diff options
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | auth-pam.c | 6 |
2 files changed, 8 insertions, 3 deletions
@@ -3,6 +3,9 @@ | |||
3 | Ensures messages from PAM modules are displayed when privsep=no. | 3 | Ensures messages from PAM modules are displayed when privsep=no. |
4 | - (dtucker) [auth-pam.c] Bug #705: Make arguments match PAM specs, fixes | 4 | - (dtucker) [auth-pam.c] Bug #705: Make arguments match PAM specs, fixes |
5 | warnings on compliant platforms. From paul.a.bolton at bt.com. ok djm@ | 5 | warnings on compliant platforms. From paul.a.bolton at bt.com. ok djm@ |
6 | - (dtucker) [auth-pam.c] Bug #559 (last piece): Pass DISALLOW_NULL_AUTHTOK | ||
7 | to pam_authenticate for challenge-response auth too. Originally from | ||
8 | fcusack at fcusack.com, ok djm@ | ||
6 | 9 | ||
7 | 20040630 | 10 | 20040630 |
8 | - (dtucker) [auth-pam.c] Check for buggy PAM modules that return a NULL | 11 | - (dtucker) [auth-pam.c] Check for buggy PAM modules that return a NULL |
@@ -1471,4 +1474,4 @@ | |||
1471 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 1474 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
1472 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 1475 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
1473 | 1476 | ||
1474 | $Id: ChangeLog,v 1.3465 2004/07/01 02:38:14 dtucker Exp $ | 1477 | $Id: ChangeLog,v 1.3466 2004/07/01 04:00:14 dtucker Exp $ |
diff --git a/auth-pam.c b/auth-pam.c index 67f6ac0d8..36a719fbb 100644 --- a/auth-pam.c +++ b/auth-pam.c | |||
@@ -47,7 +47,7 @@ | |||
47 | 47 | ||
48 | /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ | 48 | /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ |
49 | #include "includes.h" | 49 | #include "includes.h" |
50 | RCSID("$Id: auth-pam.c,v 1.109 2004/07/01 02:38:15 dtucker Exp $"); | 50 | RCSID("$Id: auth-pam.c,v 1.110 2004/07/01 04:00:15 dtucker Exp $"); |
51 | 51 | ||
52 | #ifdef USE_PAM | 52 | #ifdef USE_PAM |
53 | #if defined(HAVE_SECURITY_PAM_APPL_H) | 53 | #if defined(HAVE_SECURITY_PAM_APPL_H) |
@@ -356,6 +356,8 @@ sshpam_thread(void *ctxtp) | |||
356 | struct pam_ctxt *ctxt = ctxtp; | 356 | struct pam_ctxt *ctxt = ctxtp; |
357 | Buffer buffer; | 357 | Buffer buffer; |
358 | struct pam_conv sshpam_conv; | 358 | struct pam_conv sshpam_conv; |
359 | int flags = (options.permit_empty_passwd == 0 ? | ||
360 | PAM_DISALLOW_NULL_AUTHTOK : 0); | ||
359 | #ifndef USE_POSIX_THREADS | 361 | #ifndef USE_POSIX_THREADS |
360 | extern char **environ; | 362 | extern char **environ; |
361 | char **env_from_pam; | 363 | char **env_from_pam; |
@@ -378,7 +380,7 @@ sshpam_thread(void *ctxtp) | |||
378 | (const void *)&sshpam_conv); | 380 | (const void *)&sshpam_conv); |
379 | if (sshpam_err != PAM_SUCCESS) | 381 | if (sshpam_err != PAM_SUCCESS) |
380 | goto auth_fail; | 382 | goto auth_fail; |
381 | sshpam_err = pam_authenticate(sshpam_handle, 0); | 383 | sshpam_err = pam_authenticate(sshpam_handle, flags); |
382 | if (sshpam_err != PAM_SUCCESS) | 384 | if (sshpam_err != PAM_SUCCESS) |
383 | goto auth_fail; | 385 | goto auth_fail; |
384 | 386 | ||