Subject: shadow bugs in ssh2/ssh1 From: Frank Cusack <fcusack@iconnet.net> Date: Mon, 14 Sep 1998 23:50:21 GMT Both ssh1 and ssh2 have bugs in the handling of shadow passwords. Here is the fix for ssh1.2.26; the fix is the same for ssh2 but in a different file. Also ssh2 has a bug in nis+ handling, related to the shadow bug. Due to the restrictive licensing I can't use ssh2 and since ssh comm sec ltd is a commercial enterprise they can find/fix it themselves. Comments: Under Solaris, pw->pw_passwd is defined to be invalid. However, in some cases getpwnam() will return a value for this. It should be ignored. For other systems, if getspnam() is defined, (and thus HAVE_ETC_SHADOW is defined), then it should be definitive. Unfortunately, this may not be the case under IRIX, so this fix will break IRIX installations w/o /etc/shadow. IMHO, anyone not running IRIX w/ shadow files needs to fix that anyway. ~frank *** auth-passwd.c.orig Wed Jul 8 12:40:35 1998 --- auth-passwd.c Mon Sep 14 19:41:50 1998 *************** *** 702,709 **** --- 702,712 ---- password code. */ #endif /* HAVE_SECURID */ + #ifndef HAVE_ETC_SHADOW + /* pw->pw_passwd is defined to be invalid under Solaris. */ /* Save the encrypted password. */ strncpy(correct_passwd, saved_pw_passwd, sizeof(correct_passwd)); + #endif #ifdef SECURE_RPC /* try to register secret key for secure RPC */ -- Frank Cusack + Today's Haiku No keyboard present Icon CMT Corp. + error message: Hit F1 to continue PGP: C001AA75 + Zen engineering?