From 335681ca8e39144fa19814f7ba10d0fe760e4055 Mon Sep 17 00:00:00 2001 From: Denys Vlasenko Date: Thu, 13 Apr 2017 12:57:04 +0200 Subject: su: FEATURE_SU_BLANK_PW_NEEDS_SECURE_TTY When this feature is enabled, blank passwords are not accepted by su unless the user is on a secure TTY defined in /etc/securetty. This resembles the default PAM configuration of some Linux distros which specify the nullok_secure option for pam_unix.so. Based on patch by Kaarle Ritvanen Signed-off-by: Denys Vlasenko --- libbb/correct_password.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'libbb/correct_password.c') diff --git a/libbb/correct_password.c b/libbb/correct_password.c index 513c93028..3436edc30 100644 --- a/libbb/correct_password.c +++ b/libbb/correct_password.c @@ -88,7 +88,7 @@ int FAST_FUNC check_password(const struct passwd *pw, const char *plaintext) /* Ask the user for a password. - * Return 1 without asking if PW has an empty password. + * Return CHECKPASS_PW_HAS_EMPTY_PASSWORD without asking if PW has an empty password. * Return -1 on EOF, error while reading input, or timeout. * Return 1 if the user gives the correct password for entry PW, * 0 if not. @@ -105,7 +105,7 @@ int FAST_FUNC ask_and_check_password_extended(const struct passwd *pw, pw_pass = get_passwd(pw, buffer); if (!pw_pass[0]) /* empty password field? */ - return 1; + return CHECKPASS_PW_HAS_EMPTY_PASSWORD; plaintext = bb_ask(STDIN_FILENO, timeout, prompt); if (!plaintext) { -- cgit v1.2.3