Attachment 94698 Details for Bug 101157 – Updated openssh-3.1p1-skip-initial.patch file

[patch] Updated openssh-3.1p1-skip-initial.patch file

openssh-3.1p1-skip-initial.patch (text/plain), 1.18 KB, created by John Caruso on 2003-09-24 20:48:23 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: John Caruso

Created: 2003-09-24 20:48:23 UTC

Size: 1.18 KB

patch

obsolete

>Skip the initial empty-password check if permit_empty_passwd is disabled.  This
>doesn't change the timing profiles of the host because the additional condition
>check which can short-circuit the call to pam_authenticate() has no dependency
>on the identity of the user who is being authenticated.
>--- openssh-3.1p1/auth2.c	2003-09-16 08:37:08.000000000 -0400
>+++ openssh-3.1p1/auth2.c	2003-09-16 08:37:31.000000000 -0400
>@@ -326,7 +326,7 @@
> 		return(0);
> #endif
> #ifdef USE_PAM
>-	return auth_pam_password(authctxt->pw, "") && ok;
>+	return options.permit_empty_passwd && auth_pam_password(authctxt->pw, "") && ok;
> #elif defined(HAVE_OSF_SIA)
> 	return 0;
> #else /* !HAVE_OSF_SIA && !USE_PAM */
>--- openssh-3.1p1/auth1.c	2003-09-19 10:19:45.000000000 -0400
>+++ openssh-3.1p1/auth1.c	2003-09-19 10:20:16.000000000 -0400
>@@ -80,7 +80,7 @@
> 	    authctxt->valid ? "" : "illegal user ", authctxt->user);
> 
> 	/* If the user has no password, accept authentication immediately. */
>-	if (options.password_authentication &&
>+	if (options.permit_empty_passwd && options.password_authentication &&
> #if defined(KRB4) || defined(KRB5)
> 	    (!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
> #endif

Actions: View | Diff

Attachments on bug 101157: 94698 | 94699