openssh: avoid checking empty passwords to mess up with PAM modules

Previously, even if PAM is enabled for ssh, the daemon still tries to
authenticate an empty password. This leads to authentication failure
which would mess up with PAM modules.

As a result, if 'UsePAM', 'PermitEmptyPasswords' and 'PasswordAuthentication'
are enabled, no user can login correctly. We would meet the following error
message at the client side.

	Write failed: Broken Pipe

This patch fixes the above problem by checking whether PAM is enabled before
authenticating an empty password. After all, if PAM is enabled, the task of
authenticating passwords should be handled to PAM modules.

[YOCTO #6466]

(From OE-Core rev: e017ae71dad4837b0d22f291b0b0e0949075f822)

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

1 files changed, 2 insertions, 1 deletions

diff --git a/meta/recipes-connectivity/openssh/openssh_6.6p1.bb b/meta/recipes-connectivity/openssh/openssh_6.6p1.bb
index 8f32c2e63e..047a895aae 100644
--- a/meta/recipes-connectivity/openssh/openssh_6.6p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_6.6p1.bb
@@ -24,7 +24,8 @@ SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.
            file://add-test-support-for-busybox.patch \
            file://run-ptest \
            file://openssh-CVE-2014-2532.patch \
-           file://openssh-CVE-2014-2653.patch"
+           file://openssh-CVE-2014-2653.patch \
+           file://auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch"
 
 PAM_SRC_URI = "file://sshd"