[EGIT] [core/enlightenment] master 01/01: e auth - allow empty password users to auth successfully

Sat, 27 Feb 2021 10:20:29 -0800 

raster pushed a commit to branch master.

http://git.enlightenment.org/core/enlightenment.git/commit/?id=92700403f785916820798371600f24573b13803f

commit 92700403f785916820798371600f24573b13803f
Author: Carsten Haitzler (Rasterman) <ras...@rasterman.com>
Date:   Sat Feb 27 18:18:34 2021 +0000

    e auth - allow empty password users to auth successfully
---
 src/bin/e_auth.c          |  9 +++++----
 src/bin/e_ckpasswd_main.c | 11 +++++++++++
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/src/bin/e_auth.c b/src/bin/e_auth.c
index 8b0aa6641..0ab534511 100644
--- a/src/bin/e_auth.c
+++ b/src/bin/e_auth.c
@@ -6,17 +6,18 @@ e_auth_begin(char *passwd)
    char buf[PATH_MAX];
    Ecore_Exe *exe = NULL;
    int ret = 0;
-   size_t pwlen;
+   size_t pwlen, buflen = 0;
 
    pwlen = strlen(passwd);
-   if (pwlen == 0) goto out;
 
    snprintf(buf, sizeof(buf),
             "%s/enlightenment/utils/enlightenment_ckpasswd pw",
             e_prefix_lib_get());
    exe = ecore_exe_pipe_run(buf, ECORE_EXE_PIPE_WRITE, NULL);
    if (!exe) goto out;
-   if (ecore_exe_send(exe, passwd, pwlen) != EINA_TRUE) goto out;
+   snprintf(buf, sizeof(buf), "pw %s", passwd);
+   buflen = strlen(buf);
+   if (ecore_exe_send(exe, buf, buflen) != EINA_TRUE) goto out;
    ecore_exe_close_stdin(exe);
 
    ret = ecore_exe_pid_get(exe);
@@ -32,6 +33,7 @@ out:
    if (exe) ecore_exe_free(exe);
 
    e_util_memclear(passwd, pwlen);
+   e_util_memclear(buf, buflen);
    return ret;
 }
 
@@ -44,7 +46,6 @@ e_auth_polkit_begin(char *passwd, const char *cookie, 
unsigned int uid)
    size_t pwlen, buflen = 0;
 
    pwlen = strlen(passwd);
-   if (pwlen == 0) goto out;
 
    snprintf(buf, sizeof(buf),
             "%s/enlightenment/utils/enlightenment_ckpasswd pk",
diff --git a/src/bin/e_ckpasswd_main.c b/src/bin/e_ckpasswd_main.c
index e8c193e2a..1278b2fbb 100644
--- a/src/bin/e_ckpasswd_main.c
+++ b/src/bin/e_ckpasswd_main.c
@@ -266,6 +266,17 @@ main(int argc, char **argv)
    // read passwd from stdin
    if (polkit_mode == 0)
      {
+        rd = read(0, pw, 3);
+        if (rd != 3)
+          {
+             fprintf(stderr, "AUTH: Error. Can't read passwd preable\n");
+             goto err;
+          }
+        if (!((pw[0] == 'p') && (pw[1] == 'w') && (pw[2] == ' ')))
+          {
+             fprintf(stderr, "AUTH: Error. Preable is wrong\n");
+             goto err;
+          }
         rd = read(0, pw, sizeof(pw) - 1);
         if (rd < 0)
           {

--

Reply via email to