- (dtucker) [auth-pam.c] Bug #559 (last piece): Pass DISALLOW_NULL_AUTHTOK
to pam_authenticate for challenge-response auth too. Originally from fcusack at fcusack.com, ok djm@
This commit is contained in:
parent
e2ba9c2e83
commit
1f7e40864f
|
@ -3,6 +3,9 @@
|
|||
Ensures messages from PAM modules are displayed when privsep=no.
|
||||
- (dtucker) [auth-pam.c] Bug #705: Make arguments match PAM specs, fixes
|
||||
warnings on compliant platforms. From paul.a.bolton at bt.com. ok djm@
|
||||
- (dtucker) [auth-pam.c] Bug #559 (last piece): Pass DISALLOW_NULL_AUTHTOK
|
||||
to pam_authenticate for challenge-response auth too. Originally from
|
||||
fcusack at fcusack.com, ok djm@
|
||||
|
||||
20040630
|
||||
- (dtucker) [auth-pam.c] Check for buggy PAM modules that return a NULL
|
||||
|
@ -1471,4 +1474,4 @@
|
|||
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
|
||||
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
|
||||
|
||||
$Id: ChangeLog,v 1.3465 2004/07/01 02:38:14 dtucker Exp $
|
||||
$Id: ChangeLog,v 1.3466 2004/07/01 04:00:14 dtucker Exp $
|
||||
|
|
|
@ -47,7 +47,7 @@
|
|||
|
||||
/* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */
|
||||
#include "includes.h"
|
||||
RCSID("$Id: auth-pam.c,v 1.109 2004/07/01 02:38:15 dtucker Exp $");
|
||||
RCSID("$Id: auth-pam.c,v 1.110 2004/07/01 04:00:15 dtucker Exp $");
|
||||
|
||||
#ifdef USE_PAM
|
||||
#if defined(HAVE_SECURITY_PAM_APPL_H)
|
||||
|
@ -356,6 +356,8 @@ sshpam_thread(void *ctxtp)
|
|||
struct pam_ctxt *ctxt = ctxtp;
|
||||
Buffer buffer;
|
||||
struct pam_conv sshpam_conv;
|
||||
int flags = (options.permit_empty_passwd == 0 ?
|
||||
PAM_DISALLOW_NULL_AUTHTOK : 0);
|
||||
#ifndef USE_POSIX_THREADS
|
||||
extern char **environ;
|
||||
char **env_from_pam;
|
||||
|
@ -378,7 +380,7 @@ sshpam_thread(void *ctxtp)
|
|||
(const void *)&sshpam_conv);
|
||||
if (sshpam_err != PAM_SUCCESS)
|
||||
goto auth_fail;
|
||||
sshpam_err = pam_authenticate(sshpam_handle, 0);
|
||||
sshpam_err = pam_authenticate(sshpam_handle, flags);
|
||||
if (sshpam_err != PAM_SUCCESS)
|
||||
goto auth_fail;
|
||||
|
||||
|
|
Loading…
Reference in New Issue