DragonFly commits List (threaded) for 2011-12
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[
Date Index][
Thread Index]
git: pam_ssh: Don't allow a bogus passphrase for unencrypted keys.
commit 09e61f6cd8073fbb48eab8523b4bcc4f82dac34d
Author: Peter Avalos <pavalos@dragonflybsd.org>
Date: Sat Dec 24 13:00:13 2011 -0800
pam_ssh: Don't allow a bogus passphrase for unencrypted keys.
key_load_private() ignores the passphrase argument if the private key
is unencrypted. This defeats the nullok check, because it means a
non-null passphrase will successfully unlock the key.
To address this, try at first to load the key without a passphrase.
If this succeeds and the user provided a non-empty passphrase *or*
nullok is false, reject the key.
While I'm here: Load the ECDSA key if there is one.
Obtained-from: FreeBSD 227757, 219426, & 226101
Summary of changes:
lib/pam_module/pam_ssh/pam_ssh.8 | 9 ++++---
lib/pam_module/pam_ssh/pam_ssh.c | 42 +++++++++++++++++++++++++------------
2 files changed, 33 insertions(+), 18 deletions(-)
http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/09e61f6cd8073fbb48eab8523b4bcc4f82dac34d
--
DragonFly BSD source repository
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[
Date Index][
Thread Index]
