[PATCH]: auth-passwd.c: Eliminate a Cygwin special case

Ben Lindstrom mouring at etoh.eviladmin.org
Wed Jun 19 00:02:17 EST 2002


It's in my mailbox.  I'm rewriting part of the auth-passwd.c code to make
the #ifdef less hellish.

I was waiting for negative feedback on my patch before committing my
changes and then yours.

- Ben


On Tue, 18 Jun 2002, Corinna Vinschen wrote:

> Hi,
>
> did anybody of the folks with checkin privileges have a look into this?
>
> Thanks,
> Corinna
>
> On Fri, Jun 14, 2002 at 10:24:27AM +0200, Corinna Vinschen wrote:
> > Hi,
> >
> > as it turned out on the Cygwin mailing list, the special handling
> > of empty password in auth-passwd.c when running under Windows NT
> > results in problems.
> >
> > Cause:  The authentication methode "none" calls auth_password()
> > with an empty password.  A piece of HAVE_CYGWIN code allows empty
> > passwords even if PermitEmptyPasswords is set to "no".  This in
> > turn results in calling the Windows internal logon routine with
> > an invalid password, just because the auth method "none" is
> > enabled.
> >
> > Result: Since many NT systems are set so that a couple of invalid
> > logons lock the account, accounts are suddenly locked, even if the
> > user never logged on locally.
> >
> > Solution: Check for PermitEmptyPassword first also on NT systems.
> >
> > This has the additional advantage that we can drop a snippet of
> > Cygwin special code.  Fix below.
> >
> > Corinna
> >
> > Index: auth-passwd.c
> > ===================================================================
> > RCS file: /cvs/openssh_cvs/auth-passwd.c,v
> > retrieving revision 1.45
> > diff -u -p -r1.45 auth-passwd.c
> > --- auth-passwd.c	15 May 2002 15:59:17 -0000	1.45
> > +++ auth-passwd.c	14 Jun 2002 08:15:04 -0000
> > @@ -124,13 +124,6 @@ auth_password(Authctxt *authctxt, const
> >         if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
> >  		return 0;
> >  #endif
> > -#ifdef HAVE_CYGWIN
> > -	/*
> > -	 * Empty password is only possible on NT if the user has _really_
> > -	 * an empty password and authentication is done, though.
> > -	 */
> > -	if (!is_winnt)
> > -#endif
> >  	if (*password == '\0' && options.permit_empty_passwd == 0)
> >  		return 0;
> >  #ifdef KRB5
> >
> > --
> > Corinna Vinschen
> > Cygwin Developer
> > Red Hat, Inc.
> > mailto:vinschen at redhat.com
> > _______________________________________________
> > openssh-unix-dev at mindrot.org mailing list
> > http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>
> --
> Corinna Vinschen
> Cygwin Developer
> Red Hat, Inc.
> mailto:vinschen at redhat.com
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>




More information about the openssh-unix-dev mailing list