libbb: make check_password() also return CHECKPASS_PW_HAS_EMPTY_PASSWORD

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2017-04-13 13:04:05 +02:00 · 2017-04-13 13:04:05 +02:00 · a3de0b3b86
parent 335681ca8e
commit a3de0b3b86
5 changed files with 10 additions and 8 deletions
--- a/include/libbb.h
+++ b/include/libbb.h
@ -1482,9 +1482,9 @@ extern void selinux_or_die(void) FAST_FUNC;
 void setup_environment(const char *shell, int flags, const struct passwd *pw) FAST_FUNC;
 void nuke_str(char *str) FAST_FUNC;
 #if ENABLE_FEATURE_SECURETTY && !ENABLE_PAM
-int check_securetty(const char *short_tty) FAST_FUNC;
+int is_tty_secure(const char *short_tty) FAST_FUNC;
 #else
-static ALWAYS_INLINE int check_securetty(const char *short_tty UNUSED_PARAM) { return 1; }
+static ALWAYS_INLINE int is_tty_secure(const char *short_tty UNUSED_PARAM) { return 1; }
 #endif
 #define CHECKPASS_PW_HAS_EMPTY_PASSWORD 2
 int check_password(const struct passwd *pw, const char *plaintext) FAST_FUNC;
--- a/libbb/correct_password.c
+++ b/libbb/correct_password.c
@ -63,7 +63,7 @@ static const char *get_passwd(const struct passwd *pw, char buffer[SHADOW_BUFSIZ
 }

 /*
- * Return 1 if PW has an empty password.
+ * Return CHECKPASS_PW_HAS_EMPTY_PASSWORD if PW has an empty password.
 * Return 1 if the user gives the correct password for entry PW,
 * 0 if not.
 * NULL pw means "just fake it for login with bad username"
@ -77,7 +77,7 @@ int FAST_FUNC check_password(const struct passwd *pw, const char *plaintext)

 	pw_pass = get_passwd(pw, buffer);
 	if (!pw_pass[0]) { /* empty password field? */
-		return 1;
+		return CHECKPASS_PW_HAS_EMPTY_PASSWORD;
 	}

 	encrypted = pw_encrypt(plaintext, /*salt:*/ pw_pass, 1);
--- a/libbb/securetty.c
+++ b/libbb/securetty.c
@ -6,7 +6,7 @@
 */
 #include "libbb.h"

-int FAST_FUNC check_securetty(const char *short_tty)
+int FAST_FUNC is_tty_secure(const char *short_tty)
 {
 	char *buf = (char*)"/etc/securetty"; /* any non-NULL is ok */
 	parser_t *parser = config_open2("/etc/securetty", fopen_for_read);
@ -17,6 +17,8 @@ int FAST_FUNC check_securetty(const char *short_tty)
 	}
 	config_close(parser);
 	/* buf != NULL here if config file was not found, empty
-	 * or line was found which equals short_tty */
+	 * or line was found which equals short_tty.
+	 * In all these cases, we report "this tty is secure".
+	 */
 	return buf != NULL;
 }
--- a/loginutils/login.c
+++ b/loginutils/login.c
@ -486,7 +486,7 @@ int login_main(int argc UNUSED_PARAM, char **argv)
 		if (opt & LOGIN_OPT_f)
 			break; /* -f USER: success without asking passwd */

-		if (pw->pw_uid == 0 && !check_securetty(short_tty))
+		if (pw->pw_uid == 0 && !is_tty_secure(short_tty))
 			goto auth_failed;

 		/* Don't check the password if password entry is empty (!) */
--- a/loginutils/su.c
+++ b/loginutils/su.c
@ -134,7 +134,7 @@ int su_main(int argc UNUSED_PARAM, char **argv)
 	if (r > 0) {
 		if (ENABLE_FEATURE_SU_BLANK_PW_NEEDS_SECURE_TTY
 		 && r == CHECKPASS_PW_HAS_EMPTY_PASSWORD
-		 && !check_securetty(tty)
+		 && !is_tty_secure(tty)
 		) {
 			goto fail;
 		}