From 54e19da86d5496ec5f5787b85a2b6342be1d63d4 Mon Sep 17 00:00:00 2001 From: Denis Vlasenko Date: Tue, 3 Jul 2007 10:28:46 +0000 Subject: correct_password: if password is 'x' or '*' and there is no shadow, use fake encrypted password 'aa' (which is guaranteed to fail password check). --- libbb/correct_password.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'libbb/correct_password.c') diff --git a/libbb/correct_password.c b/libbb/correct_password.c index 815c51c43..f1793cd17 100644 --- a/libbb/correct_password.c +++ b/libbb/correct_password.c @@ -54,13 +54,11 @@ int correct_password(const struct passwd *pw) struct spwd spw; struct spwd *result; char buffer[256]; - if (getspnam_r(pw->pw_name, &spw, buffer, sizeof(buffer), &result) == 0) - correct = spw.sp_pwdp; - /* else: no valid shadow password, checking ordinary one */ + correct = (getspnam_r(pw->pw_name, &spw, buffer, sizeof(buffer), &result)) ? "aa" : spw.sp_pwdp; } #endif - if (!correct || correct[0] == '\0') + if (!correct[0]) /* empty password field? */ return 1; fake_it: -- cgit v1.2.3