From f1efcb18a1acb898bb6ed52e1f6294df6718807d Mon Sep 17 00:00:00 2001 From: Eli Lipsitz Date: Tue, 24 Jan 2023 23:24:33 +0000 Subject: [PATCH] login: Don't prompt for password if shadow password is empty The 'login' command doesn't prompt for a password if the password is empty. However, the current implementation only checks if the /etc/passwd entry is empty. If the /etc/shadow entry is empty, it still requires the user to enter an empty password. This commit addresses the issue, and no longer prompts for a password if the /etc/shadow entry has an empty password. --- toys/other/login.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/toys/other/login.c b/toys/other/login.c index bcca4aea..486b7bce 100644 --- a/toys/other/login.c +++ b/toys/other/login.c @@ -78,7 +78,12 @@ void login_main(void) if (*(pass = pwd->pw_passwd) == 'x') { struct spwd *spwd = getspnam (username); - if (spwd) pass = spwd->sp_pwdp; + if (spwd) { + pass = spwd->sp_pwdp; + + // empty shadow password + if (pass && !*pass) break; + } } } else if (TT.f) error_exit("bad -f '%s'", TT.f); -- 2.39.2