===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/passwd/pwd_check.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -c -r1.7 -r1.8
*** src/usr.bin/passwd/pwd_check.c	2004/03/14 22:53:18	1.7
--- src/usr.bin/passwd/pwd_check.c	2004/07/13 21:09:48	1.8
***************
*** 1,4 ****
! /*	$OpenBSD: pwd_check.c,v 1.7 2004/03/14 22:53:18 tedu Exp $	*/
  /*
   * Copyright 2000 Niels Provos <provos@citi.umich.edu>
   * All rights reserved.
--- 1,4 ----
! /*	$OpenBSD: pwd_check.c,v 1.8 2004/07/13 21:09:48 millert Exp $	*/
  /*
   * Copyright 2000 Niels Provos <provos@citi.umich.edu>
   * All rights reserved.
***************
*** 42,49 ****
  #include <regex.h>
  #include <grp.h>
  #include <paths.h>
- #include <pwd.h>
- #include <util.h>
  #include <login_cap.h>
  
  struct pattern {
--- 42,47 ----
***************
*** 81,91 ****
  };
  
  int
! pwd_check(struct passwd *pwd, login_cap_t *lc, char *password)
  {
  	regex_t rgx;
  	int i, res, min_len;
! 	char *cp, option[LINE_MAX];
  	int pipefds[2];
  	pid_t child;
  
--- 79,89 ----
  };
  
  int
! pwd_check(login_cap_t *lc, char *password)
  {
  	regex_t rgx;
  	int i, res, min_len;
! 	char *option;
  	int pipefds[2];
  	pid_t child;
  
***************
*** 106,151 ****
  		}
  	}
  
! 	/* Okay, now pass control to an external program */
! 
! 	/*
! 	 * Check login.conf, falling back onto the deprecated passwd.conf
! 	 */
! 	if ((cp = login_getcapstr(lc, "passwordcheck", NULL, NULL)) != NULL) {
! 		strlcpy(option, cp, sizeof(option));
! 		free(cp);
! 	} else {
! 		pw_getconf(option, LINE_MAX, pwd->pw_name, "pwdcheck");
! 
! 		/* Try to find an entry for the group */
! 		if (*option == 0) {
! 			struct group *grp;
! 			char grpkey[LINE_MAX];
! 
! 			grp = getgrgid(pwd->pw_gid);
! 			if (grp != NULL) {
! 				snprintf(grpkey, LINE_MAX, ":%s",
! 				    grp->gr_name);
! 				pw_getconf(option, LINE_MAX, grpkey,
! 				    "pwdcheck");
! 			}
! 			if (grp != NULL && *option == 0 &&
! 			    strchr(pwd->pw_name, '.') == NULL) {
! 				snprintf(grpkey, LINE_MAX, ".%s",
! 				    grp->gr_name);
! 				pw_getconf(option, LINE_MAX, grpkey,
! 				    "pwdcheck");
! 			}
! 			if (*option == 0)
! 				pw_getconf(option, LINE_MAX, "default",
! 				    "pwdcheck");
! 		}
! 	}
! 
! 	/* If no checker is specified, we accept the password */
! 	if (*option == 0)
  		return (1);
  
  	if (pipe(pipefds) == -1) {
  		warn("pipe");
  		goto out;
--- 104,114 ----
  		}
  	}
  
! 	/* If no checker is specified in login.conf we accept the password */
! 	if ((option = login_getcapstr(lc, "passwordcheck", NULL, NULL)) == NULL)
  		return (1);
  
+ 	/* Okay, now pass control to an external program */
  	if (pipe(pipefds) == -1) {
  		warn("pipe");
  		goto out;
***************
*** 174,179 ****
--- 137,143 ----
  		goto out;
  	}
  	close(pipefds[0]);
+ 	free(option);
  
  	/* Send the password to STDIN of child */
  	write(pipefds[1], password, strlen(password) + 1);
***************
*** 185,205 ****
  		return (1);
  
   out:
  	printf("Please use a different password. Unusual capitalization,\n");
  	printf("control characters, or digits are suggested.\n");
  	return (0);
  }
  
  int
! pwd_gettries(struct passwd *pwd, login_cap_t *lc)
  {
- 	char option[LINE_MAX];
- 	char *ep = option;
  	quad_t ntries;
- 	long lval;
  
  	/*
! 	 * Check login.conf, falling back onto the deprecated passwd.conf
  	 */
  	if ((ntries = login_getcapnum(lc, "passwordtries", -1, -1)) != -1) {
  		if (ntries > INT_MAX || ntries < 0) {
--- 149,167 ----
  		return (1);
  
   out:
+ 	free(option);
  	printf("Please use a different password. Unusual capitalization,\n");
  	printf("control characters, or digits are suggested.\n");
  	return (0);
  }
  
  int
! pwd_gettries(login_cap_t *lc)
  {
  	quad_t ntries;
  
  	/*
! 	 * Check login.conf
  	 */
  	if ((ntries = login_getcapnum(lc, "passwordtries", -1, -1)) != -1) {
  		if (ntries > INT_MAX || ntries < 0) {
***************
*** 210,255 ****
  		return((int)ntries);
  	}
  
! 	pw_getconf(option, LINE_MAX, pwd->pw_name, "pwdtries");
! 
! 	/* Try to find an entry for the group */
! 	if (*option == 0) {
! 		struct group *grp;
! 		char grpkey[LINE_MAX];
! 
! 		grp = getgrgid(pwd->pw_gid);
! 		if (grp != NULL) {
! 			snprintf(grpkey, LINE_MAX, ":%s", grp->gr_name);
! 			pw_getconf(option, LINE_MAX, grpkey, "pwdtries");
! 		}
! 		if (grp != NULL && *option == 0 &&
! 		    strchr(pwd->pw_name, '.') == NULL) {
! 			snprintf(grpkey, LINE_MAX, ".%s", grp->gr_name);
! 			pw_getconf(option, LINE_MAX, grpkey, "pwdtries");
! 		}
! 		if (*option == 0)
! 			pw_getconf(option, LINE_MAX, "default", "pwdtries");
! 	}
! 
! 	if (*option == 0)
! 		goto out;
! 
! 	errno = 0;
! 	lval = strtol(option, &ep, 10);
! 	if (option[0] == '\0' || *ep != '\0') {
! 		fprintf(stderr,
! 		    "Warning: Bad pwdtries line in /etc/passwd.conf");
! 		goto out;
! 	}
! 	if ((errno == ERANGE && (lval == LONG_MAX || lval == LONG_MIN)) ||
! 	    (lval > INT_MAX || lval < 0)) {
! 		fprintf(stderr,
! 		    "Warning: pwdtries out of range in /etc/passwd.conf");
! 		goto out;
! 	}
! 	return((int) lval);
! 
! 	/* If no amount of tries is specified, return a default of
  	 * 3, meaning that after 3 attempts where the user is foiled
  	 * by the password checks, it will no longer be checked and
  	 * they can set it to whatever they like.
--- 172,179 ----
  		return((int)ntries);
  	}
  
! 	/*
! 	 * If no amount of tries is specified, return a default of
  	 * 3, meaning that after 3 attempts where the user is foiled
  	 * by the password checks, it will no longer be checked and
  	 * they can set it to whatever they like.