mirror of
https://github.com/RGBCube/serenity
synced 2025-07-27 08:07:34 +00:00
LibCore: Always fail Account authentication on missing shadow entry
If a user is missing from /etc/shadow, we used to just allow anyone to authenticate as that user without a password. With this patch, authentication will instead always fail.
This commit is contained in:
parent
439f447ba8
commit
3b80358142
2 changed files with 9 additions and 4 deletions
|
@ -102,6 +102,10 @@ Result<Account, String> Account::from_uid(uid_t uid)
|
|||
|
||||
bool Account::authenticate(const char* password) const
|
||||
{
|
||||
// If there was no shadow entry for this account, authentication always fails.
|
||||
if (m_password_hash.is_null())
|
||||
return false;
|
||||
|
||||
// An empty passwd field indicates that no password is required to log in.
|
||||
if (m_password_hash.is_empty())
|
||||
return true;
|
||||
|
@ -206,7 +210,7 @@ void Account::load_shadow_file()
|
|||
auto line = shadow_file->read_line();
|
||||
if (line.is_null())
|
||||
break;
|
||||
auto parts = line.split(':');
|
||||
auto parts = line.split(':', true);
|
||||
if (parts.size() != 2) {
|
||||
dbgln("Malformed shadow entry, ignoring.");
|
||||
continue;
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue