wok-current rev 11356
busybox/httpd: add support for system passwords (again)
author | Pascal Bellard <pascal.bellard@slitaz.org> |
---|---|
date | Thu Dec 01 21:53:35 2011 +0100 (2011-12-01) |
parents | e5421dd582ff |
children | a8d8d895ebe7 |
files | busybox/stuff/busybox-1.18-httpd.u |
line diff
1.1 --- a/busybox/stuff/busybox-1.18-httpd.u Thu Dec 01 11:38:36 2011 +0100 1.2 +++ b/busybox/stuff/busybox-1.18-httpd.u Thu Dec 01 21:53:35 2011 +0100 1.3 @@ -107,7 +107,7 @@ 1.4 + char *colon_after_user; 1.5 + const char *passwd; 1.6 +# if ENABLE_FEATURE_SHADOWPASSWDS && !ENABLE_PAM 1.7 -+ char buffer[256]; /* will store passwd */ 1.8 ++ char sp_buf[256]; 1.9 +# endif 1.10 1.11 - md5_passwd = strchr(cur->after_colon, ':'); 1.12 @@ -177,9 +177,9 @@ 1.13 + /* getspnam_r may return 0 yet set result to NULL. 1.14 + * At least glibc 2.4 does this. Be extra paranoid here. */ 1.15 + struct spwd *result = NULL; 1.16 -+ r = getspnam_r(pw->pw_name, &spw, buffer, sizeof(buffer), &result); 1.17 ++ r = getspnam_r(pw->pw_name, &spw, sp_buf, sizeof(sp_buf), &result); 1.18 + if (r == 0 && result) 1.19 -+ passwd = result->sp_pwdp; /* note: passwd is located into buffer ! */ 1.20 ++ passwd = result->sp_pwdp; 1.21 + } 1.22 +# endif 1.23 +# endif /* ENABLE_PAM */ 1.24 @@ -210,9 +210,18 @@ 1.25 /* Comparing plaintext "user:pass" in one go */ 1.26 - if (strcmp(cur->after_colon, user_and_passwd) == 0) { 1.27 - set_remoteuser_var: 1.28 ++ r = strcmp(cur->after_colon, user_and_passwd); 1.29 + end_check_passwd: 1.30 -+ r = strcmp(cur->after_colon, user_and_passwd); 1.31 + if (r == 0) { 1.32 remoteuser = xstrndup(user_and_passwd, 1.33 strchrnul(user_and_passwd, ':') - user_and_passwd); 1.34 return 1; /* Ok */ 1.35 +@@ -2112,7 +2233,7 @@ 1.36 + /* Case: no "Authorization:" was seen, but page does require passwd. 1.37 + * Check that with dummy user:pass */ 1.38 + if (authorized < 0) 1.39 +- authorized = check_user_passwd(urlcopy, ":"); 1.40 ++ authorized = check_user_passwd(urlcopy, (char *) ""); 1.41 + if (!authorized) 1.42 + send_headers_and_exit(HTTP_UNAUTHORIZED); 1.43 + #endif