From owner-freebsd-hackers@FreeBSD.ORG Thu Dec 11 02:00:27 2008 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8AD74106564A for ; Thu, 11 Dec 2008 02:00:26 +0000 (UTC) (envelope-from sheldon@sigsegv.ca) Received: from wf-out-1314.google.com (wf-out-1314.google.com [209.85.200.169]) by mx1.freebsd.org (Postfix) with ESMTP id 681848FC13 for ; Thu, 11 Dec 2008 02:00:26 +0000 (UTC) (envelope-from sheldon@sigsegv.ca) Received: by wf-out-1314.google.com with SMTP id 24so477202wfg.7 for ; Wed, 10 Dec 2008 18:00:26 -0800 (PST) Received: by 10.142.230.9 with SMTP id c9mr509842wfh.101.1228960825867; Wed, 10 Dec 2008 18:00:25 -0800 (PST) Received: by 10.142.136.4 with HTTP; Wed, 10 Dec 2008 18:00:25 -0800 (PST) Message-ID: Date: Wed, 10 Dec 2008 18:00:25 -0800 From: "Sheldon Givens" To: freebsd-hackers@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Small Change to chpass.c X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Dec 2008 02:00:27 -0000 Hi guys, When I was doing some user management today I noticed that chpass, and all the utilities that use chpass.c, only give one attempt to authenticate to make the change. After I messed this up once or twice (and after doing 4-5 minutes of editing only to have it lost when I typo'd the password) I wrote this little change in to chpass.c. When it needs the users password, it will enter into a for loop, increasing itr until it hits max_retries (defined at top of main() declaration). If one of these tries is successful (password given matches) then auth is set to '1' and we break from the loop, and update info. If, after three tries, auth is still '0' (the user didn't supply the proper password) we call baduser() to handle it. It's a pretty inconsequential change but it managed to relieve me of quite a bit of stress :-) Happy Holidays, everyone! Sheldon Givens ---snip--- --- /usr/src/usr.bin/chpass.c 2008-12-11 01:55:27.000000000 -0800 +++ /usr/src/usr.bin/chpass.c 2008-12-11 01:57:09.000000000 -0800 @@ -80,10 +80,11 @@ { enum { NEWSH, LOADENTRY, EDITENTRY, NEWPW, NEWEXP } op; struct passwd lpw, *old_pw, *pw; - int ch, pfd, tfd; + int ch, pfd, tfd, itr, auth; const char *password; char *arg = NULL; uid_t uid; + int max_retries = 3; #ifdef YP struct ypclnt *ypclnt; const char *yp_domain = NULL, *yp_host = NULL; @@ -227,9 +228,16 @@ } if (old_pw && !master_mode) { - password = getpass("Password: "); - if (strcmp(crypt(password, old_pw->pw_passwd), - old_pw->pw_passwd) != 0) + auth = 0; + for(itr=0;itrpw_passwd), + old_pw->pw_passwd) == 0) { + auth=1; + break; + } + } + if (!auth) baduser(); } else { password = ""; ---snip---