diff options
author | Rob Landley <rob@landley.net> | 2016-02-10 21:05:22 -0600 |
---|---|---|
committer | Rob Landley <rob@landley.net> | 2016-02-10 21:05:22 -0600 |
commit | f435f0412aa4ca631aa178d10ed33008e34f37cb (patch) | |
tree | 6174226167b101bda2ad4557b6e5b42987e64ad2 /toys | |
parent | 3684510034450f5f50d1ad9b5acca327a5c484dd (diff) | |
download | toybox-f435f0412aa4ca631aa178d10ed33008e34f37cb.tar.gz |
Factor out strnstr() since posix hasn't got it, and add a config option for
the deeply sad passwd heuristics that don't even check numbers and punctuation.
Diffstat (limited to 'toys')
-rw-r--r-- | toys/lsb/passwd.c | 22 | ||||
-rw-r--r-- | toys/posix/grep.c | 9 |
2 files changed, 16 insertions, 15 deletions
diff --git a/toys/lsb/passwd.c b/toys/lsb/passwd.c index ca98f2ef..687d4c09 100644 --- a/toys/lsb/passwd.c +++ b/toys/lsb/passwd.c @@ -20,6 +20,16 @@ config PASSWD -d Set password to '' -l Lock (disable) account -u Unlock (enable) account + +config PASSWD_SAD + bool "Add sad password checking heuristics" + default n + depends on PASSWD + help + Password changes are checked to make sure they don't include the entire + username (but not a subset of it), and the entire previous password + (but changing password1, password2, password3 is fine). This heuristic + accepts "aaaaaa" as a password. */ #define FOR_passwd @@ -29,16 +39,13 @@ GLOBALS( char *algo; ) -#ifndef _GNU_SOURCE -char *strcasestr(const char *haystack, const char *needle); -#endif - static int str_check(char *s, char *p) { - if (strcasestr(s, p) || strcasestr(p, s)) return 1; + if (strnstr(s, p) || strnstr(p, s)) return 1; return 0; } +// Insane heuristic won't find password1 password2 password3...? static void strength_check(char *newp, char *oldp, char *user) { char *msg = NULL; @@ -81,7 +88,7 @@ static char *new_password(char *oldp, char *user) return NULL; //may be due to Ctrl-C newp = xstrdup(toybuf); - strength_check(newp, oldp, user); + if (CFG_PASSWD_SAD) strength_check(newp, oldp, user); if (read_password(toybuf, sizeof(toybuf), "Retype password:")) { free(newp); return NULL; //may be due to Ctrl-C @@ -114,8 +121,7 @@ void passwd_main(void) pw = xgetpwnam(name); - if (myuid && (myuid != pw->pw_uid)) - error_exit("You need to be root to change '%s' password\n", name); + if (myuid && (myuid != pw->pw_uid)) error_exit("Not root"); pass = pw->pw_passwd; if (pw->pw_passwd[0] == 'x') { diff --git a/toys/posix/grep.c b/toys/posix/grep.c index c5d626aa..2ca02d2c 100644 --- a/toys/posix/grep.c +++ b/toys/posix/grep.c @@ -125,13 +125,8 @@ static void do_grep(int fd, char *name) fseek.arg = s = line; break; } - if (toys.optflags & FLAG_i) { - long ll = strlen(seek->arg);; - - // Alas, posix hasn't got strcasestr() - for (s = line; *s; s++) if (!strncasecmp(s, seek->arg, ll)) break; - if (!*s) s = 0; - } else s = strstr(line, seek->arg); + if (toys.optflags & FLAG_i) s = strnstr(line, seek->arg); + else s = strstr(line, seek->arg); if (s) break; } |