diff options
| -rw-r--r-- | meta/recipes-connectivity/openssh/openssh/auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch | 30 | ||||
| -rw-r--r-- | meta/recipes-connectivity/openssh/openssh_6.6p1.bb | 3 |
2 files changed, 32 insertions, 1 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch b/meta/recipes-connectivity/openssh/openssh/auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch new file mode 100644 index 0000000000..ba13cd1919 --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch @@ -0,0 +1,30 @@ +Upstream-Status: Pending + +Subject: auth2-none.c: avoid authenticate empty passwords to mess up with PAM + +If UsePAM, PermitEmptyPasswords, PasswordAuthentication are enabled. The ssh daemon +will try to authenticate an empty password, resulting in login failures of any user. +If PAM is enabled, then we should leave the task of password authentication to PAM. + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> + +--- + auth2-none.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/auth2-none.c b/auth2-none.c +index c8c6c74..b48b2fd 100644 +--- a/auth2-none.c ++++ b/auth2-none.c +@@ -61,7 +61,7 @@ userauth_none(Authctxt *authctxt) + { + none_enabled = 0; + packet_check_eom(); +- if (options.permit_empty_passwd && options.password_authentication) ++ if (options.permit_empty_passwd && options.password_authentication && !options.use_pam) + return (PRIVSEP(auth_password(authctxt, ""))); + return (0); + } +-- +1.7.9.5 + diff --git a/meta/recipes-connectivity/openssh/openssh_6.6p1.bb b/meta/recipes-connectivity/openssh/openssh_6.6p1.bb index 8f32c2e63e..047a895aae 100644 --- a/meta/recipes-connectivity/openssh/openssh_6.6p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_6.6p1.bb @@ -24,7 +24,8 @@ SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar. file://add-test-support-for-busybox.patch \ file://run-ptest \ file://openssh-CVE-2014-2532.patch \ - file://openssh-CVE-2014-2653.patch" + file://openssh-CVE-2014-2653.patch \ + file://auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch" PAM_SRC_URI = "file://sshd" |