#include "includes.h"#include "packet.h"#include "buffer.h"#include "log.h"#include "servconf.h"#include "auth.h"#include "auth-options.h"Go to the source code of this file.
Defines | |
| #define | DAY (24L * 60 * 60) |
| #define | TWO_WEEKS (2L * 7 * DAY) |
Functions | |
| RCSID ("$OpenBSD: auth-passwd.c,v 1.34 2005/07/19 15:32:26 otto Exp $") | |
| void | disable_forwarding (void) |
| int | auth_password (Authctxt *authctxt, const char *password) |
| int | sys_auth_passwd (Authctxt *authctxt, const char *password) |
Variables | |
| Buffer | loginmsg |
| ServerOptions | options |
|
|
Definition at line 56 of file auth-passwd.c. |
|
|
Definition at line 57 of file auth-passwd.c. |
|
||||||||||||
|
Definition at line 72 of file auth-passwd.c. References disable_forwarding(), Authctxt::force_pwchange, ServerOptions::kerberos_authentication, ServerOptions::permit_empty_passwd, ServerOptions::permit_root_login, PERMIT_YES, Authctxt::pw, sys_auth_passwd(), ServerOptions::use_pam, and Authctxt::valid. Referenced by auth1_process_password(), do_authloop(), mm_answer_authpassword(), userauth_none(), and userauth_passwd(). 00073 { 00074 struct passwd * pw = authctxt->pw; 00075 int result, ok = authctxt->valid; 00076 #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) 00077 static int expire_checked = 0; 00078 #endif 00079 00080 #ifndef HAVE_CYGWIN 00081 if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) 00082 ok = 0; 00083 #endif 00084 if (*password == '\0' && options.permit_empty_passwd == 0) 00085 return 0; 00086 00087 #ifdef KRB5 00088 if (options.kerberos_authentication == 1) { 00089 int ret = auth_krb5_password(authctxt, password); 00090 if (ret == 1 || ret == 0) 00091 return ret && ok; 00092 /* Fall back to ordinary passwd authentication. */ 00093 } 00094 #endif 00095 #ifdef HAVE_CYGWIN 00096 if (is_winnt) { 00097 HANDLE hToken = cygwin_logon_user(pw, password); 00098 00099 if (hToken == INVALID_HANDLE_VALUE) 00100 return 0; 00101 cygwin_set_impersonation_token(hToken); 00102 return ok; 00103 } 00104 #endif 00105 #ifdef USE_PAM 00106 if (options.use_pam) 00107 return (sshpam_auth_passwd(authctxt, password) && ok); 00108 #endif 00109 #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) 00110 if (!expire_checked) { 00111 expire_checked = 1; 00112 if (auth_shadow_pwexpired(authctxt)) 00113 authctxt->force_pwchange = 1; 00114 } 00115 #endif 00116 result = sys_auth_passwd(authctxt, password); 00117 if (authctxt->force_pwchange) 00118 disable_forwarding(); 00119 return (result && ok); 00120 }
|
|
|
Definition at line 60 of file auth-passwd.c. References no_agent_forwarding_flag, no_port_forwarding_flag, and no_x11_forwarding_flag. Referenced by auth_password(). 00061 { 00062 no_port_forwarding_flag = 1; 00063 no_agent_forwarding_flag = 1; 00064 no_x11_forwarding_flag = 1; 00065 }
|
|
||||||||||||
|
|
|
||||||||||||
|
Definition at line 183 of file auth-passwd.c. References Authctxt::pw, shadow_pw(), Authctxt::valid, and xcrypt(). Referenced by auth_password(). 00184 { 00185 struct passwd *pw = authctxt->pw; 00186 char *encrypted_password; 00187 00188 /* Just use the supplied fake password if authctxt is invalid */ 00189 char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd; 00190 00191 /* Check for users with no password. */ 00192 if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0) 00193 return (1); 00194 00195 /* Encrypt the candidate password using the proper salt. */ 00196 encrypted_password = xcrypt(password, 00197 (pw_password[0] && pw_password[1]) ? pw_password : "xx"); 00198 00199 /* 00200 * Authentication is accepted if the encrypted passwords 00201 * are identical. 00202 */ 00203 return (strcmp(encrypted_password, pw_password) == 0); 00204 }
|
|
|
|
|
|
|