libbb: make check_password() also return CHECKPASS_PW_HAS_EMPTY_PASSWORD

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>

diff --git a/include/libbb.h b/include/libbb.h
index b889dd7d7666d9b211d5fb9f2d2801821523a169..9b72c97be28b23748ffbd26691b01038368ebaf3 100644 (file)
--- a/include/libbb.h
+++ b/include/libbb.h
@@ -1482,9 +1482,9 @@ extern void selinux_or_die(void) FAST_FUNC;
 void setup_environment(const char *shell, int flags, const struct passwd *pw) FAST_FUNC;
 void nuke_str(char *str) FAST_FUNC;
 #if ENABLE_FEATURE_SECURETTY && !ENABLE_PAM
-int check_securetty(const char *short_tty) FAST_FUNC;
+int is_tty_secure(const char *short_tty) FAST_FUNC;
 #else
-static ALWAYS_INLINE int check_securetty(const char *short_tty UNUSED_PARAM) { return 1; }
+static ALWAYS_INLINE int is_tty_secure(const char *short_tty UNUSED_PARAM) { return 1; }
 #endif
 #define CHECKPASS_PW_HAS_EMPTY_PASSWORD 2
 int check_password(const struct passwd *pw, const char *plaintext) FAST_FUNC;

diff --git a/libbb/correct_password.c b/libbb/correct_password.c
index 3436edc309c5c1c64a1ab9e83abc44a56c07a3a5..f4635a5bcffdd059814dc5b142587aea0fdb7c80 100644 (file)
--- a/libbb/correct_password.c
+++ b/libbb/correct_password.c
@@ -63,7 +63,7 @@ static const char *get_passwd(const struct passwd *pw, char buffer[SHADOW_BUFSIZ
 }
 
 /*
- * Return 1 if PW has an empty password.
+ * Return CHECKPASS_PW_HAS_EMPTY_PASSWORD if PW has an empty password.
  * Return 1 if the user gives the correct password for entry PW,
  * 0 if not.
  * NULL pw means "just fake it for login with bad username"
@@ -77,7 +77,7 @@ int FAST_FUNC check_password(const struct passwd *pw, const char *plaintext)
 
        pw_pass = get_passwd(pw, buffer);
        if (!pw_pass[0]) { /* empty password field? */
-               return 1;
+               return CHECKPASS_PW_HAS_EMPTY_PASSWORD;
        }
 
        encrypted = pw_encrypt(plaintext, /*salt:*/ pw_pass, 1);

diff --git a/libbb/securetty.c b/libbb/securetty.c
index 176cee129843ab6b69d0bde26eb951e3855f6130..67a12368977f938f28082851a4ff6b63b9416bb0 100644 (file)
--- a/libbb/securetty.c
+++ b/libbb/securetty.c
@@ -6,7 +6,7 @@
  */
 #include "libbb.h"
 
-int FAST_FUNC check_securetty(const char *short_tty)
+int FAST_FUNC is_tty_secure(const char *short_tty)
 {
        char *buf = (char*)"/etc/securetty"; /* any non-NULL is ok */
        parser_t *parser = config_open2("/etc/securetty", fopen_for_read);
@@ -17,6 +17,8 @@ int FAST_FUNC check_securetty(const char *short_tty)
        }
        config_close(parser);
        /* buf != NULL here if config file was not found, empty
-        * or line was found which equals short_tty */
+        * or line was found which equals short_tty.
+        * In all these cases, we report "this tty is secure".
+        */
        return buf != NULL;
 }

diff --git a/loginutils/login.c b/loginutils/login.c
index 661a874486e5f69e714911f9236f2a05a863fe96..be05def094258088a69ff5d0089a3313f9d8d393 100644 (file)
--- a/loginutils/login.c
+++ b/loginutils/login.c
@@ -486,7 +486,7 @@ int login_main(int argc UNUSED_PARAM, char **argv)
                if (opt & LOGIN_OPT_f)
                        break; /* -f USER: success without asking passwd */
 
-               if (pw->pw_uid == 0 && !check_securetty(short_tty))
+               if (pw->pw_uid == 0 && !is_tty_secure(short_tty))
                        goto auth_failed;
 
                /* Don't check the password if password entry is empty (!) */

diff --git a/loginutils/su.c b/loginutils/su.c
index f2cd799aedbc7919b6958067b7c1ed30ae613825..ef74aa77d42b80c4f825148e78164a81289550b1 100644 (file)
--- a/loginutils/su.c
+++ b/loginutils/su.c
@@ -134,7 +134,7 @@ int su_main(int argc UNUSED_PARAM, char **argv)
        if (r > 0) {
                if (ENABLE_FEATURE_SU_BLANK_PW_NEEDS_SECURE_TTY
                 && r == CHECKPASS_PW_HAS_EMPTY_PASSWORD
-                && !check_securetty(tty)
+                && !is_tty_secure(tty)
                ) {
                        goto fail;
                }