1) Added s/key support .

2  Added optional excessive login logging.
3) Added login acces control on a per host/tty base.
4) See skey(1) for skey descriptions and src/usr.bin/login/README
  for the logging and access control features.

-Guido

1 files changed, 38 insertions, 0 deletions

diff --git a/lib/libskey/skey_crypt.c b/lib/libskey/skey_crypt.c
new file mode 100644
index 0000000..ca1024f
--- /dev/null
+++ b/lib/libskey/skey_crypt.c
@@ -0,0 +1,38 @@
+/* Author: Wietse Venema, Eindhoven University of Technology. */
+
+#include <string.h>
+#include <stdio.h>
+#include <pwd.h>
+
+#include "skey.h"
+
+/* skey_crypt - return encrypted UNIX passwd if s/key or regular password ok */
+
+char   *skey_crypt(pp, salt, pwd, pwok)
+char   *pp;
+char   *salt;
+struct passwd *pwd;
+int     pwok;
+{
+    struct skey skey;
+    char   *p;
+    char   *crypt();
+
+    /* Try s/key authentication even when the UNIX password is permitted. */
+
+    if (pwd != 0 && skeylookup(&skey, pwd->pw_name) == 0
+	&& skeyverify(&skey, pp) == 0) {
+	/* s/key authentication succeeded */
+	return (pwd->pw_passwd);
+    }
+
+    /* When s/key authentication does not work, always invoke crypt(). */
+
+    p = crypt(pp, salt);
+    if (pwok && pwd != 0 && strcmp(p, pwd->pw_passwd) == 0)
+	return (pwd->pw_passwd);
+
+    /* The user does not exist or entered bad input. */
+
+    return (":");
+}