Mercurial > dropbear
changeset 677:55b84e59aaad
Fix empty password immediate login
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Wed, 09 May 2012 22:51:59 +0800 |
parents | 0edf08895a33 |
children | 6e0899b56ac4 |
files | options.h svr-auth.c svr-authpasswd.c |
diffstat | 3 files changed, 4 insertions(+), 11 deletions(-) [+] |
line wrap: on
line diff
--- a/options.h Wed May 09 22:37:04 2012 +0800 +++ b/options.h Wed May 09 22:51:59 2012 +0800 @@ -179,8 +179,7 @@ /* Define this to allow logging in to accounts that have no password specified. * Public key logins are allowed for blank-password accounts regardless of this - * setting. PAM is not affected by this setting, it uses the normal pam.d - * settings ('nullok' option) */ + * setting. */ /* #define ALLOW_BLANK_PASSWORD */ #define ENABLE_CLI_PASSWORD_AUTH
--- a/svr-auth.c Wed May 09 22:37:04 2012 +0800 +++ b/svr-auth.c Wed May 09 22:51:59 2012 +0800 @@ -155,9 +155,10 @@ AUTH_METHOD_NONE_LEN) == 0) { TRACE(("recv_msg_userauth_request: 'none' request")) #ifdef ALLOW_BLANK_PASSWORD + TRACE(("pw_passwd '%s'", ses.authstate.pw_passwd)) if (!svr_opts.noauthpass && !(svr_opts.norootpass && ses.authstate.pw_uid == 0) - && ses.authstate.pw_passwd == '\0') + && ses.authstate.pw_passwd[0] == '\0') { dropbear_log(LOG_NOTICE, "Auth succeeded with blank password for '%s' from %s",
--- a/svr-authpasswd.c Wed May 09 22:37:04 2012 +0800 +++ b/svr-authpasswd.c Wed May 09 22:51:59 2012 +0800 @@ -39,7 +39,6 @@ char * passwdcrypt = NULL; /* the crypt from /etc/passwd or /etc/shadow */ char * testcrypt = NULL; /* crypt generated from the user's password sent */ unsigned char * password; - int success_blank = 0; unsigned int passwordlen; unsigned int changepw; @@ -68,19 +67,13 @@ /* check for empty password */ if (passwdcrypt[0] == '\0') { -#ifdef ALLOW_BLANK_PASSWORD - if (passwordlen == 0) { - success_blank = 1; - } -#else dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected", ses.authstate.pw_name); send_msg_userauth_failure(0, 1); return; -#endif } - if (success_blank || strcmp(testcrypt, passwdcrypt) == 0) { + if (strcmp(testcrypt, passwdcrypt) == 0) { /* successful authentication */ dropbear_log(LOG_NOTICE, "Password auth succeeded for '%s' from %s",