- Correctly handle empty passwords in shadow file. Patch from:

"Chris, the Young One" <cky@pobox.com>
This commit is contained in:
Damien Miller 1999-12-16 15:10:45 +11:00
parent 217ab302d8
commit 8f9d5073d8
2 changed files with 8 additions and 1 deletions

View File

@ -7,6 +7,9 @@
keysize warnings talk about identity files
- [packet.c]
"Connection closed by x.x.x.x": fatal() -> log()
- Correctly handle empty passwords in shadow file. Patch from:
"Chris, the Young One" <cky@pobox.com>
- Released 1.2.1pre18
19991215
- Integrated patchs from Juergen Keil <jk@tools.de>

View File

@ -11,7 +11,7 @@
#ifndef HAVE_PAM
RCSID("$Id: auth-passwd.c,v 1.8 1999/12/06 00:47:28 damien Exp $");
RCSID("$Id: auth-passwd.c,v 1.9 1999/12/16 04:10:45 damien Exp $");
#include "packet.h"
#include "ssh.h"
@ -76,6 +76,10 @@ auth_password(struct passwd * pw, const char *password)
if ((spw->sp_namp == NULL) || (strcmp(pw->pw_name, spw->sp_namp) != 0))
fatal("Shadow lookup returned garbage.");
/* Check for users with no password. */
if (strcmp(password, "") == 0 && strcmp(spw->sp_pwdp, "") == 0)
return 1;
if (strlen(spw->sp_pwdp) < 3)
return(0);