diff options
| author | Thorsten Kukuk <kukuk@thkukuk.de> | 2010-08-17 11:15:32 +0000 |
|---|---|---|
| committer | Thorsten Kukuk <kukuk@thkukuk.de> | 2010-08-17 11:15:32 +0000 |
| commit | fa29cc2697e1627650eeedf1ba300ad7377e11c3 (patch) | |
| tree | 58348bf50e94f489a66eaa4c875da69a635e740d /modules/pam_unix/support.c | |
| parent | 07b5f4ce482ef22270a6c18ba01d108c065b9de2 (diff) | |
| download | pam-fa29cc2697e1627650eeedf1ba300ad7377e11c3.tar.gz pam-fa29cc2697e1627650eeedf1ba300ad7377e11c3.tar.bz2 pam-fa29cc2697e1627650eeedf1ba300ad7377e11c3.zip | |
Relevant BUGIDs:
Purpose of commit: new feature
Commit summary:
---------------
2010-08-17 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_unix/pam_unix_passwd.c: Implement minlen option.
* modules/pam_unix/support.c: Likewise.
* modules/pam_unix/support.h: Likewise.
* modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Adjust
arguments for _set_ctrl call.
* modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Likewise.
* modules/pam_unix/pam_unix_session.c: Likewise.
* modules/pam_unix/pam_unix.8.xml: Document minlen option.
Based on patch by Steve Langasek.
Diffstat (limited to 'modules/pam_unix/support.c')
| -rw-r--r-- | modules/pam_unix/support.c | 28 |
1 files changed, 18 insertions, 10 deletions
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index 2a47d157..898d1ea5 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -55,7 +55,7 @@ int _make_remark(pam_handle_t * pamh, unsigned int ctrl, */ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, - int argc, const char **argv) + int *pass_min_len, int argc, const char **argv) { unsigned int ctrl; @@ -102,15 +102,16 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, ctrl &= unix_args[j].mask; /* for turning things off */ ctrl |= unix_args[j].flag; /* for turning things on */ - if (remember != NULL) { - if (j == UNIX_REMEMBER_PASSWD) { - *remember = strtol(*argv + 9, NULL, 10); - if ((*remember == INT_MIN) || (*remember == INT_MAX)) - *remember = -1; - if (*remember > 400) - *remember = 400; - } - } + /* special cases */ + if (remember != NULL && j == UNIX_REMEMBER_PASSWD) { + *remember = strtol(*argv + 9, NULL, 10); + if ((*remember == INT_MIN) || (*remember == INT_MAX)) + *remember = -1; + if (*remember > 400) + *remember = 400; + } else if (pass_min_len && j == UNIX_MIN_PASS_LEN) { + *pass_min_len = atoi(*argv + 7); + } if (rounds != NULL && j == UNIX_ALGO_ROUNDS) *rounds = strtol(*argv + 7, NULL, 10); } @@ -118,6 +119,13 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, ++argv; /* step to next argument */ } + if (UNIX_DES_CRYPT(ctrl) + && pass_min_len && *pass_min_len > 8) + { + pam_syslog (pamh, LOG_NOTICE, "Password minlen reset to 8 characters"); + *pass_min_len = 8; + } + if (flags & PAM_DISALLOW_NULL_AUTHTOK) { D(("DISALLOW_NULL_AUTHTOK")); set(UNIX__NONULL, ctrl); |