> From: "Ted Unangst" <t...@tedunangst.com>
> Date: Mon, 10 Dec 2018 14:14:08 -0500
> Content-Type: text/plain; charset=utf-8
>
> So I was actually looking at the passwd check rules because I wanted
> to add a flag to disable the 3 bad passwords then ok whatever.
>
> This adds passwd -w to allow user to skip the default 3 warnings and
> just do what they want. If, by chance, you have configured warnings
> in login.conf then they can't override that.
What is the motivation for this diff?
> Index: passwd.1
> ===================================================================
> RCS file: /cvs/src/usr.bin/passwd/passwd.1,v
> retrieving revision 1.45
> diff -u -p -r1.45 passwd.1
> --- passwd.1 19 Aug 2016 10:57:24 -0000 1.45
> +++ passwd.1 10 Dec 2018 19:09:55 -0000
> @@ -62,6 +62,9 @@ checking program via the
> .Dq passwordcheck
> variable in
> .Xr login.conf 5 .
> +The
> +.Fl w
> +option can be used to disable the default checks and permit weak passwords.
> .Pp
> The superuser is not required to provide a user's current password
> if only the local password is modified.
> Index: passwd.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/passwd/passwd.c,v
> retrieving revision 1.27
> diff -u -p -r1.27 passwd.c
> --- passwd.c 26 Nov 2015 19:01:47 -0000 1.27
> +++ passwd.c 10 Dec 2018 19:08:41 -0000
> @@ -38,6 +38,8 @@
> extern int local_passwd(char *, int);
> void usage(int retval);
>
> +int allowweak;
> +
> int
> main(int argc, char **argv)
> {
> @@ -46,8 +48,11 @@ main(int argc, char **argv)
> int ch;
>
> /* Process args and options */
> - while ((ch = getopt(argc, argv, "")) != -1)
> + while ((ch = getopt(argc, argv, "w")) != -1)
> switch (ch) {
> + case 'w':
> + allowweak = 1;
> + break;
> default:
> usage(1);
> }
> @@ -77,6 +82,6 @@ main(int argc, char **argv)
> void
> usage(int retval)
> {
> - fprintf(stderr, "usage: passwd [user]\n");
> + fprintf(stderr, "usage: passwd [-w] [user]\n");
> exit(retval);
> }
> Index: pwd_check.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/passwd/pwd_check.c,v
> retrieving revision 1.16
> diff -u -p -r1.16 pwd_check.c
> --- pwd_check.c 21 Aug 2017 21:41:13 -0000 1.16
> +++ pwd_check.c 10 Dec 2018 19:07:51 -0000
> @@ -49,6 +49,8 @@
> int pwd_check(login_cap_t *, char *);
> int pwd_gettries(login_cap_t *);
>
> +extern int allowweak;
> +
> struct pattern {
> char *match;
> int flags;
> @@ -218,5 +220,7 @@ pwd_gettries(login_cap_t *lc)
> * password checks, it will no longer be checked and they can set
> * it to whatever they like. This is the historic BSD behavior.
> */
> + if (allowweak)
> + return (-1);
> return (3);
> }
>
>
