===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/passwd/pwd_check.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -c -r1.3 -r1.4
*** src/usr.bin/passwd/pwd_check.c	2000/11/24 21:07:04	1.3
--- src/usr.bin/passwd/pwd_check.c	2001/06/18 21:09:23	1.4
***************
*** 1,4 ****
! /*	$OpenBSD: pwd_check.c,v 1.3 2000/11/24 21:07:04 millert Exp $	*/
  /*
   * Copyright 2000 Niels Provos <provos@citi.umich.edu>
   * All rights reserved.
--- 1,4 ----
! /*	$OpenBSD: pwd_check.c,v 1.4 2001/06/18 21:09:23 millert Exp $	*/
  /*
   * Copyright 2000 Niels Provos <provos@citi.umich.edu>
   * All rights reserved.
***************
*** 44,49 ****
--- 44,50 ----
  #include <paths.h>
  #include <pwd.h>
  #include <util.h>
+ #include <login_cap.h>
  
  struct pattern {
  	char *match;
***************
*** 80,93 ****
  };
  
  int
! pwd_check(struct passwd *pwd, char *password)
  {
  	regex_t rgx;
! 	int i, res;
! 	char    option[LINE_MAX];
  	int pipefds[2];
  	
! 	if (strlen(password) <= 5) {
  		printf("Please enter a longer password.\n");
  		return (0);
  	}
--- 81,95 ----
  };
  
  int
! pwd_check(struct passwd *pwd, login_cap_t *lc, char *password)
  {
  	regex_t rgx;
! 	int i, res, min_len;
! 	char *cp, option[LINE_MAX];
  	int pipefds[2];
  	
! 	min_len = (int) login_getcapnum(lc, "minpasswordlen", 6, 6);
! 	if (min_len > 0 && strlen(password) < min_len) {
  		printf("Please enter a longer password.\n");
  		return (0);
  	}
***************
*** 104,124 ****
  	}
  
  	/* Okay, now pass control to an external program */
- 	pw_getconf(option, LINE_MAX, pwd->pw_name, "pwdcheck");
  
! 	/* Try to find an entry for the group */
! 	if (*option == 0) {
! 	        struct group *grp;
! 	        char grpkey[LINE_MAX];
  
! 	        grp = getgrgid(pwd->pw_gid);
! 	        if (grp != NULL) {
!                         snprintf(grpkey, LINE_MAX-1, ".%s", grp->gr_name);
! 			grpkey[LINE_MAX-1] = 0;
! 			pw_getconf(option, LINE_MAX, grpkey, "pwdcheck");
  		}
- 		if (*option == 0)
- 		        pw_getconf(option, LINE_MAX, "default", "pwdcheck");
  	}
  	
  	/* If no checker is specified, we accept the password */
--- 106,138 ----
  	}
  
  	/* Okay, now pass control to an external program */
  
! 	/*
! 	 * Check login.conf, falling back onto the deprecated passwd.conf
! 	 */
! 	if ((cp = login_getcapstr(lc, "passwordcheck", NULL, NULL)) != NULL) {
! 		strlcpy(option, cp, sizeof(option));
! 		free(cp);
! 	} else {
! 		pw_getconf(option, LINE_MAX, pwd->pw_name, "pwdcheck");
  
! 		/* Try to find an entry for the group */
! 		if (*option == 0) {
! 			struct group *grp;
! 			char grpkey[LINE_MAX];
! 
! 			grp = getgrgid(pwd->pw_gid);
! 			if (grp != NULL) {
! 				snprintf(grpkey, LINE_MAX-1, ".%s",
! 				    grp->gr_name);
! 				grpkey[LINE_MAX-1] = 0;
! 				pw_getconf(option, LINE_MAX, grpkey,
! 				    "pwdcheck");
! 			}
! 			if (*option == 0)
! 				pw_getconf(option, LINE_MAX, "default",
! 				    "pwdcheck");
  		}
  	}
  	
  	/* If no checker is specified, we accept the password */
***************
*** 168,192 ****
  	return (0);
  }
  
! int pwd_gettries( struct passwd *pwd ) {
  	char option[LINE_MAX];
  	char *ep = option; 
  
  	pw_getconf(option, LINE_MAX, pwd->pw_name, "pwdtries");
  
  	/* Try to find an entry for the group */
  	if (*option == 0) {
! 	        struct group *grp;
! 	        char grpkey[LINE_MAX];
  
! 	        grp = getgrgid(pwd->pw_gid);
! 	        if (grp != NULL) {
!                         snprintf(grpkey, LINE_MAX-1, ".%s", grp->gr_name);
  			grpkey[LINE_MAX-1] = 0;
  			pw_getconf(option, LINE_MAX, grpkey, "pwdtries");
  		}
  		if (*option == 0)
! 		        pw_getconf(option, LINE_MAX, "default", "pwdtries");
  	}
  	
  	if (*option == 0)
--- 182,220 ----
  	return (0);
  }
  
! int pwd_gettries( struct passwd *pwd, login_cap_t *lc )
! {
  	char option[LINE_MAX];
  	char *ep = option; 
+ 	quad_t ntries;
  
+ 	/*
+ 	 * Check login.conf, falling back onto the deprecated passwd.conf
+ 	 */
+ 	if ((ntries = login_getcapnum(lc, "passwordtries", -1, -1)) != -1) {
+ 		if (ntries > INT_MAX || ntries < 0) {
+ 			fprintf(stderr,
+ 			    "Warning: pwdtries out of range in /etc/login.conf");   
+ 			goto out;
+ 		}
+ 		return((int)ntries);
+ 	}
+ 
  	pw_getconf(option, LINE_MAX, pwd->pw_name, "pwdtries");
  
  	/* Try to find an entry for the group */
  	if (*option == 0) {
! 		struct group *grp;
! 		char grpkey[LINE_MAX];
  
! 		grp = getgrgid(pwd->pw_gid);
! 		if (grp != NULL) {
! 			snprintf(grpkey, LINE_MAX-1, ".%s", grp->gr_name);
  			grpkey[LINE_MAX-1] = 0;
  			pw_getconf(option, LINE_MAX, grpkey, "pwdtries");
  		}
  		if (*option == 0)
! 			pw_getconf(option, LINE_MAX, "default", "pwdtries");
  	}
  	
  	if (*option == 0)
***************
*** 202,208 ****
  		}
  		if ((errno == ERANGE && (lval == LONG_MAX
  					 || lval == LONG_MIN)) ||
! 		    (lval > INT_MAX || lval < INT_MIN)) {
  			fprintf(stderr, 
  				"Warning: pwdtries out of range in /etc/passwd.conf");   
  			goto out;
--- 230,236 ----
  		}
  		if ((errno == ERANGE && (lval == LONG_MAX
  					 || lval == LONG_MIN)) ||
! 		    (lval > INT_MAX || lval < 0)) {
  			fprintf(stderr, 
  				"Warning: pwdtries out of range in /etc/passwd.conf");   
  			goto out;