X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=libbb%2Fcorrect_password.c;h=f1793cd17399b5992e976d92596dd49327863342;hb=d21f596ddb294bdb65623ba1d0e49b17d0829229;hp=c515b26afb581402f6e974861a7820997895d12d;hpb=5df955fce2fbdc5b2acc365a120327ff943403da;p=oweals%2Fbusybox.git diff --git a/libbb/correct_password.c b/libbb/correct_password.c index c515b26af..f1793cd17 100644 --- a/libbb/correct_password.c +++ b/libbb/correct_password.c @@ -31,34 +31,37 @@ #include "libbb.h" /* Ask the user for a password. - Return 1 if the user gives the correct password for entry PW, - 0 if not. Return 1 without asking for a password if run by UID 0 - or if PW has an empty password. */ + * Return 1 if the user gives the correct password for entry PW, + * 0 if not. Return 1 without asking if PW has an empty password. + * + * NULL pw means "just fake it for login with bad username" */ int correct_password(const struct passwd *pw) { char *unencrypted, *encrypted; const char *correct; -#if ENABLE_FEATURE_SHADOWPASSWDS - /* Using _r function to avoid pulling in static buffers */ - struct spwd spw; - struct spwd *result; - char buffer[256]; -#endif + /* fake salt. crypt() can choke otherwise. */ + correct = "aa"; + if (!pw) { + /* "aa" will never match */ + goto fake_it; + } correct = pw->pw_passwd; #if ENABLE_FEATURE_SHADOWPASSWDS - if (LONE_CHAR(pw->pw_passwd, 'x') || LONE_CHAR(pw->pw_passwd, '*')) { - if (getspnam_r(pw->pw_name, &spw, buffer, sizeof(buffer), &result)) - bb_error_msg("no valid shadow password, checking ordinary one"); - else - correct = spw.sp_pwdp; + if ((correct[0] == 'x' || correct[0] == '*') && !correct[1]) { + /* Using _r function to avoid pulling in static buffers */ + struct spwd spw; + struct spwd *result; + char buffer[256]; + correct = (getspnam_r(pw->pw_name, &spw, buffer, sizeof(buffer), &result)) ? "aa" : spw.sp_pwdp; } #endif - if (!correct || correct[0] == '\0') + if (!correct[0]) /* empty password field? */ return 1; + fake_it: unencrypted = bb_askpass(0, "Password: "); if (!unencrypted) { return 0;