wok-current rev 11356

busybox/httpd: add support for system passwords (again)
author Pascal Bellard <pascal.bellard@slitaz.org>
date Thu Dec 01 21:53:35 2011 +0100 (2011-12-01)
parents e5421dd582ff
children a8d8d895ebe7
files busybox/stuff/busybox-1.18-httpd.u
line diff
     1.1 --- a/busybox/stuff/busybox-1.18-httpd.u	Thu Dec 01 11:38:36 2011 +0100
     1.2 +++ b/busybox/stuff/busybox-1.18-httpd.u	Thu Dec 01 21:53:35 2011 +0100
     1.3 @@ -107,7 +107,7 @@
     1.4  +			char *colon_after_user;
     1.5  +			const char *passwd;
     1.6  +# if ENABLE_FEATURE_SHADOWPASSWDS && !ENABLE_PAM
     1.7 -+			char buffer[256];	/* will store passwd */
     1.8 ++			char sp_buf[256];
     1.9  +# endif
    1.10   
    1.11  -			md5_passwd = strchr(cur->after_colon, ':');
    1.12 @@ -177,9 +177,9 @@
    1.13  +					/* getspnam_r may return 0 yet set result to NULL.
    1.14  +					 * At least glibc 2.4 does this. Be extra paranoid here. */
    1.15  +					struct spwd *result = NULL;
    1.16 -+					r = getspnam_r(pw->pw_name, &spw, buffer, sizeof(buffer), &result);
    1.17 ++					r = getspnam_r(pw->pw_name, &spw, sp_buf, sizeof(sp_buf), &result);
    1.18  +					if (r == 0 && result)
    1.19 -+						passwd = result->sp_pwdp; /* note: passwd is located into buffer ! */
    1.20 ++						passwd = result->sp_pwdp;
    1.21  +				}
    1.22  +#  endif
    1.23  +# endif /* ENABLE_PAM */
    1.24 @@ -210,9 +210,18 @@
    1.25   		/* Comparing plaintext "user:pass" in one go */
    1.26  -		if (strcmp(cur->after_colon, user_and_passwd) == 0) {
    1.27  - set_remoteuser_var:
    1.28 ++		r = strcmp(cur->after_colon, user_and_passwd);
    1.29  + end_check_passwd:
    1.30 -+		r = strcmp(cur->after_colon, user_and_passwd);
    1.31  +		if (r == 0) {
    1.32   			remoteuser = xstrndup(user_and_passwd,
    1.33   					strchrnul(user_and_passwd, ':') - user_and_passwd);
    1.34   			return 1; /* Ok */
    1.35 +@@ -2112,7 +2233,7 @@
    1.36 + 	/* Case: no "Authorization:" was seen, but page does require passwd.
    1.37 + 	 * Check that with dummy user:pass */
    1.38 + 	if (authorized < 0)
    1.39 +-		authorized = check_user_passwd(urlcopy, ":");
    1.40 ++		authorized = check_user_passwd(urlcopy, (char *) "");
    1.41 + 	if (!authorized)
    1.42 + 		send_headers_and_exit(HTTP_UNAUTHORIZED);
    1.43 + #endif