From 5df955fce2fbdc5b2acc365a120327ff943403da Mon Sep 17 00:00:00 2001
From: Denis Vlasenko <vda.linux@googlemail.com>
Date: Tue, 13 Mar 2007 13:01:14 +0000
Subject: Do not fail password check if shadow password does not exist - fall
 back to ordinary one

Reduced usage of functions returning datain static buffers.
(mostly passwd/group/shadow related):

function                                             old     new   delta
correct_password                                     143     193     +50
sulogin_main                                         490     533     +43
adduser_main                                         732     774     +42
passwd_main                                         1875    1915     +40
addgroup_main                                        330     365     +35
bb_internal_getspnam                                  38       -     -38
bb_internal_fgetpwent                                 38       -     -38
bb_internal_fgetgrent                                 38       -     -38
static.resultbuf                                     168      88     -80
static.buffer                                       1872    1104    -768
------------------------------------------------------------------------------
(add/remove: 0/3 grow/shrink: 5/2 up/down: 210/-962)         Total: -752 bytes
---
 libbb/correct_password.c | 27 ++++++++++++++++-----------
 1 file changed, 16 insertions(+), 11 deletions(-)

(limited to 'libbb/correct_password.c')

diff --git a/libbb/correct_password.c b/libbb/correct_password.c
index d031b2109..c515b26af 100644
--- a/libbb/correct_password.c
+++ b/libbb/correct_password.c
@@ -37,19 +37,24 @@
 
 int correct_password(const struct passwd *pw)
 {
-	char *unencrypted, *encrypted, *correct;
+	char *unencrypted, *encrypted;
+	const char *correct;
+#if ENABLE_FEATURE_SHADOWPASSWDS
+	/* Using _r function to avoid pulling in static buffers */
+	struct spwd spw;
+	struct spwd *result;
+	char buffer[256];
+#endif
 
-#ifdef CONFIG_FEATURE_SHADOWPASSWDS
+	correct = pw->pw_passwd;
+#if ENABLE_FEATURE_SHADOWPASSWDS
 	if (LONE_CHAR(pw->pw_passwd, 'x') || LONE_CHAR(pw->pw_passwd, '*')) {
-		struct spwd *sp = getspnam(pw->pw_name);
-
-		if (!sp)
-			bb_error_msg_and_die("no valid shadow password");
-
-		correct = sp->sp_pwdp;
-	} else
+		if (getspnam_r(pw->pw_name, &spw, buffer, sizeof(buffer), &result))
+			bb_error_msg("no valid shadow password, checking ordinary one");
+		else
+			correct = spw.sp_pwdp;
+	}
 #endif
-		correct = pw->pw_passwd;
 
 	if (!correct || correct[0] == '\0')
 		return 1;
@@ -60,5 +65,5 @@ int correct_password(const struct passwd *pw)
 	}
 	encrypted = crypt(unencrypted, correct);
 	memset(unencrypted, 0, strlen(unencrypted));
-	return (!strcmp(encrypted, correct)) ? 1 : 0;
+	return strcmp(encrypted, correct) == 0;
 }
-- 
cgit v1.2.3