openssh/openssh-3.8.1p1-skip-initial.patch
cvsdist ffdec57ae7 auto-import changelog data from openssh-3.8.1p1-1.src.rpm
Mon Jun 07 2004 Nalin Dahyabhai <nalin@redhat.com> 3.8.1p1-1
- request gssapi-with-mic by default but not delegation (flag day for
    anyone who used previous gssapi patches)
- no longer request x11 forwarding by default
2004-09-09 09:47:30 +00:00

27 lines
1.2 KiB
Diff

Skip the initial empty-password check if permit_empty_passwd is disabled. This
doesn't change the timing profiles of the host because the additional condition
check which can short-circuit the call to pam_authenticate() has no dependency
on the identity of the user who is being authenticated.
--- openssh-3.8p1/auth1.c 2004-02-26 21:05:25.000000000 -0500
+++ openssh-3.8p1/auth1.c 2004-02-26 21:05:20.000000000 -0500
@@ -76,7 +76,7 @@
authctxt->valid ? "" : "illegal user ", authctxt->user);
/* If the user has no password, accept authentication immediately. */
- if (options.password_authentication &&
+ if (options.permit_empty_passwd && options.password_authentication &&
#ifdef KRB5
(!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
#endif
--- openssh-3.8p1/auth2-none.c 2004-02-26 21:07:34.000000000 -0500
+++ openssh-3.8p1/auth2-none.c 2004-02-26 21:07:28.000000000 -0500
@@ -100,7 +100,7 @@
if (check_nt_auth(1, authctxt->pw) == 0)
return(0);
#endif
- if (options.password_authentication)
+ if (options.permit_empty_passwd && options.password_authentication)
return (PRIVSEP(auth_password(authctxt, "")));
return (0);
}