- dtucker@cvs.openbsd.org 2003/12/31 00:24:50
[auth2-passwd.c] Ignore password change request during password auth (which we currently don't support) and discard proposed new password. corrections/ok markus@
This commit is contained in:
parent
0b3b97512f
commit
ea2870619d
|
@ -13,6 +13,10 @@
|
|||
- millert@cvs.openbsd.org 2003/12/29 16:39:50
|
||||
[sshd_config]
|
||||
KeepAlive has been obsoleted, use TCPKeepAlive instead; markus@ OK
|
||||
- dtucker@cvs.openbsd.org 2003/12/31 00:24:50
|
||||
[auth2-passwd.c]
|
||||
Ignore password change request during password auth (which we currently
|
||||
don't support) and discard proposed new password. corrections/ok markus@
|
||||
|
||||
20031219
|
||||
- (dtucker) [defines.h] Bug #458: Define SIZE_T_MAX as UINT_MAX if we
|
||||
|
@ -1632,4 +1636,4 @@
|
|||
- Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
|
||||
Report from murple@murple.net, diagnosis from dtucker@zip.com.au
|
||||
|
||||
$Id: ChangeLog,v 1.3156 2003/12/31 00:38:32 dtucker Exp $
|
||||
$Id: ChangeLog,v 1.3157 2003/12/31 00:43:24 dtucker Exp $
|
||||
|
|
|
@ -23,7 +23,7 @@
|
|||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth2-passwd.c,v 1.4 2003/08/26 09:58:43 markus Exp $");
|
||||
RCSID("$OpenBSD: auth2-passwd.c,v 1.5 2003/12/31 00:24:50 dtucker Exp $");
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "packet.h"
|
||||
|
@ -38,16 +38,24 @@ extern ServerOptions options;
|
|||
static int
|
||||
userauth_passwd(Authctxt *authctxt)
|
||||
{
|
||||
char *password;
|
||||
char *password, *newpass;
|
||||
int authenticated = 0;
|
||||
int change;
|
||||
u_int len;
|
||||
u_int len, newlen;
|
||||
|
||||
change = packet_get_char();
|
||||
password = packet_get_string(&len);
|
||||
if (change) {
|
||||
/* discard new password from packet */
|
||||
newpass = packet_get_string(&newlen);
|
||||
memset(newpass, 0, newlen);
|
||||
xfree(newpass);
|
||||
}
|
||||
packet_check_eom();
|
||||
|
||||
if (change)
|
||||
logit("password change not supported");
|
||||
password = packet_get_string(&len);
|
||||
packet_check_eom();
|
||||
if (PRIVSEP(auth_password(authctxt, password)) == 1
|
||||
else if (PRIVSEP(auth_password(authctxt, password)) == 1
|
||||
#ifdef HAVE_CYGWIN
|
||||
&& check_nt_auth(1, authctxt->pw)
|
||||
#endif
|
||||
|
|
Loading…
Reference in New Issue