From f435f0412aa4ca631aa178d10ed33008e34f37cb Mon Sep 17 00:00:00 2001 From: Rob Landley Date: Wed, 10 Feb 2016 21:05:22 -0600 Subject: Factor out strnstr() since posix hasn't got it, and add a config option for the deeply sad passwd heuristics that don't even check numbers and punctuation. --- lib/lib.c | 11 +++++++++++ lib/lib.h | 1 + toys/lsb/passwd.c | 22 ++++++++++++++-------- toys/posix/grep.c | 9 ++------- 4 files changed, 28 insertions(+), 15 deletions(-) diff --git a/lib/lib.c b/lib/lib.c index 6559030c..681d4d23 100644 --- a/lib/lib.c +++ b/lib/lib.c @@ -1033,3 +1033,14 @@ char *next_printf(char *s, char **start) return 0; } + +// Posix inexplicably hasn't got this, so find str in line. +char *strnstr(char *line, char *str) +{ + long len = strlen(str); + char *s; + + for (s = line; *s; s++) if (!strncasecmp(s, str, len)) break; + + return *s ? s : 0; +} diff --git a/lib/lib.h b/lib/lib.h index 2714ad3d..dac3b67f 100644 --- a/lib/lib.h +++ b/lib/lib.h @@ -199,6 +199,7 @@ int qstrcmp(const void *a, const void *b); void create_uuid(char *uuid); char *show_uuid(char *uuid); char *next_printf(char *s, char **start); +char *strnstr(char *line, char *str); #define HR_SPACE 1 // Space between number and units #define HR_B 2 // Use "B" for single byte units diff --git a/toys/lsb/passwd.c b/toys/lsb/passwd.c index ca98f2ef..687d4c09 100644 --- a/toys/lsb/passwd.c +++ b/toys/lsb/passwd.c @@ -20,6 +20,16 @@ config PASSWD -d Set password to '' -l Lock (disable) account -u Unlock (enable) account + +config PASSWD_SAD + bool "Add sad password checking heuristics" + default n + depends on PASSWD + help + Password changes are checked to make sure they don't include the entire + username (but not a subset of it), and the entire previous password + (but changing password1, password2, password3 is fine). This heuristic + accepts "aaaaaa" as a password. */ #define FOR_passwd @@ -29,16 +39,13 @@ GLOBALS( char *algo; ) -#ifndef _GNU_SOURCE -char *strcasestr(const char *haystack, const char *needle); -#endif - static int str_check(char *s, char *p) { - if (strcasestr(s, p) || strcasestr(p, s)) return 1; + if (strnstr(s, p) || strnstr(p, s)) return 1; return 0; } +// Insane heuristic won't find password1 password2 password3...? static void strength_check(char *newp, char *oldp, char *user) { char *msg = NULL; @@ -81,7 +88,7 @@ static char *new_password(char *oldp, char *user) return NULL; //may be due to Ctrl-C newp = xstrdup(toybuf); - strength_check(newp, oldp, user); + if (CFG_PASSWD_SAD) strength_check(newp, oldp, user); if (read_password(toybuf, sizeof(toybuf), "Retype password:")) { free(newp); return NULL; //may be due to Ctrl-C @@ -114,8 +121,7 @@ void passwd_main(void) pw = xgetpwnam(name); - if (myuid && (myuid != pw->pw_uid)) - error_exit("You need to be root to change '%s' password\n", name); + if (myuid && (myuid != pw->pw_uid)) error_exit("Not root"); pass = pw->pw_passwd; if (pw->pw_passwd[0] == 'x') { diff --git a/toys/posix/grep.c b/toys/posix/grep.c index c5d626aa..2ca02d2c 100644 --- a/toys/posix/grep.c +++ b/toys/posix/grep.c @@ -125,13 +125,8 @@ static void do_grep(int fd, char *name) fseek.arg = s = line; break; } - if (toys.optflags & FLAG_i) { - long ll = strlen(seek->arg);; - - // Alas, posix hasn't got strcasestr() - for (s = line; *s; s++) if (!strncasecmp(s, seek->arg, ll)) break; - if (!*s) s = 0; - } else s = strstr(line, seek->arg); + if (toys.optflags & FLAG_i) s = strnstr(line, seek->arg); + else s = strstr(line, seek->arg); if (s) break; } -- cgit v1.2.3