MAX_PASSLEN based authentication

2009-11-15 23:36:42 +01:00 · 2009-11-15 23:36:42 +01:00 · 228734ab02
commit 228734ab02
parent 10e53efaee
3 changed files with 13 additions and 63 deletions
--- a/normal/auth.c
+++ b/normal/auth.c
@ -35,58 +35,6 @@ struct grub_auth_user

 struct grub_auth_user *users = NULL;

-int
-grub_auth_strcmp (const char *s1, const char *s2)
-{
-  int ret;
-  grub_uint64_t end;
-
-  end = grub_get_time_ms () + 100;
-  ret = grub_strcmp (s1, s2);
-
-  /* This prevents an attacker from deriving information about the
-     password from the time it took to execute this function.  */
-  while (grub_get_time_ms () < end);
-
-  return ret;
-}
-
-static int
-grub_iswordseparator (int c)
-{
-  return (grub_isspace (c) || c == ',' || c == ';' || c == '|' || c == '&');
-}
-
-int
-grub_auth_strword (const char *haystack, const char *needle)
-{
-  const char *n_pos = needle;
-  int found = 0;
-
-  while (grub_iswordseparator (*haystack))
-    haystack++;
-
-  while (*haystack)
-    {
-      int ok = 1;
-      /* Crawl both the needle and the haystack word we're on.  */
-      while(*haystack && !grub_iswordseparator (*haystack))
-        {
-	  if (*haystack == *n_pos && ok)
-	    n_pos++;
-	  else
-	    ok = 0;
-
-          haystack++;
-        }
-
-      if (ok)
-	found = 1;
-    }
-
-  return found;
-}
-
 grub_err_t
 grub_auth_register_authentication (const char *user,
 				   grub_auth_callback_t callback,
@ -193,8 +141,8 @@ is_authenticated (const char *userlist)
      return 0;
    name = ((struct grub_auth_user *) item)->name;

-    return (userlist && grub_auth_strword (userlist, name))
-      || grub_auth_strword (superusers, name);
+    return (userlist && grub_strword (userlist, name))
+      || grub_strword (superusers, name);
  }

  superusers = grub_env_get ("superusers");