rpms/pam_passwdqc/devel patch-219201.patch, NONE, 1.1 pam_passwdqc.spec, 1.16, 1.17
avesh agarwal
avesh at fedoraproject.org
Tue Sep 29 16:22:08 UTC 2009
- Previous message (by thread): rpms/hplip/F-11 hplip-device-reconnected.patch, NONE, 1.1 hplip.spec, 1.232, 1.233
- Next message (by thread): rpms/surfraw/devel import.log, NONE, 1.1 .cvsignore, 1.2, 1.3 sources, 1.2, 1.3 surfraw.spec, 1.3, 1.4
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: avesh
Update of /cvs/pkgs/rpms/pam_passwdqc/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv24935
Modified Files:
pam_passwdqc.spec
Added Files:
patch-219201.patch
Log Message:
* Tue Sep 29 2009 Avesh Agarwal <avagarwa at redhat.com> - 1.0.5-4
- Patch for new configurable options(rhbz# 219201):
disable first upper and last digit check, passwords
prompts can be read from a file
patch-219201.patch:
README | 13 ++++++++++++-
pam_passwdqc.c | 45 ++++++++++++++++++++++++++++++++++++++++-----
passwdqc.h | 3 +++
passwdqc_check.c | 10 ++++++----
4 files changed, 61 insertions(+), 10 deletions(-)
--- NEW FILE patch-219201.patch ---
diff -urNp pam_passwdqc-1.0.5-orig/pam_passwdqc.c pam_passwdqc-1.0.5/pam_passwdqc.c
--- pam_passwdqc-1.0.5-orig/pam_passwdqc.c 2008-02-12 15:11:13.000000000 -0500
+++ pam_passwdqc-1.0.5/pam_passwdqc.c 2009-09-28 12:10:32.171696694 -0400
@@ -70,6 +70,8 @@ typedef struct {
passwdqc_params_t qc;
int flags;
int retry;
+ char oldpass_prompt_file[FILE_LEN+1];
+ char newpass_prompt_file[FILE_LEN+1];
} params_t;
static params_t defaults = {
@@ -79,10 +81,13 @@ static params_t defaults = {
3, /* passphrase_words */
4, /* match_length */
1, /* similar_deny */
- 42 /* random_bits */
+ 42, /* random_bits */
+ 1 /* firstupper_lastdigit_check */
},
F_ENFORCE_EVERYONE, /* flags */
- 3 /* retry */
+ 3, /* retry */
+ "", /* oldpass_prompt_file */
+ "" /* newpass_prompt_file */
};
#define PROMPT_OLDPASS \
@@ -361,6 +366,37 @@ static int parse(params_t *params, pam_h
if (!strcmp(*argv, "use_authtok")) {
params->flags |= F_USE_AUTHTOK;
} else
+ if (!strcmp(*argv, "disable_firstupper_lastdigit_check")) {
+ params->qc.firstupper_lastdigit_check = 0;
+ } else
+ if (!strncmp(*argv, "oldpass_prompt_file=", 20)) {
+ int n;
+ FILE *fp = fopen(*argv + 20, "r");
+ if (fp) {
+ n=fread(params->oldpass_prompt_file, sizeof(char), FILE_LEN, fp);
+ if (0==n || ferror(fp)!=0 ) {
+ memset(params->oldpass_prompt_file, '\0', FILE_LEN+1);
+ }
+ else {
+ feof(fp)? (params->oldpass_prompt_file[n-1]='\0'): (params->oldpass_prompt_file[n]='\0');
+ }
+ fclose(fp);
+ }
+ } else
+ if (!strncmp(*argv, "newpass_prompt_file=", 20)) {
+ int n;
+ FILE *fp = fopen(*argv + 20, "r");
+ if (fp) {
+ n=fread(params->newpass_prompt_file, sizeof(char), FILE_LEN, fp);
+ if (0==n || ferror(fp)!=0 ) {
+ memset(params->newpass_prompt_file, '\0', FILE_LEN+1);
+ }
+ else {
+ feof(fp)? (params->newpass_prompt_file[n-1]='\0'): (params->newpass_prompt_file[n]='\0');
+ }
+ fclose(fp);
+ }
+ } else
break;
argc--; argv++;
}
@@ -406,7 +442,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand
if (ask_oldauthtok && !am_root(pamh)) {
status = converse(pamh, PAM_PROMPT_ECHO_OFF,
- PROMPT_OLDPASS, &resp);
+ strlen(params.oldpass_prompt_file) ? params.oldpass_prompt_file : PROMPT_OLDPASS, &resp);
if (status == PAM_SUCCESS) {
if (resp && resp->resp) {
@@ -540,8 +576,7 @@ retry:
MESSAGE_RANDOMFAILED : MESSAGE_MISCONFIGURED);
return PAM_AUTHTOK_ERR;
}
-
- status = converse(pamh, PAM_PROMPT_ECHO_OFF, PROMPT_NEWPASS1, &resp);
+ status = converse(pamh, PAM_PROMPT_ECHO_OFF, strlen(params.newpass_prompt_file) ? params.newpass_prompt_file : PROMPT_NEWPASS1, &resp);
if (status == PAM_SUCCESS && (!resp || !resp->resp))
status = PAM_AUTHTOK_ERR;
diff -urNp pam_passwdqc-1.0.5-orig/passwdqc_check.c pam_passwdqc-1.0.5/passwdqc_check.c
--- pam_passwdqc-1.0.5-orig/passwdqc_check.c 2008-02-12 14:31:52.000000000 -0500
+++ pam_passwdqc-1.0.5/passwdqc_check.c 2009-09-25 22:45:16.080842425 -0400
@@ -90,10 +90,12 @@ static int is_simple(passwdqc_params_t *
/* Upper case characters and digits used in common ways don't increase the
* strength of a password */
- c = (unsigned char)newpass[0];
- if (uppers && isascii(c) && isupper(c)) uppers--;
- c = (unsigned char)newpass[length - 1];
- if (digits && isascii(c) && isdigit(c)) digits--;
+ if (params->firstupper_lastdigit_check) {
+ c = (unsigned char)newpass[0];
+ if (uppers && isascii(c) && isupper(c)) uppers--;
+ c = (unsigned char)newpass[length - 1];
+ if (digits && isascii(c) && isdigit(c)) digits--;
+ }
/* Count the number of different character classes we've seen. We assume
* that there are no non-ASCII characters for digits. */
diff -urNp pam_passwdqc-1.0.5-orig/passwdqc.h pam_passwdqc-1.0.5/passwdqc.h
--- pam_passwdqc-1.0.5-orig/passwdqc.h 2008-02-12 14:30:00.000000000 -0500
+++ pam_passwdqc-1.0.5/passwdqc.h 2009-09-25 14:08:56.214695858 -0400
@@ -7,12 +7,15 @@
#include <pwd.h>
+#define FILE_LEN 4096 /* Max file len = 4096 */
+
typedef struct {
int min[5], max;
int passphrase_words;
int match_length;
int similar_deny;
int random_bits;
+ int firstupper_lastdigit_check;
} passwdqc_params_t;
extern char _passwdqc_wordset_4k[0x1000][6];
diff -urNp pam_passwdqc-1.0.5-orig/README pam_passwdqc-1.0.5/README
--- pam_passwdqc-1.0.5-orig/README 2008-02-12 14:43:33.000000000 -0500
+++ pam_passwdqc-1.0.5/README 2009-09-28 12:12:40.251016423 -0400
@@ -41,9 +41,12 @@ words (see the "passphrase" option below
N3 and N4 are used for passwords consisting of characters from three
and four character classes, respectively.
+ disable_firstupper_lastdigit_check []
+
When calculating the number of character classes, upper-case letters
used as the first character and digits used as the last character of a
-password are not counted.
+password are not counted. To disable this, you can specify
+"disable_firstupper_lastdigit_check".
In addition to being sufficiently long, passwords are required to
contain enough different characters for the character classes and
@@ -142,6 +145,14 @@ This disables user interaction within pa
the only difference between "use_first_pass" and "use_authtok" is that
the former is incompatible with "ask_oldauthtok".
+ oldpass_prompt_file=absolute-file-path []
+ newpass_prompt_file=abosulte-file-path []
+
+The options "oldpass_prompt_file" and "newpass_prompt_file" can be used
+to override prompts while requesting old password and new password,
+respectively. The maximum size of the prompt files can be 4096
+characters at present. If the file size is more than 4096 characters, the
+output will be truncated to 4096 characters.
--
Solar Designer <solar at openwall.com>
Index: pam_passwdqc.spec
===================================================================
RCS file: /cvs/pkgs/rpms/pam_passwdqc/devel/pam_passwdqc.spec,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -p -r1.16 -r1.17
--- pam_passwdqc.spec 25 Jul 2009 23:10:25 -0000 1.16
+++ pam_passwdqc.spec 29 Sep 2009 16:22:08 -0000 1.17
@@ -1,7 +1,7 @@
Summary: Pluggable password quality-control module.
Name: pam_passwdqc
Version: 1.0.5
-Release: 3
+Release: 4
# License of man page is BSD, rest is Copyright only
License: BSD and Copyright only
Group: System Environment/Base
@@ -11,6 +11,8 @@ Source1: ftp://ftp.openwall.com/pub/proj
BuildPrereq: pam-devel
BuildRoot: %{_tmppath}/%name-%version
+Patch1: patch-219201.patch
+
%description
pam_passwdqc is a simple password strength checking module for
PAM-aware password changing programs, such as passwd(1). In addition
@@ -21,6 +23,8 @@ and can be (re-)configured without rebui
%prep
%setup -q
+%patch1 -p1
+
%build
make CFLAGS="-Wall -fPIC -DHAVE_SHADOW -DLINUX_PAM $RPM_OPT_FLAGS" LDFLAGS_LINUX='--shared -Wl,--version-script,$(MAP)'
@@ -38,6 +42,11 @@ make install DESTDIR=$RPM_BUILD_ROOT MAN
%{_mandir}/man*/*
%changelog
+* Tue Sep 29 2009 Avesh Agarwal <avagarwa at redhat.com> - 1.0.5-4
+- Patch for new configurable options(rhbz# 219201):
+ disable first upper and last digit check, passwords
+ prompts can be read from a file
+
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.0.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
- Previous message (by thread): rpms/hplip/F-11 hplip-device-reconnected.patch, NONE, 1.1 hplip.spec, 1.232, 1.233
- Next message (by thread): rpms/surfraw/devel import.log, NONE, 1.1 .cvsignore, 1.2, 1.3 sources, 1.2, 1.3 surfraw.spec, 1.3, 1.4
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list