diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2004-07-01 14:00:14 +1000 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2004-07-01 14:00:14 +1000 |
| commit | 1f7e40864faa5632696718ea6950ebdb4df41ce5 (patch) | |
| tree | d8633b4319d042717990cf7e8968e669677c2642 | |
| parent | e2ba9c2e83101eaae3c4e703d4978ff9c0f560c3 (diff) | |
- (dtucker) [auth-pam.c] Bug #559 (last piece): Pass DISALLOW_NULL_AUTHTOK
to pam_authenticate for challenge-response auth too. Originally from
fcusack at fcusack.com, ok djm@
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | auth-pam.c | 6 |
2 files changed, 8 insertions, 3 deletions
| @@ -3,6 +3,9 @@ | |||
| 3 | Ensures messages from PAM modules are displayed when privsep=no. | 3 | Ensures messages from PAM modules are displayed when privsep=no. |
| 4 | - (dtucker) [auth-pam.c] Bug #705: Make arguments match PAM specs, fixes | 4 | - (dtucker) [auth-pam.c] Bug #705: Make arguments match PAM specs, fixes |
| 5 | warnings on compliant platforms. From paul.a.bolton at bt.com. ok djm@ | 5 | warnings on compliant platforms. From paul.a.bolton at bt.com. ok djm@ |
| 6 | - (dtucker) [auth-pam.c] Bug #559 (last piece): Pass DISALLOW_NULL_AUTHTOK | ||
| 7 | to pam_authenticate for challenge-response auth too. Originally from | ||
| 8 | fcusack at fcusack.com, ok djm@ | ||
| 6 | 9 | ||
| 7 | 20040630 | 10 | 20040630 |
| 8 | - (dtucker) [auth-pam.c] Check for buggy PAM modules that return a NULL | 11 | - (dtucker) [auth-pam.c] Check for buggy PAM modules that return a NULL |
| @@ -1471,4 +1474,4 @@ | |||
| 1471 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 1474 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
| 1472 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 1475 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
| 1473 | 1476 | ||
| 1474 | $Id: ChangeLog,v 1.3465 2004/07/01 02:38:14 dtucker Exp $ | 1477 | $Id: ChangeLog,v 1.3466 2004/07/01 04:00:14 dtucker Exp $ |
diff --git a/auth-pam.c b/auth-pam.c index 67f6ac0d8..36a719fbb 100644 --- a/auth-pam.c +++ b/auth-pam.c | |||
| @@ -47,7 +47,7 @@ | |||
| 47 | 47 | ||
| 48 | /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ | 48 | /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ |
| 49 | #include "includes.h" | 49 | #include "includes.h" |
| 50 | RCSID("$Id: auth-pam.c,v 1.109 2004/07/01 02:38:15 dtucker Exp $"); | 50 | RCSID("$Id: auth-pam.c,v 1.110 2004/07/01 04:00:15 dtucker Exp $"); |
| 51 | 51 | ||
| 52 | #ifdef USE_PAM | 52 | #ifdef USE_PAM |
| 53 | #if defined(HAVE_SECURITY_PAM_APPL_H) | 53 | #if defined(HAVE_SECURITY_PAM_APPL_H) |
| @@ -356,6 +356,8 @@ sshpam_thread(void *ctxtp) | |||
| 356 | struct pam_ctxt *ctxt = ctxtp; | 356 | struct pam_ctxt *ctxt = ctxtp; |
| 357 | Buffer buffer; | 357 | Buffer buffer; |
| 358 | struct pam_conv sshpam_conv; | 358 | struct pam_conv sshpam_conv; |
| 359 | int flags = (options.permit_empty_passwd == 0 ? | ||
| 360 | PAM_DISALLOW_NULL_AUTHTOK : 0); | ||
| 359 | #ifndef USE_POSIX_THREADS | 361 | #ifndef USE_POSIX_THREADS |
| 360 | extern char **environ; | 362 | extern char **environ; |
| 361 | char **env_from_pam; | 363 | char **env_from_pam; |
| @@ -378,7 +380,7 @@ sshpam_thread(void *ctxtp) | |||
| 378 | (const void *)&sshpam_conv); | 380 | (const void *)&sshpam_conv); |
| 379 | if (sshpam_err != PAM_SUCCESS) | 381 | if (sshpam_err != PAM_SUCCESS) |
| 380 | goto auth_fail; | 382 | goto auth_fail; |
| 381 | sshpam_err = pam_authenticate(sshpam_handle, 0); | 383 | sshpam_err = pam_authenticate(sshpam_handle, flags); |
| 382 | if (sshpam_err != PAM_SUCCESS) | 384 | if (sshpam_err != PAM_SUCCESS) |
| 383 | goto auth_fail; | 385 | goto auth_fail; |
| 384 | 386 | ||