sulogin: use common password-checking routine.

This needed some extensions correct_passwd() function, which got renamed ask_and_check_password() to better describe what it does. function old new delta ask_and_check_password_extended - 215 +215 ask_and_check_password - 12 +12 vlock_main 394 397 +3 sulogin_main 494 326 -168 correct_password 207 - -207 ------------------------------------------------------------------------------ (add/remove: 2/1 grow/shrink: 1/1 up/down: 230/-375) Total: -145 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
author: Denys Vlasenko <vda.linux@googlemail.com> 2013-11-19 13:09:06 +0100
committer: Denys Vlasenko <vda.linux@googlemail.com> 2013-11-19 13:09:06 +0100
commit: 9c1c605b1a8f34aef347bd9c2e4aea251e556d1b (patch)
tree: 1854674f7025a8679bd42bd4f056d22a6df891a3
parent: f6beef63c64abfc126ea4e73147af29d152f1a9e (diff)
download: busybox-w32-9c1c605b1a8f34aef347bd9c2e4aea251e556d1b.tar.gz
busybox-w32-9c1c605b1a8f34aef347bd9c2e4aea251e556d1b.tar.bz2
busybox-w32-9c1c605b1a8f34aef347bd9c2e4aea251e556d1b.zip
6 files changed, 26 insertions, 47 deletions
diff --git a/include/libbb.h b/include/libbb.h
index 58271655d..e99bb928f 100644
--- a/include/libbb.h
+++ b/include/libbb.h
@@ -1301,7 +1301,8 @@ int sd_listen_fds(void);
 #define SETUP_ENV_TO_TMP    (1 << 2)
 #define SETUP_ENV_NO_CHDIR  (1 << 4)
 extern void setup_environment(const char *shell, int flags, const struct passwd *pw) FAST_FUNC;
-extern int correct_password(const struct passwd *pw) FAST_FUNC;
+extern int ask_and_check_password_extended(const struct passwd *pw, int timeout, const char *prompt) FAST_FUNC;
+extern int ask_and_check_password(const struct passwd *pw) FAST_FUNC;
 /* Returns a malloced string */
 #if !ENABLE_USE_BB_CRYPT
 #define pw_encrypt(clear, salt, cleanup) pw_encrypt(clear, salt)
diff --git a/libbb/correct_password.c b/libbb/correct_password.c
index 7cabd33d0..d02d0d6a0 100644
--- a/libbb/correct_password.c
+++ b/libbb/correct_password.c
@@ -31,12 +31,15 @@
 #include "libbb.h"
 /* Ask the user for a password.
+ * Return 1 without asking if PW has an empty password.
+ * Return -1 on EOF, error while reading input, or timeout.
 * Return 1 if the user gives the correct password for entry PW,
- * 0 if not.  Return 1 without asking if PW has an empty password.
+ * 0 if not.
 *
- * NULL pw means "just fake it for login with bad username" */
+ * NULL pw means "just fake it for login with bad username"
+ */
-int FAST_FUNC correct_password(const struct passwd *pw)
+int FAST_FUNC ask_and_check_password_extended(const struct passwd *pw,
+                int timeout, const char *prompt)
 {
        char *unencrypted, *encrypted;
        const char *correct;
@@ -65,9 +68,10 @@ int FAST_FUNC correct_password(const struct passwd *pw)
                return 1;
 fake_it:
-        unencrypted = bb_ask_stdin("Password: ");
+        unencrypted = bb_ask(STDIN_FILENO, timeout, prompt);
        if (!unencrypted) {
-                return 0;
+                /* EOF (such as ^D) or error (such as ^C) */
+                return -1;
        }
        encrypted = pw_encrypt(unencrypted, correct, 1);
        r = (strcmp(encrypted, correct) == 0);
@@ -75,3 +79,8 @@ int FAST_FUNC correct_password(const struct passwd *pw)
        memset(unencrypted, 0, strlen(unencrypted));
        return r;
 }
+int FAST_FUNC ask_and_check_password(const struct passwd *pw)
+{
+        return ask_and_check_password_extended(pw, 0, "Password: ");
+}
diff --git a/loginutils/login.c b/loginutils/login.c
index 6ec8dc42e..a4b19ccfc 100644
--- a/loginutils/login.c
+++ b/loginutils/login.c
@@ -420,7 +420,7 @@ int login_main(int argc UNUSED_PARAM, char **argv)
                 * Note that reads (in no-echo mode) trash tty attributes.
                 * If we get interrupted by SIGALRM, we need to restore attrs.
                 */
-                if (correct_password(pw))
+                if (ask_and_check_password(pw) > 0)
                        break;
 #endif /* ENABLE_PAM */
 auth_failed:
diff --git a/loginutils/su.c b/loginutils/su.c
index 2ec05e125..c51f26f70 100644
--- a/loginutils/su.c
+++ b/loginutils/su.c
@@ -93,7 +93,7 @@ int su_main(int argc UNUSED_PARAM, char **argv)
        pw = xgetpwnam(opt_username);
-        if (cur_uid == 0 || correct_password(pw)) {
+        if (cur_uid == 0 || ask_and_check_password(pw) > 0) {
                if (ENABLE_FEATURE_SU_SYSLOG)
                        syslog(LOG_NOTICE, "%c %s %s:%s",
                                '+', tty, old_user, opt_username);
diff --git a/loginutils/sulogin.c b/loginutils/sulogin.c
index 65e638489..2a2909937 100644
--- a/loginutils/sulogin.c
+++ b/loginutils/sulogin.c
@@ -14,24 +14,12 @@
 #include "libbb.h"
 #include <syslog.h>
-//static void catchalarm(int UNUSED_PARAM junk)
-//{
-//      exit(EXIT_FAILURE);
-//}
 int sulogin_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
 int sulogin_main(int argc UNUSED_PARAM, char **argv)
 {
-        char *cp;
        int timeout = 0;
        struct passwd *pwd;
        const char *shell;
-#if ENABLE_FEATURE_SHADOWPASSWDS
-        /* Using _r function to avoid pulling in static buffers */
-        char buffer[256];
-        struct spwd spw;
-#endif
        logmode = LOGMODE_BOTH;
        openlog(applet_name, 0, LOG_AUTH);
@@ -62,43 +50,24 @@ int sulogin_main(int argc UNUSED_PARAM, char **argv)
                goto auth_error;
        }
-#if ENABLE_FEATURE_SHADOWPASSWDS
-        {
-                /* getspnam_r may return 0 yet set result to NULL.
-                 * At least glibc 2.4 does this. Be extra paranoid here. */
-                struct spwd *result = NULL;
-                int r = getspnam_r(pwd->pw_name, &spw, buffer, sizeof(buffer), &result);
-                if (r || !result) {
-                        goto auth_error;
-                }
-                pwd->pw_passwd = result->sp_pwdp;
-        }
-#endif
        while (1) {
-                char *encrypted;
                int r;
-                /* cp points to a static buffer */
+                r = ask_and_check_password_extended(pwd, timeout,
-                cp = bb_ask(STDIN_FILENO, timeout,
+                        "Give root password for system maintenance\n"
-                                "Give root password for system maintenance\n"
+                        "(or type Control-D for normal startup):"
-                                "(or type Control-D for normal startup):");
+                );
-                if (!cp) {
+                if (r < 0) {
                        /* ^D, ^C, timeout, or read error */
                        bb_info_msg("Normal startup");
                        return 0;
                }
-                encrypted = pw_encrypt(cp, pwd->pw_passwd, 1);
+                if (r > 0) {
-                r = strcmp(encrypted, pwd->pw_passwd);
-                free(encrypted);
-                if (r == 0) {
                        break;
                }
                bb_do_delay(LOGIN_FAIL_DELAY);
                bb_info_msg("Login incorrect");
        }
-        memset(cp, 0, strlen(cp));
-//      signal(SIGALRM, SIG_DFL);
        bb_info_msg("System Maintenance Mode");
diff --git a/loginutils/vlock.c b/loginutils/vlock.c
index 75af9390e..44b14e6bc 100644
--- a/loginutils/vlock.c
+++ b/loginutils/vlock.c
@@ -104,7 +104,7 @@ int vlock_main(int argc UNUSED_PARAM, char **argv)
                                /* "s" if -a, else "": */ "s" + !option_mask32,
                                pw->pw_name
                );
-                if (correct_password(pw)) {
+                if (ask_and_check_password(pw) > 0) {
                        break;
                }
                bb_do_delay(LOGIN_FAIL_DELAY);
author	Denys Vlasenko <vda.linux@googlemail.com>	2013-11-19 13:09:06 +0100
committer	Denys Vlasenko <vda.linux@googlemail.com>	2013-11-19 13:09:06 +0100
commit	9c1c605b1a8f34aef347bd9c2e4aea251e556d1b (patch)
tree	1854674f7025a8679bd42bd4f056d22a6df891a3
parent	f6beef63c64abfc126ea4e73147af29d152f1a9e (diff)
download	busybox-w32-9c1c605b1a8f34aef347bd9c2e4aea251e556d1b.tar.gz busybox-w32-9c1c605b1a8f34aef347bd9c2e4aea251e556d1b.tar.bz2 busybox-w32-9c1c605b1a8f34aef347bd9c2e4aea251e556d1b.zip

diff --git a/include/libbb.h b/include/libbb.h index 58271655d..e99bb928f 100644 --- a/include/libbb.h +++ b/include/libbb.h
@@ -1301,7 +1301,8 @@ int sd_listen_fds(void);
1301	#define SETUP_ENV_TO_TMP (1 << 2)	1301	#define SETUP_ENV_TO_TMP (1 << 2)
1302	#define SETUP_ENV_NO_CHDIR (1 << 4)	1302	#define SETUP_ENV_NO_CHDIR (1 << 4)
1303	extern void setup_environment(const char shell, int flags, const struct passwd pw) FAST_FUNC;	1303	extern void setup_environment(const char shell, int flags, const struct passwd pw) FAST_FUNC;
1304	extern int correct_password(const struct passwd *pw) FAST_FUNC;	1304	extern int ask_and_check_password_extended(const struct passwd pw, int timeout, const char prompt) FAST_FUNC;
		1305	extern int ask_and_check_password(const struct passwd *pw) FAST_FUNC;
1305	/* Returns a malloced string */	1306	/* Returns a malloced string */
1306	#if !ENABLE_USE_BB_CRYPT	1307	#if !ENABLE_USE_BB_CRYPT
1307	#define pw_encrypt(clear, salt, cleanup) pw_encrypt(clear, salt)	1308	#define pw_encrypt(clear, salt, cleanup) pw_encrypt(clear, salt)


diff --git a/libbb/correct_password.c b/libbb/correct_password.c index 7cabd33d0..d02d0d6a0 100644 --- a/libbb/correct_password.c +++ b/libbb/correct_password.c
@@ -31,12 +31,15 @@
31	#include "libbb.h"	31	#include "libbb.h"
32		32
33	/* Ask the user for a password.	33	/* Ask the user for a password.
		34	* Return 1 without asking if PW has an empty password.
		35	* Return -1 on EOF, error while reading input, or timeout.
34	* Return 1 if the user gives the correct password for entry PW,	36	* Return 1 if the user gives the correct password for entry PW,
35	* 0 if not. Return 1 without asking if PW has an empty password.	37	* 0 if not.
36	*	38	*
37	* NULL pw means "just fake it for login with bad username" */	39	* NULL pw means "just fake it for login with bad username"
38		40	*/
39	int FAST_FUNC correct_password(const struct passwd *pw)	41	int FAST_FUNC ask_and_check_password_extended(const struct passwd *pw,
		42	int timeout, const char *prompt)
40	{	43	{
41	char unencrypted, encrypted;	44	char unencrypted, encrypted;
42	const char *correct;	45	const char *correct;
@@ -65,9 +68,10 @@ int FAST_FUNC correct_password(const struct passwd *pw)
65	return 1;	68	return 1;
66		69
67	fake_it:	70	fake_it:
68	unencrypted = bb_ask_stdin("Password: ");	71	unencrypted = bb_ask(STDIN_FILENO, timeout, prompt);
69	if (!unencrypted) {	72	if (!unencrypted) {
70	return 0;	73	/* EOF (such as ^D) or error (such as ^C) */
		74	return -1;
71	}	75	}
72	encrypted = pw_encrypt(unencrypted, correct, 1);	76	encrypted = pw_encrypt(unencrypted, correct, 1);
73	r = (strcmp(encrypted, correct) == 0);	77	r = (strcmp(encrypted, correct) == 0);
@@ -75,3 +79,8 @@ int FAST_FUNC correct_password(const struct passwd *pw)
75	memset(unencrypted, 0, strlen(unencrypted));	79	memset(unencrypted, 0, strlen(unencrypted));
76	return r;	80	return r;
77	}	81	}
		82
		83	int FAST_FUNC ask_and_check_password(const struct passwd *pw)
		84	{
		85	return ask_and_check_password_extended(pw, 0, "Password: ");
		86	}


diff --git a/loginutils/login.c b/loginutils/login.c index 6ec8dc42e..a4b19ccfc 100644 --- a/loginutils/login.c +++ b/loginutils/login.c
@@ -420,7 +420,7 @@ int login_main(int argc UNUSED_PARAM, char **argv)
420	* Note that reads (in no-echo mode) trash tty attributes.	420	* Note that reads (in no-echo mode) trash tty attributes.
421	* If we get interrupted by SIGALRM, we need to restore attrs.	421	* If we get interrupted by SIGALRM, we need to restore attrs.
422	*/	422	*/
423	if (correct_password(pw))	423	if (ask_and_check_password(pw) > 0)
424	break;	424	break;
425	#endif /* ENABLE_PAM */	425	#endif /* ENABLE_PAM */
426	auth_failed:	426	auth_failed:


diff --git a/loginutils/su.c b/loginutils/su.c index 2ec05e125..c51f26f70 100644 --- a/loginutils/su.c +++ b/loginutils/su.c
@@ -93,7 +93,7 @@ int su_main(int argc UNUSED_PARAM, char **argv)
93		93
94	pw = xgetpwnam(opt_username);	94	pw = xgetpwnam(opt_username);
95		95
96	if (cur_uid == 0 \|\| correct_password(pw)) {	96	if (cur_uid == 0 \|\| ask_and_check_password(pw) > 0) {
97	if (ENABLE_FEATURE_SU_SYSLOG)	97	if (ENABLE_FEATURE_SU_SYSLOG)
98	syslog(LOG_NOTICE, "%c %s %s:%s",	98	syslog(LOG_NOTICE, "%c %s %s:%s",
99	'+', tty, old_user, opt_username);	99	'+', tty, old_user, opt_username);


diff --git a/loginutils/sulogin.c b/loginutils/sulogin.c index 65e638489..2a2909937 100644 --- a/loginutils/sulogin.c +++ b/loginutils/sulogin.c
@@ -14,24 +14,12 @@
14	#include "libbb.h"	14	#include "libbb.h"
15	#include <syslog.h>	15	#include <syslog.h>
16		16
17	//static void catchalarm(int UNUSED_PARAM junk)
18	//{
19	// exit(EXIT_FAILURE);
20	//}
21
22
23	int sulogin_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;	17	int sulogin_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
24	int sulogin_main(int argc UNUSED_PARAM, char **argv)	18	int sulogin_main(int argc UNUSED_PARAM, char **argv)
25	{	19	{
26	char *cp;
27	int timeout = 0;	20	int timeout = 0;
28	struct passwd *pwd;	21	struct passwd *pwd;
29	const char *shell;	22	const char *shell;
30	#if ENABLE_FEATURE_SHADOWPASSWDS
31	/* Using _r function to avoid pulling in static buffers */
32	char buffer[256];
33	struct spwd spw;
34	#endif
35		23
36	logmode = LOGMODE_BOTH;	24	logmode = LOGMODE_BOTH;
37	openlog(applet_name, 0, LOG_AUTH);	25	openlog(applet_name, 0, LOG_AUTH);
@@ -62,43 +50,24 @@ int sulogin_main(int argc UNUSED_PARAM, char **argv)
62	goto auth_error;	50	goto auth_error;
63	}	51	}
64		52
65	#if ENABLE_FEATURE_SHADOWPASSWDS
66	{
67	/* getspnam_r may return 0 yet set result to NULL.
68	* At least glibc 2.4 does this. Be extra paranoid here. */
69	struct spwd *result = NULL;
70	int r = getspnam_r(pwd->pw_name, &spw, buffer, sizeof(buffer), &result);
71	if (r \|\| !result) {
72	goto auth_error;
73	}
74	pwd->pw_passwd = result->sp_pwdp;
75	}
76	#endif
77
78	while (1) {	53	while (1) {
79	char *encrypted;
80	int r;	54	int r;
81		55
82	/* cp points to a static buffer */	56	r = ask_and_check_password_extended(pwd, timeout,
83	cp = bb_ask(STDIN_FILENO, timeout,	57	"Give root password for system maintenance\n"
84	"Give root password for system maintenance\n"	58	"(or type Control-D for normal startup):"
85	"(or type Control-D for normal startup):");	59	);
86	if (!cp) {	60	if (r < 0) {
87	/* ^D, ^C, timeout, or read error */	61	/* ^D, ^C, timeout, or read error */
88	bb_info_msg("Normal startup");	62	bb_info_msg("Normal startup");
89	return 0;	63	return 0;
90	}	64	}
91	encrypted = pw_encrypt(cp, pwd->pw_passwd, 1);	65	if (r > 0) {
92	r = strcmp(encrypted, pwd->pw_passwd);
93	free(encrypted);
94	if (r == 0) {
95	break;	66	break;
96	}	67	}
97	bb_do_delay(LOGIN_FAIL_DELAY);	68	bb_do_delay(LOGIN_FAIL_DELAY);
98	bb_info_msg("Login incorrect");	69	bb_info_msg("Login incorrect");
99	}	70	}
100	memset(cp, 0, strlen(cp));
101	// signal(SIGALRM, SIG_DFL);
102		71
103	bb_info_msg("System Maintenance Mode");	72	bb_info_msg("System Maintenance Mode");
104		73


diff --git a/loginutils/vlock.c b/loginutils/vlock.c index 75af9390e..44b14e6bc 100644 --- a/loginutils/vlock.c +++ b/loginutils/vlock.c
@@ -104,7 +104,7 @@ int vlock_main(int argc UNUSED_PARAM, char **argv)
104	/* "s" if -a, else "": */ "s" + !option_mask32,	104	/* "s" if -a, else "": */ "s" + !option_mask32,
105	pw->pw_name	105	pw->pw_name
106	);	106	);
107	if (correct_password(pw)) {	107	if (ask_and_check_password(pw) > 0) {
108	break;	108	break;
109	}	109	}
110	bb_do_delay(LOGIN_FAIL_DELAY);	110	bb_do_delay(LOGIN_FAIL_DELAY);