Factor out strnstr() since posix hasn't got it, and add a config opti…

…on for the deeply sad passwd heuristics that don't even check numbers and punctuation.
drinkcat · Feb 11, 2016 · f435f04 · f435f04
1 parent 3684510
commit f435f04
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 15 deletions.
diff --git a/lib/lib.c b/lib/lib.c
@@ -1033,3 +1033,14 @@ char *next_printf(char *s, char **start)
 
  return 0;
 }
+
+// Posix inexplicably hasn't got this, so find str in line.
+char *strnstr(char *line, char *str)
+{
+ long len = strlen(str);
+ char *s;
+
+ for (s = line; *s; s++) if (!strncasecmp(s, str, len)) break;
+
+ return *s ? s : 0;
+}
diff --git a/lib/lib.h b/lib/lib.h
@@ -199,6 +199,7 @@ int qstrcmp(const void *a, const void *b);
 void create_uuid(char *uuid);
 char *show_uuid(char *uuid);
 char *next_printf(char *s, char **start);
+char *strnstr(char *line, char *str);
 
 #define HR_SPACE 1 // Space between number and units
 #define HR_B 2 // Use "B" for single byte units

diff --git a/toys/lsb/passwd.c b/toys/lsb/passwd.c
@@ -20,6 +20,16 @@ config PASSWD
  -d Set password to ''
  -l Lock (disable) account
  -u Unlock (enable) account
+
+config PASSWD_SAD
+ bool "Add sad password checking heuristics"
+ default n
+ depends on PASSWD
+ help
+ Password changes are checked to make sure they don't include the entire
+ username (but not a subset of it), and the entire previous password
+ (but changing password1, password2, password3 is fine). This heuristic
+ accepts "aaaaaa" as a password.
 */
 
 #define FOR_passwd
@@ -29,16 +39,13 @@ GLOBALS(
  char *algo;
 )
 
-#ifndef _GNU_SOURCE
-char *strcasestr(const char *haystack, const char *needle);
-#endif
-
 static int str_check(char *s, char *p)
 {
- if (strcasestr(s, p) || strcasestr(p, s)) return 1;
+ if (strnstr(s, p) || strnstr(p, s)) return 1;
  return 0;
 }
 
+// Insane heuristic won't find password1 password2 password3...?
 static void strength_check(char *newp, char *oldp, char *user)
 {
  char *msg = NULL;
@@ -81,7 +88,7 @@ static char *new_password(char *oldp, char *user)
  return NULL; //may be due to Ctrl-C
 
  newp = xstrdup(toybuf);
- strength_check(newp, oldp, user);
+ if (CFG_PASSWD_SAD) strength_check(newp, oldp, user);
  if (read_password(toybuf, sizeof(toybuf), "Retype password:")) {
  free(newp);
  return NULL; //may be due to Ctrl-C
@@ -114,8 +121,7 @@ void passwd_main(void)
 
  pw = xgetpwnam(name);
 
- if (myuid && (myuid != pw->pw_uid))
- error_exit("You need to be root to change '%s' password\n", name);
+ if (myuid && (myuid != pw->pw_uid)) error_exit("Not root");
 
  pass = pw->pw_passwd;
  if (pw->pw_passwd[0] == 'x') {

diff --git a/toys/posix/grep.c b/toys/posix/grep.c
@@ -125,13 +125,8 @@ static void do_grep(int fd, char *name)
  fseek.arg = s = line;
  break;
  }
- if (toys.optflags & FLAG_i) {
- long ll = strlen(seek->arg);;
-
- // Alas, posix hasn't got strcasestr()
- for (s = line; *s; s++) if (!strncasecmp(s, seek->arg, ll)) break;
- if (!*s) s = 0;
- } else s = strstr(line, seek->arg);
+ if (toys.optflags & FLAG_i) s = strnstr(line, seek->arg);
+ else s = strstr(line, seek->arg);
  if (s) break;
  }