Corinna Vinschen
2002-Jun-14 08:24 UTC
[PATCH]: auth-passwd.c: Eliminate a Cygwin special case
Hi,
as it turned out on the Cygwin mailing list, the special handling
of empty password in auth-passwd.c when running under Windows NT
results in problems.
Cause: The authentication methode "none" calls auth_password()
with an empty password. A piece of HAVE_CYGWIN code allows empty
passwords even if PermitEmptyPasswords is set to "no". This in
turn results in calling the Windows internal logon routine with
an invalid password, just because the auth method "none" is
enabled.
Result: Since many NT systems are set so that a couple of invalid
logons lock the account, accounts are suddenly locked, even if the
user never logged on locally.
Solution: Check for PermitEmptyPassword first also on NT systems.
This has the additional advantage that we can drop a snippet of
Cygwin special code. Fix below.
Corinna
Index: auth-passwd.c
==================================================================RCS file:
/cvs/openssh_cvs/auth-passwd.c,v
retrieving revision 1.45
diff -u -p -r1.45 auth-passwd.c
--- auth-passwd.c 15 May 2002 15:59:17 -0000 1.45
+++ auth-passwd.c 14 Jun 2002 08:15:04 -0000
@@ -124,13 +124,6 @@ auth_password(Authctxt *authctxt, const
if (pw->pw_uid == 0 && options.permit_root_login !=
PERMIT_YES)
return 0;
#endif
-#ifdef HAVE_CYGWIN
- /*
- * Empty password is only possible on NT if the user has _really_
- * an empty password and authentication is done, though.
- */
- if (!is_winnt)
-#endif
if (*password == '\0' && options.permit_empty_passwd == 0)
return 0;
#ifdef KRB5
--
Corinna Vinschen
Cygwin Developer
Red Hat, Inc.
mailto:vinschen at redhat.com
Corinna Vinschen
2002-Jun-18 06:50 UTC
[PATCH]: auth-passwd.c: Eliminate a Cygwin special case
Hi, did anybody of the folks with checkin privileges have a look into this? Thanks, Corinna On Fri, Jun 14, 2002 at 10:24:27AM +0200, Corinna Vinschen wrote:> Hi, > > as it turned out on the Cygwin mailing list, the special handling > of empty password in auth-passwd.c when running under Windows NT > results in problems. > > Cause: The authentication methode "none" calls auth_password() > with an empty password. A piece of HAVE_CYGWIN code allows empty > passwords even if PermitEmptyPasswords is set to "no". This in > turn results in calling the Windows internal logon routine with > an invalid password, just because the auth method "none" is > enabled. > > Result: Since many NT systems are set so that a couple of invalid > logons lock the account, accounts are suddenly locked, even if the > user never logged on locally. > > Solution: Check for PermitEmptyPassword first also on NT systems. > > This has the additional advantage that we can drop a snippet of > Cygwin special code. Fix below. > > Corinna > > Index: auth-passwd.c > ==================================================================> RCS file: /cvs/openssh_cvs/auth-passwd.c,v > retrieving revision 1.45 > diff -u -p -r1.45 auth-passwd.c > --- auth-passwd.c 15 May 2002 15:59:17 -0000 1.45 > +++ auth-passwd.c 14 Jun 2002 08:15:04 -0000 > @@ -124,13 +124,6 @@ auth_password(Authctxt *authctxt, const > if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) > return 0; > #endif > -#ifdef HAVE_CYGWIN > - /* > - * Empty password is only possible on NT if the user has _really_ > - * an empty password and authentication is done, though. > - */ > - if (!is_winnt) > -#endif > if (*password == '\0' && options.permit_empty_passwd == 0) > return 0; > #ifdef KRB5 > > -- > Corinna Vinschen > Cygwin Developer > Red Hat, Inc. > mailto:vinschen at redhat.com > _______________________________________________ > openssh-unix-dev at mindrot.org mailing list > http://www.mindrot.org/mailman/listinfo/openssh-unix-dev-- Corinna Vinschen Cygwin Developer Red Hat, Inc. mailto:vinschen at redhat.com