diff options
| -rw-r--r-- | auth-pam.c | 4 | ||||
| -rw-r--r-- | debian/changelog | 3 |
2 files changed, 6 insertions, 1 deletions
diff --git a/auth-pam.c b/auth-pam.c index ec3b74951..9be57dacd 100644 --- a/auth-pam.c +++ b/auth-pam.c | |||
| @@ -645,7 +645,9 @@ sshpam_respond(void *ctx, u_int num, char **resp) | |||
| 645 | return (-1); | 645 | return (-1); |
| 646 | } | 646 | } |
| 647 | buffer_init(&buffer); | 647 | buffer_init(&buffer); |
| 648 | if (sshpam_authctxt->valid) | 648 | if (sshpam_authctxt->valid && |
| 649 | (sshpam_authctxt->pw->pw_uid != 0 || | ||
| 650 | options.permit_root_login == PERMIT_YES)) | ||
| 649 | buffer_put_cstring(&buffer, *resp); | 651 | buffer_put_cstring(&buffer, *resp); |
| 650 | else | 652 | else |
| 651 | buffer_put_cstring(&buffer, badpw); | 653 | buffer_put_cstring(&buffer, badpw); |
diff --git a/debian/changelog b/debian/changelog index 81e80f639..b7f9a027c 100644 --- a/debian/changelog +++ b/debian/changelog | |||
| @@ -4,6 +4,9 @@ openssh (1:3.8.1p1-14) UNRELEASED; urgency=low | |||
| 4 | * Fix timing information leak allowing discovery of invalid usernames in | 4 | * Fix timing information leak allowing discovery of invalid usernames in |
| 5 | PAM keyboard-interactive authentication (backported from a patch by | 5 | PAM keyboard-interactive authentication (backported from a patch by |
| 6 | Darren Tucker; closes: #281595). | 6 | Darren Tucker; closes: #281595). |
| 7 | * Make sure that there's a delay in PAM keyboard-interactive | ||
| 8 | authentication when PermitRootLogin is not set to yes and the correct | ||
| 9 | root password is entered (closes: #248747). | ||
| 7 | 10 | ||
| 8 | -- Colin Watson <cjwatson@debian.org> Sun, 28 Nov 2004 17:52:23 +0000 | 11 | -- Colin Watson <cjwatson@debian.org> Sun, 28 Nov 2004 17:52:23 +0000 |
| 9 | 12 | ||