summaryrefslogblamecommitdiffstats
path: root/source/installer/sources/dropbear/dropbear_emptypass.patch
blob: a3f27f47e3a2a13a8e404356e5ffb67bb59cba6c (plain) (tree)
1
2
3
4
5
6




                                                                                                      
 













                                                                                   
diff -Nur dropbear-20171018_fa3b0dd3.orig/svr-authpasswd.c dropbear-20171018_fa3b0dd3/svr-authpasswd.c
--- dropbear-20171018_fa3b0dd3.orig/svr-authpasswd.c	2018-01-13 19:19:59.000000000 -0600
+++ dropbear-20171018_fa3b0dd3/svr-authpasswd.c	2018-01-13 23:07:16.441369958 -0600
@@ -88,12 +88,16 @@
 	}
 
 	/* check for empty password */
+	/* Yep, good idea, but for our usage, it's okay - dropbear has to be
+	   started manually in the installer, so setting a password or not is
+	   up to the admin
 	if (passwdcrypt[0] == '\0') {
 		dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected",
 				ses.authstate.pw_name);
 		send_msg_userauth_failure(0, 1);
 		return;
 	}
+	*/
 
 	if (constant_time_strcmp(testcrypt, passwdcrypt) == 0) {
 		/* successful authentication */