Changeset 1770 in MondoRescue for branches/stable/mindi-busybox/libbb/correct_password.c
- Timestamp:
- Nov 6, 2007, 11:01:53 AM (16 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/stable/mindi-busybox/libbb/correct_password.c
r821 r1770 29 29 */ 30 30 31 #include <stdio.h>32 #include <errno.h>33 #include <unistd.h>34 #include <string.h>35 #include <stdlib.h>36 #include <syslog.h>37 #include <ctype.h>38 #include <crypt.h>39 40 31 #include "libbb.h" 41 32 33 /* Ask the user for a password. 34 * Return 1 if the user gives the correct password for entry PW, 35 * 0 if not. Return 1 without asking if PW has an empty password. 36 * 37 * NULL pw means "just fake it for login with bad username" */ 42 38 39 int correct_password(const struct passwd *pw) 40 { 41 char *unencrypted, *encrypted; 42 const char *correct; 43 43 44 /* Ask the user for a password. 45 Return 1 if the user gives the correct password for entry PW, 46 0 if not. Return 1 without asking for a password if run by UID 0 47 or if PW has an empty password. */ 44 /* fake salt. crypt() can choke otherwise. */ 45 correct = "aa"; 46 if (!pw) { 47 /* "aa" will never match */ 48 goto fake_it; 49 } 50 correct = pw->pw_passwd; 51 #if ENABLE_FEATURE_SHADOWPASSWDS 52 if ((correct[0] == 'x' || correct[0] == '*') && !correct[1]) { 53 /* Using _r function to avoid pulling in static buffers */ 54 struct spwd spw; 55 struct spwd *result; 56 char buffer[256]; 57 correct = (getspnam_r(pw->pw_name, &spw, buffer, sizeof(buffer), &result)) ? "aa" : spw.sp_pwdp; 58 } 59 #endif 48 60 49 int correct_password ( const struct passwd *pw ) 50 { 51 char *unencrypted, *encrypted, *correct; 52 53 #ifdef CONFIG_FEATURE_SHADOWPASSWDS 54 if (( strcmp ( pw-> pw_passwd, "x" ) == 0 ) || ( strcmp ( pw-> pw_passwd, "*" ) == 0 )) { 55 struct spwd *sp = getspnam ( pw-> pw_name ); 56 57 if ( !sp ) 58 bb_error_msg_and_die ( "\nno valid shadow password" ); 59 60 correct = sp-> sp_pwdp; 61 } 62 else 63 #endif 64 correct = pw-> pw_passwd; 65 66 if ( correct == 0 || correct[0] == '\0' ) 61 if (!correct[0]) /* empty password field? */ 67 62 return 1; 68 63 69 unencrypted = bb_askpass ( 0, "Password: " ); 70 if ( !unencrypted )71 {64 fake_it: 65 unencrypted = bb_askpass(0, "Password: "); 66 if (!unencrypted) { 72 67 return 0; 73 68 } 74 encrypted = crypt ( unencrypted, correct);75 memset ( unencrypted, 0, strlen ( unencrypted));76 return ( strcmp ( encrypted, correct ) == 0 ) ? 1 :0;69 encrypted = crypt(unencrypted, correct); 70 memset(unencrypted, 0, strlen(unencrypted)); 71 return strcmp(encrypted, correct) == 0; 77 72 }
Note:
See TracChangeset
for help on using the changeset viewer.