=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/passwd/pwd_check.c,v retrieving revision 1.8 retrieving revision 1.9 diff -c -r1.8 -r1.9 *** src/usr.bin/passwd/pwd_check.c 2004/07/13 21:09:48 1.8 --- src/usr.bin/passwd/pwd_check.c 2004/07/13 21:29:12 1.9 *************** *** 1,4 **** ! /* $OpenBSD: pwd_check.c,v 1.8 2004/07/13 21:09:48 millert Exp $ */ /* * Copyright 2000 Niels Provos * All rights reserved. --- 1,5 ---- ! /* $OpenBSD: pwd_check.c,v 1.9 2004/07/13 21:29:12 millert Exp $ */ ! /* * Copyright 2000 Niels Provos * All rights reserved. *************** *** 83,99 **** { regex_t rgx; int i, res, min_len; ! char *option; int pipefds[2]; pid_t child; ! min_len = (int) login_getcapnum(lc, "minpasswordlen", 6, 6); if (min_len > 0 && strlen(password) < min_len) { printf("Please enter a longer password.\n"); return (0); } ! for (i = 0; i < sizeof(patterns)/sizeof(struct pattern); i++) { if (regcomp(&rgx, patterns[i].match, patterns[i].flags) != 0) continue; res = regexec(&rgx, password, 0, NULL, 0); --- 84,100 ---- { regex_t rgx; int i, res, min_len; ! char *checker; int pipefds[2]; pid_t child; ! min_len = (int)login_getcapnum(lc, "minpasswordlen", 6, 6); if (min_len > 0 && strlen(password) < min_len) { printf("Please enter a longer password.\n"); return (0); } ! for (i = 0; i < sizeof(patterns) / sizeof(struct pattern); i++) { if (regcomp(&rgx, patterns[i].match, patterns[i].flags) != 0) continue; res = regexec(&rgx, password, 0, NULL, 0); *************** *** 104,111 **** } } ! /* If no checker is specified in login.conf we accept the password */ ! if ((option = login_getcapstr(lc, "passwordcheck", NULL, NULL)) == NULL) return (1); /* Okay, now pass control to an external program */ --- 105,113 ---- } } ! /* If no external checker is specified, just accept the password */ ! checker = login_getcapstr(lc, "passwordcheck", NULL, NULL); ! if (checker == NULL) return (1); /* Okay, now pass control to an external program */ *************** *** 128,134 **** close(pipefds[0]); close(pipefds[1]); ! argp[2] = option; if (execv(_PATH_BSHELL, argp) == -1) exit(1); /* NOT REACHED */ --- 130,136 ---- close(pipefds[0]); close(pipefds[1]); ! argp[2] = checker; if (execv(_PATH_BSHELL, argp) == -1) exit(1); /* NOT REACHED */ *************** *** 137,143 **** goto out; } close(pipefds[0]); - free(option); /* Send the password to STDIN of child */ write(pipefds[1], password, strlen(password) + 1); --- 139,144 ---- *************** *** 145,155 **** /* get the return value from the child */ wait(&child); ! if (WIFEXITED(child) && WEXITSTATUS(child) == 0) return (1); out: ! free(option); printf("Please use a different password. Unusual capitalization,\n"); printf("control characters, or digits are suggested.\n"); return (0); --- 146,158 ---- /* get the return value from the child */ wait(&child); ! if (WIFEXITED(child) && WEXITSTATUS(child) == 0) { ! free(checker); return (1); + } out: ! free(checker); printf("Please use a different password. Unusual capitalization,\n"); printf("control characters, or digits are suggested.\n"); return (0); *************** *** 160,183 **** { quad_t ntries; - /* - * Check login.conf - */ if ((ntries = login_getcapnum(lc, "passwordtries", -1, -1)) != -1) { ! if (ntries > INT_MAX || ntries < 0) { ! fprintf(stderr, ! "Warning: pwdtries out of range in /etc/login.conf"); ! goto out; ! } ! return((int)ntries); } /* ! * If no amount of tries is specified, return a default of ! * 3, meaning that after 3 attempts where the user is foiled ! * by the password checks, it will no longer be checked and ! * they can set it to whatever they like. */ ! out: ! return (3); } --- 163,180 ---- { quad_t ntries; if ((ntries = login_getcapnum(lc, "passwordtries", -1, -1)) != -1) { ! if (ntries > 0 && ntries <= INT_MAX) ! return((int)ntries); ! fprintf(stderr, ! "Warning: pwdtries out of range in /etc/login.conf"); } /* ! * If no amount of tries is specified, return a default of 3, ! * meaning that after 3 attempts where the user is foiled by the ! * password checks, it will no longer be checked and they can set ! * it to whatever they like. This is the historic BSD behavior. */ ! return (3); }