diff options
| author | Steve Langasek <steve.langasek@canonical.com> | 2020-08-11 14:54:29 -0700 |
|---|---|---|
| committer | Steve Langasek <steve.langasek@canonical.com> | 2020-08-11 14:54:29 -0700 |
| commit | f6d08ed47a3da3c08345bce2ca366e961c52ad7c (patch) | |
| tree | dcbd0efb229b17f696f7195671f05b354b4f70fc /modules/pam_cracklib/pam_cracklib.c | |
| parent | 668b13da8f830c38388cecac45539972e80cb246 (diff) | |
| parent | 9e5bea9e146dee574796259ca464ad2435be3590 (diff) | |
| download | pam-f6d08ed47a3da3c08345bce2ca366e961c52ad7c.tar.gz pam-f6d08ed47a3da3c08345bce2ca366e961c52ad7c.tar.bz2 pam-f6d08ed47a3da3c08345bce2ca366e961c52ad7c.zip | |
New upstream version 1.4.0
Diffstat (limited to 'modules/pam_cracklib/pam_cracklib.c')
| -rw-r--r-- | modules/pam_cracklib/pam_cracklib.c | 99 |
1 files changed, 45 insertions, 54 deletions
diff --git a/modules/pam_cracklib/pam_cracklib.c b/modules/pam_cracklib/pam_cracklib.c index 45c02aba..01291305 100644 --- a/modules/pam_cracklib/pam_cracklib.c +++ b/modules/pam_cracklib/pam_cracklib.c @@ -1,8 +1,6 @@ /* * pam_cracklib module - */ - -/* + * * 0.9. switch to using a distance algorithm in similar() * 0.86. added support for setting minimum numbers of digits, uppers, * lowers, and others @@ -13,11 +11,9 @@ * 0.5. supports retries - 'retry=N' argument * 0.4. added argument 'type=XXX' for 'New XXX password' prompt * 0.3. Added argument 'debug' - * 0.2. new password is feeded to cracklib for verify after typed once + * 0.2. new password is fed to cracklib for verify after typed once * 0.1. First release - */ - -/* + * * Written by Cristian Gafton <gafton@redhat.com> 1996/09/10 * Long password support by Philip W. Dalrymple <pwd@mdtsoft.com> 1997/07/18 * See the end of the file for Copyright Information @@ -69,18 +65,10 @@ extern char *FascistCheck(char *pw, const char *dictpath); #endif #define MIN(_a, _b) (((_a) < (_b)) ? (_a) : (_b)) -/* - * here, we make a definition for the externally accessible function - * in this file (this definition is required for static a module - * but strongly encouraged generally) it is used to instruct the - * modules include file to define the function prototypes. - */ - -#define PAM_SM_PASSWORD - #include <security/pam_modules.h> #include <security/_pam_macros.h> #include <security/pam_ext.h> +#include "pam_inline.h" /* argument parsing */ #define PAM_DEBUG_ARG 0x0001 @@ -121,78 +109,79 @@ _pam_parse (pam_handle_t *pamh, struct cracklib_options *opt, /* step through arguments */ for (ctrl=0; argc-- > 0; ++argv) { + const char *str; char *ep = NULL; /* generic options */ if (!strcmp(*argv,"debug")) ctrl |= PAM_DEBUG_ARG; - else if (!strncmp(*argv,"type=",5)) - pam_set_item (pamh, PAM_AUTHTOK_TYPE, *argv+5); - else if (!strncmp(*argv,"retry=",6)) { - opt->retry_times = strtol(*argv+6,&ep,10); + else if ((str = pam_str_skip_prefix(*argv, "type=")) != NULL) + pam_set_item (pamh, PAM_AUTHTOK_TYPE, str); + else if ((str = pam_str_skip_prefix(*argv, "retry=")) != NULL) { + opt->retry_times = strtol(str, &ep, 10); if (!ep || (opt->retry_times < 1)) opt->retry_times = CO_RETRY_TIMES; - } else if (!strncmp(*argv,"difok=",6)) { - opt->diff_ok = strtol(*argv+6,&ep,10); + } else if ((str = pam_str_skip_prefix(*argv, "difok=")) != NULL) { + opt->diff_ok = strtol(str, &ep, 10); if (!ep || (opt->diff_ok < 0)) opt->diff_ok = CO_DIFF_OK; - } else if (!strncmp(*argv,"difignore=",10)) { + } else if (pam_str_skip_prefix(*argv, "difignore=") != NULL) { /* just ignore */ - } else if (!strncmp(*argv,"minlen=",7)) { - opt->min_length = strtol(*argv+7,&ep,10); + } else if ((str = pam_str_skip_prefix(*argv, "minlen=")) != NULL) { + opt->min_length = strtol(str, &ep, 10); if (!ep || (opt->min_length < CO_MIN_LENGTH_BASE)) opt->min_length = CO_MIN_LENGTH_BASE; - } else if (!strncmp(*argv,"dcredit=",8)) { - opt->dig_credit = strtol(*argv+8,&ep,10); + } else if ((str = pam_str_skip_prefix(*argv, "dcredit=")) != NULL) { + opt->dig_credit = strtol(str, &ep, 10); if (!ep) opt->dig_credit = 0; - } else if (!strncmp(*argv,"ucredit=",8)) { - opt->up_credit = strtol(*argv+8,&ep,10); + } else if ((str = pam_str_skip_prefix(*argv, "ucredit=")) != NULL) { + opt->up_credit = strtol(str, &ep, 10); if (!ep) opt->up_credit = 0; - } else if (!strncmp(*argv,"lcredit=",8)) { - opt->low_credit = strtol(*argv+8,&ep,10); + } else if ((str = pam_str_skip_prefix(*argv, "lcredit=")) != NULL) { + opt->low_credit = strtol(str, &ep, 10); if (!ep) opt->low_credit = 0; - } else if (!strncmp(*argv,"ocredit=",8)) { - opt->oth_credit = strtol(*argv+8,&ep,10); + } else if ((str = pam_str_skip_prefix(*argv, "ocredit=")) != NULL) { + opt->oth_credit = strtol(str, &ep, 10); if (!ep) opt->oth_credit = 0; - } else if (!strncmp(*argv,"minclass=",9)) { - opt->min_class = strtol(*argv+9,&ep,10); + } else if ((str = pam_str_skip_prefix(*argv, "minclass=")) != NULL) { + opt->min_class = strtol(str, &ep, 10); if (!ep) opt->min_class = 0; if (opt->min_class > 4) opt->min_class = 4; - } else if (!strncmp(*argv,"maxrepeat=",10)) { - opt->max_repeat = strtol(*argv+10,&ep,10); + } else if ((str = pam_str_skip_prefix(*argv, "maxrepeat=")) != NULL) { + opt->max_repeat = strtol(str, &ep, 10); if (!ep) opt->max_repeat = 0; - } else if (!strncmp(*argv,"maxsequence=",12)) { - opt->max_sequence = strtol(*argv+12,&ep,10); + } else if ((str = pam_str_skip_prefix(*argv, "maxsequence=")) != NULL) { + opt->max_sequence = strtol(str, &ep, 10); if (!ep) opt->max_sequence = 0; - } else if (!strncmp(*argv,"maxclassrepeat=",15)) { - opt->max_class_repeat = strtol(*argv+15,&ep,10); + } else if ((str = pam_str_skip_prefix(*argv, "maxclassrepeat=")) != NULL) { + opt->max_class_repeat = strtol(str, &ep, 10); if (!ep) opt->max_class_repeat = 0; - } else if (!strncmp(*argv,"reject_username",15)) { + } else if (!strcmp(*argv, "reject_username")) { opt->reject_user = 1; - } else if (!strncmp(*argv,"gecoscheck",10)) { + } else if (!strcmp(*argv, "gecoscheck")) { opt->gecos_check = 1; - } else if (!strncmp(*argv,"enforce_for_root",16)) { + } else if (!strcmp(*argv, "enforce_for_root")) { opt->enforce_for_root = 1; - } else if (!strncmp(*argv,"authtok_type",12)) { + } else if (pam_str_skip_prefix(*argv, "authtok_type=") != NULL) { /* for pam_get_authtok, ignore */; - } else if (!strncmp(*argv,"use_authtok",11)) { + } else if (!strcmp(*argv, "use_authtok")) { /* for pam_get_authtok, ignore */; - } else if (!strncmp(*argv,"use_first_pass",14)) { + } else if (!strcmp(*argv, "use_first_pass")) { /* for pam_get_authtok, ignore */; - } else if (!strncmp(*argv,"try_first_pass",14)) { + } else if (!strcmp(*argv, "try_first_pass")) { /* for pam_get_authtok, ignore */; - } else if (!strncmp(*argv,"dictpath=",9)) { - opt->cracklib_dictpath = *argv+9; + } else if ((str = pam_str_skip_prefix(*argv, "dictpath=")) != NULL) { + opt->cracklib_dictpath = str; if (!*(opt->cracklib_dictpath)) { opt->cracklib_dictpath = CRACKLIB_DICTS; } @@ -315,7 +304,7 @@ static int similar(struct cracklib_options *opt, } /* - * enough classes of charecters + * enough classes of characters */ static int minclass (struct cracklib_options *opt, @@ -692,14 +681,16 @@ static int _pam_unix_approve_pass(pam_handle_t *pamh, if (ctrl & PAM_DEBUG_ARG) pam_syslog(pamh, LOG_DEBUG, "bad authentication token"); pam_error(pamh, "%s", pass_new == NULL ? - _("No password supplied"):_("Password unchanged")); + _("No password has been supplied.") : + _("The password has not been changed.")); return PAM_AUTHTOK_ERR; } retval = pam_get_user(pamh, &user, NULL); - if (retval != PAM_SUCCESS || user == NULL) { + if (retval != PAM_SUCCESS) { if (ctrl & PAM_DEBUG_ARG) - pam_syslog(pamh,LOG_ERR,"Can not get username"); + pam_syslog(pamh, LOG_NOTICE, "cannot determine user name: %s", + pam_strerror(pamh, retval)); return PAM_AUTHTOK_ERR; } /* |