diff --git a/options.h b/options.h index 4c7433e..14dda0c 100644 --- a/options.h +++ b/options.h @@ -179,8 +179,7 @@ much traffic. */ /* Define this to allow logging in to accounts that have no password specified. * Public key logins are allowed for blank-password accounts regardless of this - * setting. PAM is not affected by this setting, it uses the normal pam.d - * settings ('nullok' option) */ + * setting. */ /* #define ALLOW_BLANK_PASSWORD */ #define ENABLE_CLI_PASSWORD_AUTH diff --git a/svr-auth.c b/svr-auth.c index 04321fe..fbfd27c 100644 --- a/svr-auth.c +++ b/svr-auth.c @@ -155,9 +155,10 @@ void recv_msg_userauth_request() { AUTH_METHOD_NONE_LEN) == 0) { TRACE(("recv_msg_userauth_request: 'none' request")) #ifdef ALLOW_BLANK_PASSWORD + TRACE(("pw_passwd '%s'", ses.authstate.pw_passwd)) if (!svr_opts.noauthpass && !(svr_opts.norootpass && ses.authstate.pw_uid == 0) - && ses.authstate.pw_passwd == '\0') + && ses.authstate.pw_passwd[0] == '\0') { dropbear_log(LOG_NOTICE, "Auth succeeded with blank password for '%s' from %s", diff --git a/svr-authpasswd.c b/svr-authpasswd.c index ceeb4d8..c8c83f9 100644 --- a/svr-authpasswd.c +++ b/svr-authpasswd.c @@ -39,7 +39,6 @@ void svr_auth_password() { char * passwdcrypt = NULL; /* the crypt from /etc/passwd or /etc/shadow */ char * testcrypt = NULL; /* crypt generated from the user's password sent */ unsigned char * password; - int success_blank = 0; unsigned int passwordlen; unsigned int changepw; @@ -68,19 +67,13 @@ void svr_auth_password() { /* check for empty password */ if (passwdcrypt[0] == '\0') { -#ifdef ALLOW_BLANK_PASSWORD - if (passwordlen == 0) { - success_blank = 1; - } -#else dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected", ses.authstate.pw_name); send_msg_userauth_failure(0, 1); return; -#endif } - if (success_blank || strcmp(testcrypt, passwdcrypt) == 0) { + if (strcmp(testcrypt, passwdcrypt) == 0) { /* successful authentication */ dropbear_log(LOG_NOTICE, "Password auth succeeded for '%s' from %s",