- djm@cvs.openbsd.org 2010/06/25 08:46:17
[auth1.c auth2-none.c]
skip the initial check for access with an empty password when
PermitEmptyPasswords=no; bz#1638; ok markus@
diff --git a/ChangeLog b/ChangeLog
index 22bd509..2467840 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -63,6 +63,10 @@
internal-sftp accidentally introduced in r1.253 by removing the code
that opens and dup /dev/null to stderr and modifying the channels code
to read stderr but discard it instead; ok markus@
+ - djm@cvs.openbsd.org 2010/06/25 08:46:17
+ [auth1.c auth2-none.c]
+ skip the initial check for access with an empty password when
+ PermitEmptyPasswords=no; bz#1638; ok markus@
20100622
- (djm) [loginrec.c] crank LINFO_NAMESIZE (username length) to 512
diff --git a/auth1.c b/auth1.c
index 1801661..bf442db 100644
--- a/auth1.c
+++ b/auth1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth1.c,v 1.73 2008/07/04 23:30:16 djm Exp $ */
+/* $OpenBSD: auth1.c,v 1.74 2010/06/25 08:46:17 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -244,7 +244,7 @@
authctxt->valid ? "" : "invalid user ", authctxt->user);
/* If the user has no password, accept authentication immediately. */
- if (options.password_authentication &&
+ if (options.permit_empty_passwd && options.password_authentication &&
#ifdef KRB5
(!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
#endif
diff --git a/auth2-none.c b/auth2-none.c
index 08f2f93..c8c6c74 100644
--- a/auth2-none.c
+++ b/auth2-none.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-none.c,v 1.15 2008/07/02 12:36:39 djm Exp $ */
+/* $OpenBSD: auth2-none.c,v 1.16 2010/06/25 08:46:17 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -61,7 +61,7 @@
{
none_enabled = 0;
packet_check_eom();
- if (options.password_authentication)
+ if (options.permit_empty_passwd && options.password_authentication)
return (PRIVSEP(auth_password(authctxt, "")));
return (0);
}