From a3de0b3b86deb37c2adc993c6357c1a31b7ecb5b Mon Sep 17 00:00:00 2001 From: Denys Vlasenko Date: Thu, 13 Apr 2017 13:04:05 +0200 Subject: libbb: make check_password() also return CHECKPASS_PW_HAS_EMPTY_PASSWORD Signed-off-by: Denys Vlasenko --- include/libbb.h | 4 ++-- libbb/correct_password.c | 4 ++-- libbb/securetty.c | 6 ++++-- loginutils/login.c | 2 +- loginutils/su.c | 2 +- 5 files changed, 10 insertions(+), 8 deletions(-) diff --git a/include/libbb.h b/include/libbb.h index b889dd7d7..9b72c97be 100644 --- a/include/libbb.h +++ b/include/libbb.h @@ -1482,9 +1482,9 @@ extern void selinux_or_die(void) FAST_FUNC; void setup_environment(const char *shell, int flags, const struct passwd *pw) FAST_FUNC; void nuke_str(char *str) FAST_FUNC; #if ENABLE_FEATURE_SECURETTY && !ENABLE_PAM -int check_securetty(const char *short_tty) FAST_FUNC; +int is_tty_secure(const char *short_tty) FAST_FUNC; #else -static ALWAYS_INLINE int check_securetty(const char *short_tty UNUSED_PARAM) { return 1; } +static ALWAYS_INLINE int is_tty_secure(const char *short_tty UNUSED_PARAM) { return 1; } #endif #define CHECKPASS_PW_HAS_EMPTY_PASSWORD 2 int check_password(const struct passwd *pw, const char *plaintext) FAST_FUNC; diff --git a/libbb/correct_password.c b/libbb/correct_password.c index 3436edc30..f4635a5bc 100644 --- a/libbb/correct_password.c +++ b/libbb/correct_password.c @@ -63,7 +63,7 @@ static const char *get_passwd(const struct passwd *pw, char buffer[SHADOW_BUFSIZ } /* - * Return 1 if PW has an empty password. + * Return CHECKPASS_PW_HAS_EMPTY_PASSWORD if PW has an empty password. * Return 1 if the user gives the correct password for entry PW, * 0 if not. * NULL pw means "just fake it for login with bad username" @@ -77,7 +77,7 @@ int FAST_FUNC check_password(const struct passwd *pw, const char *plaintext) pw_pass = get_passwd(pw, buffer); if (!pw_pass[0]) { /* empty password field? */ - return 1; + return CHECKPASS_PW_HAS_EMPTY_PASSWORD; } encrypted = pw_encrypt(plaintext, /*salt:*/ pw_pass, 1); diff --git a/libbb/securetty.c b/libbb/securetty.c index 176cee129..67a123689 100644 --- a/libbb/securetty.c +++ b/libbb/securetty.c @@ -6,7 +6,7 @@ */ #include "libbb.h" -int FAST_FUNC check_securetty(const char *short_tty) +int FAST_FUNC is_tty_secure(const char *short_tty) { char *buf = (char*)"/etc/securetty"; /* any non-NULL is ok */ parser_t *parser = config_open2("/etc/securetty", fopen_for_read); @@ -17,6 +17,8 @@ int FAST_FUNC check_securetty(const char *short_tty) } config_close(parser); /* buf != NULL here if config file was not found, empty - * or line was found which equals short_tty */ + * or line was found which equals short_tty. + * In all these cases, we report "this tty is secure". + */ return buf != NULL; } diff --git a/loginutils/login.c b/loginutils/login.c index 661a87448..be05def09 100644 --- a/loginutils/login.c +++ b/loginutils/login.c @@ -486,7 +486,7 @@ int login_main(int argc UNUSED_PARAM, char **argv) if (opt & LOGIN_OPT_f) break; /* -f USER: success without asking passwd */ - if (pw->pw_uid == 0 && !check_securetty(short_tty)) + if (pw->pw_uid == 0 && !is_tty_secure(short_tty)) goto auth_failed; /* Don't check the password if password entry is empty (!) */ diff --git a/loginutils/su.c b/loginutils/su.c index f2cd799ae..ef74aa77d 100644 --- a/loginutils/su.c +++ b/loginutils/su.c @@ -134,7 +134,7 @@ int su_main(int argc UNUSED_PARAM, char **argv) if (r > 0) { if (ENABLE_FEATURE_SU_BLANK_PW_NEEDS_SECURE_TTY && r == CHECKPASS_PW_HAS_EMPTY_PASSWORD - && !check_securetty(tty) + && !is_tty_secure(tty) ) { goto fail; } -- cgit v1.2.3