From 36f2bc43b67a3bc5e24cf77db0718cd73f9be0a3 Mon Sep 17 00:00:00 2001
From: Upi Tamminen <desaster@gmail.com>
Date: Fri, 13 Jun 2014 18:15:51 +0300
Subject: [PATCH] don't let user set password to '*'

---
 kippo/commands/base.py | 2 +-
 kippo/core/userdb.py   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/kippo/commands/base.py b/kippo/commands/base.py
index ac899b4..6e6a07a 100644
--- a/kippo/commands/base.py
+++ b/kippo/commands/base.py
@@ -169,7 +169,7 @@ class command_passwd(HoneyPotCommand):
     def finish(self, line):
         self.honeypot.password_input = False
 
-        if line != self.passwd:
+        if line != self.passwd or self.passwd == '*':
             self.writeln('Sorry, passwords do not match')
             self.exit()
             return
diff --git a/kippo/core/userdb.py b/kippo/core/userdb.py
index 425a851..9b87dbd 100644
--- a/kippo/core/userdb.py
+++ b/kippo/core/userdb.py
@@ -59,7 +59,7 @@ class UserDB:
         '''note that it allows multiple passwords for a single username'''
 
         for (login, uid, passwd) in self.userdb:
-            if login == thelogin and (passwd == thepasswd or passwd == '*'):
+            if login == thelogin and passwd in (thepasswd, '*'):
                 return True
         return False