- (stevesk) auth-pam.c: use do_pam_authenticate(PAM_DISALLOW_NULL_AUTHTOK)

   if permit_empty_passwd == 0 so null password check cannot be bypassed.
   jayaraj@amritapuri.com OpenBSD bug 2168

diff --git a/ChangeLog b/ChangeLog
index b3d5a912e981699ebcda7f45622dd2253a3229e8..22b5aabd3d5ab95fcb0f617381f04551eeb7abf4 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+20011109
+ - (stevesk) auth-pam.c: use do_pam_authenticate(PAM_DISALLOW_NULL_AUTHTOK)
+   if permit_empty_passwd == 0 so null password check cannot be bypassed.
+   jayaraj@amritapuri.com OpenBSD bug 2168
+       
 20011103
  - (tim) [ contrib/caldera/openssh.spec contrib/caldera/sshd.init] Updates 
    from Raymund Will <ray@caldera.de>

diff --git a/auth-pam.c b/auth-pam.c
index ec859d72c146ade5da4eab189990a8da76e44c0f..801c9eb64b4c8d6c9e0dbc9bdccb59da77146085 100644 (file)
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -217,7 +217,8 @@ int auth_pam_password(struct passwd *pw, const char *password)
        __pampasswd = password;
 
        pamstate = INITIAL_LOGIN;
-       pam_retval = do_pam_authenticate(0);
+       pam_retval = do_pam_authenticate(
+           options.permit_empty_passwd == 0 ? PAM_DISALLOW_NULL_AUTHTOK : 0);
        if (pam_retval == PAM_SUCCESS) {
                debug("PAM Password authentication accepted for "
                    "user \"%.100s\"", pw->pw_name);