The 'login' command doesn't prompt for a password if the password is
empty. However, the current implementation only checks if the
/etc/passwd entry is empty. If the /etc/shadow entry is empty, it still
requires the user to enter an empty password.
This commit addresses the issue, and no longer prompts for a password if
the /etc/shadow entry has an empty password.
---
toys/other/login.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/toys/other/login.c b/toys/other/login.c
index bcca4aea..486b7bce 100644
--- a/toys/other/login.c
+++ b/toys/other/login.c
@@ -78,7 +78,12 @@ void login_main(void)
if (*(pass = pwd->pw_passwd) == 'x') {
struct spwd *spwd = getspnam (username);
- if (spwd) pass = spwd->sp_pwdp;
+ if (spwd) {
+ pass = spwd->sp_pwdp;
+
+ // empty shadow password
+ if (pass && !*pass) break;
+ }
}
} else if (TT.f) error_exit("bad -f '%s'", TT.f);
--
2.39.1.405.gd4c25cc71f-goog
_______________________________________________
Toybox mailing list
[email protected]
http://lists.landley.net/listinfo.cgi/toybox-landley.net
