwords - Cleanup and bugfix of PAM authentication code 19991223 - Merged later HPUX patch from Andre Lucas <andre.lucas@dial.pipex.com> - Above patch included better utmpx support from Ben Taylor <bent@clark.net>:
1999-12-25 00:11:29 +01:00
return (strcmp(encrypted_password, pw_password) == 0);
Initial revision
1999-10-27 05:42:43 +02:00
}
- (djm) Added patch from Chris Adams <cmadams@hiwaay.net> to add OSF SIA support. Enable using "USE_SIA=1 ./configure [options]"
2000-06-28 07:22:41 +02:00
#endif /* !USE_PAM && !HAVE_OSF_SIA */