[PATCH]: auth-passwd.c: Eliminate a Cygwin special case

Corinna Vinschen vinschen at redhat.com
Tue Jun 18 16:50:16 EST 2002 

Hi,

did anybody of the folks with checkin privileges have a look into this?

Thanks,
Corinna

On Fri, Jun 14, 2002 at 10:24:27AM +0200, Corinna Vinschen wrote:
> Hi,
> 
> as it turned out on the Cygwin mailing list, the special handling
> of empty password in auth-passwd.c when running under Windows NT 
> results in problems. 
> 
> Cause:  The authentication methode "none" calls auth_password()
> with an empty password.  A piece of HAVE_CYGWIN code allows empty
> passwords even if PermitEmptyPasswords is set to "no".  This in
> turn results in calling the Windows internal logon routine with
> an invalid password, just because the auth method "none" is
> enabled. 
> 
> Result: Since many NT systems are set so that a couple of invalid
> logons lock the account, accounts are suddenly locked, even if the
> user never logged on locally.
> 
> Solution: Check for PermitEmptyPassword first also on NT systems.
> 
> This has the additional advantage that we can drop a snippet of
> Cygwin special code.  Fix below.
> 
> Corinna
> 
> Index: auth-passwd.c
> ===================================================================
> RCS file: /cvs/openssh_cvs/auth-passwd.c,v
> retrieving revision 1.45
> diff -u -p -r1.45 auth-passwd.c
> --- auth-passwd.c	15 May 2002 15:59:17 -0000	1.45
> +++ auth-passwd.c	14 Jun 2002 08:15:04 -0000
> @@ -124,13 +124,6 @@ auth_password(Authctxt *authctxt, const 
>         if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
>  		return 0;
>  #endif
> -#ifdef HAVE_CYGWIN
> -	/*
> -	 * Empty password is only possible on NT if the user has _really_
> -	 * an empty password and authentication is done, though.
> -	 */
> -	if (!is_winnt)
> -#endif
>  	if (*password == '\0' && options.permit_empty_passwd == 0)
>  		return 0;
>  #ifdef KRB5
> 
> -- 
> Corinna Vinschen
> Cygwin Developer
> Red Hat, Inc.
> mailto:vinschen at redhat.com
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev

-- 
Corinna Vinschen
Cygwin Developer
Red Hat, Inc.
mailto:vinschen at redhat.com

More information about the openssh-unix-dev mailing list