svn commit: trunk/busybox: libbb loginutils
vda at busybox.net
vda at busybox.net
Fri Jun 8 15:27:07 UTC 2007
Author: vda
Date: 2007-06-08 08:27:06 -0700 (Fri, 08 Jun 2007)
New Revision: 18782
Log:
login: ask passwords even for wrong usernames.
# size busybox_old busybox_unstripped
text data bss dec hex filename
680099 2704 15648 698451 aa853 busybox_old
680110 2704 15648 698462 aa85e busybox_unstripped
Modified:
trunk/busybox/libbb/correct_password.c
trunk/busybox/loginutils/login.c
Changeset:
Modified: trunk/busybox/libbb/correct_password.c
===================================================================
--- trunk/busybox/libbb/correct_password.c 2007-06-08 15:02:55 UTC (rev 18781)
+++ trunk/busybox/libbb/correct_password.c 2007-06-08 15:27:06 UTC (rev 18782)
@@ -31,9 +31,10 @@
#include "libbb.h"
/* Ask the user for a password.
- Return 1 if the user gives the correct password for entry PW,
- 0 if not. Return 1 without asking for a password if run by UID 0
- or if PW has an empty password. */
+ * Return 1 if the user gives the correct password for entry PW,
+ * 0 if not. Return 1 without asking if PW has an empty password.
+ *
+ * NULL pw means "just fake it for login with bad username" */
int correct_password(const struct passwd *pw)
{
@@ -46,6 +47,9 @@
char buffer[256];
#endif
+ correct = "aa"; /* fake salt. crypt() can choke otherwise */
+ if (!pw)
+ goto fake_it; /* "aa" will never match */
correct = pw->pw_passwd;
#if ENABLE_FEATURE_SHADOWPASSWDS
if (LONE_CHAR(pw->pw_passwd, 'x') || LONE_CHAR(pw->pw_passwd, '*')) {
@@ -59,6 +63,7 @@
if (!correct || correct[0] == '\0')
return 1;
+ fake_it:
unencrypted = bb_askpass(0, "Password: ");
if (!unencrypted) {
return 0;
Modified: trunk/busybox/loginutils/login.c
===================================================================
--- trunk/busybox/loginutils/login.c 2007-06-08 15:02:55 UTC (rev 18781)
+++ trunk/busybox/loginutils/login.c 2007-06-08 15:27:06 UTC (rev 18782)
@@ -276,8 +276,8 @@
pw = getpwnam(username);
if (!pw) {
- safe_strncpy(username, "UNKNOWN", sizeof(username));
- goto auth_failed;
+ strcpy(username, "UNKNOWN");
+ goto fake_it;
}
if (pw->pw_passwd[0] == '!' || pw->pw_passwd[0] == '*')
@@ -292,11 +292,10 @@
/* Don't check the password if password entry is empty (!) */
if (!pw->pw_passwd[0])
break;
-
+ fake_it:
/* authorization takes place here */
if (correct_password(pw))
break;
-
auth_failed:
opt &= ~LOGIN_OPT_f;
bb_do_delay(FAIL_DELAY);
More information about the busybox-cvs
mailing list