[PATCH]: auth-passwd.c: Eliminate a Cygwin special case
Corinna Vinschen
vinschen at redhat.com
Fri Jun 14 18:24:27 EST 2002
Hi,
as it turned out on the Cygwin mailing list, the special handling
of empty password in auth-passwd.c when running under Windows NT
results in problems.
Cause: The authentication methode "none" calls auth_password()
with an empty password. A piece of HAVE_CYGWIN code allows empty
passwords even if PermitEmptyPasswords is set to "no". This in
turn results in calling the Windows internal logon routine with
an invalid password, just because the auth method "none" is
enabled.
Result: Since many NT systems are set so that a couple of invalid
logons lock the account, accounts are suddenly locked, even if the
user never logged on locally.
Solution: Check for PermitEmptyPassword first also on NT systems.
This has the additional advantage that we can drop a snippet of
Cygwin special code. Fix below.
Corinna
Index: auth-passwd.c
===================================================================
RCS file: /cvs/openssh_cvs/auth-passwd.c,v
retrieving revision 1.45
diff -u -p -r1.45 auth-passwd.c
--- auth-passwd.c 15 May 2002 15:59:17 -0000 1.45
+++ auth-passwd.c 14 Jun 2002 08:15:04 -0000
@@ -124,13 +124,6 @@ auth_password(Authctxt *authctxt, const
if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
return 0;
#endif
-#ifdef HAVE_CYGWIN
- /*
- * Empty password is only possible on NT if the user has _really_
- * an empty password and authentication is done, though.
- */
- if (!is_winnt)
-#endif
if (*password == '\0' && options.permit_empty_passwd == 0)
return 0;
#ifdef KRB5
--
Corinna Vinschen
Cygwin Developer
Red Hat, Inc.
mailto:vinschen at redhat.com
More information about the openssh-unix-dev
mailing list