1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
diff -Nurd dropbear-0.45/svr-auth.c dropbear-0.45.patched/svr-auth.c
--- dropbear-0.45/svr-auth.c 2005-03-06 20:27:02.000000000 -0800
+++ dropbear-0.45.patched/svr-auth.c 2005-03-08 15:22:43.998592744 -0800
@@ -237,6 +237,7 @@
}
/* check for an empty password */
+#ifdef DISALLOW_EMPTY_PW
if (ses.authstate.pw->pw_passwd[0] == '\0') {
TRACE(("leave checkusername: empty pword"))
dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected",
@@ -244,7 +245,7 @@
send_msg_userauth_failure(0, 1);
return DROPBEAR_FAILURE;
}
-
+#endif
TRACE(("shell is %s", ses.authstate.pw->pw_shell))
/* check that the shell is set */
diff -Nurd dropbear-0.45/svr-authpasswd.c dropbear-0.45.patched/svr-authpasswd.c
--- dropbear-0.45/svr-authpasswd.c 2005-03-06 20:27:02.000000000 -0800
+++ dropbear-0.45.patched/svr-authpasswd.c 2005-03-08 15:22:44.010591023 -0800
@@ -64,9 +64,13 @@
* since the shadow password may differ to that tested
* in auth.c */
if (passwdcrypt[0] == '\0') {
+#ifdef DISALLOW_EMPTY_PASSWD
dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected",
ses.authstate.printableuser);
send_msg_userauth_failure(0, 1);
+#else
+ send_msg_userauth_success();
+#endif
return;
}
|
