diff --git a/doc/HOWTO b/doc/HOWTO index bb4e052db..62b8d85dc 100644 --- a/doc/HOWTO +++ b/doc/HOWTO @@ -1751,7 +1751,7 @@ } #ifdef HAS_SHADOW if ((pw->pw_passwd && pw->pw_passwd[0] == '@' - && pw_auth (pw->pw_passwd+1, pw->pw_name, PW_LOGIN, NULL)) + && pw_auth(pw->pw_passwd+1, pw->pw_name)) || !valid (passwd, pw)) { return (UPAP_AUTHNAK); } diff --git a/lib/pwauth.c b/lib/pwauth.c index afdc2337a..e2be39235 100644 --- a/lib/pwauth.c +++ b/lib/pwauth.c @@ -48,16 +48,15 @@ static const char *PROMPT = gettext_noop ("%s's Password: "); * compared. */ -int pw_auth (const char *cipher, - const char *user, - int reason, - /*@null@*/const char *input) +int +pw_auth(const char *cipher, const char *user) { int retval; char prompt[1024]; - char *clear = NULL; + char *clear; const char *cp; const char *encrypted; + const char *input; #ifdef SKEY bool use_skey = false; @@ -65,35 +64,6 @@ int pw_auth (const char *cipher, struct skey skey; #endif - /* - * There are programs for adding and deleting authentication data. - */ - - if ((PW_ADD == reason) || (PW_DELETE == reason)) { - return 0; - } - - /* - * There are even programs for changing the user name ... - */ - - if ((PW_CHANGE == reason) && (NULL != input)) { - return 0; - } - - /* - * WARNING: - * - * When we change a password and we are root, we don't prompt. - * This is so root can change any password without having to - * know it. This is a policy decision that might have to be - * revisited. - */ - - if ((PW_CHANGE == reason) && (getuid () == 0)) { - return 0; - } - /* * WARNING: * @@ -128,25 +98,22 @@ int pw_auth (const char *cipher, #endif /* - * Prompt for the password as required. FTPD and REXECD both - * get the cleartext password for us. + * Prompt for the password as required. */ - if ((PW_FTP != reason) && (PW_REXEC != reason) && (NULL == input)) { - cp = getdef_str ("LOGIN_STRING"); - if (NULL == cp) { - cp = _(PROMPT); - } + cp = getdef_str ("LOGIN_STRING"); + if (NULL == cp) { + cp = _(PROMPT); + } #ifdef SKEY - if (use_skey) { - printf ("[%s]\n", challenge_info); - } + if (use_skey) { + printf ("[%s]\n", challenge_info); + } #endif - SNPRINTF(prompt, cp, user); - clear = agetpass(prompt); - input = (clear == NULL) ? "" : clear; - } + SNPRINTF(prompt, cp, user); + clear = agetpass(prompt); + input = (clear == NULL) ? "" : clear; /* * Convert the cleartext password into a ciphertext string. diff --git a/lib/pwauth.h b/lib/pwauth.h index b610025dd..e4be826a0 100644 --- a/lib/pwauth.h +++ b/lib/pwauth.h @@ -7,42 +7,11 @@ * SPDX-License-Identifier: BSD-3-Clause */ -/* - * $Id$ - */ - #ifndef _PWAUTH_H #define _PWAUTH_H #ifndef USE_PAM -int pw_auth (const char *cipher, - const char *user, - int flag, - /*@null@*/const char *input); +int pw_auth(const char *cipher, const char *user); #endif /* !USE_PAM */ -/* - * Local access - */ - -#define PW_SU 1 -#define PW_LOGIN 2 - -/* - * Administrative functions - */ - -#define PW_ADD 101 -#define PW_CHANGE 102 -#define PW_DELETE 103 - -/* - * Network access - */ - -#define PW_TELNET 201 -#define PW_RLOGIN 202 -#define PW_FTP 203 -#define PW_REXEC 204 - #endif /* _PWAUTH_H */ diff --git a/lib/pwdcheck.c b/lib/pwdcheck.c index 93c9f5ced..5003d3769 100644 --- a/lib/pwdcheck.c +++ b/lib/pwdcheck.c @@ -28,7 +28,7 @@ void passwd_check (const char *user, const char *passwd, MAYBE_UNUSED const char if (NULL != sp) { passwd = sp->sp_pwdp; } - if (pw_auth (passwd, user, PW_LOGIN, NULL) != 0) { + if (pw_auth(passwd, user) != 0) { SYSLOG ((LOG_WARN, "incorrect password for `%s'", user)); (void) sleep (1); fprintf (log_get_logfd(), _("Incorrect password for %s.\n"), user); diff --git a/src/login.c b/src/login.c index eafd498dd..349df16d8 100644 --- a/src/login.c +++ b/src/login.c @@ -77,7 +77,6 @@ static const char Prog[] = "login"; static const char *hostname = ""; static /*@null@*/ /*@only@*/char *username = NULL; -static int reason = PW_LOGIN; #ifndef USE_PAM #ifdef ENABLE_LASTLOG @@ -289,7 +288,6 @@ static void process_flags (int argc, char *const *argv) case 'h': hflg = true; hostname = optarg; - reason = PW_TELNET; break; case 'p': pflg = true; @@ -536,9 +534,6 @@ int main (int argc, char **argv) if (fflg) { preauth_flag = true; } - if (hflg) { - reason = PW_RLOGIN; - } OPENLOG (Prog); @@ -903,7 +898,7 @@ int main (int argc, char **argv) goto auth_ok; } - if (pw_auth (user_passwd, username, reason, NULL) == 0) { + if (pw_auth(user_passwd, username) == 0) { goto auth_ok; } @@ -964,7 +959,7 @@ int main (int argc, char **argv) * all). --marekm */ if (streq(user_passwd, "")) { - pw_auth ("!", username, reason, NULL); + pw_auth("!", username); } /* diff --git a/src/su.c b/src/su.c index 7b3c9b04a..970ff1b3c 100644 --- a/src/su.c +++ b/src/su.c @@ -590,7 +590,7 @@ static void check_perms_nopam (const struct passwd *pw) * The first character of an administrator defined method is an '@' * character. */ - if (pw_auth (password, name, PW_SU, NULL) != 0) { + if (pw_auth(password, name) != 0) { SYSLOG (((pw->pw_uid != 0)? LOG_NOTICE : LOG_WARN, "Authentication failed for %s", name)); fprintf(stderr, _("%s: Authentication failure\n"), Prog);