allow weak passwd

Mon, 10 Dec 2018 11:14:53 -0800 

So I was actually looking at the passwd check rules because I wanted to add a
flag to disable the 3 bad passwords then ok whatever.

This adds passwd -w to allow user to skip the default 3 warnings and just do
what they want. If, by chance, you have configured warnings in login.conf then
they can't override that.


Index: passwd.1
===================================================================
RCS file: /cvs/src/usr.bin/passwd/passwd.1,v
retrieving revision 1.45
diff -u -p -r1.45 passwd.1
--- passwd.1    19 Aug 2016 10:57:24 -0000      1.45
+++ passwd.1    10 Dec 2018 19:09:55 -0000
@@ -62,6 +62,9 @@ checking program via the
 .Dq passwordcheck
 variable in
 .Xr login.conf 5 .
+The
+.Fl w
+option can be used to disable the default checks and permit weak passwords.
 .Pp
 The superuser is not required to provide a user's current password
 if only the local password is modified.
Index: passwd.c
===================================================================
RCS file: /cvs/src/usr.bin/passwd/passwd.c,v
retrieving revision 1.27
diff -u -p -r1.27 passwd.c
--- passwd.c    26 Nov 2015 19:01:47 -0000      1.27
+++ passwd.c    10 Dec 2018 19:08:41 -0000
@@ -38,6 +38,8 @@
 extern int local_passwd(char *, int);
 void usage(int retval);
 
+int allowweak;
+
 int
 main(int argc, char **argv)
 {
@@ -46,8 +48,11 @@ main(int argc, char **argv)
        int ch;
 
        /* Process args and options */
-       while ((ch = getopt(argc, argv, "")) != -1)
+       while ((ch = getopt(argc, argv, "w")) != -1)
                switch (ch) {
+               case 'w':
+                       allowweak = 1;
+                       break;
                default:
                        usage(1);
                }
@@ -77,6 +82,6 @@ main(int argc, char **argv)
 void
 usage(int retval)
 {
-       fprintf(stderr, "usage: passwd [user]\n");
+       fprintf(stderr, "usage: passwd [-w] [user]\n");
        exit(retval);
 }
Index: pwd_check.c
===================================================================
RCS file: /cvs/src/usr.bin/passwd/pwd_check.c,v
retrieving revision 1.16
diff -u -p -r1.16 pwd_check.c
--- pwd_check.c 21 Aug 2017 21:41:13 -0000      1.16
+++ pwd_check.c 10 Dec 2018 19:07:51 -0000
@@ -49,6 +49,8 @@
 int pwd_check(login_cap_t *, char *);
 int pwd_gettries(login_cap_t *);
 
+extern int allowweak;
+
 struct pattern {
        char *match;
        int flags;
@@ -218,5 +220,7 @@ pwd_gettries(login_cap_t *lc)
         * password checks, it will no longer be checked and they can set
         * it to whatever they like.  This is the historic BSD behavior.
         */
+       if (allowweak)
+               return (-1);
        return (3);
 }

Reply via email to