From owner-freebsd-hackers@FreeBSD.ORG  Thu Dec 11 06:32:34 2008
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 7980F1065670
	for <freebsd-hackers@freebsd.org>; Thu, 11 Dec 2008 06:32:34 +0000 (UTC)
	(envelope-from keramida@ceid.upatras.gr)
Received: from igloo.linux.gr (igloo.linux.gr [62.1.205.36])
	by mx1.freebsd.org (Postfix) with ESMTP id EB5D08FC12
	for <freebsd-hackers@freebsd.org>; Thu, 11 Dec 2008 06:32:33 +0000 (UTC)
	(envelope-from keramida@ceid.upatras.gr)
Received: from kobe.laptop (adsl22-219.kln.forthnet.gr [77.49.149.219])
	(authenticated bits=128)
	by igloo.linux.gr (8.14.3/8.14.3/Debian-5) with ESMTP id mBB6WNgS015051
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
	Thu, 11 Dec 2008 08:32:28 +0200
Received: from kobe.laptop (kobe.laptop [127.0.0.1])
	by kobe.laptop (8.14.3/8.14.3) with ESMTP id mBB6WMs8003379;
	Thu, 11 Dec 2008 08:32:22 +0200 (EET)
	(envelope-from keramida@ceid.upatras.gr)
Received: (from keramida@localhost)
	by kobe.laptop (8.14.3/8.14.3/Submit) id mBB6WLki003378;
	Thu, 11 Dec 2008 08:32:21 +0200 (EET)
	(envelope-from keramida@ceid.upatras.gr)
From: Giorgos Keramidas <keramida@ceid.upatras.gr>
To: "Sheldon Givens" <sheldon@sigsegv.ca>
References: <f4ecc0930812101800g601d9f10jc008e83d82b54a81@mail.gmail.com>
Date: Thu, 11 Dec 2008 08:32:21 +0200
In-Reply-To: <f4ecc0930812101800g601d9f10jc008e83d82b54a81@mail.gmail.com>
	(Sheldon Givens's message of "Wed, 10 Dec 2008 18:00:25 -0800")
Message-ID: <87vdtr9q8a.fsf@kobe.laptop>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.60 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-MailScanner-ID: mBB6WNgS015051
X-Hellug-MailScanner: Found to be clean
X-Hellug-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
	score=-3.86, required 5, autolearn=not spam, ALL_TRUSTED -1.80,
	AWL 0.54, BAYES_00 -2.60)
X-Hellug-MailScanner-From: keramida@ceid.upatras.gr
X-Spam-Status: No
Cc: freebsd-hackers@freebsd.org
Subject: Re: Small Change to chpass.c
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Dec 2008 06:32:34 -0000

On Wed, 10 Dec 2008 18:00:25 -0800, "Sheldon Givens" <sheldon@sigsegv.ca> wrote:
> Hi guys,
>
> When I was doing some user management today I noticed that chpass, and
> all the utilities that use chpass.c, only give one attempt to
> authenticate to make the change. After I messed this up once or twice
> (and after doing 4-5 minutes of editing only to have it lost when I
> typo'd the password) I wrote this little change in to chpass.c.

This seems useful, thanks for submitting the patch :)

> ---snip---
> --- /usr/src/usr.bin/chpass.c   2008-12-11 01:55:27.000000000 -0800
> +++ /usr/src/usr.bin/chpass.c   2008-12-11 01:57:09.000000000 -0800
> @@ -80,10 +80,11 @@
>  {
>         enum { NEWSH, LOADENTRY, EDITENTRY, NEWPW, NEWEXP } op;
>         struct passwd lpw, *old_pw, *pw;
> -       int ch, pfd, tfd;
> +       int ch, pfd, tfd, itr, auth;
>         const char *password;
>         char *arg = NULL;
>         uid_t uid;
> +       int max_retries = 3;
>  #ifdef YP
>         struct ypclnt *ypclnt;
>         const char *yp_domain = NULL, *yp_host = NULL;
> @@ -227,9 +228,16 @@
>         }
>
>         if (old_pw && !master_mode) {
> -               password = getpass("Password: ");
> -               if (strcmp(crypt(password, old_pw->pw_passwd),
> -                   old_pw->pw_passwd) != 0)
> +               auth = 0;
> +               for(itr=0;itr<max_retries;itr++) {
> +                       password = getpass("Password:");
> +                       if(strcmp(crypt(password, old_pw->pw_passwd),
> +                       old_pw->pw_passwd) == 0) {
> +                               auth=1;
> +                               break;
> +                       }
> +               }
> +               if (!auth)
>                         baduser();
>         } else {
>                 password = "";
> ---snip---

You can probably do away with `auth' and reset password to NULL when
strcmp() fails (note that we also use whitespace in for statements to
separate everything more clearly):

        if (old_pw && !master_mode) {
                for (itr = 0; itr < max_retries; itr++) {
                        password = getpass("Password:");
                        if (strcmp(crypt(password, old_pw->pw_passwd),
                            old_pw->pw_passwd) != 0)
                                break;
                        password = NULL;
                }
                if (password == NULL)
                        baduser();
        } else {
                password = "";