tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- Prepare for 1.2.1pre20 

19991225
 - More fixes from Andre Lucas <andre.lucas@dial.pipex.com>
 - Cleanup of auth-passwd.c for shadow and MD5 passwords
 - Cleanup and bugfix of PAM authentication code

19991223
 - Merged later HPUX patch from Andre Lucas
   <andre.lucas@dial.pipex.com>
 - Above patch included better utmpx support from Ben Taylor
   <bent@clark.net>:
This commit is contained in:
Damien Miller 1999-12-25 10:11:29 +11:00
parent 1b0c228ec4
commit 2e1b082dfb
13 changed files with 205 additions and 137 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
ChangeLog
View File

@ -1,3 +1,14 @@
19991225
- More fixes from Andre Lucas <andre.lucas@dial.pipex.com>
- Cleanup of auth-passwd.c for shadow and MD5 passwords
- Cleanup and bugfix of PAM authentication code
19991223
- Merged later HPUX patch from Andre Lucas
<andre.lucas@dial.pipex.com>
- Above patch included better utmpx support from Ben Taylor
<bent@clark.net>:
19991222
- Fix undefined fd_set type in ssh.h from Povl H. Pedersen
<pope@netguide.dk>

62
acconfig.h
View File

@ -30,6 +30,9 @@
/* Define is utmpx.h has a ut_host field */
#undef HAVE_HOST_IN_UTMPX
/* Define is utmpx.h has a syslen field */
#undef HAVE_SYSLEN_IN_UTMPX
/* Define if you want to use utmpx */
#undef USE_UTMPX
@ -63,6 +66,9 @@
/* Define if xauth is found in your path */
#undef XAUTH_PATH
/* Define if rsh is found in your path */
#undef RSH_PATH
/* Define if you want to allow MD5 passwords */
#undef HAVE_MD5_PASSWORDS
@ -76,6 +82,9 @@
/* to pam_strerror */
#undef HAVE_OLD_PAM
/* Set this to your mail directory if you don't have maillock.h */
#undef MAIL_DIRECTORY
/* Data types */
#undef HAVE_QUAD_T
#undef HAVE_INTXX_T
@ -197,36 +206,19 @@ enum
# endif
#endif
/* Use utmpx if supported */
#if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
# define UTMP_STR utmpx
#else
# ifdef HAVE_UTMP_H
# define UTMP_STR utmp
# endif
#endif
#ifndef _PATH_UTMP
# if defined(UTMPX_FILE) && defined(USE_UTMPX)
# define _PATH_UTMP UTMPX_FILE
# ifdef UTMP_FILE
# define _PATH_UTMP UTMP_FILE
# else
# ifdef UTMP_FILE
# define _PATH_UTMP UTMP_FILE
# else
# define _PATH_UTMP "/var/adm/utmp"
# endif
# define _PATH_UTMP "/var/adm/utmp"
# endif
#endif
#ifndef _PATH_WTMP
# if defined(WTMPX_FILE) && defined(USE_UTMPX)
# define _PATH_WTMP WTMPX_FILE
# ifdef WTMP_FILE
# define _PATH_WTMP WTMP_FILE
# else
# ifdef WTMP_FILE
# define _PATH_WTMP WTMP_FILE
# else
# define _PATH_WTMP "/var/adm/wtmp"
# endif
# define _PATH_WTMP "/var/adm/wtmp"
# endif
#endif
@ -242,16 +234,14 @@ enum
# define _PATH_DEVNULL "/dev/null"
#endif
#ifndef _PATH_MAILDIR
# ifdef MAILDIR
# define _PATH_MAILDIR MAILDIR
# else
# ifdef MAIL_DIRECTORY
# define _PATH_MAILDIR MAIL_DIRECTORY
# endif
# endif
#ifndef MAILDIR
# define MAILDIR MAIL_DIRECTORY
#endif
#if !defined(_PATH_MAILDIR) && defined(MAILDIR)
# define _PATH_MAILDIR MAILDIR
#endif /* !defined(_PATH_MAILDIR) && defined(MAILDIR) */
#ifndef MAX
# define MAX(a,b) (((a)>(b))?(a):(b))
# define MIN(a,b) (((a)<(b))?(a):(b))
@ -287,3 +277,13 @@ enum
#if !defined(HAVE_SETEUID) && defined(HAVE_SETREUID)
# define seteuid(a) setreuid(-1,a)
#endif /* !defined(HAVE_SETEUID) && defined(HAVE_SETREUID) */
#ifndef HAVE_INNETGR
# define innetgr(a,b,c,d) (0)
#endif /* HAVE_INNETGR */
#ifndef _PATH_RSH
# ifdef RSH_PATH
# define _PATH_RSH RSH_PATH
# endif /* RSH_PATH */
#endif /* _PATH_RSH */

63
auth-passwd.c
View File

@ -9,9 +9,9 @@
#include "includes.h"
#ifndef HAVE_PAM
#ifndef HAVE_LIBPAM
RCSID("$Id: auth-passwd.c,v 1.10 1999/12/21 10:03:09 damien Exp $");
RCSID("$Id: auth-passwd.c,v 1.11 1999/12/24 23:11:29 damien Exp $");
#include "packet.h"
#include "ssh.h"
@ -35,6 +35,8 @@ auth_password(struct passwd * pw, const char *password)
{
extern ServerOptions options;
char *encrypted_password;
char *pw_password;
char *salt;
#ifdef HAVE_SHADOW_H
struct spwd *spw;
#endif
@ -68,48 +70,35 @@ auth_password(struct passwd * pw, const char *password)
if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0)
return 1;
pw_password = pw->pw_passwd;
#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
spw = getspnam(pw->pw_name);
if (spw == NULL)
if (spw == NULL)
return(0);
if ((spw->sp_namp == NULL) || (strcmp(pw->pw_name, spw->sp_namp) != 0))
fatal("Shadow lookup returned garbage.");
/* Check for users with no password. */
if (strcmp(password, "") == 0 && strcmp(spw->sp_pwdp, "") == 0)
return 1;
if (strlen(spw->sp_pwdp) < 3)
return(0);
/* Encrypt the candidate password using the proper salt. */
#ifdef HAVE_MD5_PASSWORDS
if (is_md5_salt(spw->sp_pwdp))
encrypted_password = md5_crypt(password, spw->sp_pwdp);
else
encrypted_password = crypt(password, spw->sp_pwdp);
#else /* HAVE_MD5_PASSWORDS */
encrypted_password = crypt(password, spw->sp_pwdp);
#endif /* HAVE_MD5_PASSWORDS */
/* Authentication is accepted if the encrypted passwords are identical. */
return (strcmp(encrypted_password, spw->sp_pwdp) == 0);
#else /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
if (strlen(pw->pw_passwd) < 3)
return(0);
#ifdef HAVE_MD5_PASSWORDS
if (is_md5_salt(pw->pw_passwd))
encrypted_password = md5_crypt(password, pw->pw_passwd);
else
encrypted_password = crypt(password, pw->pw_passwd);
#else /* HAVE_MD5_PASSWORDS */
encrypted_password = crypt(password, pw->pw_passwd);
#endif /* HAVE_MD5_PASSWORDS */
/* Authentication is accepted if the encrypted passwords are identical. */
return (strcmp(encrypted_password, pw->pw_passwd) == 0);
pw_password = spw->sp_pwdp;
#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
if (pw_password[0] != '\0')
salt = pw_password;
else
salt = "xx";
#ifdef HAVE_MD5_PASSWORDS
if (is_md5_salt(salt))
encrypted_password = md5_crypt(password, salt);
else
encrypted_password = crypt(password, salt);
#else /* HAVE_MD5_PASSWORDS */
encrypted_password = crypt(password, salt);
#endif /* HAVE_MD5_PASSWORDS */
/* Authentication is accepted if the encrypted passwords are identical. */
return (strcmp(encrypted_password, pw_password) == 0);
}
#endif /* !HAVE_PAM */
#endif /* !HAVE_LIBPAM */

46
bsd-login.c
View File

@ -54,53 +54,63 @@ static char *rcsid = "$OpenBSD: login.c,v 1.5 1998/07/13 02:11:12 millert Exp $"
#include <stdio.h>
#include <string.h>
#if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
void
login(utp,utx)
struct utmp *utp;
struct utmpx *utx;
#else /* defined(HAVE_UTMPX_H) && defined(USE_UTMPX) */
void
login(utp)
struct UTMP_STR *utp;
struct utmp *utp;
#endif /* defined(HAVE_UTMPX_H) && defined(USE_UTMPX) */
{
struct UTMP_STR old_ut;
struct utmp old_ut;
#if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
struct utmpx *old_utx;
#endif /* defined(HAVE_UTMPX_H) && defined(USE_UTMPX) */
register int fd;
int tty;
#ifndef UT_LINESIZE
# define UT_LINESIZE (sizeof(old_ut.ut_line))
# if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
# define UT_NAMESIZE (sizeof(old_ut.ut_user))
# else
# define UT_NAMESIZE (sizeof(old_ut.ut_name))
# endif
# define UT_NAMESIZE (sizeof(old_ut.ut_name))
# ifdef HAVE_HOST_IN_UTMP
# define UT_HOSTSIZE (sizeof(old_ut.ut_host))
# endif
# if defined(HAVE_HOST_IN_UTMPX) && defined(USE_UTMPX)
# define UT_HOSTSIZE (sizeof(old_ut.ut_host))
# endif
#endif
tty = ttyslot();
if (tty > 0 && (fd = open(_PATH_UTMP, O_RDWR|O_CREAT, 0644)) >= 0) {
#if defined(HAVE_HOST_IN_UTMP) || defined(HAVE_HOST_IN_UTMPX)
(void)lseek(fd, (off_t)(tty * sizeof(struct UTMP_STR)), SEEK_SET);
#if defined(HAVE_HOST_IN_UTMP)
(void)lseek(fd, (off_t)(tty * sizeof(struct utmp)), SEEK_SET);
/*
* Prevent luser from zero'ing out ut_host.
* If the new ut_line is empty but the old one is not
* and ut_line and ut_name match, preserve the old ut_line.
*/
if (read(fd, &old_ut, sizeof(struct UTMP_STR)) ==
sizeof(struct UTMP_STR) && utp->ut_host[0] == '\0' &&
if (read(fd, &old_ut, sizeof(struct utmp)) ==
sizeof(struct utmp) && utp->ut_host[0] == '\0' &&
old_ut.ut_host[0] != '\0' &&
strncmp(old_ut.ut_line, utp->ut_line, UT_LINESIZE) == 0 &&
strncmp(old_ut.ut_name, utp->ut_name, UT_NAMESIZE) == 0)
(void)memcpy(utp->ut_host, old_ut.ut_host, UT_HOSTSIZE);
#endif /* defined(HAVE_HOST_IN_UTMP) || defined(HAVE_HOST_IN_UTMPX) */
(void)lseek(fd, (off_t)(tty * sizeof(struct UTMP_STR)), SEEK_SET);
(void)write(fd, utp, sizeof(struct UTMP_STR));
#endif /* defined(HAVE_HOST_IN_UTMP) */
(void)lseek(fd, (off_t)(tty * sizeof(struct utmp)), SEEK_SET);
(void)write(fd, utp, sizeof(struct utmp));
(void)close(fd);
}
if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) >= 0) {
(void)write(fd, utp, sizeof(struct UTMP_STR));
(void)write(fd, utp, sizeof(struct utmp));
(void)close(fd);
}
#if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
old_utx = pututxline(utx);
# ifdef HAVE_UPDWTMPX
updwtmpx(_PATH_WTMPX, utx);
# endif /* HAVE_UPDWTMPX */
endutxent();
#endif /* defined(HAVE_UTMPX_H) && defined(USE_UTMPX) */
}
#endif /* HAVE_LOGIN */

21
bsd-login.h
View File

@ -1,13 +1,22 @@
#ifndef _BSD_LOGIN_H
#define _BSD_LOGIN_H
# define _BSD_LOGIN_H
#include "config.h"
#ifndef HAVE_LOGIN
# include "config.h"
# ifndef HAVE_LOGIN
#include <utmp.h>
# include <utmp.h>
void login(struct UTMP_STR *utp);
# if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
# include <utmpx.h>
#endif /* !HAVE_LOGIN */
void login(struct utmp *utp, struct utmpx *utx);
# else /* defined(HAVE_UTMPX_H) && defined(USE_UTMPX) */
void login(struct utmp *utp);
# endif /* defined(HAVE_UTMPX_H) && defined(USE_UTMPX) */
# endif /* !HAVE_LOGIN */
#endif /* _BSD_LOGIN_H */

47
configure.in
View File

@ -9,10 +9,25 @@ AC_PROG_CPP
AC_PROG_RANLIB
AC_PROG_INSTALL
AC_CHECK_PROG(AR, ar, ar)
dnl Check for the path to xauth
AC_PATH_PROG(xauth_path, xauth)
AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
dnl Use ip address instead of hostname in $DISPLAY
AC_ARG_WITH(rsh,
[ --with-rsh=PATH Specify path to remote shell program ],
[
AC_DEFINE_UNQUOTED(RSH_PATH, "$withval")
],
[
AC_PATH_PROG(rsh_path, rsh)
]
)
if test ! -z "$xauth_path" ; then
AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path")
fi
if test ! -z "$rsh_path" ; then
AC_DEFINE_UNQUOTED(RSH_PATH, "$rsh_path")
fi
dnl Checks for compiler characteristics
if test "$GCC" = "yes"; then CFLAGS="$CFLAGS -Wall"; fi
@ -27,6 +42,7 @@ case "$host" in
fi
CFLAGS="$CFLAGS -D_HPUX_SOURCE"
AC_DEFINE(IPADDR_IN_DISPLAY)
AC_DEFINE(USE_UTMPX)
AC_MSG_CHECKING(for HPUX trusted system password database)
if test -f /tcb/files/auth/system/default; then
AC_MSG_RESULT(yes)
@ -80,15 +96,22 @@ AC_CHECK_LIB(util, login, AC_DEFINE(HAVE_LIBUTIL_LOGIN) LIBS="$LIBS -lutil")
AC_CHECK_LIB(nsl, yp_match, , )
AC_CHECK_LIB(socket, main, , )
dnl libdl is needed by PAM on Redhat systems
AC_CHECK_LIB(dl, dlopen, , )
AC_CHECK_LIB(pam, pam_authenticate, , )
dnl Use ip address instead of hostname in $DISPLAY
AC_ARG_WITH(pam,
[ --without-pam Disable PAM support ],
[
if test "x$withval" != "xno" ; then
AC_CHECK_LIB(dl, dlopen, , )
AC_CHECK_LIB(pam, pam_authenticate, , )
fi
]
)
dnl Checks for header files.
AC_CHECK_HEADERS(endian.h lastlog.h login.h maillock.h netgroup.h paths.h poll.h pty.h shadow_h util.h utmp.h utmpx.h sys/bsdtty.h sys/poll.h sys/select.h sys/stropts.h sys/time.h)
AC_CHECK_HEADERS(endian.h lastlog.h login.h maillock.h netgroup.h paths.h poll.h pty.h shadow.h util.h utmp.h utmpx.h sys/bsdtty.h sys/poll.h sys/select.h sys/stropts.h sys/time.h sys/ttcompat.h)
dnl Checks for library functions.
AC_CHECK_FUNCS(arc4random mkdtemp openpty _getpty setenv seteuid setlogin setproctitle setreuid snprintf strlcat strlcpy vsnprintf)
AC_CHECK_FUNCS(arc4random updwtmpx mkdtemp openpty _getpty innetgr setenv seteuid setlogin setproctitle setreuid snprintf strlcat strlcpy vsnprintf)
AC_CHECK_FUNC(login,
[AC_DEFINE(HAVE_LOGIN)],
@ -220,19 +243,21 @@ if test -z "$RANDOM_POOL" -a -z "$EGD_POOL"; then
AC_MSG_ERROR([No random device found, and no EGD random pool specified])
fi
dnl Check for ut_host field in utmp
AC_MSG_CHECKING([whether utmp.h has ut_host field])
AC_EGREP_HEADER(ut_host, utmp.h,
[AC_DEFINE(HAVE_HOST_IN_UTMP) AC_MSG_RESULT(yes); ],
[AC_MSG_RESULT(no)]
)
dnl Check for ut_host field in utmpx
AC_MSG_CHECKING([whether utmpx.h has ut_host field])
AC_EGREP_HEADER(ut_host, utmpx.h,
[AC_DEFINE(HAVE_HOST_IN_UTMPX) AC_MSG_RESULT(yes); ],
[AC_MSG_RESULT(no)]
)
AC_MSG_CHECKING([whether utmpx.h has syslen field])
AC_EGREP_HEADER(syslen, utmpx.h,
[AC_DEFINE(HAVE_SYSLEN_IN_UTMPX) AC_MSG_RESULT(yes); ],
[AC_MSG_RESULT(no)]
)
dnl Look for lastlog location
AC_ARG_WITH(lastlog,

1
includes.h
View File

@ -81,6 +81,7 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
#include "bsd-mktemp.h"
#include "bsd-snprintf.h"
#include "bsd-daemon.h"
#include "bsd-login.h"
/* Define this to be the path of the xauth program. */
#ifndef XAUTH_PATH

40
login.c
View File

@ -18,7 +18,7 @@
*/
#include "includes.h"
RCSID("$Id: login.c,v 1.10 1999/12/22 05:09:48 damien Exp $");
RCSID("$Id: login.c,v 1.11 1999/12/24 23:11:29 damien Exp $");
#if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
# include <utmpx.h>
@ -133,28 +133,44 @@ record_login(int pid, const char *ttyname, const char *user, uid_t uid,
struct lastlog ll;
char *lastlog;
#endif /* defined(_PATH_LASTLOG) && !defined(DISABLE_LASTLOG) */
struct UTMP_STR u;
const char *utmp, *wtmp;
struct utmp u;
#if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
struct utmpx utx;
#endif
/* Construct an utmp/wtmp entry. */
memset(&u, 0, sizeof(u));
strncpy(u.ut_line, ttyname + 5, sizeof(u.ut_line));
#if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
u.ut_tv.tv_sec = time(NULL);
strncpy(u.ut_user, user, sizeof(u.ut_name));
#else
u.ut_pid = (pid_t)pid;
u.ut_time = time(NULL);
strncpy(u.ut_name, user, sizeof(u.ut_name));
#endif
#if defined(HAVE_HOST_IN_UTMP) || defined(HAVE_HOST_IN_UTMPX)
u.ut_type = (uid == -1)?DEAD_PROCESS:USER_PROCESS;
#if defined(HAVE_HOST_IN_UTMP)
strncpy(u.ut_host, host, sizeof(u.ut_host));
#endif
/* Figure out the file names. */
utmp = _PATH_UTMP;
wtmp = _PATH_WTMP;
#if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
memset(&utx, 0, sizeof(utx));
strncpy(utx.ut_user, user, sizeof(utx.ut_name));
strncpy(utx.ut_line, ttyname + 5, sizeof(utx.ut_line));
utx.ut_pid = (pid_t)pid;
utx.ut_tv.tv_sec = time(NULL);
u.ut_type = (uid == -1)?DEAD_PROCESS:USER_PROCESS;
#ifdef HAVE_HOST_IN_UTMPX
#ifdef HAVE_SYSLEN_IN_UTMPX
utx.ut_syslen = strlen(host);
strncpy(utx.ut_host, host, utx.ut_syslen );
#else
strncpy(utx.ut_host, host, sizeof(utx.ut_host));
#endif /* HAVE_SYSLEN_IN_UTMPX */
#endif
#endif /* defined(HAVE_UTMPX_H) && defined(USE_UTMPX) */
#if defined(HAVE_UTMPX_H) && defined(USE_UTMPX) && !defined(HAVE_LOGIN)
login(&u, &utx);
#else /* defined(HAVE_UTMPX_H) && defined(USE_UTMPX) */
login(&u);
#endif /* defined(HAVE_UTMPX_H) && defined(USE_UTMPX) */
#if defined(_PATH_LASTLOG) && !defined(DISABLE_LASTLOG)
lastlog = _PATH_LASTLOG;

2
packages/redhat/openssh.spec
View File

@ -1,6 +1,6 @@
Summary: OpenSSH free Secure Shell (SSH) implementation
Name: openssh
Version: 1.2.1pre19
Version: 1.2.1pre20
Release: 1
Packager: Damien Miller <djm@ibs.com.au>
Source0: openssh-%{version}.tar.gz

2
packages/redhat/sshd.pam
View File

@ -1,5 +1,5 @@
#%PAM-1.0
auth required /lib/security/pam_pwdb.so shadow
auth required /lib/security/pam_pwdb.so shadow nowait
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_pwdb.so
password required /lib/security/pam_cracklib.so

2
packages/suse/openssh.spec
View File

@ -1,6 +1,6 @@
Summary: OpenSSH, a free Secure Shell (SSH) implementation
Name: openssh
Version: 1.2.1pre19
Version: 1.2.1pre20
Release: 1
Source0: openssh-%{version}.tar.gz
Copyright: BSD

43
sshd.c
View File

@ -11,7 +11,7 @@
*/
#include "includes.h"
RCSID("$Id: sshd.c,v 1.39 1999/12/14 04:43:03 damien Exp $");
RCSID("$Id: sshd.c,v 1.40 1999/12/24 23:11:29 damien Exp $");
#ifdef HAVE_POLL_H
# include <poll.h>
@ -146,6 +146,7 @@ void do_child(const char *command, struct passwd * pw, const char *term,
#ifdef HAVE_LIBPAM
static int pamconv(int num_msg, const struct pam_message **msg,
struct pam_response **resp, void *appdata_ptr);
int do_pam_auth(const char *user, const char *password);
void do_pam_account(char *username, char *remote_user);
void do_pam_session(char *username, char *ttyname);
void pam_cleanup_proc(void *context);
@ -237,6 +238,23 @@ void pam_cleanup_proc(void *context)
}
}
int do_pam_auth(const char *user, const char *password)
{
int pam_retval;
pampasswd = password;
pam_retval = pam_authenticate((pam_handle_t *)pamh, 0);
if (pam_retval == PAM_SUCCESS) {
log("PAM Password authentication accepted for user \"%.100s\"", user);
return 1;
} else {
log("PAM Password authentication for \"%.100s\" failed: %s",
user, PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
return 0;
}
}
void do_pam_account(char *username, char *remote_user)
{
int pam_retval;
@ -1292,7 +1310,11 @@ do_authentication(char *user)
#ifdef KRB4
(!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
#endif /* KRB4 */
#ifdef HAVE_LIBPAM
do_pam_auth(pw->pw_name, "")) {
#else /* HAVE_LIBPAM */
auth_password(pw, "")) {
#endif /* HAVE_LIBPAM */
/* Authentication with empty password succeeded. */
log("Login for user %s from %.100s, accepted without authentication.",
pw->pw_name, get_remote_ipaddr());
@ -1503,29 +1525,14 @@ do_authloop(struct passwd * pw)
#ifdef HAVE_LIBPAM
/* Do PAM auth with password */
pampasswd = password;
pam_retval = pam_authenticate((pam_handle_t *)pamh, 0);
if (pam_retval == PAM_SUCCESS) {
log("PAM Password authentication accepted for user \"%.100s\"", pw->pw_name);
memset(password, 0, strlen(password));
xfree(password);
authenticated = 1;
break;
}
log("PAM Password authentication for \"%.100s\" failed: %s",
pw->pw_name, PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
memset(password, 0, strlen(password));
xfree(password);
break;
authenticated = do_pam_auth(pw->pw_name, password);
#else /* HAVE_LIBPAM */
/* Try authentication with the password. */
authenticated = auth_password(pw, password);
#endif /* HAVE_LIBPAM */
memset(password, 0, strlen(password));
xfree(password);
break;
#endif /* HAVE_LIBPAM */
#ifdef SKEY
case SSH_CMSG_AUTH_TIS:

2
sshd.pam.generic
View File

@ -1,5 +1,5 @@
#%PAM-1.0
auth required /lib/security/pam_unix.so shadow
auth required /lib/security/pam_unix.so shadow nowait
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_unix.so
password required /lib/security/pam_cracklib.so