Commit 1205fa68 authored by Paul Eggleton's avatar Paul Eggleton
Browse files

Allow configuring "allow blank password option" at runtime



Changes this from a compile-time switch to a command-line option.
Signed-off-by: default avatarPaul Eggleton <[email protected]>
parent f5be0fb2
......@@ -180,11 +180,6 @@ much traffic. */
#define ENABLE_SVR_PUBKEY_OPTIONS
#endif
/* Define this to allow logging in to accounts that have no password specified.
* Public key logins are allowed for blank-password accounts regardless of this
* setting. */
/* #define ALLOW_BLANK_PASSWORD */
#define ENABLE_CLI_PASSWORD_AUTH
#define ENABLE_CLI_PUBKEY_AUTH
#define ENABLE_CLI_INTERACT_AUTH
......
......@@ -89,6 +89,7 @@ typedef struct svr_runopts {
int noauthpass;
int norootpass;
int allowblankpass;
#ifdef ENABLE_SVR_REMOTETCPFWD
int noremotetcp;
......
......@@ -154,8 +154,8 @@ void recv_msg_userauth_request() {
strncmp(methodname, AUTH_METHOD_NONE,
AUTH_METHOD_NONE_LEN) == 0) {
TRACE(("recv_msg_userauth_request: 'none' request"))
#ifdef ALLOW_BLANK_PASSWORD
if (!svr_opts.noauthpass
if (svr_opts.allowblankpass
&& !svr_opts.noauthpass
&& !(svr_opts.norootpass && ses.authstate.pw_uid == 0)
&& ses.authstate.pw_passwd[0] == '\0')
{
......@@ -167,7 +167,6 @@ void recv_msg_userauth_request() {
goto out;
}
else
#endif
{
send_msg_userauth_failure(0, 0);
goto out;
......
......@@ -29,6 +29,7 @@
#include "buffer.h"
#include "dbutil.h"
#include "auth.h"
#include "runopts.h"
#ifdef ENABLE_SVR_PASSWORD_AUTH
......
......@@ -63,6 +63,7 @@ static void printhelp(const char * progname) {
#if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH)
"-s Disable password logins\n"
"-g Disable password logins for root\n"
"-B Allow blank password logins\n"
#endif
#ifdef ENABLE_SVR_LOCALTCPFWD
"-j Disable local port forwarding\n"
......@@ -115,6 +116,7 @@ void svr_getopts(int argc, char ** argv) {
svr_opts.norootlogin = 0;
svr_opts.noauthpass = 0;
svr_opts.norootpass = 0;
svr_opts.allowblankpass = 0;
svr_opts.inetdmode = 0;
svr_opts.portcount = 0;
svr_opts.hostkey = NULL;
......@@ -234,6 +236,9 @@ void svr_getopts(int argc, char ** argv) {
case 'g':
svr_opts.norootpass = 1;
break;
case 'B':
svr_opts.allowblankpass = 1;
break;
#endif
case 'h':
printhelp(argv[0]);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment