aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDenys Vlasenko <vda.linux@googlemail.com>2017-04-13 13:04:05 +0200
committerDenys Vlasenko <vda.linux@googlemail.com>2017-04-13 13:04:05 +0200
commita3de0b3b86deb37c2adc993c6357c1a31b7ecb5b (patch)
tree19aa5e71448b03b2aea9aa2cad42a9a5d9066dc1
parent335681ca8e39144fa19814f7ba10d0fe760e4055 (diff)
downloadbusybox-a3de0b3b86deb37c2adc993c6357c1a31b7ecb5b.tar.gz
libbb: make check_password() also return CHECKPASS_PW_HAS_EMPTY_PASSWORD
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-rw-r--r--include/libbb.h4
-rw-r--r--libbb/correct_password.c4
-rw-r--r--libbb/securetty.c6
-rw-r--r--loginutils/login.c2
-rw-r--r--loginutils/su.c2
5 files changed, 10 insertions, 8 deletions
diff --git a/include/libbb.h b/include/libbb.h
index b889dd7d7..9b72c97be 100644
--- a/include/libbb.h
+++ b/include/libbb.h
@@ -1482,9 +1482,9 @@ extern void selinux_or_die(void) FAST_FUNC;
void setup_environment(const char *shell, int flags, const struct passwd *pw) FAST_FUNC;
void nuke_str(char *str) FAST_FUNC;
#if ENABLE_FEATURE_SECURETTY && !ENABLE_PAM
-int check_securetty(const char *short_tty) FAST_FUNC;
+int is_tty_secure(const char *short_tty) FAST_FUNC;
#else
-static ALWAYS_INLINE int check_securetty(const char *short_tty UNUSED_PARAM) { return 1; }
+static ALWAYS_INLINE int is_tty_secure(const char *short_tty UNUSED_PARAM) { return 1; }
#endif
#define CHECKPASS_PW_HAS_EMPTY_PASSWORD 2
int check_password(const struct passwd *pw, const char *plaintext) FAST_FUNC;
diff --git a/libbb/correct_password.c b/libbb/correct_password.c
index 3436edc30..f4635a5bc 100644
--- a/libbb/correct_password.c
+++ b/libbb/correct_password.c
@@ -63,7 +63,7 @@ static const char *get_passwd(const struct passwd *pw, char buffer[SHADOW_BUFSIZ
}
/*
- * Return 1 if PW has an empty password.
+ * Return CHECKPASS_PW_HAS_EMPTY_PASSWORD if PW has an empty password.
* Return 1 if the user gives the correct password for entry PW,
* 0 if not.
* NULL pw means "just fake it for login with bad username"
@@ -77,7 +77,7 @@ int FAST_FUNC check_password(const struct passwd *pw, const char *plaintext)
pw_pass = get_passwd(pw, buffer);
if (!pw_pass[0]) { /* empty password field? */
- return 1;
+ return CHECKPASS_PW_HAS_EMPTY_PASSWORD;
}
encrypted = pw_encrypt(plaintext, /*salt:*/ pw_pass, 1);
diff --git a/libbb/securetty.c b/libbb/securetty.c
index 176cee129..67a123689 100644
--- a/libbb/securetty.c
+++ b/libbb/securetty.c
@@ -6,7 +6,7 @@
*/
#include "libbb.h"
-int FAST_FUNC check_securetty(const char *short_tty)
+int FAST_FUNC is_tty_secure(const char *short_tty)
{
char *buf = (char*)"/etc/securetty"; /* any non-NULL is ok */
parser_t *parser = config_open2("/etc/securetty", fopen_for_read);
@@ -17,6 +17,8 @@ int FAST_FUNC check_securetty(const char *short_tty)
}
config_close(parser);
/* buf != NULL here if config file was not found, empty
- * or line was found which equals short_tty */
+ * or line was found which equals short_tty.
+ * In all these cases, we report "this tty is secure".
+ */
return buf != NULL;
}
diff --git a/loginutils/login.c b/loginutils/login.c
index 661a87448..be05def09 100644
--- a/loginutils/login.c
+++ b/loginutils/login.c
@@ -486,7 +486,7 @@ int login_main(int argc UNUSED_PARAM, char **argv)
if (opt & LOGIN_OPT_f)
break; /* -f USER: success without asking passwd */
- if (pw->pw_uid == 0 && !check_securetty(short_tty))
+ if (pw->pw_uid == 0 && !is_tty_secure(short_tty))
goto auth_failed;
/* Don't check the password if password entry is empty (!) */
diff --git a/loginutils/su.c b/loginutils/su.c
index f2cd799ae..ef74aa77d 100644
--- a/loginutils/su.c
+++ b/loginutils/su.c
@@ -134,7 +134,7 @@ int su_main(int argc UNUSED_PARAM, char **argv)
if (r > 0) {
if (ENABLE_FEATURE_SU_BLANK_PW_NEEDS_SECURE_TTY
&& r == CHECKPASS_PW_HAS_EMPTY_PASSWORD
- && !check_securetty(tty)
+ && !is_tty_secure(tty)
) {
goto fail;
}