libbb: make check_password() also return CHECKPASS_PW_HAS_EMPTY_PASSWORD

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>

5 files changed, 10 insertions, 8 deletions

diff --git a/include/libbb.h b/include/libbb.h
index b889dd7d7..9b72c97be 100644
--- a/include/libbb.h
+++ b/include/libbb.h
@@ -1482,9 +1482,9 @@ extern void selinux_or_die(void) FAST_FUNC;
 void setup_environment(const char *shell, int flags, const struct passwd *pw) FAST_FUNC;
 void nuke_str(char *str) FAST_FUNC;
 #if ENABLE_FEATURE_SECURETTY && !ENABLE_PAM
-int check_securetty(const char *short_tty) FAST_FUNC;
+int is_tty_secure(const char *short_tty) FAST_FUNC;
 #else
-static ALWAYS_INLINE int check_securetty(const char *short_tty UNUSED_PARAM) { return 1; }
+static ALWAYS_INLINE int is_tty_secure(const char *short_tty UNUSED_PARAM) { return 1; }
 #endif
 #define CHECKPASS_PW_HAS_EMPTY_PASSWORD 2
 int check_password(const struct passwd *pw, const char *plaintext) FAST_FUNC;
diff --git a/libbb/correct_password.c b/libbb/correct_password.c
index 3436edc30..f4635a5bc 100644
--- a/libbb/correct_password.c
+++ b/libbb/correct_password.c
@@ -63,7 +63,7 @@ static const char *get_passwd(const struct passwd *pw, char buffer[SHADOW_BUFSIZ
 }
 
 /*
- * Return 1 if PW has an empty password.
+ * Return CHECKPASS_PW_HAS_EMPTY_PASSWORD if PW has an empty password.
  * Return 1 if the user gives the correct password for entry PW,
  * 0 if not.
  * NULL pw means "just fake it for login with bad username"
@@ -77,7 +77,7 @@ int FAST_FUNC check_password(const struct passwd *pw, const char *plaintext)
 
         pw_pass = get_passwd(pw, buffer);
         if (!pw_pass[0]) { /* empty password field? */
-                return 1;
+                return CHECKPASS_PW_HAS_EMPTY_PASSWORD;
         }
 
         encrypted = pw_encrypt(plaintext, /*salt:*/ pw_pass, 1);
diff --git a/libbb/securetty.c b/libbb/securetty.c
index 176cee129..67a123689 100644
--- a/libbb/securetty.c
+++ b/libbb/securetty.c
@@ -6,7 +6,7 @@
  */
 #include "libbb.h"
 
-int FAST_FUNC check_securetty(const char *short_tty)
+int FAST_FUNC is_tty_secure(const char *short_tty)
 {
         char *buf = (char*)"/etc/securetty"; /* any non-NULL is ok */
         parser_t *parser = config_open2("/etc/securetty", fopen_for_read);
@@ -17,6 +17,8 @@ int FAST_FUNC check_securetty(const char *short_tty)
         }
         config_close(parser);
         /* buf != NULL here if config file was not found, empty
-         * or line was found which equals short_tty */
+         * or line was found which equals short_tty.
+         * In all these cases, we report "this tty is secure".
+         */
         return buf != NULL;
 }
diff --git a/loginutils/login.c b/loginutils/login.c
index 661a87448..be05def09 100644
--- a/loginutils/login.c
+++ b/loginutils/login.c
@@ -486,7 +486,7 @@ int login_main(int argc UNUSED_PARAM, char **argv)
                 if (opt & LOGIN_OPT_f)
                         break; /* -f USER: success without asking passwd */
 
-                if (pw->pw_uid == 0 && !check_securetty(short_tty))
+                if (pw->pw_uid == 0 && !is_tty_secure(short_tty))
                         goto auth_failed;
 
                 /* Don't check the password if password entry is empty (!) */
diff --git a/loginutils/su.c b/loginutils/su.c
index f2cd799ae..ef74aa77d 100644
--- a/loginutils/su.c
+++ b/loginutils/su.c
@@ -134,7 +134,7 @@ int su_main(int argc UNUSED_PARAM, char **argv)
         if (r > 0) {
                 if (ENABLE_FEATURE_SU_BLANK_PW_NEEDS_SECURE_TTY
                  && r == CHECKPASS_PW_HAS_EMPTY_PASSWORD
-                 && !check_securetty(tty)
+                 && !is_tty_secure(tty)
                 ) {
                         goto fail;
                 }