From 0877f5ce7d5a4a6405eb0064a033859e1d679752 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Sun, 28 Nov 2004 18:05:12 +0000 Subject: Merge from HEAD: Make sure that there's a delay in PAM keyboard-interactive authentication when PermitRootLogin is not set to yes and the correct root password is entered (closes: #248747). --- auth-pam.c | 4 +++- debian/changelog | 3 +++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/auth-pam.c b/auth-pam.c index ec3b74951..9be57dacd 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -645,7 +645,9 @@ sshpam_respond(void *ctx, u_int num, char **resp) return (-1); } buffer_init(&buffer); - if (sshpam_authctxt->valid) + if (sshpam_authctxt->valid && + (sshpam_authctxt->pw->pw_uid != 0 || + options.permit_root_login == PERMIT_YES)) buffer_put_cstring(&buffer, *resp); else buffer_put_cstring(&buffer, badpw); diff --git a/debian/changelog b/debian/changelog index 81e80f639..b7f9a027c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -4,6 +4,9 @@ openssh (1:3.8.1p1-14) UNRELEASED; urgency=low * Fix timing information leak allowing discovery of invalid usernames in PAM keyboard-interactive authentication (backported from a patch by Darren Tucker; closes: #281595). + * Make sure that there's a delay in PAM keyboard-interactive + authentication when PermitRootLogin is not set to yes and the correct + root password is entered (closes: #248747). -- Colin Watson Sun, 28 Nov 2004 17:52:23 +0000 -- cgit v1.2.3