diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2004-07-01 14:00:14 +1000 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2004-07-01 14:00:14 +1000 |
| commit | 1f7e40864faa5632696718ea6950ebdb4df41ce5 (patch) | |
| tree | d8633b4319d042717990cf7e8968e669677c2642 | |
| parent | e2ba9c2e83101eaae3c4e703d4978ff9c0f560c3 (diff) | |
- (dtucker) [auth-pam.c] Bug #559 (last piece): Pass DISALLOW_NULL_AUTHTOK
to pam_authenticate for challenge-response auth too. Originally from
fcusack at fcusack.com, ok djm@
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | auth-pam.c | 6 |
2 files changed, 8 insertions, 3 deletions
@@ -3,6 +3,9 @@ Ensures messages from PAM modules are displayed when privsep=no. - (dtucker) [auth-pam.c] Bug #705: Make arguments match PAM specs, fixes warnings on compliant platforms. From paul.a.bolton at bt.com. ok djm@ + - (dtucker) [auth-pam.c] Bug #559 (last piece): Pass DISALLOW_NULL_AUTHTOK + to pam_authenticate for challenge-response auth too. Originally from + fcusack at fcusack.com, ok djm@ 20040630 - (dtucker) [auth-pam.c] Check for buggy PAM modules that return a NULL @@ -1471,4 +1474,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3465 2004/07/01 02:38:14 dtucker Exp $ +$Id: ChangeLog,v 1.3466 2004/07/01 04:00:14 dtucker Exp $ @@ -47,7 +47,7 @@ /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ #include "includes.h" -RCSID("$Id: auth-pam.c,v 1.109 2004/07/01 02:38:15 dtucker Exp $"); +RCSID("$Id: auth-pam.c,v 1.110 2004/07/01 04:00:15 dtucker Exp $"); #ifdef USE_PAM #if defined(HAVE_SECURITY_PAM_APPL_H) @@ -356,6 +356,8 @@ sshpam_thread(void *ctxtp) struct pam_ctxt *ctxt = ctxtp; Buffer buffer; struct pam_conv sshpam_conv; + int flags = (options.permit_empty_passwd == 0 ? + PAM_DISALLOW_NULL_AUTHTOK : 0); #ifndef USE_POSIX_THREADS extern char **environ; char **env_from_pam; @@ -378,7 +380,7 @@ sshpam_thread(void *ctxtp) (const void *)&sshpam_conv); if (sshpam_err != PAM_SUCCESS) goto auth_fail; - sshpam_err = pam_authenticate(sshpam_handle, 0); + sshpam_err = pam_authenticate(sshpam_handle, flags); if (sshpam_err != PAM_SUCCESS) goto auth_fail; |