I can't recall the API for GetValue, but the call there doesn't look correct. There should have been some compiler errors in there...
Is the fourth parameter the size of the buffer at the second parameter? If so, keep it set to "sizeof Newu", or however you see it in other function calls. And Simone Lazzaris is correct, tolower() take a single char as an argument (not a pointer to a string) and returns the lowercase version of that char. There are functions already in QmailAdmin for converting an entire string to lowercase or uppercase. It's been many years since I've worked with that code, so I can't remember the names. Try looking in util.c. -Tom -----Original Message----- From: Adam Lyle [mailto:[email protected]] Sent: Monday, June 04, 2012 6:56 AM To: [email protected] Subject: [qmailadmin] [SPAM] Patching qmailadmin to compare username and passwords Greetings, I'll start by saying that I am not a C programmer, but I have been looking through the source code trying to get this functionality to work. Here's my end goal. The username is converted to lowercase The password is converted to lowercase They are compared and if the same or similar an error is generated. Now, I know that this is similar to the trivial passwords check, but there is a difference that I will explain. I have patched qmailamin 1.2.15 to use the cracklib patch, and that is working well. I enabled trivial password checking and that works, mostly. I have been able to still get by a weak combination using the following: username: TestWeak1 password: TestWeak1 What I believe is happening is that qmailadmin is converting the username to lowercase at some point but leaving the password unaltered. When it does the strstr compare it doesn't match, so it passes the combination as being good. I tried cobbling this together: GetValue(TmpCGI,Newu, "newu=", tolower(Newu)); GetValue(TmpCGI,Password1, "password1=", tolower(Password1)); if ( strstr(Newu,Password1) !=NULL ) { snprintf (StatusMessage, "Bad username and password combination, to similar - %s\n", html_text[175]); adduser(); vclose(); exit(0); } But while that compiles without an error, qmailadmin fails when I try to add a new user. I've tried searching various C programming pages, but without a solid frame of reference I am just taking stabs in the dark. Does anyone have a way to include this functionality?? Thanks, -Adam !DSPAM:4fcc765b34204458318646!
