svn commit: branches/busybox_1_6_stable: libbb loginutils

aldot at busybox.net aldot at busybox.net
Sat Jun 9 09:07:18 UTC 2007


Author: aldot
Date: 2007-06-09 02:07:17 -0700 (Sat, 09 Jun 2007)
New Revision: 18786

Log:
- pull fix for bug#1383 from trunk (r18782)


Modified:
   branches/busybox_1_6_stable/libbb/correct_password.c
   branches/busybox_1_6_stable/loginutils/login.c


Changeset:
Modified: branches/busybox_1_6_stable/libbb/correct_password.c
===================================================================
--- branches/busybox_1_6_stable/libbb/correct_password.c	2007-06-09 09:00:12 UTC (rev 18785)
+++ branches/busybox_1_6_stable/libbb/correct_password.c	2007-06-09 09:07:17 UTC (rev 18786)
@@ -31,9 +31,10 @@
 #include "libbb.h"
 
 /* Ask the user for a password.
-   Return 1 if the user gives the correct password for entry PW,
-   0 if not.  Return 1 without asking for a password if run by UID 0
-   or if PW has an empty password.  */
+ * Return 1 if the user gives the correct password for entry PW,
+ * 0 if not.  Return 1 without asking if PW has an empty password.
+ *
+ * NULL pw means "just fake it for login with bad username" */
 
 int correct_password(const struct passwd *pw)
 {
@@ -46,6 +47,9 @@
 	char buffer[256];
 #endif
 
+	correct = "aa"; /* fake salt. crypt() can choke otherwise */
+	if (!pw)
+		goto fake_it; /* "aa" will never match */
 	correct = pw->pw_passwd;
 #if ENABLE_FEATURE_SHADOWPASSWDS
 	if (LONE_CHAR(pw->pw_passwd, 'x') || LONE_CHAR(pw->pw_passwd, '*')) {
@@ -59,6 +63,7 @@
 	if (!correct || correct[0] == '\0')
 		return 1;
 
+ fake_it:
 	unencrypted = bb_askpass(0, "Password: ");
 	if (!unencrypted) {
 		return 0;

Modified: branches/busybox_1_6_stable/loginutils/login.c
===================================================================
--- branches/busybox_1_6_stable/loginutils/login.c	2007-06-09 09:00:12 UTC (rev 18785)
+++ branches/busybox_1_6_stable/loginutils/login.c	2007-06-09 09:07:17 UTC (rev 18786)
@@ -276,8 +276,8 @@
 
 		pw = getpwnam(username);
 		if (!pw) {
-			safe_strncpy(username, "UNKNOWN", sizeof(username));
-			goto auth_failed;
+			strcpy(username, "UNKNOWN");
+			goto fake_it;
 		}
 
 		if (pw->pw_passwd[0] == '!' || pw->pw_passwd[0] == '*')
@@ -292,11 +292,10 @@
 		/* Don't check the password if password entry is empty (!) */
 		if (!pw->pw_passwd[0])
 			break;
-
+ fake_it:
 		/* authorization takes place here */
 		if (correct_password(pw))
 			break;
-
  auth_failed:
 		opt &= ~LOGIN_OPT_f;
 		bb_do_delay(FAIL_DELAY);




More information about the busybox-cvs mailing list