su: FEATURE_SU_BLANK_PW_NEEDS_SECURE_TTY

When this feature is enabled, blank passwords are not accepted by su unless the user is on a secure TTY defined in /etc/securetty. This resembles the default PAM configuration of some Linux distros which specify the nullok_secure option for pam_unix.so. Based on patch by Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
author: Denys Vlasenko <vda.linux@googlemail.com> 2017-04-13 12:57:04 +0200
committer: Denys Vlasenko <vda.linux@googlemail.com> 2017-04-13 12:57:04 +0200
commit: 335681ca8e39144fa19814f7ba10d0fe760e4055 (patch)
tree: 81c20a0be3daab564c842f510126037bf2331ab2 /libbb/correct_password.c
parent: 517a82c5b6b5e279f3e96a6774445a2952ca312b (diff)
download: busybox-w32-335681ca8e39144fa19814f7ba10d0fe760e4055.tar.gz
busybox-w32-335681ca8e39144fa19814f7ba10d0fe760e4055.tar.bz2
busybox-w32-335681ca8e39144fa19814f7ba10d0fe760e4055.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/libbb/correct_password.c b/libbb/correct_password.c
index 513c93028..3436edc30 100644
--- a/libbb/correct_password.c
+++ b/libbb/correct_password.c
@@ -88,7 +88,7 @@ int FAST_FUNC check_password(const struct passwd *pw, const char *plaintext)
 /* Ask the user for a password.
- * Return 1 without asking if PW has an empty password.
+ * Return CHECKPASS_PW_HAS_EMPTY_PASSWORD without asking if PW has an empty password.
 * Return -1 on EOF, error while reading input, or timeout.
 * Return 1 if the user gives the correct password for entry PW,
 * 0 if not.
@@ -105,7 +105,7 @@ int FAST_FUNC ask_and_check_password_extended(const struct passwd *pw,
        pw_pass = get_passwd(pw, buffer);
        if (!pw_pass[0]) /* empty password field? */
-                return 1;
+                return CHECKPASS_PW_HAS_EMPTY_PASSWORD;
        plaintext = bb_ask(STDIN_FILENO, timeout, prompt);
        if (!plaintext) {
author	Denys Vlasenko <vda.linux@googlemail.com>	2017-04-13 12:57:04 +0200
committer	Denys Vlasenko <vda.linux@googlemail.com>	2017-04-13 12:57:04 +0200
commit	335681ca8e39144fa19814f7ba10d0fe760e4055 (patch)
tree	81c20a0be3daab564c842f510126037bf2331ab2 /libbb/correct_password.c
parent	517a82c5b6b5e279f3e96a6774445a2952ca312b (diff)
download	busybox-w32-335681ca8e39144fa19814f7ba10d0fe760e4055.tar.gz busybox-w32-335681ca8e39144fa19814f7ba10d0fe760e4055.tar.bz2 busybox-w32-335681ca8e39144fa19814f7ba10d0fe760e4055.zip

diff --git a/libbb/correct_password.c b/libbb/correct_password.c index 513c93028..3436edc30 100644 --- a/libbb/correct_password.c +++ b/libbb/correct_password.c
@@ -88,7 +88,7 @@ int FAST_FUNC check_password(const struct passwd pw, const char plaintext)
88		88
89		89
90	/* Ask the user for a password.	90	/* Ask the user for a password.
91	* Return 1 without asking if PW has an empty password.	91	* Return CHECKPASS_PW_HAS_EMPTY_PASSWORD without asking if PW has an empty password.
92	* Return -1 on EOF, error while reading input, or timeout.	92	* Return -1 on EOF, error while reading input, or timeout.
93	* Return 1 if the user gives the correct password for entry PW,	93	* Return 1 if the user gives the correct password for entry PW,
94	* 0 if not.	94	* 0 if not.
@@ -105,7 +105,7 @@ int FAST_FUNC ask_and_check_password_extended(const struct passwd *pw,
105		105
106	pw_pass = get_passwd(pw, buffer);	106	pw_pass = get_passwd(pw, buffer);
107	if (!pw_pass[0]) /* empty password field? */	107	if (!pw_pass[0]) /* empty password field? */
108	return 1;	108	return CHECKPASS_PW_HAS_EMPTY_PASSWORD;
109		109
110	plaintext = bb_ask(STDIN_FILENO, timeout, prompt);	110	plaintext = bb_ask(STDIN_FILENO, timeout, prompt);
111	if (!plaintext) {	111	if (!plaintext) {