Make sure that there's a delay in PAM keyboard-interactive authentication

when PermitRootLogin is not set to yes and the correct root password is entered (closes: #248747).
author: Colin Watson <cjwatson@debian.org> 2004-11-28 12:38:37 +0000
committer: Colin Watson <cjwatson@debian.org> 2004-11-28 12:38:37 +0000
commit: 8095a8026b060fdfb9a0c268ff61752bdf688a10 (patch)
tree: 8edfd6a9bd12f2c81672e52de4e9a1a3e34c92cf
parent: 9ebd617cc085a14c1a197f140b037a3679ba3e2e (diff)
2 files changed, 6 insertions, 1 deletions
diff --git a/auth-pam.c b/auth-pam.c
index ec3b74951..9be57dacd 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -645,7 +645,9 @@ sshpam_respond(void *ctx, u_int num, char **resp)
                return (-1);
        }
        buffer_init(&buffer);
-        if (sshpam_authctxt->valid)
+        if (sshpam_authctxt->valid &&
+            (sshpam_authctxt->pw->pw_uid != 0 ||
+             options.permit_root_login == PERMIT_YES))
                buffer_put_cstring(&buffer, *resp);
        else
                buffer_put_cstring(&buffer, badpw);
diff --git a/debian/changelog b/debian/changelog
index 8693c48ef..ba873c472 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,9 @@ openssh (1:3.8.1p1-8.sarge.4) UNRELEASED; urgency=high
  * Fix timing information leak allowing discovery of invalid usernames in
    PAM keyboard-interactive authentication (backported from a patch by
    Darren Tucker; closes: #281595).
+  * Make sure that there's a delay in PAM keyboard-interactive
+    authentication when PermitRootLogin is not set to yes and the correct
+    root password is entered (closes: #248747).
 -- Colin Watson <cjwatson@debian.org>  Sun, 28 Nov 2004 12:12:55 +0000
author	Colin Watson <cjwatson@debian.org>	2004-11-28 12:38:37 +0000
committer	Colin Watson <cjwatson@debian.org>	2004-11-28 12:38:37 +0000
commit	8095a8026b060fdfb9a0c268ff61752bdf688a10 (patch)
tree	8edfd6a9bd12f2c81672e52de4e9a1a3e34c92cf
parent	9ebd617cc085a14c1a197f140b037a3679ba3e2e (diff)