summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog5
-rw-r--r--auth-pam.c6
2 files changed, 8 insertions, 3 deletions
diff --git a/ChangeLog b/ChangeLog
index 20c907883..bfd90349e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,9 @@
3 Ensures messages from PAM modules are displayed when privsep=no. 3 Ensures messages from PAM modules are displayed when privsep=no.
4 - (dtucker) [auth-pam.c] Bug #705: Make arguments match PAM specs, fixes 4 - (dtucker) [auth-pam.c] Bug #705: Make arguments match PAM specs, fixes
5 warnings on compliant platforms. From paul.a.bolton at bt.com. ok djm@ 5 warnings on compliant platforms. From paul.a.bolton at bt.com. ok djm@
6 - (dtucker) [auth-pam.c] Bug #559 (last piece): Pass DISALLOW_NULL_AUTHTOK
7 to pam_authenticate for challenge-response auth too. Originally from
8 fcusack at fcusack.com, ok djm@
6 9
720040630 1020040630
8 - (dtucker) [auth-pam.c] Check for buggy PAM modules that return a NULL 11 - (dtucker) [auth-pam.c] Check for buggy PAM modules that return a NULL
@@ -1471,4 +1474,4 @@
1471 - (djm) Trim deprecated options from INSTALL. Mention UsePAM 1474 - (djm) Trim deprecated options from INSTALL. Mention UsePAM
1472 - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu 1475 - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
1473 1476
1474$Id: ChangeLog,v 1.3465 2004/07/01 02:38:14 dtucker Exp $ 1477$Id: ChangeLog,v 1.3466 2004/07/01 04:00:14 dtucker Exp $
diff --git a/auth-pam.c b/auth-pam.c
index 67f6ac0d8..36a719fbb 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -47,7 +47,7 @@
47 47
48/* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ 48/* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */
49#include "includes.h" 49#include "includes.h"
50RCSID("$Id: auth-pam.c,v 1.109 2004/07/01 02:38:15 dtucker Exp $"); 50RCSID("$Id: auth-pam.c,v 1.110 2004/07/01 04:00:15 dtucker Exp $");
51 51
52#ifdef USE_PAM 52#ifdef USE_PAM
53#if defined(HAVE_SECURITY_PAM_APPL_H) 53#if defined(HAVE_SECURITY_PAM_APPL_H)
@@ -356,6 +356,8 @@ sshpam_thread(void *ctxtp)
356 struct pam_ctxt *ctxt = ctxtp; 356 struct pam_ctxt *ctxt = ctxtp;
357 Buffer buffer; 357 Buffer buffer;
358 struct pam_conv sshpam_conv; 358 struct pam_conv sshpam_conv;
359 int flags = (options.permit_empty_passwd == 0 ?
360 PAM_DISALLOW_NULL_AUTHTOK : 0);
359#ifndef USE_POSIX_THREADS 361#ifndef USE_POSIX_THREADS
360 extern char **environ; 362 extern char **environ;
361 char **env_from_pam; 363 char **env_from_pam;
@@ -378,7 +380,7 @@ sshpam_thread(void *ctxtp)
378 (const void *)&sshpam_conv); 380 (const void *)&sshpam_conv);
379 if (sshpam_err != PAM_SUCCESS) 381 if (sshpam_err != PAM_SUCCESS)
380 goto auth_fail; 382 goto auth_fail;
381 sshpam_err = pam_authenticate(sshpam_handle, 0); 383 sshpam_err = pam_authenticate(sshpam_handle, flags);
382 if (sshpam_err != PAM_SUCCESS) 384 if (sshpam_err != PAM_SUCCESS)
383 goto auth_fail; 385 goto auth_fail;
384 386