diff options
| -rw-r--r-- | ChangeLog | 4 | ||||
| -rw-r--r-- | auth1.c | 4 | ||||
| -rw-r--r-- | auth2-none.c | 4 |
3 files changed, 8 insertions, 4 deletions
@@ -63,6 +63,10 @@ internal-sftp accidentally introduced in r1.253 by removing the code that opens and dup /dev/null to stderr and modifying the channels code to read stderr but discard it instead; ok markus@ + - djm@cvs.openbsd.org 2010/06/25 08:46:17 + [auth1.c auth2-none.c] + skip the initial check for access with an empty password when + PermitEmptyPasswords=no; bz#1638; ok markus@ 20100622 - (djm) [loginrec.c] crank LINFO_NAMESIZE (username length) to 512 @@ -1,4 +1,4 @@ -/* $OpenBSD: auth1.c,v 1.73 2008/07/04 23:30:16 djm Exp $ */ +/* $OpenBSD: auth1.c,v 1.74 2010/06/25 08:46:17 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -244,7 +244,7 @@ do_authloop(Authctxt *authctxt) authctxt->valid ? "" : "invalid user ", authctxt->user); /* If the user has no password, accept authentication immediately. */ - if (options.password_authentication && + if (options.permit_empty_passwd && options.password_authentication && #ifdef KRB5 (!options.kerberos_authentication || options.kerberos_or_local_passwd) && #endif diff --git a/auth2-none.c b/auth2-none.c index 08f2f935f..c8c6c74a9 100644 --- a/auth2-none.c +++ b/auth2-none.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-none.c,v 1.15 2008/07/02 12:36:39 djm Exp $ */ +/* $OpenBSD: auth2-none.c,v 1.16 2010/06/25 08:46:17 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -61,7 +61,7 @@ userauth_none(Authctxt *authctxt) { none_enabled = 0; packet_check_eom(); - if (options.password_authentication) + if (options.permit_empty_passwd && options.password_authentication) return (PRIVSEP(auth_password(authctxt, ""))); return (0); } |