- Correctly handle empty passwords in shadow file. Patch from:

   "Chris, the Young One" <cky@pobox.com>

diff --git a/ChangeLog b/ChangeLog
index 9386369b2de7f8299def3041c8268647763f7f7e..b61c3b3a208e88de2ab6f1ed1288bf63841fa850 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,6 +7,9 @@
      keysize warnings talk about identity files
    - [packet.c]
      "Connection closed by x.x.x.x": fatal() -> log()
+ - Correctly handle empty passwords in shadow file. Patch from: 
+   "Chris, the Young One" <cky@pobox.com>
+ - Released 1.2.1pre18
 
 19991215
  - Integrated patchs from Juergen Keil <jk@tools.de>

diff --git a/auth-passwd.c b/auth-passwd.c
index e8354f5beaefe946e262fa5d0b71c8f63edb0d3d..913e4012330583900eec84237f79c86ce33213fa 100644 (file)
--- a/auth-passwd.c
+++ b/auth-passwd.c
@@ -76,6 +76,10 @@ auth_password(struct passwd * pw, const char *password)
        if ((spw->sp_namp == NULL) || (strcmp(pw->pw_name, spw->sp_namp) != 0))
                fatal("Shadow lookup returned garbage.");
 
+       /* Check for users with no password. */
+       if (strcmp(password, "") == 0 && strcmp(spw->sp_pwdp, "") == 0)
+               return 1;
+
        if (strlen(spw->sp_pwdp) < 3)
                return(0);