diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-06-26 16:18:36 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-06-26 16:18:36 +0000 |
commit | 6c3ea4f47ea280811a7fe53a22f7832e4533c9ec (patch) | |
tree | 3d7ed5da23b5dbf6f9e450dfb61642832249c31e /lib/obscure.c | |
parent | Adding upstream version 1:4.13+dfsg1. (diff) | |
download | shadow-upstream/1%4.15.2.tar.xz shadow-upstream/1%4.15.2.zip |
Adding upstream version 1:4.15.2.upstream/1%4.15.2upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | lib/obscure.c (renamed from libmisc/obscure.c) | 112 |
1 files changed, 15 insertions, 97 deletions
diff --git a/libmisc/obscure.c b/lib/obscure.c index 3daaa95..549c2a8 100644 --- a/libmisc/obscure.c +++ b/lib/obscure.c @@ -9,25 +9,27 @@ #include <config.h> -#ifndef USE_PAM - #ident "$Id$" -/* - * This version of obscure.c contains modifications to support "cracklib" - * by Alec Muffet (alec.muffett@uk.sun.com). You must obtain the Cracklib - * library source code for this function to operate. - */ #include <ctype.h> #include <stdio.h> + +#include "alloc.h" +#include "attr.h" +#include "memzero.h" #include "prototypes.h" #include "defines.h" #include "getdef.h" + +#if WITH_LIBBSD == 0 +#include "freezero.h" +#endif /* WITH_LIBBSD */ + /* * can't be a palindrome - like `R A D A R' or `M A D A M' */ -static bool palindrome (unused const char *old, const char *new) +static bool palindrome (MAYBE_UNUSED const char *old, const char *new) { size_t i, j; @@ -73,57 +75,6 @@ static bool similar (/*@notnull@*/const char *old, /*@notnull@*/const char *new) return true; } -/* - * a nice mix of characters. - */ - -static bool simple (unused const char *old, const char *new) -{ - bool digits = false; - bool uppers = false; - bool lowers = false; - bool others = false; - int size; - int i; - - for (i = 0; '\0' != new[i]; i++) { - if (isdigit (new[i])) { - digits = true; - } else if (isupper (new[i])) { - uppers = true; - } else if (islower (new[i])) { - lowers = true; - } else { - others = true; - } - } - - /* - * The scam is this - a password of only one character type - * must be 8 letters long. Two types, 7, and so on. - */ - - size = 9; - if (digits) { - size--; - } - if (uppers) { - size--; - } - if (lowers) { - size--; - } - if (others) { - size--; - } - - if (size <= i) { - return false; - } - - return true; -} - static char *str_lower (/*@returned@*/char *string) { char *cp; @@ -137,28 +88,18 @@ static char *str_lower (/*@returned@*/char *string) static /*@observer@*//*@null@*/const char *password_check ( /*@notnull@*/const char *old, /*@notnull@*/const char *new, - /*@notnull@*/const struct passwd *pwdp) + /*@notnull@*/MAYBE_UNUSED const struct passwd *pwdp) { const char *msg = NULL; char *oldmono, *newmono, *wrapped; -#ifdef HAVE_LIBCRACK - char *dictpath; - -#ifdef HAVE_LIBCRACK_PW - char *FascistCheckPw (); -#else - char *FascistCheck (); -#endif -#endif - if (strcmp (new, old) == 0) { return _("no change"); } newmono = str_lower (xstrdup (new)); oldmono = str_lower (xstrdup (old)); - wrapped = xmalloc (strlen (oldmono) * 2 + 1); + wrapped = XMALLOC(strlen(oldmono) * 2 + 1, char); strcpy (wrapped, oldmono); strcat (wrapped, oldmono); @@ -168,25 +109,8 @@ static /*@observer@*//*@null@*/const char *password_check ( msg = _("case changes only"); } else if (similar (oldmono, newmono)) { msg = _("too similar"); - } else if (simple (old, new)) { - msg = _("too simple"); } else if (strstr (wrapped, newmono) != NULL) { msg = _("rotated"); - } else { -#ifdef HAVE_LIBCRACK - /* - * Invoke Alec Muffett's cracklib routines. - */ - - dictpath = getdef_str ("CRACKLIB_DICTPATH"); - if (NULL != dictpath) { -#ifdef HAVE_LIBCRACK_PW - msg = FascistCheckPw (new, dictpath, pwdp); -#else - msg = FascistCheck (new, dictpath); -#endif - } -#endif } strzero (newmono); strzero (oldmono); @@ -257,7 +181,7 @@ static /*@observer@*//*@null@*/const char *obscure_msg ( } } - maxlen = (size_t) getdef_num ("PASS_MAX_LEN", 8); + maxlen = getdef_num ("PASS_MAX_LEN", 8); if ( (oldlen <= maxlen) && (newlen <= maxlen)) { return NULL; @@ -274,10 +198,8 @@ static /*@observer@*//*@null@*/const char *obscure_msg ( msg = password_check (old1, new1, pwdp); - memzero (new1, newlen); - memzero (old1, oldlen); - free (new1); - free (old1); + freezero (new1, newlen); + freezero (old1, oldlen); return msg; } @@ -300,7 +222,3 @@ bool obscure (const char *old, const char *new, const struct passwd *pwdp) } return true; } - -#else /* !USE_PAM */ -extern int errno; /* warning: ANSI C forbids an empty source file */ -#endif /* !USE_PAM */ |