Updated changes hopefully meeting most of the security checks/validation items in nangel's list

git-svn-id: svn://svn.alpinelinux.org/acf/core/trunk@662 ab2d0c66-481e-0410-8bed-d214d4d58bed

1 files changed, 21 insertions, 18 deletions

diff --git a/lib/authenticator-plaintext.lua b/lib/authenticator-plaintext.lua
index 8466ed3..af2ab87 100644
--- a/lib/authenticator-plaintext.lua
+++ b/lib/authenticator-plaintext.lua
@@ -60,25 +60,28 @@ end
 -- This function returns true or false, and
 -- if false:  the reason for failure
 authenticate = function ( self, userid, password )
-	password = password or ""
-	userid = userid or ""
-
-	local t = pvt.parse_authfile(self.conf.confdir .. "/passwd")
-
-	if t == false then
-		return false, "password file is missing"
-	else
-		local id = pvt.get_id (userid, t)
-		if id == false then
-			return false, "Userid not found"
-		end
-		if id.password ~= password then
-			return false, "Invalid password"
+		password = password or ""
+		userid = userid or ""
+
+		local t = pvt.parse_authfile(self.conf.confdir .. "/passwd")
+
+		if t == false then
+			return false, "password file is missing"
+		else
+		  if userid ~= nil then
+			local id = pvt.get_id (userid, t)
+			if id == false or id == nil then
+				return false, "Userid not found"
+			end
+			if id.password ~= password then
+				return false, "Invalid password"
+			end
+		  else 
+		  return false
+		  end
+		return true
 		end
-	end
-	return true
-	end
-
+end
 
 -- This function returns the username and roles 
 -- or false on an error