diff options
author | Denys Vlasenko | 2017-04-13 12:57:04 +0200 |
---|---|---|
committer | Denys Vlasenko | 2017-04-13 12:57:04 +0200 |
commit | 335681ca8e39144fa19814f7ba10d0fe760e4055 (patch) | |
tree | 81c20a0be3daab564c842f510126037bf2331ab2 /libbb | |
parent | 517a82c5b6b5e279f3e96a6774445a2952ca312b (diff) | |
download | busybox-335681ca8e39144fa19814f7ba10d0fe760e4055.zip busybox-335681ca8e39144fa19814f7ba10d0fe760e4055.tar.gz |
su: FEATURE_SU_BLANK_PW_NEEDS_SECURE_TTY
When this feature is enabled, blank passwords are not accepted by su
unless the user is on a secure TTY defined in /etc/securetty. This
resembles the default PAM configuration of some Linux distros which
specify the nullok_secure option for pam_unix.so.
Based on patch by Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'libbb')
-rw-r--r-- | libbb/correct_password.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/libbb/correct_password.c b/libbb/correct_password.c index 513c930..3436edc 100644 --- a/libbb/correct_password.c +++ b/libbb/correct_password.c @@ -88,7 +88,7 @@ int FAST_FUNC check_password(const struct passwd *pw, const char *plaintext) /* Ask the user for a password. - * Return 1 without asking if PW has an empty password. + * Return CHECKPASS_PW_HAS_EMPTY_PASSWORD without asking if PW has an empty password. * Return -1 on EOF, error while reading input, or timeout. * Return 1 if the user gives the correct password for entry PW, * 0 if not. @@ -105,7 +105,7 @@ int FAST_FUNC ask_and_check_password_extended(const struct passwd *pw, pw_pass = get_passwd(pw, buffer); if (!pw_pass[0]) /* empty password field? */ - return 1; + return CHECKPASS_PW_HAS_EMPTY_PASSWORD; plaintext = bb_ask(STDIN_FILENO, timeout, prompt); if (!plaintext) { |