diff options
| author | Denis Vlasenko | 2007-06-08 15:27:06 +0000 |
|---|---|---|
| committer | Denis Vlasenko | 2007-06-08 15:27:06 +0000 |
| commit | 65e14b458892a150681c42bb5837acf68f2d9b60 (patch) | |
| tree | 2a9046ae5f3de67d64b0b717383e3c255768263f | |
| parent | bdbbb7ec49040563628758a2581a5f8e44f53277 (diff) | |
| download | busybox-65e14b458892a150681c42bb5837acf68f2d9b60.zip busybox-65e14b458892a150681c42bb5837acf68f2d9b60.tar.gz | |
login: ask passwords even for wrong usernames.
# size busybox_old busybox_unstripped
text data bss dec hex filename
680099 2704 15648 698451 aa853 busybox_old
680110 2704 15648 698462 aa85e busybox_unstripped
| -rw-r--r-- | libbb/correct_password.c | 11 | ||||
| -rw-r--r-- | loginutils/login.c | 7 |
2 files changed, 11 insertions, 7 deletions
diff --git a/libbb/correct_password.c b/libbb/correct_password.c index c515b26..af6ff07 100644 --- a/libbb/correct_password.c +++ b/libbb/correct_password.c @@ -31,9 +31,10 @@ #include "libbb.h" /* Ask the user for a password. - Return 1 if the user gives the correct password for entry PW, - 0 if not. Return 1 without asking for a password if run by UID 0 - or if PW has an empty password. */ + * Return 1 if the user gives the correct password for entry PW, + * 0 if not. Return 1 without asking if PW has an empty password. + * + * NULL pw means "just fake it for login with bad username" */ int correct_password(const struct passwd *pw) { @@ -46,6 +47,9 @@ int correct_password(const struct passwd *pw) char buffer[256]; #endif + correct = "aa"; /* fake salt. crypt() can choke otherwise */ + if (!pw) + goto fake_it; /* "aa" will never match */ correct = pw->pw_passwd; #if ENABLE_FEATURE_SHADOWPASSWDS if (LONE_CHAR(pw->pw_passwd, 'x') || LONE_CHAR(pw->pw_passwd, '*')) { @@ -59,6 +63,7 @@ int correct_password(const struct passwd *pw) if (!correct || correct[0] == '\0') return 1; + fake_it: unencrypted = bb_askpass(0, "Password: "); if (!unencrypted) { return 0; diff --git a/loginutils/login.c b/loginutils/login.c index 1426950..b6924b6 100644 --- a/loginutils/login.c +++ b/loginutils/login.c @@ -276,8 +276,8 @@ int login_main(int argc, char **argv) pw = getpwnam(username); if (!pw) { - safe_strncpy(username, "UNKNOWN", sizeof(username)); - goto auth_failed; + strcpy(username, "UNKNOWN"); + goto fake_it; } if (pw->pw_passwd[0] == '!' || pw->pw_passwd[0] == '*') @@ -292,11 +292,10 @@ int login_main(int argc, char **argv) /* Don't check the password if password entry is empty (!) */ if (!pw->pw_passwd[0]) break; - + fake_it: /* authorization takes place here */ if (correct_password(pw)) break; - auth_failed: opt &= ~LOGIN_OPT_f; bb_do_delay(FAIL_DELAY); |