Context Navigation

← Previous Revision
Next Revision →
Blame
Revision Log

source: branches/samba-3.3.x/examples/auth/crackcheck/fascist.c

Visit:

Last change on this file was 374, checked in by Herwig Bauernfeind, 16 years ago
Update Samba 3.3 to 3.3.10 (new files)
File size: 18.9 KB

Line
1	/*
2	* This program is copyright Alec Muffett 1993, portions copyright other authors.
3	* The authors disclaim all responsibility or liability with respect to it's usage
4	* or its effect upon hardware or computer systems.
5	*/
6
7	#include "config.h"
8	#include <sys/types.h>
9	#include <errno.h>
10	#include <limits.h>
11	#include <pwd.h>
12	#include <stdlib.h>
13	#include <string.h>
14	#ifdef HAVE_UNISTD_H
15	#include <unistd.h>
16	#endif
17
18	#if defined(HAVE_INTTYPES_H)
19	#include <inttypes.h>
20	#else
21	#if defined(HAVE_STDINT_H)
22	#include <stdint.h>
23	#else
24	typedef unsigned int uint32_t;
25	typedef unsigned short uint16_t;
26	#endif
27	#endif
28
29	#include "packer.h"
30
31	#define ISSKIP(x) (isspace(x) \|\| ispunct(x))
32
33	#define MINDIFF 5
34	#define MINLEN 6
35	#define MAXSTEP 4
36
37	#undef DEBUG
38	#undef DEBUG2
39
40	extern char Reverse(char buf);
41	extern char Lowercase(char buf);
42
43	static char *r_destructors[] = {
44	":", /* noop - must do this to test raw word. */
45
46	#ifdef DEBUG2
47	(char *) 0,
48	#endif
49
50	"[", /* trimming leading/trailing junk */
51	"]",
52	"[[",
53	"]]",
54	"[[[",
55	"]]]",
56
57	"/?p@?p", /* purging out punctuation/symbols/junk */
58	"/?s@?s",
59	"/?X@?X",
60
61	/* attempt reverse engineering of password strings */
62
63	"/$s$s",
64	"/$s$s/0s0o",
65	"/$s$s/0s0o/2s2a",
66	"/$s$s/0s0o/2s2a/3s3e",
67	"/$s$s/0s0o/2s2a/3s3e/5s5s",
68	"/$s$s/0s0o/2s2a/3s3e/5s5s/1s1i",
69	"/$s$s/0s0o/2s2a/3s3e/5s5s/1s1l",
70	"/$s$s/0s0o/2s2a/3s3e/5s5s/1s1i/4s4a",
71	"/$s$s/0s0o/2s2a/3s3e/5s5s/1s1i/4s4h",
72	"/$s$s/0s0o/2s2a/3s3e/5s5s/1s1l/4s4a",
73	"/$s$s/0s0o/2s2a/3s3e/5s5s/1s1l/4s4h",
74	"/$s$s/0s0o/2s2a/3s3e/5s5s/4s4a",
75	"/$s$s/0s0o/2s2a/3s3e/5s5s/4s4h",
76	"/$s$s/0s0o/2s2a/3s3e/5s5s/4s4a",
77	"/$s$s/0s0o/2s2a/3s3e/5s5s/4s4h",
78	"/$s$s/0s0o/2s2a/3s3e/1s1i",
79	"/$s$s/0s0o/2s2a/3s3e/1s1l",
80	"/$s$s/0s0o/2s2a/3s3e/1s1i/4s4a",
81	"/$s$s/0s0o/2s2a/3s3e/1s1i/4s4h",
82	"/$s$s/0s0o/2s2a/3s3e/1s1l/4s4a",
83	"/$s$s/0s0o/2s2a/3s3e/1s1l/4s4h",
84	"/$s$s/0s0o/2s2a/3s3e/4s4a",
85	"/$s$s/0s0o/2s2a/3s3e/4s4h",
86	"/$s$s/0s0o/2s2a/3s3e/4s4a",
87	"/$s$s/0s0o/2s2a/3s3e/4s4h",
88	"/$s$s/0s0o/2s2a/5s5s",
89	"/$s$s/0s0o/2s2a/5s5s/1s1i",
90	"/$s$s/0s0o/2s2a/5s5s/1s1l",
91	"/$s$s/0s0o/2s2a/5s5s/1s1i/4s4a",
92	"/$s$s/0s0o/2s2a/5s5s/1s1i/4s4h",
93	"/$s$s/0s0o/2s2a/5s5s/1s1l/4s4a",
94	"/$s$s/0s0o/2s2a/5s5s/1s1l/4s4h",
95	"/$s$s/0s0o/2s2a/5s5s/4s4a",
96	"/$s$s/0s0o/2s2a/5s5s/4s4h",
97	"/$s$s/0s0o/2s2a/5s5s/4s4a",
98	"/$s$s/0s0o/2s2a/5s5s/4s4h",
99	"/$s$s/0s0o/2s2a/1s1i",
100	"/$s$s/0s0o/2s2a/1s1l",
101	"/$s$s/0s0o/2s2a/1s1i/4s4a",
102	"/$s$s/0s0o/2s2a/1s1i/4s4h",
103	"/$s$s/0s0o/2s2a/1s1l/4s4a",
104	"/$s$s/0s0o/2s2a/1s1l/4s4h",
105	"/$s$s/0s0o/2s2a/4s4a",
106	"/$s$s/0s0o/2s2a/4s4h",
107	"/$s$s/0s0o/2s2a/4s4a",
108	"/$s$s/0s0o/2s2a/4s4h",
109	"/$s$s/0s0o/3s3e",
110	"/$s$s/0s0o/3s3e/5s5s",
111	"/$s$s/0s0o/3s3e/5s5s/1s1i",
112	"/$s$s/0s0o/3s3e/5s5s/1s1l",
113	"/$s$s/0s0o/3s3e/5s5s/1s1i/4s4a",
114	"/$s$s/0s0o/3s3e/5s5s/1s1i/4s4h",
115	"/$s$s/0s0o/3s3e/5s5s/1s1l/4s4a",
116	"/$s$s/0s0o/3s3e/5s5s/1s1l/4s4h",
117	"/$s$s/0s0o/3s3e/5s5s/4s4a",
118	"/$s$s/0s0o/3s3e/5s5s/4s4h",
119	"/$s$s/0s0o/3s3e/5s5s/4s4a",
120	"/$s$s/0s0o/3s3e/5s5s/4s4h",
121	"/$s$s/0s0o/3s3e/1s1i",
122	"/$s$s/0s0o/3s3e/1s1l",
123	"/$s$s/0s0o/3s3e/1s1i/4s4a",
124	"/$s$s/0s0o/3s3e/1s1i/4s4h",
125	"/$s$s/0s0o/3s3e/1s1l/4s4a",
126	"/$s$s/0s0o/3s3e/1s1l/4s4h",
127	"/$s$s/0s0o/3s3e/4s4a",
128	"/$s$s/0s0o/3s3e/4s4h",
129	"/$s$s/0s0o/3s3e/4s4a",
130	"/$s$s/0s0o/3s3e/4s4h",
131	"/$s$s/0s0o/5s5s",
132	"/$s$s/0s0o/5s5s/1s1i",
133	"/$s$s/0s0o/5s5s/1s1l",
134	"/$s$s/0s0o/5s5s/1s1i/4s4a",
135	"/$s$s/0s0o/5s5s/1s1i/4s4h",
136	"/$s$s/0s0o/5s5s/1s1l/4s4a",
137	"/$s$s/0s0o/5s5s/1s1l/4s4h",
138	"/$s$s/0s0o/5s5s/4s4a",
139	"/$s$s/0s0o/5s5s/4s4h",
140	"/$s$s/0s0o/5s5s/4s4a",
141	"/$s$s/0s0o/5s5s/4s4h",
142	"/$s$s/0s0o/1s1i",
143	"/$s$s/0s0o/1s1l",
144	"/$s$s/0s0o/1s1i/4s4a",
145	"/$s$s/0s0o/1s1i/4s4h",
146	"/$s$s/0s0o/1s1l/4s4a",
147	"/$s$s/0s0o/1s1l/4s4h",
148	"/$s$s/0s0o/4s4a",
149	"/$s$s/0s0o/4s4h",
150	"/$s$s/0s0o/4s4a",
151	"/$s$s/0s0o/4s4h",
152	"/$s$s/2s2a",
153	"/$s$s/2s2a/3s3e",
154	"/$s$s/2s2a/3s3e/5s5s",
155	"/$s$s/2s2a/3s3e/5s5s/1s1i",
156	"/$s$s/2s2a/3s3e/5s5s/1s1l",
157	"/$s$s/2s2a/3s3e/5s5s/1s1i/4s4a",
158	"/$s$s/2s2a/3s3e/5s5s/1s1i/4s4h",
159	"/$s$s/2s2a/3s3e/5s5s/1s1l/4s4a",
160	"/$s$s/2s2a/3s3e/5s5s/1s1l/4s4h",
161	"/$s$s/2s2a/3s3e/5s5s/4s4a",
162	"/$s$s/2s2a/3s3e/5s5s/4s4h",
163	"/$s$s/2s2a/3s3e/5s5s/4s4a",
164	"/$s$s/2s2a/3s3e/5s5s/4s4h",
165	"/$s$s/2s2a/3s3e/1s1i",
166	"/$s$s/2s2a/3s3e/1s1l",
167	"/$s$s/2s2a/3s3e/1s1i/4s4a",
168	"/$s$s/2s2a/3s3e/1s1i/4s4h",
169	"/$s$s/2s2a/3s3e/1s1l/4s4a",
170	"/$s$s/2s2a/3s3e/1s1l/4s4h",
171	"/$s$s/2s2a/3s3e/4s4a",
172	"/$s$s/2s2a/3s3e/4s4h",
173	"/$s$s/2s2a/3s3e/4s4a",
174	"/$s$s/2s2a/3s3e/4s4h",
175	"/$s$s/2s2a/5s5s",
176	"/$s$s/2s2a/5s5s/1s1i",
177	"/$s$s/2s2a/5s5s/1s1l",
178	"/$s$s/2s2a/5s5s/1s1i/4s4a",
179	"/$s$s/2s2a/5s5s/1s1i/4s4h",
180	"/$s$s/2s2a/5s5s/1s1l/4s4a",
181	"/$s$s/2s2a/5s5s/1s1l/4s4h",
182	"/$s$s/2s2a/5s5s/4s4a",
183	"/$s$s/2s2a/5s5s/4s4h",
184	"/$s$s/2s2a/5s5s/4s4a",
185	"/$s$s/2s2a/5s5s/4s4h",
186	"/$s$s/2s2a/1s1i",
187	"/$s$s/2s2a/1s1l",
188	"/$s$s/2s2a/1s1i/4s4a",
189	"/$s$s/2s2a/1s1i/4s4h",
190	"/$s$s/2s2a/1s1l/4s4a",
191	"/$s$s/2s2a/1s1l/4s4h",
192	"/$s$s/2s2a/4s4a",
193	"/$s$s/2s2a/4s4h",
194	"/$s$s/2s2a/4s4a",
195	"/$s$s/2s2a/4s4h",
196	"/$s$s/3s3e",
197	"/$s$s/3s3e/5s5s",
198	"/$s$s/3s3e/5s5s/1s1i",
199	"/$s$s/3s3e/5s5s/1s1l",
200	"/$s$s/3s3e/5s5s/1s1i/4s4a",
201	"/$s$s/3s3e/5s5s/1s1i/4s4h",
202	"/$s$s/3s3e/5s5s/1s1l/4s4a",
203	"/$s$s/3s3e/5s5s/1s1l/4s4h",
204	"/$s$s/3s3e/5s5s/4s4a",
205	"/$s$s/3s3e/5s5s/4s4h",
206	"/$s$s/3s3e/5s5s/4s4a",
207	"/$s$s/3s3e/5s5s/4s4h",
208	"/$s$s/3s3e/1s1i",
209	"/$s$s/3s3e/1s1l",
210	"/$s$s/3s3e/1s1i/4s4a",
211	"/$s$s/3s3e/1s1i/4s4h",
212	"/$s$s/3s3e/1s1l/4s4a",
213	"/$s$s/3s3e/1s1l/4s4h",
214	"/$s$s/3s3e/4s4a",
215	"/$s$s/3s3e/4s4h",
216	"/$s$s/3s3e/4s4a",
217	"/$s$s/3s3e/4s4h",
218	"/$s$s/5s5s",
219	"/$s$s/5s5s/1s1i",
220	"/$s$s/5s5s/1s1l",
221	"/$s$s/5s5s/1s1i/4s4a",
222	"/$s$s/5s5s/1s1i/4s4h",
223	"/$s$s/5s5s/1s1l/4s4a",
224	"/$s$s/5s5s/1s1l/4s4h",
225	"/$s$s/5s5s/4s4a",
226	"/$s$s/5s5s/4s4h",
227	"/$s$s/5s5s/4s4a",
228	"/$s$s/5s5s/4s4h",
229	"/$s$s/1s1i",
230	"/$s$s/1s1l",
231	"/$s$s/1s1i/4s4a",
232	"/$s$s/1s1i/4s4h",
233	"/$s$s/1s1l/4s4a",
234	"/$s$s/1s1l/4s4h",
235	"/$s$s/4s4a",
236	"/$s$s/4s4h",
237	"/$s$s/4s4a",
238	"/$s$s/4s4h",
239	"/0s0o",
240	"/0s0o/2s2a",
241	"/0s0o/2s2a/3s3e",
242	"/0s0o/2s2a/3s3e/5s5s",
243	"/0s0o/2s2a/3s3e/5s5s/1s1i",
244	"/0s0o/2s2a/3s3e/5s5s/1s1l",
245	"/0s0o/2s2a/3s3e/5s5s/1s1i/4s4a",
246	"/0s0o/2s2a/3s3e/5s5s/1s1i/4s4h",
247	"/0s0o/2s2a/3s3e/5s5s/1s1l/4s4a",
248	"/0s0o/2s2a/3s3e/5s5s/1s1l/4s4h",
249	"/0s0o/2s2a/3s3e/5s5s/4s4a",
250	"/0s0o/2s2a/3s3e/5s5s/4s4h",
251	"/0s0o/2s2a/3s3e/5s5s/4s4a",
252	"/0s0o/2s2a/3s3e/5s5s/4s4h",
253	"/0s0o/2s2a/3s3e/1s1i",
254	"/0s0o/2s2a/3s3e/1s1l",
255	"/0s0o/2s2a/3s3e/1s1i/4s4a",
256	"/0s0o/2s2a/3s3e/1s1i/4s4h",
257	"/0s0o/2s2a/3s3e/1s1l/4s4a",
258	"/0s0o/2s2a/3s3e/1s1l/4s4h",
259	"/0s0o/2s2a/3s3e/4s4a",
260	"/0s0o/2s2a/3s3e/4s4h",
261	"/0s0o/2s2a/3s3e/4s4a",
262	"/0s0o/2s2a/3s3e/4s4h",
263	"/0s0o/2s2a/5s5s",
264	"/0s0o/2s2a/5s5s/1s1i",
265	"/0s0o/2s2a/5s5s/1s1l",
266	"/0s0o/2s2a/5s5s/1s1i/4s4a",
267	"/0s0o/2s2a/5s5s/1s1i/4s4h",
268	"/0s0o/2s2a/5s5s/1s1l/4s4a",
269	"/0s0o/2s2a/5s5s/1s1l/4s4h",
270	"/0s0o/2s2a/5s5s/4s4a",
271	"/0s0o/2s2a/5s5s/4s4h",
272	"/0s0o/2s2a/5s5s/4s4a",
273	"/0s0o/2s2a/5s5s/4s4h",
274	"/0s0o/2s2a/1s1i",
275	"/0s0o/2s2a/1s1l",
276	"/0s0o/2s2a/1s1i/4s4a",
277	"/0s0o/2s2a/1s1i/4s4h",
278	"/0s0o/2s2a/1s1l/4s4a",
279	"/0s0o/2s2a/1s1l/4s4h",
280	"/0s0o/2s2a/4s4a",
281	"/0s0o/2s2a/4s4h",
282	"/0s0o/2s2a/4s4a",
283	"/0s0o/2s2a/4s4h",
284	"/0s0o/3s3e",
285	"/0s0o/3s3e/5s5s",
286	"/0s0o/3s3e/5s5s/1s1i",
287	"/0s0o/3s3e/5s5s/1s1l",
288	"/0s0o/3s3e/5s5s/1s1i/4s4a",
289	"/0s0o/3s3e/5s5s/1s1i/4s4h",
290	"/0s0o/3s3e/5s5s/1s1l/4s4a",
291	"/0s0o/3s3e/5s5s/1s1l/4s4h",
292	"/0s0o/3s3e/5s5s/4s4a",
293	"/0s0o/3s3e/5s5s/4s4h",
294	"/0s0o/3s3e/5s5s/4s4a",
295	"/0s0o/3s3e/5s5s/4s4h",
296	"/0s0o/3s3e/1s1i",
297	"/0s0o/3s3e/1s1l",
298	"/0s0o/3s3e/1s1i/4s4a",
299	"/0s0o/3s3e/1s1i/4s4h",
300	"/0s0o/3s3e/1s1l/4s4a",
301	"/0s0o/3s3e/1s1l/4s4h",
302	"/0s0o/3s3e/4s4a",
303	"/0s0o/3s3e/4s4h",
304	"/0s0o/3s3e/4s4a",
305	"/0s0o/3s3e/4s4h",
306	"/0s0o/5s5s",
307	"/0s0o/5s5s/1s1i",
308	"/0s0o/5s5s/1s1l",
309	"/0s0o/5s5s/1s1i/4s4a",
310	"/0s0o/5s5s/1s1i/4s4h",
311	"/0s0o/5s5s/1s1l/4s4a",
312	"/0s0o/5s5s/1s1l/4s4h",
313	"/0s0o/5s5s/4s4a",
314	"/0s0o/5s5s/4s4h",
315	"/0s0o/5s5s/4s4a",
316	"/0s0o/5s5s/4s4h",
317	"/0s0o/1s1i",
318	"/0s0o/1s1l",
319	"/0s0o/1s1i/4s4a",
320	"/0s0o/1s1i/4s4h",
321	"/0s0o/1s1l/4s4a",
322	"/0s0o/1s1l/4s4h",
323	"/0s0o/4s4a",
324	"/0s0o/4s4h",
325	"/0s0o/4s4a",
326	"/0s0o/4s4h",
327	"/2s2a",
328	"/2s2a/3s3e",
329	"/2s2a/3s3e/5s5s",
330	"/2s2a/3s3e/5s5s/1s1i",
331	"/2s2a/3s3e/5s5s/1s1l",
332	"/2s2a/3s3e/5s5s/1s1i/4s4a",
333	"/2s2a/3s3e/5s5s/1s1i/4s4h",
334	"/2s2a/3s3e/5s5s/1s1l/4s4a",
335	"/2s2a/3s3e/5s5s/1s1l/4s4h",
336	"/2s2a/3s3e/5s5s/4s4a",
337	"/2s2a/3s3e/5s5s/4s4h",
338	"/2s2a/3s3e/5s5s/4s4a",
339	"/2s2a/3s3e/5s5s/4s4h",
340	"/2s2a/3s3e/1s1i",
341	"/2s2a/3s3e/1s1l",
342	"/2s2a/3s3e/1s1i/4s4a",
343	"/2s2a/3s3e/1s1i/4s4h",
344	"/2s2a/3s3e/1s1l/4s4a",
345	"/2s2a/3s3e/1s1l/4s4h",
346	"/2s2a/3s3e/4s4a",
347	"/2s2a/3s3e/4s4h",
348	"/2s2a/3s3e/4s4a",
349	"/2s2a/3s3e/4s4h",
350	"/2s2a/5s5s",
351	"/2s2a/5s5s/1s1i",
352	"/2s2a/5s5s/1s1l",
353	"/2s2a/5s5s/1s1i/4s4a",
354	"/2s2a/5s5s/1s1i/4s4h",
355	"/2s2a/5s5s/1s1l/4s4a",
356	"/2s2a/5s5s/1s1l/4s4h",
357	"/2s2a/5s5s/4s4a",
358	"/2s2a/5s5s/4s4h",
359	"/2s2a/5s5s/4s4a",
360	"/2s2a/5s5s/4s4h",
361	"/2s2a/1s1i",
362	"/2s2a/1s1l",
363	"/2s2a/1s1i/4s4a",
364	"/2s2a/1s1i/4s4h",
365	"/2s2a/1s1l/4s4a",
366	"/2s2a/1s1l/4s4h",
367	"/2s2a/4s4a",
368	"/2s2a/4s4h",
369	"/2s2a/4s4a",
370	"/2s2a/4s4h",
371	"/3s3e",
372	"/3s3e/5s5s",
373	"/3s3e/5s5s/1s1i",
374	"/3s3e/5s5s/1s1l",
375	"/3s3e/5s5s/1s1i/4s4a",
376	"/3s3e/5s5s/1s1i/4s4h",
377	"/3s3e/5s5s/1s1l/4s4a",
378	"/3s3e/5s5s/1s1l/4s4h",
379	"/3s3e/5s5s/4s4a",
380	"/3s3e/5s5s/4s4h",
381	"/3s3e/5s5s/4s4a",
382	"/3s3e/5s5s/4s4h",
383	"/3s3e/1s1i",
384	"/3s3e/1s1l",
385	"/3s3e/1s1i/4s4a",
386	"/3s3e/1s1i/4s4h",
387	"/3s3e/1s1l/4s4a",
388	"/3s3e/1s1l/4s4h",
389	"/3s3e/4s4a",
390	"/3s3e/4s4h",
391	"/3s3e/4s4a",
392	"/3s3e/4s4h",
393	"/5s5s",
394	"/5s5s/1s1i",
395	"/5s5s/1s1l",
396	"/5s5s/1s1i/4s4a",
397	"/5s5s/1s1i/4s4h",
398	"/5s5s/1s1l/4s4a",
399	"/5s5s/1s1l/4s4h",
400	"/5s5s/4s4a",
401	"/5s5s/4s4h",
402	"/5s5s/4s4a",
403	"/5s5s/4s4h",
404	"/1s1i",
405	"/1s1l",
406	"/1s1i/4s4a",
407	"/1s1i/4s4h",
408	"/1s1l/4s4a",
409	"/1s1l/4s4h",
410	"/4s4a",
411	"/4s4h",
412	"/4s4a",
413	"/4s4h",
414
415	/* done */
416	(char *) 0
417	};
418
419	static char *r_constructors[] = {
420	":",
421
422	#ifdef DEBUG2
423	(char *) 0,
424	#endif
425
426	"r",
427	"d",
428	"f",
429	"dr",
430	"fr",
431	"rf",
432	(char *) 0
433	};
434
435	int
436	GTry(rawtext, password)
437	char *rawtext;
438	char *password;
439	{
440	int i;
441	int len;
442	char *mp;
443
444	/* use destructors to turn password into rawtext */
445	/* note use of Reverse() to save duplicating all rules */
446
447	len = strlen(password);
448
449	for (i = 0; r_destructors[i]; i++)
450	{
451	if (!(mp = Mangle(password, r_destructors[i])))
452	{
453	continue;
454	}
455
456	#ifdef DEBUG
457	printf("%-16s = %-16s (destruct %s)\n", mp, rawtext, r_destructors[i]);
458	#endif
459
460	if (!strncmp(mp, rawtext, len))
461	{
462	return (1);
463	}
464
465	#ifdef DEBUG
466	printf("%-16s = %-16s (destruct %s reversed)\n", Reverse(mp), rawtext, r_destructors[i]);
467	#endif
468
469	if (!strncmp(Reverse(mp), rawtext, len))
470	{
471	return (1);
472	}
473	}
474
475	for (i = 0; r_constructors[i]; i++)
476	{
477	if (!(mp = Mangle(rawtext, r_constructors[i])))
478	{
479	continue;
480	}
481
482	#ifdef DEBUG
483	printf("%-16s = %-16s (construct %s)\n", mp, password, r_constructors[i]);
484	#endif
485
486	if (!strncmp(mp, password, len))
487	{
488	return (1);
489	}
490	}
491
492	return (0);
493	}
494
495	char *
496	FascistGecos(password, uid)
497	char *password;
498	int uid;
499	{
500	int i;
501	int j;
502	int wc;
503	char *ptr;
504	int gwords;
505	struct passwd *pwp, passwd;
506	char gbuffer[STRINGSIZE];
507	char tbuffer[STRINGSIZE];
508	char *sbuffer = NULL;
509	#ifdef HAVE_GETPWUID_R
510	size_t sbufferlen = LINE_MAX;
511	#endif
512	char *uwords[STRINGSIZE];
513	char longbuffer[STRINGSIZE * 2];
514
515	#ifdef HAVE_GETPWUID_R
516	sbuffer = malloc(sbufferlen);
517	if (sbuffer == NULL)
518	{
519	return ("memory allocation error");
520	}
521	while ((i = getpwuid_r(uid, &passwd, sbuffer, sbufferlen, &pwp)) != 0)
522	{
523	if (i == ERANGE)
524	{
525	free(sbuffer);
526
527	sbufferlen += LINE_MAX;
528	sbuffer = malloc(sbufferlen);
529
530	if (sbuffer == NULL)
531	{
532	return ("memory allocation error");
533	}
534	} else {
535	pwp = NULL;
536	break;
537	}
538	}
539	#else
540	/* Non-reentrant, but no choice since no _r routine */
541	pwp = getpwuid(uid);
542	#endif
543
544	if (pwp == NULL)
545	{
546	if (sbuffer)
547	{
548	free(sbuffer);
549	sbuffer = NULL;
550	}
551	return _("you are not registered in the password file");
552	}
553
554	/* lets get really paranoid and assume a dangerously long gecos entry */
555
556	strncpy(tbuffer, pwp->pw_name, STRINGSIZE);
557	tbuffer[STRINGSIZE-1] = '\0';
558	if (GTry(tbuffer, password))
559	{
560	if (sbuffer)
561	{
562	free(sbuffer);
563	sbuffer = NULL;
564	}
565	return _("it is based on your username");
566	}
567
568	/* it never used to be that you got passwd strings > 1024 chars, but now... */
569
570	strncpy(tbuffer, pwp->pw_gecos, STRINGSIZE);
571	tbuffer[STRINGSIZE-1] = '\0';
572	strcpy(gbuffer, Lowercase(tbuffer));
573
574	wc = 0;
575	ptr = gbuffer;
576	gwords = 0;
577	uwords[0] = (char *)0;
578
579	while (*ptr)
580	{
581	while (ptr && ISSKIP(ptr))
582	{
583	ptr++;
584	}
585
586	if (ptr != gbuffer)
587	{
588	ptr[-1] = '\0';
589	}
590
591	gwords++;
592	uwords[wc++] = ptr;
593
594	if (wc == STRINGSIZE)
595	{
596	uwords[--wc] = (char ) 0; / to hell with it */
597	break;
598	} else
599	{
600	uwords[wc] = (char *) 0;
601	}
602
603	while (ptr && !ISSKIP(ptr))
604	{
605	ptr++;
606	}
607
608	if (*ptr)
609	{
610	*(ptr++) = '\0';
611	}
612	}
613
614	#ifdef DEBUG
615	for (i = 0; uwords[i]; i++)
616	{
617	printf("gecosword %s\n", uwords[i]);
618	}
619	#endif
620
621	for (i = 0; uwords[i]; i++)
622	{
623	if (GTry(uwords[i], password))
624	{
625	if (sbuffer)
626	{
627	free(sbuffer);
628	sbuffer = NULL;
629	}
630	return _("it is based upon your password entry");
631	}
632	}
633
634	/* since uwords are taken from gbuffer, no uword can be longer than gbuffer */
635
636	for (j = 1; (j < gwords) && uwords[j]; j++)
637	{
638	for (i = 0; i < j; i++)
639	{
640	strcpy(longbuffer, uwords[i]);
641	strcat(longbuffer, uwords[j]);
642
643	if (GTry(longbuffer, password))
644	{
645	if (sbuffer)
646	{
647	free(sbuffer);
648	sbuffer = NULL;
649	}
650	return _("it is derived from your password entry");
651	}
652
653	strcpy(longbuffer, uwords[j]);
654	strcat(longbuffer, uwords[i]);
655
656	if (GTry(longbuffer, password))
657	{
658	if (sbuffer)
659	{
660	free(sbuffer);
661	sbuffer = NULL;
662	}
663	return _("it's derived from your password entry");
664	}
665
666	longbuffer[0] = uwords[i][0];
667	longbuffer[1] = '\0';
668	strcat(longbuffer, uwords[j]);
669
670	if (GTry(longbuffer, password))
671	{
672	if (sbuffer)
673	{
674	free(sbuffer);
675	sbuffer = NULL;
676	}
677	return _("it is derivable from your password entry");
678	}
679
680	longbuffer[0] = uwords[j][0];
681	longbuffer[1] = '\0';
682	strcat(longbuffer, uwords[i]);
683
684	if (GTry(longbuffer, password))
685	{
686	if (sbuffer)
687	{
688	free(sbuffer);
689	sbuffer = NULL;
690	}
691	return _("it's derivable from your password entry");
692	}
693	}
694	}
695
696	if (sbuffer)
697	{
698	free(sbuffer);
699	sbuffer = NULL;
700	}
701
702	return ((char *) 0);
703	}
704
705	char *
706	FascistLook(pwp, instring)
707	PWDICT *pwp;
708	char *instring;
709	{
710	int i;
711	char *ptr;
712	char *jptr;
713	char junk[STRINGSIZE];
714	char *password;
715	char rpassword[STRINGSIZE];
716	uint32_t notfound;
717
718	notfound = PW_WORDS(pwp);
719	/* already truncated if from FascistCheck() */
720	/* but pretend it wasn't ... */
721	strncpy(rpassword, instring, TRUNCSTRINGSIZE);
722	rpassword[TRUNCSTRINGSIZE - 1] = '\0';
723	password = rpassword;
724
725	if (strlen(password) < 4)
726	{
727	return _("it is WAY too short");
728	}
729
730	if (strlen(password) < MINLEN)
731	{
732	return _("it is too short");
733	}
734
735	jptr = junk;
736	*jptr = '\0';
737
738	for (i = 0; i < STRINGSIZE && password[i]; i++)
739	{
740	if (!strchr(junk, password[i]))
741	{
742	*(jptr++) = password[i];
743	*jptr = '\0';
744	}
745	}
746
747	if (strlen(junk) < MINDIFF)
748	{
749	return _("it does not contain enough DIFFERENT characters");
750	}
751
752	strcpy(password, (char *)Lowercase(password));
753
754	Trim(password);
755
756	while (password && isspace(password))
757	{
758	password++;
759	}
760
761	if (!*password)
762	{
763	return _("it is all whitespace");
764	}
765
766	i = 0;
767	ptr = password;
768	while (ptr[0] && ptr[1])
769	{
770	if ((ptr[1] == (ptr[0] + 1)) \|\| (ptr[1] == (ptr[0] - 1)))
771	{
772	i++;
773	}
774	ptr++;
775	}
776
777	if (i > MAXSTEP)
778	{
779	return _("it is too simplistic/systematic");
780	}
781
782	if (PMatch("aadddddda", password)) /* smirk */
783	{
784	return _("it looks like a National Insurance number.");
785	}
786
787	if ((ptr = FascistGecos(password, getuid())))
788	{
789	return (ptr);
790	}
791
792	/* it should be safe to use Mangle with its reliance on STRINGSIZE
793	since password cannot be longer than TRUNCSTRINGSIZE;
794	nonetheless this is not an elegant solution */
795
796	for (i = 0; r_destructors[i]; i++)
797	{
798	char *a;
799
800	if (!(a = Mangle(password, r_destructors[i])))
801	{
802	continue;
803	}
804
805	#ifdef DEBUG
806	printf("%-16s (dict)\n", a);
807	#endif
808
809	if (FindPW(pwp, a) != notfound)
810	{
811	return _("it is based on a dictionary word");
812	}
813	}
814
815	strcpy(password, (char *)Reverse(password));
816
817	for (i = 0; r_destructors[i]; i++)
818	{
819	char *a;
820
821	if (!(a = Mangle(password, r_destructors[i])))
822	{
823	continue;
824	}
825	#ifdef DEBUG
826	printf("%-16s (reversed dict)\n", a);
827	#endif
828	if (FindPW(pwp, a) != notfound)
829	{
830	return _("it is based on a (reversed) dictionary word");
831	}
832	}
833
834	return ((char *) 0);
835	}
836
837	const char *
838	FascistCheck(password, path)
839	const char *password;
840	const char *path;
841	{
842	PWDICT *pwp;
843	char pwtrunced[STRINGSIZE];
844	char *res;
845
846	/* If passed null for the path, use a compiled-in default */
847	if ( ! path )
848	{
849	path = DEFAULT_CRACKLIB_DICT;
850	}
851
852	/* security problem: assume we may have been given a really long
853	password (buffer attack) and so truncate it to a workable size;
854	try to define workable size as something from which we cannot
855	extend a buffer beyond its limits in the rest of the code */
856
857	strncpy(pwtrunced, password, TRUNCSTRINGSIZE);
858	pwtrunced[TRUNCSTRINGSIZE - 1] = '\0'; /* enforce */
859
860	/* perhaps someone should put something here to check if password
861	is really long and syslog() a message denoting buffer attacks? */
862
863	if (!(pwp = PWOpen(path, "r")))
864	{
865	/* shouldn't perror in a library or exit */
866	/* but should we return a "bad password" or "good password" if this error occurs */
867	perror("PWOpen");
868	exit(-1);
869	}
870
871	/* sure seems like we should close the database, since we're only likely to check one password */
872	res = FascistLook(pwp, pwtrunced);
873
874	PWClose(pwp);
875	pwp = (PWDICT *)0;
876
877	return res;
878	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: