diff options
| author | Matt Johnston <matt@ucc.asn.au> | 2012-05-09 22:51:59 +0800 |
|---|---|---|
| committer | Matt Johnston <matt@ucc.asn.au> | 2012-05-09 22:51:59 +0800 |
| commit | 0006d7980251baf68c694aaad00e99751ccde7ec (patch) | |
| tree | 594ca98e0fd9c857627b858e1c9b9b0f78038431 | |
| parent | 7f88aa61330e2ab15ffe300d71f313face69d7a3 (diff) | |
| download | dropbear-0006d7980251baf68c694aaad00e99751ccde7ec.tar.gz | |
Fix empty password immediate login
| -rw-r--r-- | options.h | 3 | ||||
| -rw-r--r-- | svr-auth.c | 3 | ||||
| -rw-r--r-- | svr-authpasswd.c | 9 |
3 files changed, 4 insertions, 11 deletions
@@ -179,8 +179,7 @@ much traffic. */ /* Define this to allow logging in to accounts that have no password specified. * Public key logins are allowed for blank-password accounts regardless of this - * setting. PAM is not affected by this setting, it uses the normal pam.d - * settings ('nullok' option) */ + * setting. */ /* #define ALLOW_BLANK_PASSWORD */ #define ENABLE_CLI_PASSWORD_AUTH @@ -155,9 +155,10 @@ void recv_msg_userauth_request() { AUTH_METHOD_NONE_LEN) == 0) { TRACE(("recv_msg_userauth_request: 'none' request")) #ifdef ALLOW_BLANK_PASSWORD + TRACE(("pw_passwd '%s'", ses.authstate.pw_passwd)) if (!svr_opts.noauthpass && !(svr_opts.norootpass && ses.authstate.pw_uid == 0) - && ses.authstate.pw_passwd == '\0') + && ses.authstate.pw_passwd[0] == '\0') { dropbear_log(LOG_NOTICE, "Auth succeeded with blank password for '%s' from %s", diff --git a/svr-authpasswd.c b/svr-authpasswd.c index ceeb4d8..c8c83f9 100644 --- a/svr-authpasswd.c +++ b/svr-authpasswd.c @@ -39,7 +39,6 @@ void svr_auth_password() { char * passwdcrypt = NULL; /* the crypt from /etc/passwd or /etc/shadow */ char * testcrypt = NULL; /* crypt generated from the user's password sent */ unsigned char * password; - int success_blank = 0; unsigned int passwordlen; unsigned int changepw; @@ -68,19 +67,13 @@ void svr_auth_password() { /* check for empty password */ if (passwdcrypt[0] == '\0') { -#ifdef ALLOW_BLANK_PASSWORD - if (passwordlen == 0) { - success_blank = 1; - } -#else dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected", ses.authstate.pw_name); send_msg_userauth_failure(0, 1); return; -#endif } - if (success_blank || strcmp(testcrypt, passwdcrypt) == 0) { + if (strcmp(testcrypt, passwdcrypt) == 0) { /* successful authentication */ dropbear_log(LOG_NOTICE, "Password auth succeeded for '%s' from %s", |