int
main(int argc, char **argv)
{
char buf[LINE_MAX];
const char *why;
int i;
setlocale(LC_ALL, "");
textdomain(PACKAGE);
while (fgets(buf, sizeof(buf), stdin) != NULL) {
while (((i = strlen(buf)) > 0) && (i > 0)) {
if (strchr("\r\n", buf[i - 1]) != NULL) {
buf[i - 1] = '\0';
i--;
} else {
break;
}
}
why = FascistCheck(buf,
argc > 1 ?
argv[1] :
NULL);
if ((why != NULL) && (strlen(why) > 0)) {
printf("%s: %s\n", buf, why);
} else {
printf("%s: OK\n", buf);
}
}
return 0;
}
static int _pam_unix_approve_pass(pam_handle_t * pamh
,unsigned int ctrl
,const char *pass_old
,const char *pass_new)
{
const char *user;
const char *remark = NULL;
int retval = PAM_SUCCESS;
D(("&new=%p, &old=%p", pass_old, pass_new));
D(("new=[%s]", pass_new));
D(("old=[%s]", pass_old));
if (pass_new == NULL || (pass_old && !strcmp(pass_old, pass_new))) {
if (on(UNIX_DEBUG, ctrl)) {
_log_err(LOG_DEBUG, pamh, "bad authentication token");
}
_make_remark(pamh, ctrl, PAM_ERROR_MSG, pass_new == NULL ?
"No password supplied" : "Password unchanged");
return PAM_AUTHTOK_ERR;
}
/*
* if one wanted to hardwire authentication token strength
* checking this would be the place - AGM
*/
retval = pam_get_item(pamh, PAM_USER, (const void **) &user);
if (retval != PAM_SUCCESS) {
if (on(UNIX_DEBUG, ctrl)) {
_log_err(LOG_ERR, pamh, "Can not get username");
return PAM_AUTHTOK_ERR;
}
}
if (off(UNIX__IAMROOT, ctrl)) {
#ifdef USE_CRACKLIB
remark = FascistCheck(pass_new, CRACKLIB_DICTS);
D(("called cracklib [%s]", remark));
#else
if (strlen(pass_new) < 6)
remark = "You must choose a longer password";
D(("lenth check [%s]", remark));
#endif
if (on(UNIX_REMEMBER_PASSWD, ctrl))
if ((retval = check_old_password(user, pass_new)) != PAM_SUCCESS)
remark = "Password has been already used. Choose another.";
}
if (remark) {
_make_remark(pamh, ctrl, PAM_ERROR_MSG, remark);
retval = PAM_AUTHTOK_ERR;
}
return retval;
}
const char *
passwd_check(krb5_context context, krb5_principal principal,
krb5_data *password)
{
char *p, *result;
p = malloc(password->length + 1);
if (p == NULL)
return "out of memory";
memcpy(p, password->data, password->length);
p[password->length] = '\0';
result = FascistCheck(p, LOCALBASE "/libdata/cracklib/pw_dict");
free(p);
return result;
}
const char*
check_cracklib(krb5_context context,
krb5_principal principal,
krb5_data *password)
{
char *s = malloc(password->length + 1);
char *msg;
char *strings[2];
if(s == NULL)
return NULL; /* XXX */
strings[0] = principal->name.name_string.val[0]; /* XXX */
strings[1] = NULL;
memcpy(s, password->data, password->length);
s[password->length] = '\0';
msg = FascistCheck(s, DICTPATH, strings);
memset(s, 0, password->length);
free(s);
return msg;
}
int main(int argc, char **argv) {
extern char *optarg;
int c;
char f[256];
char *dictionary = NULL;
char *password;
char *reply;
while ( (c = getopt(argc, argv, "d:")) != EOF){
switch(c) {
case 'd':
dictionary = strdup(optarg);
break;
default:
usage(argv[0]);
}
}
if (dictionary == NULL) {
fprintf(stderr, "ERR - Wrong Command Line\n\n");
usage(argv[0]);
}
password = fgets(f, sizeof(f), stdin);
if (password == NULL) {
fprintf(stderr, "ERR - Failed to read password\n\n");
exit(-2);
}
reply = FascistCheck(password, dictionary);
if (reply != NULL) {
fprintf(stderr, "ERR - %s\n\n", reply);
exit(-3);
}
exit(0);
}
/* 1: password, 2: dictpath */
static ERL_NIF_TERM
nif_check(ErlNifEnv *env, int argc, const ERL_NIF_TERM argv[])
{
PRIV *priv = NULL;
ErlNifBinary passwd;
ErlNifBinary path;
char *err = NULL;
priv = (PRIV *)enif_priv_data(env);
if (!enif_inspect_iolist_as_binary(env, argv[0], &passwd))
return enif_make_badarg(env);
if (!enif_inspect_iolist_as_binary(env, argv[1], &path))
return enif_make_badarg(env);
/* NULL terminate strings */
if (!enif_realloc_binary(&passwd, passwd.size+1))
return atom_enomem;
if (!enif_realloc_binary(&path, path.size+1))
return atom_enomem;
/* passwd.size is now equal to old passwd.size+1 */
passwd.data[passwd.size-1] = '\0';
path.data[path.size-1] = '\0';
enif_mutex_lock(priv->lock);
err = (char *)FascistCheck((char *)passwd.data, (char *)path.data);
enif_mutex_unlock(priv->lock);
(void)memset(passwd.data, '\0', passwd.size);
enif_release_binary(&passwd);
enif_release_binary(&path);
return ( (err == NULL) ? atom_ok : error_tuple(env, err));
}
int main(int ARGC, char* ARGV[]) {
char gecos[256];
char* path = "/usr/local/lib/pw_dict";
char passwd[256];
char* retval;
if (ARGC < 4) {
printf("Usage: checkpass <pass> <login> <fullname>\n");
return 0;
}
strcpy(passwd,ARGV[1]);
sprintf(gecos,"%s:%s",ARGV[2],ARGV[3]);
retval = (char *) FascistCheck(passwd,path,gecos);
if (retval!=NULL) {
printf("Invalid Password: %s\n",retval);
return 1;
}
printf("ok\n");
return 0;
}
int
main ()
{
char buffer[1024];
printf("enter potential passwords, one per line...\n");
while (fgets (buffer, 1000, stdin))
{
const char *val;
Chop(buffer);
val = FascistCheck(buffer, NULL);
if (!val)
{
val = "ok";
}
printf ("%s: %s\n", buffer, val);
}
return (0);
}
/* this matches the code in uam_randnum.c */
static int update_passwd(const char *path, const char *name, int flags)
{
char password[PASSWDLEN + 1], *p, *passwd;
FILE *fp;
off_t pos;
int keyfd = -1, err = 0;
if ((fp = fopen(path, "r+")) == NULL) {
fprintf(stderr, "afppasswd: can't open %s\n", path);
return -1;
}
/* open the key file if it exists */
strcpy(buf, path);
if (strlen(path) < sizeof(buf) - 5) {
strcat(buf, ".key");
keyfd = open(buf, O_RDONLY);
}
pos = ftell(fp);
memset(buf, 0, sizeof(buf));
while (fgets(buf, sizeof(buf), fp)) {
if ((p = strchr(buf, ':'))) {
/* check for a match */
if (strlen(name) == (p - buf) &&
strncmp(buf, name, p - buf) == 0) {
p++;
if (!(flags & OPT_ISROOT) && (*p == PASSWD_ILLEGAL)) {
fprintf(stderr, "Your password is disabled. Please see your administrator.\n");
break;
}
goto found_entry;
}
}
pos = ftell(fp);
memset(buf, 0, sizeof(buf));
}
if (flags & OPT_ADDUSER) {
strcpy(buf, name);
strcat(buf, FORMAT);
p = strchr(buf, ':') + 1;
fwrite(buf, strlen(buf), 1, fp);
} else {
fprintf(stderr, "afppasswd: can't find %s in %s\n", name, path);
err = -1;
goto update_done;
}
found_entry:
/* need to verify against old password */
if ((flags & OPT_ISROOT) == 0) {
passwd = getpass("Enter OLD AFP password: "******"afppasswd: invalid password.\n");
err = -1;
goto update_done;
}
}
/* new password */
passwd = getpass("Enter NEW AFP password: "******"Error: %s\n", passwd);
err = -1;
goto update_done;
}
}
#endif /* USE_CRACKLIB */
passwd = getpass("Enter NEW AFP password again: ");
if (strcmp(passwd, password) == 0) {
struct flock lock;
int fd = fileno(fp);
convert_passwd(p, password, keyfd);
lock.l_type = F_WRLCK;
lock.l_start = pos;
lock.l_len = 1;
lock.l_whence = SEEK_SET;
fseek(fp, pos, SEEK_SET);
fcntl(fd, F_SETLKW, &lock);
fwrite(buf, p - buf + HEXPASSWDLEN, 1, fp);
lock.l_type = F_UNLCK;
fcntl(fd, F_SETLK, &lock);
printf("afppasswd: updated password.\n");
} else {
fprintf(stderr, "afppasswd: passwords don't match!\n");
err = -1;
}
update_done:
if (keyfd > -1)
close(keyfd);
fclose(fp);
return err;
}
int
check_password (char *pPasswd, char **ppErrStr, Entry *pEntry)
{
char *szErrStr = (char *) ber_memalloc(MEM_INIT_SZ);
int mem_len = MEM_INIT_SZ;
int nLen;
int nLower = 0;
int nUpper = 0;
int nDigit = 0;
int nPunct = 0;
int min_lower = 0;
int min_upper = 0;
int min_digit = 0;
int min_punct = 0;
int max_consecutive_per_class = 0;
int nQuality = 0;
int i;
/* Set a sensible default to keep original behaviour. */
int min_quality = DEFAULT_QUALITY;
int use_cracklib = DEFAULT_CRACKLIB;
nLen = strlen (pPasswd);
if (read_config_file() == -1) {
syslog(LOG_ERR, "Warning: Could not read values from config file %s. Using defaults.", CONFIG_FILE);
#if defined(LDEBUG)
printf("Error: Could not read values from config file %s\n", CONFIG_FILE);
#endif
}
#if defined(LDEBUG) || defined(DEBUG)
print_config_entries();
#endif
min_quality = get_config_entry_int("min_points");
use_cracklib = get_config_entry_int("use_cracklib");
min_upper = get_config_entry_int("min_upper");
min_lower = get_config_entry_int("min_lower");
min_digit = get_config_entry_int("min_digit");
min_punct = get_config_entry_int("min_punct");
max_consecutive_per_class = get_config_entry_int("max_consecutive_per_class");
/* Check Max Consecutive Per Class first since this has the most likelihood
* of being wrong.
*/
if ( max_consecutive_per_class != 0 ) {
char prev_type = '\0';
char this_type = ' ';
i = 0;
int consec_chars = 0;
for ( i = 0; i < nLen; i++ ) {
if ( islower(pPasswd[i]) ) {
this_type = 'l';
}
else if ( isupper(pPasswd[i]) ) {
this_type = 'u';
}
else if ( isdigit(pPasswd[i]) ) {
this_type = 'd';
}
else if ( ispunct(pPasswd[i]) ) {
this_type = 'p';
}
else {
this_type = ' ';
}
if (this_type == prev_type) {
++consec_chars;
} else if (i > 0) {
consec_chars = 0;
}
prev_type = this_type;
if ( consec_chars >= max_consecutive_per_class ) {
mem_len = realloc_error_message(&szErrStr, mem_len,
strlen(CONSEC_FAIL_SZ) +
strlen(pEntry->e_name.bv_val));
sprintf (szErrStr, CONSEC_FAIL_SZ, pEntry->e_name.bv_val);
goto fail;
}
}
}
/** The password must have at least min_quality strength points with one
* point for the first occurrance of a lower, upper, digit and
* punctuation character
*/
for ( i = 0; i < nLen; i++ ) {
//if ( nQuality >= min_quality ) break;
if ( islower (pPasswd[i]) ) {
min_lower--;
if ( !nLower && (min_lower < 1)) {
nLower = 1; nQuality++;
#if defined(DEBUG)
syslog(LOG_NOTICE, "check_password: Found lower character - quality raise %d", nQuality);
#endif
#if defined(LDEBUG)
printf("check_password: Found lower character - quality raise %d\n", nQuality);
#endif
}
continue;
}
if ( isupper (pPasswd[i]) ) {
min_upper--;
if ( !nUpper && (min_upper < 1)) {
nUpper = 1; nQuality++;
#if defined(DEBUG)
syslog(LOG_NOTICE, "check_password: Found upper character - quality raise %d", nQuality);
#endif
#if defined(LDEBUG)
printf("check_password: Found upper character - quality raise %d\n", nQuality);
#endif
}
continue;
}
if ( isdigit (pPasswd[i]) ) {
min_digit--;
if ( !nDigit && (min_digit < 1)) {
nDigit = 1; nQuality++;
#if defined(DEBUG)
syslog(LOG_NOTICE, "check_password: Found digit character - quality raise %d", nQuality);
#endif
#if defined(LDEBUG)
printf("check_password: Found digit character - quality raise %d\n", nQuality);
#endif
}
continue;
}
if ( ispunct (pPasswd[i]) ) {
min_punct--;
if ( !nPunct && (min_punct < 1)) {
nPunct = 1; nQuality++;
#if defined(DEBUG)
syslog(LOG_NOTICE, "check_password: Found punctuation character - quality raise %d", nQuality);
#endif
#if defined(LDEBUG)
printf("check_password: Found punctuation character - quality raise %d\n", nQuality);
#endif
}
continue;
}
}
/*
* If you have a required field, then it should be required in the strength
* checks.
*/
if (
(min_lower > 0 ) ||
(min_upper > 0 ) ||
(min_digit > 0 ) ||
(min_punct > 0 ) ||
(nQuality < min_quality)
) {
mem_len = realloc_error_message(&szErrStr, mem_len,
strlen(PASSWORD_QUALITY_SZ) +
strlen(pEntry->e_name.bv_val) + 2);
sprintf (szErrStr, PASSWORD_QUALITY_SZ, pEntry->e_name.bv_val,
nQuality, min_quality);
goto fail;
}
#ifdef HAVE_CRACKLIB
/** Check password with cracklib */
if ( use_cracklib > 0 ) {
int j = 0;
FILE* fp;
char filename[FILENAME_MAXLEN];
char const* ext[] = { "hwm", "pwd", "pwi" };
int nErr = 0;
/**
* Silently fail when cracklib wordlist is not found
*/
for ( j = 0; j < 3; j++ ) {
snprintf (filename, FILENAME_MAXLEN - 1, "%s.%s", \
CRACKLIB_DICTPATH, ext[j]);
if (( fp = fopen ( filename, "r")) == NULL ) {
nErr = 1;
break;
} else {
fclose (fp);
}
}
char *r;
if ( nErr == 0) {
r = (char *) FascistCheck (pPasswd, CRACKLIB_DICTPATH);
if ( r != NULL ) {
mem_len = realloc_error_message(&szErrStr, mem_len,
strlen(BAD_PASSWORD_SZ) +
strlen(pEntry->e_name.bv_val) +
strlen(r));
sprintf (szErrStr, BAD_PASSWORD_SZ, pEntry->e_name.bv_val, r);
goto fail;
}
}
}
else {
#if defined(DEBUG)
syslog(LOG_NOTICE, "check_password: Cracklib verification disabled by configuration");
#endif
#if defined(LDEBUG)
printf("check_password: Cracklib verification disabled by configuration");
#endif
}
#endif
#if defined(LDEBUG) || defined(DEBUG)
print_config_entries();
#endif
dealloc_config_entries();
*ppErrStr = strdup ("");
ber_memfree(szErrStr);
return (LDAP_SUCCESS);
fail:
dealloc_config_entries();
*ppErrStr = strdup (szErrStr);
ber_memfree(szErrStr);
return (EXIT_FAILURE);
}
/*
* check_password
*
* performs checks on an encrypted or unencrypted password
* ereport's if not acceptable
*
* username: name of role being created or changed
* password: new password (possibly already encrypted)
* password_type: PASSWORD_TYPE_PLAINTEXT or PASSWORD_TYPE_MD5 (there
* could be other encryption schemes in future)
* validuntil_time: password expiration time, as a timestamptz Datum
* validuntil_null: true if password expiration time is NULL
*
* This sample implementation doesn't pay any attention to the password
* expiration time, but you might wish to insist that it be non-null and
* not too far in the future.
*/
static void
check_password(const char *username,
const char *password,
int password_type,
Datum validuntil_time,
bool validuntil_null)
{
int namelen = strlen(username);
int pwdlen = strlen(password);
char encrypted[MD5_PASSWD_LEN + 1];
int i;
bool pwd_has_letter,
pwd_has_nonletter;
switch (password_type)
{
case PASSWORD_TYPE_MD5:
/*
* Unfortunately we cannot perform exhaustive checks on encrypted
* passwords - we are restricted to guessing. (Alternatively, we
* could insist on the password being presented non-encrypted, but
* that has its own security disadvantages.)
*
* We only check for username = password.
*/
if (!pg_md5_encrypt(username, username, namelen, encrypted))
elog(ERROR, "password encryption failed");
if (strcmp(password, encrypted) == 0)
ereport(ERROR,
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
errmsg("password must not contain user name")));
break;
case PASSWORD_TYPE_PLAINTEXT:
/*
* For unencrypted passwords we can perform better checks
*/
/* enforce minimum length */
if (pwdlen < MIN_PWD_LENGTH)
ereport(ERROR,
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
errmsg("password is too short")));
/* check if the password contains the username */
if (strstr(password, username))
ereport(ERROR,
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
errmsg("password must not contain user name")));
/* check if the password contains both letters and non-letters */
pwd_has_letter = false;
pwd_has_nonletter = false;
for (i = 0; i < pwdlen; i++)
{
/*
* isalpha() does not work for multibyte encodings but let's
* consider non-ASCII characters non-letters
*/
if (isalpha((unsigned char) password[i]))
pwd_has_letter = true;
else
pwd_has_nonletter = true;
}
if (!pwd_has_letter || !pwd_has_nonletter)
ereport(ERROR,
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
errmsg("password must contain both letters and nonletters")));
#ifdef USE_CRACKLIB
/* call cracklib to check password */
if (FascistCheck(password, CRACKLIB_DICTPATH))
ereport(ERROR,
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
errmsg("password is easily cracked")));
#endif
break;
default:
elog(ERROR, "unrecognized password type: %d", password_type);
break;
}
/* all checks passed, password is ok */
}
static void Add_rpg_user()
{
char *username_string = NULL;
const char *pw_flag = NULL;
char buf[ 250 ] = "";
char output_buffer[ MAX_TEXT_OUTPUT_SIZE ] = "";
int return_code = -1;
int n_bytes = -1;
HCI_LE_log( "Adding RPG user" );
/* Fetch username and password from appropriate widgets. */
username_string = XmTextGetString( Username_input );
/* If username or password is of length zero, then warn user. */
if( strlen( username_string ) == 0 )
{
HCI_LE_error( "User name to add is empty" );
Error_popup( "No \"User's Name\" specified to add." );
}
else if( strlen( username_string ) < MIN_NAME_LENGTH || strlen( username_string ) > MAX_NAME_LENGTH )
{
HCI_LE_error( "Invaild Username length" );
Error_popup( "Invalid Username length." );
}
else if( strlen( New_user_passwd ) == 0 )
{
HCI_LE_error( "No password specified" );
Error_popup( "No \"Password\" specified." );
}
else if( strlen( New_user_passwd ) < MIN_PASSWD_LENGTH || strlen( New_user_passwd ) > MAX_PASSWD_LENGTH )
{
HCI_LE_error( "Invalid password length" );
Error_popup( "Invalid Password length." );
XtVaSetValues( Password_input, XmNvalue, "", NULL );
XtVaSetValues( Retype_password_input, XmNvalue, "", NULL );
}
else if( strcmp( New_user_passwd, Retype_new_user_passwd) != 0 )
{
HCI_LE_error( "Passwords do not match" );
Error_popup( "Passwords do not match." );
XtVaSetValues( Password_input, XmNvalue, "", NULL );
XtVaSetValues( Retype_password_input, XmNvalue, "", NULL );
}
else
{
/* Remove /tmp/gconfd-username if it exists. If the directory exists,
the user has been added before. If the ownership info doesn't
match (i.e. the user now has a different uid), then problems may
arise when the user logs on. Since passing -f flag to 'rm', no
check of the 'rm' command's return value is necessary (always 0). */
sprintf( buf, "/bin/rm -rf /tmp/gconfd-%s", username_string );
return_code = MISC_system_to_buffer( buf, output_buffer,
MAX_TEXT_OUTPUT_SIZE, &n_bytes );
return_code = return_code >> 8;
/* Make sure password is valid. */
pw_flag = FascistCheck( New_user_passwd, CRACKLIB_PATH );
if( pw_flag != NULL )
{
HCI_LE_error( "Password validation failed: %s", pw_flag );
sprintf( output_buffer, "BAD PASSWORD: %s", pw_flag );
Error_popup( output_buffer );
XtVaSetValues( Password_input, XmNvalue, "", NULL );
XtVaSetValues( Retype_password_input, XmNvalue, "", NULL );
return;
}
/* Add RPG user to system. */
New_salt_key();
sprintf( buf, "/usr/sbin/useradd -n -p %s -G uucp,lock,floppy,disk,wheel %s",
crypt( New_user_passwd, Salt_key ), username_string );
return_code = MISC_system_to_buffer( buf, output_buffer,
MAX_TEXT_OUTPUT_SIZE, &n_bytes );
return_code = return_code >> 8;
if( return_code != 0 )
{
HCI_LE_error( "useradd command failed: %d", return_code );
sprintf( buf, "\nError adding RPG User %s.\n", username_string );
strcat( output_buffer, buf );
Error_popup( output_buffer );
}
else
{
sprintf( buf, "chage -d 1 %s", username_string );
return_code = MISC_system_to_buffer( buf, output_buffer,
MAX_TEXT_OUTPUT_SIZE, &n_bytes );
return_code = return_code >> 8;
if( return_code != 0 )
{
HCI_LE_error( "chage command failed: %d", return_code );
sprintf( buf, "\nUser successfully added, but password not expired.\nTell RPG User to change password at login.\n" );
strcat( output_buffer, buf );
Error_popup( output_buffer );
}
sprintf( buf, "chmod 750 /home/%s", username_string );
return_code = MISC_system_to_buffer( buf, output_buffer,
MAX_TEXT_OUTPUT_SIZE, &n_bytes );
return_code = return_code >> 8;
if( return_code != 0 )
{
HCI_LE_error( "chmod command failed: %d", return_code );
sprintf( buf, "\nUser successfully added, but unable to set\npermission of /home/%s.\n", username_string );
strcat( output_buffer, buf );
Error_popup( output_buffer );
}
Add_user_to_operate_rpg_file( username_string );
}
XtVaSetValues( Password_input, XmNvalue, "", NULL );
XtVaSetValues( Retype_password_input, XmNvalue, "", NULL );
XtVaSetValues( Username_input, XmNvalue, "", NULL );
}
XtFree( username_string );
}
static PyObject *
_cracklib_FascistCheck(PyObject *self, PyObject *args, PyObject *kwargs)
{
char *candidate, *dict;
char *defaultdict = NULL;
const char *result;
struct stat st;
char *keywords[] = {"pw", "dictpath", NULL};
char *dictfile;
self = NULL;
candidate = NULL;
dict = NULL;
if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s|s", keywords,
&candidate, &dict))
{
PyErr_SetString(PyExc_ValueError, "error parsing arguments");
return NULL;
}
if (candidate == NULL)
{
PyErr_SetString(PyExc_ValueError, "first argument was not a string!");
return NULL;
}
if (dict != NULL)
{
if (dict[0] != '/')
{
PyErr_SetString(PyExc_ValueError,
"second argument was not an absolute path!");
return NULL;
}
dictfile = malloc(strlen(dict) + sizeof(DICT_SUFFIX));
if (dictfile == NULL)
{
PyErr_SetFromErrnoWithFilename(PyExc_OSError, dict);
return NULL;
}
sprintf(dictfile, "%s" DICT_SUFFIX, dict);
if (lstat(dictfile, &st) == -1)
{
PyErr_SetFromErrnoWithFilename(PyExc_OSError, dictfile);
free(dictfile);
return NULL;
}
free(dictfile);
} else
{
defaultdict = strdup(GetDefaultCracklibDict());
if (errno == ENOMEM) {
PyErr_SetFromErrno(PyExc_OSError);
return NULL;
}
dictfile = malloc(strlen(defaultdict) + sizeof(DICT_SUFFIX));
if (dictfile == NULL)
{
PyErr_SetFromErrnoWithFilename(PyExc_OSError, defaultdict);
free(defaultdict);
return NULL;
}
sprintf(dictfile, "%s" DICT_SUFFIX, defaultdict);
if (lstat(dictfile, &st) == -1)
{
PyErr_SetFromErrnoWithFilename(PyExc_OSError, dictfile);
free(defaultdict);
free(dictfile);
return NULL;
}
free(dictfile);
}
setlocale(LC_ALL, "");
#ifdef ENABLE_NLS
textdomain("cracklib");
#endif
LOCK();
result = FascistCheck(candidate, dict ? dict : defaultdict);
UNLOCK();
if (defaultdict != NULL)
{
free(defaultdict);
}
if (result != NULL)
{
PyErr_SetString(PyExc_ValueError, result);
return NULL;
}
return Py_BuildValue("s", candidate);
}
