1 /* vi: set sw=4 ts=4: */
3 * Copyright 1989 - 1994, Julianne Frances Haugh <jockgrrl@austin.rr.com>
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 * 3. Neither the name of Julianne F. Haugh nor the names of its contributors
15 * may be used to endorse or promote products derived from this software
16 * without specific prior written permission.
18 * THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND
19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 * ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE
22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * This version of obscure.c contains modifications to support "cracklib"
33 * by Alec Muffet (alec.muffett@uk.sun.com). You must obtain the Cracklib
34 * library source code for this function to operate.
44 * can't be a palindrome - like `R A D A R' or `M A D A M'
47 static int palindrome(const char *newval)
53 for (j = 0; j < i; j++)
54 if (newval[i - j - 1] != newval[j])
61 * more than half of the characters are different ones.
64 static int similiar(const char *old, const char *newval)
68 for (i = j = 0; newval[i] && old[i]; i++)
69 if (strchr(newval, old[i]))
79 * a nice mix of characters.
82 static int simple(const char *newval)
92 for (i = 0; (c = *newval++) != 0; i++) {
104 * The scam is this - a password of only one character type
105 * must be 8 letters long. Two types, 7, and so on.
124 static char *str_lower(char *string)
128 for (cp = string; *cp; cp++)
134 password_check(const char *old, const char *newval, const struct passwd *pwdp)
137 char *newmono, *wrapped;
140 if (strcmp(newval, old) == 0)
146 newmono = str_lower(bb_xstrdup(newval));
147 lenwrap = strlen(old) * 2 + 1;
148 wrapped = (char *) xmalloc(lenwrap);
149 str_lower(strcpy(wrapped, old));
151 if (palindrome(newmono))
152 msg = "a palindrome";
154 else if (strcmp(wrapped, newmono) == 0)
155 msg = "case changes only";
157 else if (similiar(wrapped, newmono))
158 msg = "too similiar";
160 else if (strstr(strcat(wrapped, wrapped), newmono))
163 bzero(newmono, strlen(newmono));
164 bzero(wrapped, lenwrap);
172 obscure_msg(const char *old, const char *newval, const struct passwd *pwdp)
174 int maxlen, oldlen, newlen;
178 oldlen = strlen(old);
179 newlen = strlen(newval);
181 #if 0 /* why not check the password when set for the first time? --marekm */
191 * Remaining checks are optional.
193 /* Not for us -- Sean
194 *if (!getdef_bool("OBSCURE_CHECKS_ENAB"))
197 msg = password_check(old, newval, pwdp);
201 /* The traditional crypt() truncates passwords to 8 chars. It is
202 possible to circumvent the above checks by choosing an easy
203 8-char password and adding some random characters to it...
204 Example: "password$%^&*123". So check it again, this time
205 truncated to the maximum length. Idea from npasswd. --marekm */
208 if (oldlen <= maxlen && newlen <= maxlen)
211 new1 = (char *) bb_xstrdup(newval);
212 old1 = (char *) bb_xstrdup(old);
218 msg = password_check(old1, new1, pwdp);
229 * Obscure - see if password is obscure enough.
231 * The programmer is encouraged to add as much complexity to this
232 * routine as desired. Included are some of my favorite ways to
236 extern int obscure(const char *old, const char *newval, const struct passwd *pwdp)
238 const char *msg = obscure_msg(old, newval, pwdp);
242 printf("Bad password: %s.\n", msg);