1 /* 2 * Copyright (c) 2019 The DragonFly Project. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. 9 * 2. Redistributions in binary form must reproduce the above copyright 10 * notice, this list of conditions and the following disclaimer in the 11 * documentation and/or other materials provided with the distribution. 12 * 13 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 14 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 15 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 16 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 17 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 18 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, 19 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 20 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 21 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 23 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 */ 26 27 #include "includes.h" 28 29 #include <sys/types.h> 30 31 #include <string.h> 32 #include <unistd.h> 33 34 #include "packet.h" 35 #include "sshbuf.h" 36 #include "sshkey.h" 37 #include "hostfile.h" 38 #include "auth.h" 39 #include "auth-options.h" 40 41 int 42 sys_auth_passwd(struct ssh *ssh, const char *password) 43 { 44 Authctxt *authctxt = ssh->authctxt; 45 struct passwd *pw = authctxt->pw; 46 char *encrypted_password, *salt = NULL; 47 48 /* Just use the supplied fake password if authctxt is invalid */ 49 char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd; 50 51 if (pw_password == NULL) 52 return 0; 53 54 /* Check for users with no password. */ 55 if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0) 56 return (1); 57 58 /* 59 * Encrypt the candidate password using the proper salt using 60 * <unistd.h> crypt() version from libcrypt. 61 * The OpenSSH xcrypt() is using DES_crypt(). 62 */ 63 if (authctxt->valid && pw_password[0] && pw_password[1]) 64 salt = pw_password; 65 else 66 salt = "xx"; 67 encrypted_password = crypt(password, salt); 68 69 /* 70 * Authentication is accepted if the encrypted passwords 71 * are identical. 72 */ 73 return encrypted_password != NULL && 74 strcmp(encrypted_password, pw_password) == 0; 75 } 76