- Added shadow password patch from Thomas Neumann <tom@smart.ruhr.de>
- Added ifdefs to auth-passwd.c to exclude it when PAM is enabled
This commit is contained in:
parent
b028438668
commit
2cb210f0f7
|
@ -9,6 +9,8 @@
|
||||||
totalsize, ok niels,aaron
|
totalsize, ok niels,aaron
|
||||||
- Delay fork (-f option) in ssh until after port forwarded connections
|
- Delay fork (-f option) in ssh until after port forwarded connections
|
||||||
have been initialised. Patch from Jani Hakala <jahakala@cc.jyu.fi>
|
have been initialised. Patch from Jani Hakala <jahakala@cc.jyu.fi>
|
||||||
|
- Added shadow password patch from Thomas Neumann <tom@smart.ruhr.de>
|
||||||
|
- Added ifdefs to auth-passwd.c to exclude it when PAM is enabled
|
||||||
|
|
||||||
19991112
|
19991112
|
||||||
- Merged changes from OpenBSD CVS
|
- Merged changes from OpenBSD CVS
|
||||||
|
|
1
README
1
README
|
@ -52,6 +52,7 @@ Nalin Dahyabhai <nalin.dahyabhai@pobox.com> - PAM environment patch
|
||||||
Phil Hands <phil@hands.com> - Debian scripts, assorted patches
|
Phil Hands <phil@hands.com> - Debian scripts, assorted patches
|
||||||
Niels Kristian Bech Jensen <nkbj@image.dk> - Makefile patches
|
Niels Kristian Bech Jensen <nkbj@image.dk> - Makefile patches
|
||||||
Marc G. Fournier <marc.fournier@acadiau.ca> - Solaris patches
|
Marc G. Fournier <marc.fournier@acadiau.ca> - Solaris patches
|
||||||
|
Thomas Neumann <tom@smart.ruhr.de> - Shadow passwords
|
||||||
|
|
||||||
Miscellania -
|
Miscellania -
|
||||||
|
|
||||||
|
|
|
@ -15,12 +15,20 @@ the password is valid for the user.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$Id: auth-passwd.c,v 1.3 1999/11/11 06:57:39 damien Exp $");
|
RCSID("$Id: auth-passwd.c,v 1.4 1999/11/13 04:40:10 damien Exp $");
|
||||||
|
|
||||||
#include "packet.h"
|
#include "packet.h"
|
||||||
#include "ssh.h"
|
#include "ssh.h"
|
||||||
#include "servconf.h"
|
#include "servconf.h"
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
|
#include "config.h"
|
||||||
|
|
||||||
|
#ifdef HAVE_SHADOW_H
|
||||||
|
#include <shadow.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifndef HAVE_PAM
|
||||||
|
/* Don't need anything from here if we are using PAM */
|
||||||
|
|
||||||
/* Tries to authenticate the user using password. Returns true if
|
/* Tries to authenticate the user using password. Returns true if
|
||||||
authentication succeeds. */
|
authentication succeeds. */
|
||||||
|
@ -29,6 +37,9 @@ int auth_password(struct passwd *pw, const char *password)
|
||||||
{
|
{
|
||||||
extern ServerOptions options;
|
extern ServerOptions options;
|
||||||
char *encrypted_password;
|
char *encrypted_password;
|
||||||
|
#ifdef HAVE_SHADOW_H
|
||||||
|
struct spwd *spw;
|
||||||
|
#endif
|
||||||
|
|
||||||
if (pw->pw_uid == 0 && options.permit_root_login == 2)
|
if (pw->pw_uid == 0 && options.permit_root_login == 2)
|
||||||
{
|
{
|
||||||
|
@ -164,11 +175,31 @@ int auth_password(struct passwd *pw, const char *password)
|
||||||
return 1; /* The user has no password and an empty password was tried. */
|
return 1; /* The user has no password and an empty password was tried. */
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef HAVE_SHADOW_H
|
||||||
|
spw = getspnam(pw->pw_name);
|
||||||
|
if (spw == NULL)
|
||||||
|
return(0);
|
||||||
|
|
||||||
|
if ((spw->sp_namp == NULL) || (strcmp(pw->pw_name, spw->sp_namp) != 0))
|
||||||
|
fatal("Shadow lookup returned garbage.");
|
||||||
|
|
||||||
|
if (strlen(spw->sp_pwdp) < 3)
|
||||||
|
return(0);
|
||||||
|
|
||||||
|
/* Encrypt the candidate password using the proper salt. */
|
||||||
|
encrypted_password = crypt(password, spw->sp_pwdp);
|
||||||
|
|
||||||
|
/* Authentication is accepted if the encrypted passwords are identical. */
|
||||||
|
return (strcmp(encrypted_password, spw->sp_pwdp) == 0);
|
||||||
|
#else /* !HAVE_SHADOW_H */
|
||||||
|
|
||||||
/* Encrypt the candidate password using the proper salt. */
|
/* Encrypt the candidate password using the proper salt. */
|
||||||
encrypted_password = crypt(password,
|
encrypted_password = crypt(password,
|
||||||
(pw->pw_passwd[0] && pw->pw_passwd[1]) ?
|
(pw->pw_passwd[0] && pw->pw_passwd[1]) ?
|
||||||
pw->pw_passwd : "xx");
|
pw->pw_passwd : "xx");
|
||||||
|
|
||||||
/* Authentication is accepted if the encrypted passwords are identical. */
|
/* Authentication is accepted if the encrypted passwords are identical. */
|
||||||
return (strcmp(encrypted_password, pw->pw_passwd) == 0);
|
return (strcmp(encrypted_password, pw->pw_passwd) == 0);
|
||||||
|
#endif /* !HAVE_SHADOW_H */
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#endif /* !HAVE_PAM */
|
||||||
|
|
|
@ -55,7 +55,7 @@ AC_CHECK_LIB(dl, dlopen, , )
|
||||||
AC_CHECK_LIB(pam, pam_authenticate, , )
|
AC_CHECK_LIB(pam, pam_authenticate, , )
|
||||||
|
|
||||||
dnl Checks for header files.
|
dnl Checks for header files.
|
||||||
AC_CHECK_HEADERS(pty.h endian.h paths.h lastlog.h)
|
AC_CHECK_HEADERS(pty.h endian.h paths.h lastlog.h shadow.h)
|
||||||
|
|
||||||
dnl Checks for library functions.
|
dnl Checks for library functions.
|
||||||
AC_PROG_GCC_TRADITIONAL
|
AC_PROG_GCC_TRADITIONAL
|
||||||
|
|
Loading…
Reference in New Issue