Changeset 2725 in MondoRescue for branches/2.2.9/mindi-busybox/libbb/obscure.c
- Timestamp:
- Feb 25, 2011, 9:26:54 PM (13 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/2.2.9/mindi-busybox/libbb/obscure.c
r1765 r2725 5 5 * Copyright (C) 2006 Tito Ragusa <farmatito@tiscali.it> 6 6 * 7 * Licensed under GPLv2 or later, see file LICENSE in this tarball for details.7 * Licensed under GPLv2 or later, see file LICENSE in this source tree. 8 8 */ 9 9 … … 46 46 static int string_checker_helper(const char *p1, const char *p2) 47 47 { 48 /* as sub-string */ 49 if (strcasestr(p2, p1) != NULL 50 /* invert in case haystack is shorter than needle */ 51 || strcasestr(p1, p2) != NULL 48 52 /* as-is or capitalized */ 49 if (strcasecmp(p1, p2) == 0 50 /* as sub-string */ 51 || strcasestr(p2, p1) != NULL 52 /* invert in case haystack is shorter than needle */ 53 || strcasestr(p1, p2) != NULL) 53 /* || strcasecmp(p1, p2) == 0 - 1st strcasestr should catch this too */ 54 ) { 54 55 return 1; 56 } 55 57 return 0; 56 58 } … … 58 60 static int string_checker(const char *p1, const char *p2) 59 61 { 60 int size ;62 int size, i; 61 63 /* check string */ 62 64 int ret = string_checker_helper(p1, p2); 63 /* Make our own copy */65 /* make our own copy */ 64 66 char *p = xstrdup(p1); 67 65 68 /* reverse string */ 66 size = strlen(p); 69 i = size = strlen(p1); 70 while (--i >= 0) { 71 *p++ = p1[i]; 72 } 73 p -= size; /* restore pointer */ 67 74 68 while (size--) {69 *p = p1[size];70 p++;71 }72 /* restore pointer */73 p -= strlen(p1);74 75 /* check reversed string */ 75 76 ret |= string_checker_helper(p, p2); 77 76 78 /* clean up */ 77 memset(p, 0, s trlen(p1));79 memset(p, 0, size); 78 80 free(p); 81 79 82 return ret; 80 83 } 81 84 82 #define LOWERCASE 1 83 #define UPPERCASE 2 84 #define NUMBERS 4 85 #define SPECIAL 8 85 #define CATEGORIES 4 86 87 #define LOWERCASE 1 88 #define UPPERCASE 2 89 #define NUMBERS 4 90 #define SPECIAL 8 91 92 #define LAST_CAT 8 86 93 87 94 static const char *obscure_msg(const char *old_p, const char *new_p, const struct passwd *pw) 88 95 { 89 int i; 90 int c; 91 int length; 92 int mixed = 0; 93 /* Add 2 for each type of characters to the minlen of password */ 94 int size = CONFIG_PASSWORD_MINLEN + 8; 96 unsigned length; 97 unsigned size; 98 unsigned mixed; 99 unsigned c; 100 unsigned i; 95 101 const char *p; 96 char hostname[255];102 char *hostname; 97 103 98 104 /* size */ … … 105 111 } 106 112 /* no gecos as-is, as sub-string, reversed, capitalized, doubled */ 107 if ( *pw->pw_gecos&& string_checker(new_p, pw->pw_gecos)) {113 if (pw->pw_gecos[0] && string_checker(new_p, pw->pw_gecos)) { 108 114 return "similar to gecos"; 109 115 } 110 116 /* hostname as-is, as sub-string, reversed, capitalized, doubled */ 111 if (gethostname(hostname, 255) == 0) { 112 hostname[254] = '\0'; 113 if (string_checker(new_p, hostname)) { 114 return "similar to hostname"; 115 } 116 } 117 hostname = safe_gethostname(); 118 i = string_checker(new_p, hostname); 119 free(hostname); 120 if (i) 121 return "similar to hostname"; 117 122 118 123 /* Should / Must contain a mix of: */ 124 mixed = 0; 119 125 for (i = 0; i < length; i++) { 120 126 if (islower(new_p[i])) { /* a-z */ … … 127 133 mixed |= SPECIAL; 128 134 } 129 /* More than 50% similar characters ?*/135 /* Count i'th char */ 130 136 c = 0; 131 137 p = new_p; 132 138 while (1) { 133 if ((p = strchr(p, new_p[i])) == NULL) { 139 p = strchr(p, new_p[i]); 140 if (p == NULL) { 134 141 break; 135 142 } 136 143 c++; 137 if (!++p) { 138 break; /* move past the matched char if possible */ 144 p++; 145 if (!*p) { 146 break; 139 147 } 140 148 } 141 142 if (c >= (length / 2)) {149 /* More than 50% similar characters ? */ 150 if (c*2 >= length) { 143 151 return "too many similar characters"; 144 152 } 145 153 } 146 for (i=0; i<4; i++) 147 if (mixed & (1<<i)) size -= 2; 154 155 size = CONFIG_PASSWORD_MINLEN + 2*CATEGORIES; 156 for (i = 1; i <= LAST_CAT; i <<= 1) 157 if (mixed & i) 158 size -= 2; 148 159 if (length < size) 149 160 return "too weak"; 150 161 151 if (old_p && old_p[0] != '\0') {162 if (old_p && old_p[0]) { 152 163 /* check vs. old password */ 153 164 if (string_checker(new_p, old_p)) { … … 155 166 } 156 167 } 168 157 169 return NULL; 158 170 } 159 171 160 int obscure(const char *old, const char *newval, const struct passwd *pw)172 int FAST_FUNC obscure(const char *old, const char *newval, const struct passwd *pw) 161 173 { 162 174 const char *msg;
Note:
See TracChangeset
for help on using the changeset viewer.