diff options
author | Miles Bader <miles@gnu.org> | 1997-05-15 21:27:13 +0000 |
---|---|---|
committer | Miles Bader <miles@gnu.org> | 1997-05-15 21:27:13 +0000 |
commit | 748ce1cddabbf42b2178a5102ccba4072f747f9e (patch) | |
tree | 3172c0b1aa8749cff0150cea182006d2e50a6a0f /utils/login.c | |
parent | ab0a64643100626ee5f5b53461bfdd6fb3e97d9b (diff) |
(main: verify_passwd):
Add user-in-group-0-can-use-his-own-password-to-su hack.
Diffstat (limited to 'utils/login.c')
-rw-r--r-- | utils/login.c | 37 |
1 files changed, 29 insertions, 8 deletions
diff --git a/utils/login.c b/utils/login.c index 13e1cfee..d8f0d4b2 100644 --- a/utils/login.c +++ b/utils/login.c @@ -537,24 +537,45 @@ main(int argc, char *argv[]) prompt = "Password:"; unencrypted = getpass (prompt); + if (name) + free (prompt); + if (crypt) { encrypted = crypt (unencrypted, password); - /* Paranoia may destroya. */ - memset (unencrypted, 0, strlen (unencrypted)); - if (! encrypted) /* Something went wrong. */ - fail (51, errno, "Password encryption failed", 0); + { + /* Paranoia may destroya. */ + memset (unencrypted, 0, strlen (unencrypted)); + fail (51, errno, "Password encryption failed", 0); + } } else encrypted = unencrypted; - if (name) - free (prompt); + if (strcmp (encrypted, password) == 0) + { + memset (unencrypted, 0, strlen (unencrypted)); + return; /* password O.K. */ + } + + if (id == 0 && !is_group && parent_has_gid (0) + && (parent_uids->num == 0 || parent_uids->ids[0] != 0)) + /* Special hack: a user attempting to gain root access can use + their own password (instead of root's) if they're in group 0. */ + { + struct passwd *pw = getpwuid (parent_uids->ids[0]); + + encrypted = crypt (unencrypted, pw->pw_passwd); + memset (unencrypted, 0, strlen (unencrypted)); + + if (pw && strcmp (encrypted, pw->pw_passwd) == 0) + return; + } - if (strcmp (encrypted, password) != 0) - fail (50, 0, "Incorrect password", 0); + memset (unencrypted, 0, strlen (unencrypted)); + fail (50, 0, "Incorrect password", 0); } /* Parse our options... */ |