From 51821a9b89c2e79a683dcd4ff29b3ffc2921d2e2 Mon Sep 17 00:00:00 2001
From: Mike Mason <ms13sp@gmail.com>
Date: Tue, 29 Jan 2008 21:00:05 +0000
Subject: Updated changes hopefully meeting most of the security
 checks/validation items in nangel's list

git-svn-id: svn://svn.alpinelinux.org/acf/core/trunk@662 ab2d0c66-481e-0410-8bed-d214d4d58bed
---
 lib/authenticator-plaintext.lua | 39 +++++++++++++++++++++------------------
 1 file changed, 21 insertions(+), 18 deletions(-)

(limited to 'lib/authenticator-plaintext.lua')

diff --git a/lib/authenticator-plaintext.lua b/lib/authenticator-plaintext.lua
index 8466ed3..af2ab87 100644
--- a/lib/authenticator-plaintext.lua
+++ b/lib/authenticator-plaintext.lua
@@ -60,25 +60,28 @@ end
 -- This function returns true or false, and
 -- if false:  the reason for failure
 authenticate = function ( self, userid, password )
-	password = password or ""
-	userid = userid or ""
-
-	local t = pvt.parse_authfile(self.conf.confdir .. "/passwd")
-
-	if t == false then
-		return false, "password file is missing"
-	else
-		local id = pvt.get_id (userid, t)
-		if id == false then
-			return false, "Userid not found"
-		end
-		if id.password ~= password then
-			return false, "Invalid password"
+		password = password or ""
+		userid = userid or ""
+
+		local t = pvt.parse_authfile(self.conf.confdir .. "/passwd")
+
+		if t == false then
+			return false, "password file is missing"
+		else
+		  if userid ~= nil then
+			local id = pvt.get_id (userid, t)
+			if id == false or id == nil then
+				return false, "Userid not found"
+			end
+			if id.password ~= password then
+				return false, "Invalid password"
+			end
+		  else 
+		  return false
+		  end
+		return true
 		end
-	end
-	return true
-	end
-
+end
 
 -- This function returns the username and roles 
 -- or false on an error 
-- 
cgit v1.2.3