sulogin: use common password-checking routine.
authorDenys Vlasenko <vda.linux@googlemail.com>
Tue, 19 Nov 2013 12:09:06 +0000 (13:09 +0100)
committerDenys Vlasenko <vda.linux@googlemail.com>
Tue, 19 Nov 2013 12:09:06 +0000 (13:09 +0100)
This needed some extensions correct_passwd() function,
which got renamed ask_and_check_password() to better describe what it does.

function                                             old     new   delta
ask_and_check_password_extended                        -     215    +215
ask_and_check_password                                 -      12     +12
vlock_main                                           394     397      +3
sulogin_main                                         494     326    -168
correct_password                                     207       -    -207
------------------------------------------------------------------------------
(add/remove: 2/1 grow/shrink: 1/1 up/down: 230/-375)         Total: -145 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
include/libbb.h
libbb/correct_password.c
loginutils/login.c
loginutils/su.c
loginutils/sulogin.c
loginutils/vlock.c

index 58271655dddaf1484ffde533476e100fb4b6f721..e99bb928f1efd95fe0cf3a678776bcb81802c321 100644 (file)
@@ -1301,7 +1301,8 @@ int sd_listen_fds(void);
 #define SETUP_ENV_TO_TMP    (1 << 2)
 #define SETUP_ENV_NO_CHDIR  (1 << 4)
 extern void setup_environment(const char *shell, int flags, const struct passwd *pw) FAST_FUNC;
-extern int correct_password(const struct passwd *pw) FAST_FUNC;
+extern int ask_and_check_password_extended(const struct passwd *pw, int timeout, const char *prompt) FAST_FUNC;
+extern int ask_and_check_password(const struct passwd *pw) FAST_FUNC;
 /* Returns a malloced string */
 #if !ENABLE_USE_BB_CRYPT
 #define pw_encrypt(clear, salt, cleanup) pw_encrypt(clear, salt)
index 7cabd33d075ade13e38e9fe8d17eb94a9d1c943a..d02d0d6a09f5a9beb7fee6b2f4013729c2a09ff4 100644 (file)
 #include "libbb.h"
 
 /* Ask the user for a password.
+ * Return 1 without asking if PW has an empty password.
+ * Return -1 on EOF, error while reading input, or timeout.
  * Return 1 if the user gives the correct password for entry PW,
- * 0 if not.  Return 1 without asking if PW has an empty password.
+ * 0 if not.
  *
- * NULL pw means "just fake it for login with bad username" */
-
-int FAST_FUNC correct_password(const struct passwd *pw)
+ * NULL pw means "just fake it for login with bad username"
+ */
+int FAST_FUNC ask_and_check_password_extended(const struct passwd *pw,
+               int timeout, const char *prompt)
 {
        char *unencrypted, *encrypted;
        const char *correct;
@@ -65,9 +68,10 @@ int FAST_FUNC correct_password(const struct passwd *pw)
                return 1;
 
  fake_it:
-       unencrypted = bb_ask_stdin("Password: ");
+       unencrypted = bb_ask(STDIN_FILENO, timeout, prompt);
        if (!unencrypted) {
-               return 0;
+               /* EOF (such as ^D) or error (such as ^C) */
+               return -1;
        }
        encrypted = pw_encrypt(unencrypted, correct, 1);
        r = (strcmp(encrypted, correct) == 0);
@@ -75,3 +79,8 @@ int FAST_FUNC correct_password(const struct passwd *pw)
        memset(unencrypted, 0, strlen(unencrypted));
        return r;
 }
+
+int FAST_FUNC ask_and_check_password(const struct passwd *pw)
+{
+       return ask_and_check_password_extended(pw, 0, "Password: ");
+}
index 6ec8dc42e17c63067858d89ef631e75c8af024bb..a4b19ccfc3d2ab44f07354e999ddaed2c78cde57 100644 (file)
@@ -420,7 +420,7 @@ int login_main(int argc UNUSED_PARAM, char **argv)
                 * Note that reads (in no-echo mode) trash tty attributes.
                 * If we get interrupted by SIGALRM, we need to restore attrs.
                 */
-               if (correct_password(pw))
+               if (ask_and_check_password(pw) > 0)
                        break;
 #endif /* ENABLE_PAM */
  auth_failed:
index 2ec05e12552e04588cc92be1f45d9ef337fd1fb0..c51f26f70f0a65fc1dde85a5ecffb8203ac50272 100644 (file)
@@ -93,7 +93,7 @@ int su_main(int argc UNUSED_PARAM, char **argv)
 
        pw = xgetpwnam(opt_username);
 
-       if (cur_uid == 0 || correct_password(pw)) {
+       if (cur_uid == 0 || ask_and_check_password(pw) > 0) {
                if (ENABLE_FEATURE_SU_SYSLOG)
                        syslog(LOG_NOTICE, "%c %s %s:%s",
                                '+', tty, old_user, opt_username);
index 65e638489313f86a6d00f8e66aeac8b90da1a697..2a2909937037830c3759675fb1cc9e1461bedd8c 100644 (file)
 #include "libbb.h"
 #include <syslog.h>
 
-//static void catchalarm(int UNUSED_PARAM junk)
-//{
-//     exit(EXIT_FAILURE);
-//}
-
-
 int sulogin_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
 int sulogin_main(int argc UNUSED_PARAM, char **argv)
 {
-       char *cp;
        int timeout = 0;
        struct passwd *pwd;
        const char *shell;
-#if ENABLE_FEATURE_SHADOWPASSWDS
-       /* Using _r function to avoid pulling in static buffers */
-       char buffer[256];
-       struct spwd spw;
-#endif
 
        logmode = LOGMODE_BOTH;
        openlog(applet_name, 0, LOG_AUTH);
@@ -62,43 +50,24 @@ int sulogin_main(int argc UNUSED_PARAM, char **argv)
                goto auth_error;
        }
 
-#if ENABLE_FEATURE_SHADOWPASSWDS
-       {
-               /* getspnam_r may return 0 yet set result to NULL.
-                * At least glibc 2.4 does this. Be extra paranoid here. */
-               struct spwd *result = NULL;
-               int r = getspnam_r(pwd->pw_name, &spw, buffer, sizeof(buffer), &result);
-               if (r || !result) {
-                       goto auth_error;
-               }
-               pwd->pw_passwd = result->sp_pwdp;
-       }
-#endif
-
        while (1) {
-               char *encrypted;
                int r;
 
-               /* cp points to a static buffer */
-               cp = bb_ask(STDIN_FILENO, timeout,
-                               "Give root password for system maintenance\n"
-                               "(or type Control-D for normal startup):");
-               if (!cp) {
+               r = ask_and_check_password_extended(pwd, timeout,
+                       "Give root password for system maintenance\n"
+                       "(or type Control-D for normal startup):"
+               );
+               if (r < 0) {
                        /* ^D, ^C, timeout, or read error */
                        bb_info_msg("Normal startup");
                        return 0;
                }
-               encrypted = pw_encrypt(cp, pwd->pw_passwd, 1);
-               r = strcmp(encrypted, pwd->pw_passwd);
-               free(encrypted);
-               if (r == 0) {
+               if (r > 0) {
                        break;
                }
                bb_do_delay(LOGIN_FAIL_DELAY);
                bb_info_msg("Login incorrect");
        }
-       memset(cp, 0, strlen(cp));
-//     signal(SIGALRM, SIG_DFL);
 
        bb_info_msg("System Maintenance Mode");
 
index 75af9390e18a4d1eb46f00cb65e34e23369c8b7a..44b14e6bc460387c0e6ec23ed7714808e6934c3a 100644 (file)
@@ -104,7 +104,7 @@ int vlock_main(int argc UNUSED_PARAM, char **argv)
                                /* "s" if -a, else "": */ "s" + !option_mask32,
                                pw->pw_name
                );
-               if (correct_password(pw)) {
+               if (ask_and_check_password(pw) > 0) {
                        break;
                }
                bb_do_delay(LOGIN_FAIL_DELAY);