From: Denis Vlasenko Date: Fri, 8 Jun 2007 15:27:06 +0000 (-0000) Subject: login: ask passwords even for wrong usernames. X-Git-Tag: android-x86-2.2~2872 X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;h=65e14b458892a150681c42bb5837acf68f2d9b60;p=android-x86%2Fexternal-busybox.git login: ask passwords even for wrong usernames. # size busybox_old busybox_unstripped text data bss dec hex filename 680099 2704 15648 698451 aa853 busybox_old 680110 2704 15648 698462 aa85e busybox_unstripped --- diff --git a/libbb/correct_password.c b/libbb/correct_password.c index c515b26af..af6ff076d 100644 --- a/libbb/correct_password.c +++ b/libbb/correct_password.c @@ -31,9 +31,10 @@ #include "libbb.h" /* Ask the user for a password. - Return 1 if the user gives the correct password for entry PW, - 0 if not. Return 1 without asking for a password if run by UID 0 - or if PW has an empty password. */ + * Return 1 if the user gives the correct password for entry PW, + * 0 if not. Return 1 without asking if PW has an empty password. + * + * NULL pw means "just fake it for login with bad username" */ int correct_password(const struct passwd *pw) { @@ -46,6 +47,9 @@ int correct_password(const struct passwd *pw) char buffer[256]; #endif + correct = "aa"; /* fake salt. crypt() can choke otherwise */ + if (!pw) + goto fake_it; /* "aa" will never match */ correct = pw->pw_passwd; #if ENABLE_FEATURE_SHADOWPASSWDS if (LONE_CHAR(pw->pw_passwd, 'x') || LONE_CHAR(pw->pw_passwd, '*')) { @@ -59,6 +63,7 @@ int correct_password(const struct passwd *pw) if (!correct || correct[0] == '\0') return 1; + fake_it: unencrypted = bb_askpass(0, "Password: "); if (!unencrypted) { return 0; diff --git a/loginutils/login.c b/loginutils/login.c index 142695008..b6924b641 100644 --- a/loginutils/login.c +++ b/loginutils/login.c @@ -276,8 +276,8 @@ int login_main(int argc, char **argv) pw = getpwnam(username); if (!pw) { - safe_strncpy(username, "UNKNOWN", sizeof(username)); - goto auth_failed; + strcpy(username, "UNKNOWN"); + goto fake_it; } if (pw->pw_passwd[0] == '!' || pw->pw_passwd[0] == '*') @@ -292,11 +292,10 @@ int login_main(int argc, char **argv) /* Don't check the password if password entry is empty (!) */ if (!pw->pw_passwd[0]) break; - + fake_it: /* authorization takes place here */ if (correct_password(pw)) break; - auth_failed: opt &= ~LOGIN_OPT_f; bb_do_delay(FAIL_DELAY);