From 65e14b458892a150681c42bb5837acf68f2d9b60 Mon Sep 17 00:00:00 2001 From: Denis Vlasenko Date: Fri, 8 Jun 2007 15:27:06 +0000 Subject: login: ask passwords even for wrong usernames. # size busybox_old busybox_unstripped text data bss dec hex filename 680099 2704 15648 698451 aa853 busybox_old 680110 2704 15648 698462 aa85e busybox_unstripped --- libbb/correct_password.c | 11 ++++++++--- loginutils/login.c | 7 +++---- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/libbb/correct_password.c b/libbb/correct_password.c index c515b26..af6ff07 100644 --- a/libbb/correct_password.c +++ b/libbb/correct_password.c @@ -31,9 +31,10 @@ #include "libbb.h" /* Ask the user for a password. - Return 1 if the user gives the correct password for entry PW, - 0 if not. Return 1 without asking for a password if run by UID 0 - or if PW has an empty password. */ + * Return 1 if the user gives the correct password for entry PW, + * 0 if not. Return 1 without asking if PW has an empty password. + * + * NULL pw means "just fake it for login with bad username" */ int correct_password(const struct passwd *pw) { @@ -46,6 +47,9 @@ int correct_password(const struct passwd *pw) char buffer[256]; #endif + correct = "aa"; /* fake salt. crypt() can choke otherwise */ + if (!pw) + goto fake_it; /* "aa" will never match */ correct = pw->pw_passwd; #if ENABLE_FEATURE_SHADOWPASSWDS if (LONE_CHAR(pw->pw_passwd, 'x') || LONE_CHAR(pw->pw_passwd, '*')) { @@ -59,6 +63,7 @@ int correct_password(const struct passwd *pw) if (!correct || correct[0] == '\0') return 1; + fake_it: unencrypted = bb_askpass(0, "Password: "); if (!unencrypted) { return 0; diff --git a/loginutils/login.c b/loginutils/login.c index 1426950..b6924b6 100644 --- a/loginutils/login.c +++ b/loginutils/login.c @@ -276,8 +276,8 @@ int login_main(int argc, char **argv) pw = getpwnam(username); if (!pw) { - safe_strncpy(username, "UNKNOWN", sizeof(username)); - goto auth_failed; + strcpy(username, "UNKNOWN"); + goto fake_it; } if (pw->pw_passwd[0] == '!' || pw->pw_passwd[0] == '*') @@ -292,11 +292,10 @@ int login_main(int argc, char **argv) /* Don't check the password if password entry is empty (!) */ if (!pw->pw_passwd[0]) break; - + fake_it: /* authorization takes place here */ if (correct_password(pw)) break; - auth_failed: opt &= ~LOGIN_OPT_f; bb_do_delay(FAIL_DELAY); -- cgit v1.1