(main: verify_passwd):

  Add user-in-group-0-can-use-his-own-password-to-su hack.

1 files changed, 29 insertions, 8 deletions

diff --git a/utils/login.c b/utils/login.c
index 13e1cfee..d8f0d4b2 100644
--- a/utils/login.c
+++ b/utils/login.c
@@ -537,24 +537,45 @@ main(int argc, char *argv[])
 	prompt = "Password:";
 
       unencrypted = getpass (prompt);
+      if (name)
+	free (prompt);
+
       if (crypt)
 	{
 	  encrypted = crypt (unencrypted, password);
-	  /* Paranoia may destroya.  */
-	  memset (unencrypted, 0, strlen (unencrypted));
-
 	  if (! encrypted)
 	    /* Something went wrong.  */
-	    fail (51, errno, "Password encryption failed", 0);
+	    {
+	      /* Paranoia may destroya.  */
+	      memset (unencrypted, 0, strlen (unencrypted));
+	      fail (51, errno, "Password encryption failed", 0);
+	    }
 	}
       else
 	encrypted = unencrypted;
 
-      if (name)
-	free (prompt);
+      if (strcmp (encrypted, password) == 0)
+	{
+	  memset (unencrypted, 0, strlen (unencrypted));
+	  return;			/* password O.K. */
+	}
+
+      if (id == 0 && !is_group && parent_has_gid (0)
+	  && (parent_uids->num == 0 || parent_uids->ids[0] != 0))
+	/* Special hack: a user attempting to gain root access can use
+	   their own password (instead of root's) if they're in group 0. */
+	{
+	  struct passwd *pw = getpwuid (parent_uids->ids[0]);
+
+	  encrypted = crypt (unencrypted, pw->pw_passwd);
+	  memset (unencrypted, 0, strlen (unencrypted));
+
+	  if (pw && strcmp (encrypted, pw->pw_passwd) == 0)
+	    return;
+	}
 
-      if (strcmp (encrypted, password) != 0)
-	fail (50, 0, "Incorrect password", 0);
+      memset (unencrypted, 0, strlen (unencrypted));
+      fail (50, 0, "Incorrect password", 0);
     }
 
   /* Parse our options...  */