[git commit] libbb: make check_password() also return CHECKPASS_PW_HAS_EMPTY_PASSWORD

Denys Vlasenko vda.linux at googlemail.com
Thu Apr 13 11:04:05 UTC 2017


commit: https://git.busybox.net/busybox/commit/?id=a3de0b3b86deb37c2adc993c6357c1a31b7ecb5b
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master

Signed-off-by: Denys Vlasenko <vda.linux at googlemail.com>
---
 include/libbb.h          | 4 ++--
 libbb/correct_password.c | 4 ++--
 libbb/securetty.c        | 6 ++++--
 loginutils/login.c       | 2 +-
 loginutils/su.c          | 2 +-
 5 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/include/libbb.h b/include/libbb.h
index b889dd7..9b72c97 100644
--- a/include/libbb.h
+++ b/include/libbb.h
@@ -1482,9 +1482,9 @@ extern void selinux_or_die(void) FAST_FUNC;
 void setup_environment(const char *shell, int flags, const struct passwd *pw) FAST_FUNC;
 void nuke_str(char *str) FAST_FUNC;
 #if ENABLE_FEATURE_SECURETTY && !ENABLE_PAM
-int check_securetty(const char *short_tty) FAST_FUNC;
+int is_tty_secure(const char *short_tty) FAST_FUNC;
 #else
-static ALWAYS_INLINE int check_securetty(const char *short_tty UNUSED_PARAM) { return 1; }
+static ALWAYS_INLINE int is_tty_secure(const char *short_tty UNUSED_PARAM) { return 1; }
 #endif
 #define CHECKPASS_PW_HAS_EMPTY_PASSWORD 2
 int check_password(const struct passwd *pw, const char *plaintext) FAST_FUNC;
diff --git a/libbb/correct_password.c b/libbb/correct_password.c
index 3436edc..f4635a5 100644
--- a/libbb/correct_password.c
+++ b/libbb/correct_password.c
@@ -63,7 +63,7 @@ static const char *get_passwd(const struct passwd *pw, char buffer[SHADOW_BUFSIZ
 }
 
 /*
- * Return 1 if PW has an empty password.
+ * Return CHECKPASS_PW_HAS_EMPTY_PASSWORD if PW has an empty password.
  * Return 1 if the user gives the correct password for entry PW,
  * 0 if not.
  * NULL pw means "just fake it for login with bad username"
@@ -77,7 +77,7 @@ int FAST_FUNC check_password(const struct passwd *pw, const char *plaintext)
 
 	pw_pass = get_passwd(pw, buffer);
 	if (!pw_pass[0]) { /* empty password field? */
-		return 1;
+		return CHECKPASS_PW_HAS_EMPTY_PASSWORD;
 	}
 
 	encrypted = pw_encrypt(plaintext, /*salt:*/ pw_pass, 1);
diff --git a/libbb/securetty.c b/libbb/securetty.c
index 176cee1..67a1236 100644
--- a/libbb/securetty.c
+++ b/libbb/securetty.c
@@ -6,7 +6,7 @@
  */
 #include "libbb.h"
 
-int FAST_FUNC check_securetty(const char *short_tty)
+int FAST_FUNC is_tty_secure(const char *short_tty)
 {
 	char *buf = (char*)"/etc/securetty"; /* any non-NULL is ok */
 	parser_t *parser = config_open2("/etc/securetty", fopen_for_read);
@@ -17,6 +17,8 @@ int FAST_FUNC check_securetty(const char *short_tty)
 	}
 	config_close(parser);
 	/* buf != NULL here if config file was not found, empty
-	 * or line was found which equals short_tty */
+	 * or line was found which equals short_tty.
+	 * In all these cases, we report "this tty is secure".
+	 */
 	return buf != NULL;
 }
diff --git a/loginutils/login.c b/loginutils/login.c
index 661a874..be05def 100644
--- a/loginutils/login.c
+++ b/loginutils/login.c
@@ -486,7 +486,7 @@ int login_main(int argc UNUSED_PARAM, char **argv)
 		if (opt & LOGIN_OPT_f)
 			break; /* -f USER: success without asking passwd */
 
-		if (pw->pw_uid == 0 && !check_securetty(short_tty))
+		if (pw->pw_uid == 0 && !is_tty_secure(short_tty))
 			goto auth_failed;
 
 		/* Don't check the password if password entry is empty (!) */
diff --git a/loginutils/su.c b/loginutils/su.c
index f2cd799..ef74aa7 100644
--- a/loginutils/su.c
+++ b/loginutils/su.c
@@ -134,7 +134,7 @@ int su_main(int argc UNUSED_PARAM, char **argv)
 	if (r > 0) {
 		if (ENABLE_FEATURE_SU_BLANK_PW_NEEDS_SECURE_TTY
 		 && r == CHECKPASS_PW_HAS_EMPTY_PASSWORD
-		 && !check_securetty(tty)
+		 && !is_tty_secure(tty)
 		) {
 			goto fail;
 		}


More information about the busybox-cvs mailing list