[PATCH]: auth-passwd.c: Eliminate a Cygwin special case
Ben Lindstrom
mouring at etoh.eviladmin.org
Wed Jun 19 00:02:17 EST 2002
It's in my mailbox. I'm rewriting part of the auth-passwd.c code to make
the #ifdef less hellish.
I was waiting for negative feedback on my patch before committing my
changes and then yours.
- Ben
On Tue, 18 Jun 2002, Corinna Vinschen wrote:
> Hi,
>
> did anybody of the folks with checkin privileges have a look into this?
>
> Thanks,
> Corinna
>
> On Fri, Jun 14, 2002 at 10:24:27AM +0200, Corinna Vinschen wrote:
> > Hi,
> >
> > as it turned out on the Cygwin mailing list, the special handling
> > of empty password in auth-passwd.c when running under Windows NT
> > results in problems.
> >
> > Cause: The authentication methode "none" calls auth_password()
> > with an empty password. A piece of HAVE_CYGWIN code allows empty
> > passwords even if PermitEmptyPasswords is set to "no". This in
> > turn results in calling the Windows internal logon routine with
> > an invalid password, just because the auth method "none" is
> > enabled.
> >
> > Result: Since many NT systems are set so that a couple of invalid
> > logons lock the account, accounts are suddenly locked, even if the
> > user never logged on locally.
> >
> > Solution: Check for PermitEmptyPassword first also on NT systems.
> >
> > This has the additional advantage that we can drop a snippet of
> > Cygwin special code. Fix below.
> >
> > Corinna
> >
> > Index: auth-passwd.c
> > ===================================================================
> > RCS file: /cvs/openssh_cvs/auth-passwd.c,v
> > retrieving revision 1.45
> > diff -u -p -r1.45 auth-passwd.c
> > --- auth-passwd.c 15 May 2002 15:59:17 -0000 1.45
> > +++ auth-passwd.c 14 Jun 2002 08:15:04 -0000
> > @@ -124,13 +124,6 @@ auth_password(Authctxt *authctxt, const
> > if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
> > return 0;
> > #endif
> > -#ifdef HAVE_CYGWIN
> > - /*
> > - * Empty password is only possible on NT if the user has _really_
> > - * an empty password and authentication is done, though.
> > - */
> > - if (!is_winnt)
> > -#endif
> > if (*password == '\0' && options.permit_empty_passwd == 0)
> > return 0;
> > #ifdef KRB5
> >
> > --
> > Corinna Vinschen
> > Cygwin Developer
> > Red Hat, Inc.
> > mailto:vinschen at redhat.com
> > _______________________________________________
> > openssh-unix-dev at mindrot.org mailing list
> > http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>
> --
> Corinna Vinschen
> Cygwin Developer
> Red Hat, Inc.
> mailto:vinschen at redhat.com
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>
More information about the openssh-unix-dev
mailing list