diff options
-rw-r--r-- | include/libbb.h | 4 | ||||
-rw-r--r-- | libbb/correct_password.c | 4 | ||||
-rw-r--r-- | libbb/securetty.c | 6 | ||||
-rw-r--r-- | loginutils/login.c | 2 | ||||
-rw-r--r-- | loginutils/su.c | 2 |
5 files changed, 10 insertions, 8 deletions
diff --git a/include/libbb.h b/include/libbb.h index b889dd7..9b72c97 100644 --- a/include/libbb.h +++ b/include/libbb.h @@ -1482,9 +1482,9 @@ extern void selinux_or_die(void) FAST_FUNC; void setup_environment(const char *shell, int flags, const struct passwd *pw) FAST_FUNC; void nuke_str(char *str) FAST_FUNC; #if ENABLE_FEATURE_SECURETTY && !ENABLE_PAM -int check_securetty(const char *short_tty) FAST_FUNC; +int is_tty_secure(const char *short_tty) FAST_FUNC; #else -static ALWAYS_INLINE int check_securetty(const char *short_tty UNUSED_PARAM) { return 1; } +static ALWAYS_INLINE int is_tty_secure(const char *short_tty UNUSED_PARAM) { return 1; } #endif #define CHECKPASS_PW_HAS_EMPTY_PASSWORD 2 int check_password(const struct passwd *pw, const char *plaintext) FAST_FUNC; diff --git a/libbb/correct_password.c b/libbb/correct_password.c index 3436edc..f4635a5 100644 --- a/libbb/correct_password.c +++ b/libbb/correct_password.c @@ -63,7 +63,7 @@ static const char *get_passwd(const struct passwd *pw, char buffer[SHADOW_BUFSIZ } /* - * Return 1 if PW has an empty password. + * Return CHECKPASS_PW_HAS_EMPTY_PASSWORD if PW has an empty password. * Return 1 if the user gives the correct password for entry PW, * 0 if not. * NULL pw means "just fake it for login with bad username" @@ -77,7 +77,7 @@ int FAST_FUNC check_password(const struct passwd *pw, const char *plaintext) pw_pass = get_passwd(pw, buffer); if (!pw_pass[0]) { /* empty password field? */ - return 1; + return CHECKPASS_PW_HAS_EMPTY_PASSWORD; } encrypted = pw_encrypt(plaintext, /*salt:*/ pw_pass, 1); diff --git a/libbb/securetty.c b/libbb/securetty.c index 176cee1..67a1236 100644 --- a/libbb/securetty.c +++ b/libbb/securetty.c @@ -6,7 +6,7 @@ */ #include "libbb.h" -int FAST_FUNC check_securetty(const char *short_tty) +int FAST_FUNC is_tty_secure(const char *short_tty) { char *buf = (char*)"/etc/securetty"; /* any non-NULL is ok */ parser_t *parser = config_open2("/etc/securetty", fopen_for_read); @@ -17,6 +17,8 @@ int FAST_FUNC check_securetty(const char *short_tty) } config_close(parser); /* buf != NULL here if config file was not found, empty - * or line was found which equals short_tty */ + * or line was found which equals short_tty. + * In all these cases, we report "this tty is secure". + */ return buf != NULL; } diff --git a/loginutils/login.c b/loginutils/login.c index 661a874..be05def 100644 --- a/loginutils/login.c +++ b/loginutils/login.c @@ -486,7 +486,7 @@ int login_main(int argc UNUSED_PARAM, char **argv) if (opt & LOGIN_OPT_f) break; /* -f USER: success without asking passwd */ - if (pw->pw_uid == 0 && !check_securetty(short_tty)) + if (pw->pw_uid == 0 && !is_tty_secure(short_tty)) goto auth_failed; /* Don't check the password if password entry is empty (!) */ diff --git a/loginutils/su.c b/loginutils/su.c index f2cd799..ef74aa7 100644 --- a/loginutils/su.c +++ b/loginutils/su.c @@ -134,7 +134,7 @@ int su_main(int argc UNUSED_PARAM, char **argv) if (r > 0) { if (ENABLE_FEATURE_SU_BLANK_PW_NEEDS_SECURE_TTY && r == CHECKPASS_PW_HAS_EMPTY_PASSWORD - && !check_securetty(tty) + && !is_tty_secure(tty) ) { goto fail; } |