Hello community, here is the log from the commit of package pam_passwdqc for openSUSE:Factory checked in at 2020-01-23 15:55:15 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/pam_passwdqc (Old) and /work/SRC/openSUSE:Factory/.pam_passwdqc.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pam_passwdqc" Thu Jan 23 15:55:15 2020 rev:23 rq:766556 version:1.4.0 Changes: -------- --- /work/SRC/openSUSE:Factory/pam_passwdqc/pam_passwdqc.changes 2018-12-04 20:58:18.428588426 +0100 +++ /work/SRC/openSUSE:Factory/.pam_passwdqc.new.26092/pam_passwdqc.changes 2020-01-23 15:55:30.151113988 +0100 @@ -1,0 +2,15 @@ +Wed Dec 25 18:59:18 UTC 2019 - Martin Hauke <[email protected]> + +- Verify source signature +- Update to version 1.4.0 + Changes since 1.3.2 to 1.4.0: + * Implemented i18n support in pam_passwdqc (off by default) + * Implemented audit support in pam_passwdqc (off by default) + Changes since 1.3.1 to 1.3.2: + * Compatibility for building with newer versions of glibc, where + we now have to define _DEFAULT_SOURCE for our use of crypt(3). + * Clarified in the man pages that /etc/passwdqc.conf is not read + unless this suggested file location is specified with the + config= option. + +------------------------------------------------------------------- Old: ---- passwdqc-1.3.1.tar.gz New: ---- passwdqc-1.4.0.tar.gz passwdqc-1.4.0.tar.gz.sign passwdqc.keyring ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pam_passwdqc.spec ++++++ --- /var/tmp/diff_new_pack.H377eI/_old 2020-01-23 15:55:33.695115902 +0100 +++ /var/tmp/diff_new_pack.H377eI/_new 2020-01-23 15:55:33.699115904 +0100 @@ -1,7 +1,7 @@ # # spec file for package pam_passwdqc # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -22,13 +22,15 @@ Requires: pam Recommends: passwdqc Provides: pam-modules:/%_lib/security/pam_passwdqc.so -Version: 1.3.1 +Version: 1.4.0 Release: 0 Summary: Simple Password Strength Checking Module License: BSD-3-Clause Group: System/Libraries -Source0: www.openwall.com/passwdqc/passwdqc-%{version}.tar.gz -Source1: baselibs.conf +Source0: https://www.openwall.com/passwdqc/passwdqc-%{version}.tar.gz +Source1: https://www.openwall.com/passwdqc/passwdqc-%{version}.tar.gz.sign +Source2: passwdqc.keyring +Source3: baselibs.conf Source50: dlopen.sh BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -70,7 +72,6 @@ The pwqcheck program checks passphrase quality using the libpasswdqc library. The pwqgen program generates a random passphrase using the libpasswdqc library. - %prep %setup -n passwdqc-%{version} ++++++ passwdqc-1.3.1.tar.gz -> passwdqc-1.4.0.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/passwdqc-1.3.1/INSTALL new/passwdqc-1.4.0/INSTALL --- old/passwdqc-1.3.1/INSTALL 2016-07-20 22:55:40.000000000 +0200 +++ new/passwdqc-1.4.0/INSTALL 2019-12-25 18:09:02.000000000 +0100 @@ -10,6 +10,15 @@ and two command-line programs) by simply running "make". To install, run "make install". To uninstall, run "make uninstall". +On a system with the PAM framework built with i18n support enabled +you may also build pam_passwdqc with i18n support by adding +-DENABLE_NLS=1 to CPPFLAGS. To compile translation files, run +"make locales". To install them, run "make install_locales". + +On a system with the PAM framework built with Linux audit support +enabled you may also build pam_passwdqc with audit support by adding +-DHAVE_LIBAUDIT=1 to CPPFLAGS. + On a system without PAM, you may build everything but the PAM module with "make utils". To install, run "make install_lib install_utils". To uninstall, run "make remove_lib remove_utils". @@ -26,8 +35,8 @@ Alternatively, on a Red Hat'ish Linux system and under an account configured to build RPM packages (perhaps with ~/.rpmmacros specifying the proper pathnames for %_topdir, %_tmppath, and %buildroot), you may -build RPM packages by running "rpmbuild -tb passwdqc-1.3.1.tar.gz", then -install the two binary subpackages with "rpm -Uvh passwdqc*-1.3.1*.rpm". +build RPM packages by running "rpmbuild -tb passwdqc-1.4.0.tar.gz", then +install the two binary subpackages with "rpm -Uvh passwdqc*-1.4.0*.rpm". This works due to the RPM spec file included in the tarball. Please refer to README and PLATFORMS for information on configuring your @@ -37,4 +46,4 @@ Please refer to the pwqcheck(1) and pwqgen(1) manual pages for information on using the command-line programs. -$Owl: Owl/packages/passwdqc/passwdqc/INSTALL,v 1.9 2016/07/20 20:55:40 solar Exp $ +$Owl: Owl/packages/passwdqc/passwdqc/INSTALL,v 1.12 2019/12/25 11:42:06 ldv Exp $ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/passwdqc-1.3.1/Makefile new/passwdqc-1.4.0/Makefile --- old/passwdqc-1.3.1/Makefile 2016-07-21 14:22:55.000000000 +0200 +++ new/passwdqc-1.4.0/Makefile 2019-12-18 19:06:30.000000000 +0100 @@ -1,9 +1,11 @@ # # Copyright (c) 2000-2003,2005,2009,2010 by Solar Designer -# Copyright (c) 2008,2009 by Dmitry V. Levin +# Copyright (c) 2008,2009,2017 by Dmitry V. Levin +# Copyright (c) 2017 by Oleg Solovyov # See LICENSE # +PACKAGE = passwdqc TITLE = pam_passwdqc SHARED_LIB = libpasswdqc.so.0 DEVEL_LIB = libpasswdqc.so @@ -34,6 +36,10 @@ INCLUDEDIR = /usr/include MANDIR = /usr/share/man DESTDIR = +LOCALEDIR = /usr/share/locale +LOCALEMODE = 644 + +LANGUAGES = ru CC = gcc LD = $(CC) @@ -47,6 +53,11 @@ CFLAGS = -Wall -W -O2 CFLAGS_lib = $(CFLAGS) -fPIC CFLAGS_bin = $(CFLAGS) -fomit-frame-pointer +CPPFLAGS = -DPACKAGE=\\\"$(PACKAGE)\\\" +MSGFMT = msgfmt +XGETTEXT = xgettext +XGETTEXT_OPTS = --keyword=_ --keyword=P2_:1,1 --keyword=P3_:1,2 --language=C --add-comments +MSGMERGE = msgmerge LDFLAGS = LDFLAGS_shared = --shared @@ -92,14 +103,14 @@ default: all -all pam utils install install_lib install_pam install_utils uninstall remove remove_lib remove_pam remove_utils: +all locales pam utils install install_lib install_locales install_pam install_utils uninstall remove remove_lib remove_locales remove_pam remove_utils: case "`uname -s`" in \ - Linux) $(MAKE) CFLAGS_lib="$(CFLAGS_lib) -DHAVE_SHADOW" \ + Linux) $(MAKE) CFLAGS_lib="$(CFLAGS_lib) $(CPPFLAGS) -DHAVE_SHADOW" \ LDFLAGS_lib="$(LDFLAGS_lib_LINUX)" \ LDFLAGS_pam="$(LDFLAGS_pam_LINUX)" \ LDLIBS_pam="$(LDLIBS_pam_LINUX)" \ $@_wrapped;; \ - SunOS) $(MAKE) -e CFLAGS_lib="$(CFLAGS_lib) -DHAVE_SHADOW" \ + SunOS) $(MAKE) -e CFLAGS_lib="$(CFLAGS_lib) $(CPPFLAGS) -DHAVE_SHADOW" \ LD_lib=ld \ LDFLAGS_lib="$(LDFLAGS_lib_SUN)" \ LDFLAGS_pam="$(LDFLAGS_pam_SUN)" \ @@ -108,7 +119,7 @@ SHARED_LIBDIR="$(SHARED_LIBDIR_SUN)" \ SECUREDIR="$(SECUREDIR_SUN)" \ $@_wrapped;; \ - HP-UX) $(MAKE) CFLAGS_lib="$(CFLAGS_lib) -DHAVE_SHADOW" \ + HP-UX) $(MAKE) CFLAGS_lib="$(CFLAGS_lib) $(CPPFLAGS) -DHAVE_SHADOW" \ LD_lib=ld \ LDFLAGS_lib="$(LDFLAGS_lib_HP)" \ LDFLAGS_pam="$(LDFLAGS_pam_HP)" \ @@ -195,7 +206,38 @@ $(MKDIR) $(DESTDIR)$(MANDIR)/man8 $(INSTALL) -m $(MANMODE) $(MAN8) $(DESTDIR)$(MANDIR)/man8/ -uninstall_wrapped remove_wrapped: remove_pam_wrapped remove_utils_wrapped remove_lib_wrapped +POFILES = $(LANGUAGES:%=po/%.po) +MOFILES = $(LANGUAGES:%=po/%.mo) +POTFILE_DEPS = pam_passwdqc.c passwdqc_check.c +POTFILE = po/$(PACKAGE).pot + +$(POTFILE): $(POTFILE_DEPS) + $(XGETTEXT) $(XGETTEXT_OPTS) -o $@-t $^ && mv $@-t $@ + +$(POFILES): $(POTFILE) + $(MSGMERGE) -U $@ $< + +.SUFFIXES: .po .mo + +.po.mo: + $(MSGFMT) -c -o $@-t $< && mv $@-t $@ + +update_pot: $(POTFILE) + +update_po: $(POFILES) + +update_mo: $(MOFILES) + +locales_wrapped: update_mo + +install_locales_wrapped: + for lang in $(LANGUAGES); do \ + $(MKDIR) $(DESTDIR)$(LOCALEDIR)/$$lang/LC_MESSAGES && \ + $(INSTALL) -m $(LOCALEMODE) po/$$lang.mo \ + $(DESTDIR)$(LOCALEDIR)/$$lang/LC_MESSAGES/$(PACKAGE).mo || exit; \ + done + +uninstall_wrapped remove_wrapped: remove_pam_wrapped remove_utils_wrapped remove_lib_wrapped remove_locales_wrapped remove_pam_wrapped: $(RM) $(DESTDIR)$(MANDIR)/man8/$(MAN8) @@ -212,13 +254,18 @@ for f in $(SHARED_LIB); do $(RM) $(DESTDIR)$(SHARED_LIBDIR)/$$f; done for f in $(CONFIGS); do $(RM) $(DESTDIR)$(CONFDIR)/$$f; done +remove_locales_wrapped: + for f in $(LANGUAGES); do $(RM) $(DESTDIR)$(LOCALEDIR)/$$f/LC_MESSAGES/$(PACKAGE).mo; done + clean: - $(RM) $(PROJ) *.o + $(RM) $(PROJ) $(MOFILES) *.o -.PHONY: all all_wrapped clean install install_lib install_pam install_utils \ +.PHONY: all all_wrapped clean install install_lib install_locales install_pam install_utils \ pam pam_wrapped uninstall remove remove_lib remove_pam remove_utils \ utils utils_wrapped \ - install_wrapped install_lib_wrapped install_pam_wrapped \ + update_mo update_po update_pot \ + locales locales_wrapped \ + install_wrapped install_lib_wrapped install_locales_wrapped install_pam_wrapped \ install_utils_wrapped \ - remove_wrapped remove_lib_wrapped remove_pam_wrapped \ + remove_wrapped remove_lib_wrapped remove_locales_wrapped remove_pam_wrapped \ remove_utils_wrapped diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/passwdqc-1.3.1/PLATFORMS new/passwdqc-1.4.0/PLATFORMS --- old/passwdqc-1.3.1/PLATFORMS 2010-06-23 01:07:24.000000000 +0200 +++ new/passwdqc-1.4.0/PLATFORMS 2019-12-10 00:04:53.000000000 +0100 @@ -24,8 +24,9 @@ OpenBSD. OpenBSD does not use PAM, however it is able to use passwdqc's pwqcheck -program. Insert the line ":passwordcheck=/usr/bin/pwqcheck -1:\" into -the "default" section in /etc/login.conf. +program. Insert the line ":passwordcheck=/usr/bin/pwqcheck -1:\" +(without the quotes, but with the trailing backslash) into the "default" +section in /etc/login.conf. Solaris, HP-UX 11. @@ -51,6 +52,6 @@ There's a wiki page with detailed instructions specific to Solaris: -http://openwall.info/wiki/passwdqc/solaris +https://openwall.info/wiki/passwdqc/solaris -$Owl: Owl/packages/passwdqc/passwdqc/PLATFORMS,v 1.15 2010/06/22 23:07:24 solar Exp $ +$Owl: Owl/packages/passwdqc/passwdqc/PLATFORMS,v 1.17 2019/12/09 23:04:53 solar Exp $ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/passwdqc-1.3.1/README new/passwdqc-1.4.0/README --- old/passwdqc-1.3.1/README 2013-04-23 16:14:07.000000000 +0200 +++ new/passwdqc-1.4.0/README 2019-12-16 11:34:46.000000000 +0100 @@ -149,7 +149,13 @@ the only difference between "use_first_pass" and "use_authtok" is that the former is incompatible with "ask_oldauthtok". + noaudit [] + +If audit is enabled at build time, the PAM module logs audit events once +user tries to change their credentials. This option disables that audit +logging. + -- Solar Designer <solar at openwall.com> -$Owl: Owl/packages/passwdqc/passwdqc/README,v 1.16 2013/04/23 14:14:07 solar Exp $ +$Owl: Owl/packages/passwdqc/passwdqc/README,v 1.17 2019/12/16 00:43:25 ldv Exp $ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/passwdqc-1.3.1/concat.c new/passwdqc-1.4.0/concat.c --- old/passwdqc-1.3.1/concat.c 2016-07-20 22:12:47.000000000 +0200 +++ new/passwdqc-1.4.0/concat.c 2019-12-10 00:00:54.000000000 +0100 @@ -9,11 +9,6 @@ * * Written by Solar Designer <solar at openwall.com> and placed in the * public domain. - * - * Originally written for and currently maintained as a part of popa3d, - * a POP3 server: - * - * http://www.openwall.com/popa3d/ */ #include <string.h> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/passwdqc-1.3.1/pam_passwdqc.8 new/passwdqc-1.4.0/pam_passwdqc.8 --- old/passwdqc-1.3.1/pam_passwdqc.8 2010-03-13 07:51:46.000000000 +0100 +++ new/passwdqc-1.4.0/pam_passwdqc.8 2019-12-10 00:29:52.000000000 +0100 @@ -2,7 +2,7 @@ .\" All rights reserved. .\" Copyright (c) 2009 Dmitry V. Levin .\" All rights reserved. -.\" Copyright (c) 2009 Solar Designer +.\" Copyright (c) 2009,2019 Solar Designer .\" All rights reserved. .\" .\" Portions of this software were developed for the FreeBSD Project by @@ -35,9 +35,9 @@ .\" SUCH DAMAGE. .\" .\" $FreeBSD: src/lib/libpam/modules/pam_passwdqc/pam_passwdqc.8,v 1.4 2002/05/30 14:49:57 ru Exp $ -.\" $Owl: Owl/packages/passwdqc/passwdqc/pam_passwdqc.8,v 1.15 2010/03/13 06:51:46 solar Exp $ +.\" $Owl: Owl/packages/passwdqc/passwdqc/pam_passwdqc.8,v 1.17 2019/12/09 23:29:52 solar Exp $ .\" -.Dd March 13, 2010 +.Dd December 9, 2019 .Dt PAM_PASSWDQC 8 .Os "Openwall Project" .Sh NAME @@ -75,16 +75,19 @@ .Dv PAM_AUTHTOK_ERR . .Pp The set of options that may be passed to the module is exactly the -same as the set of options that may be specified in the -.Pa /etc/passwdqc.conf -file. These options are described in +same as the set of options that may be specified in the configuration +file (suggested location +.Pa /etc/passwdqc.conf , +to be specified in the +.Cm config=/etc/passwdqc.conf +option). These options are described in .Xr passwdqc.conf 5 . .Sh SEE ALSO .Xr pam.conf 5 , .Xr passwdqc.conf 5 , .Xr pam 8 . .Pp -http://www.openwall.com/passwdqc/ +https://www.openwall.com/passwdqc/ .Sh AUTHORS The .Nm diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/passwdqc-1.3.1/pam_passwdqc.c new/passwdqc-1.4.0/pam_passwdqc.c --- old/passwdqc-1.3.1/pam_passwdqc.c 2016-07-20 22:23:36.000000000 +0200 +++ new/passwdqc-1.4.0/pam_passwdqc.c 2019-12-18 19:06:30.000000000 +0100 @@ -1,5 +1,8 @@ /* - * Copyright (c) 2000-2003,2005,2012,2016 by Solar Designer. See LICENSE. + * Copyright (c) 2000-2003,2005,2012,2016,2019 by Solar Designer. + * Copyright (c) 2017,2018 by Dmitry V. Levin + * Copyright (c) 2017,2018 by Oleg Solovyov + * See LICENSE. */ #ifdef __FreeBSD__ @@ -9,6 +12,7 @@ #define _XOPEN_SOURCE 500 #define _XOPEN_SOURCE_EXTENDED #define _XOPEN_VERSION 500 +#define _DEFAULT_SOURCE #endif #include <stdio.h> #include <stdlib.h> @@ -20,6 +24,10 @@ #ifdef HAVE_SHADOW #include <shadow.h> #endif +#ifdef HAVE_LIBAUDIT +#include <security/pam_modutil.h> +#include <libaudit.h> +#endif #define PAM_SM_PASSWORD #ifndef LINUX_PAM @@ -54,73 +62,107 @@ #include "passwdqc.h" +#include "passwdqc_i18n.h" + #define PROMPT_OLDPASS \ - "Enter current password: " + _("Enter current password: ") #define PROMPT_NEWPASS1 \ - "Enter new password: " + _("Enter new password: ") #define PROMPT_NEWPASS2 \ - "Re-type new password: " + _("Re-type new password: ") #define MESSAGE_MISCONFIGURED \ - "System configuration error. Please contact your administrator." + _("System configuration error. Please contact your administrator.") #define MESSAGE_INVALID_OPTION \ "pam_passwdqc: %s." #define MESSAGE_INTRO_PASSWORD \ - "\nYou can now choose the new password.\n" + _("\nYou can now choose the new password.\n") #define MESSAGE_INTRO_BOTH \ - "\nYou can now choose the new password or passphrase.\n" + _("\nYou can now choose the new password or passphrase.\n") + #define MESSAGE_EXPLAIN_PASSWORD_1CLASS \ - "A good password should be a mix of upper and lower case letters,\n" \ - "digits, and other characters. You can use a%s %d character long\n" \ - "password.\n" -#define MESSAGE_EXPLAIN_PASSWORD_CLASSES \ - "A valid password should be a mix of upper and lower case letters,\n" \ - "digits, and other characters. You can use a%s %d character long\n" \ - "password with characters from at least %d of these 4 classes.\n" \ + _("A good password should be a mix of upper and lower case letters,\n" \ + "digits, and other characters. You can use a password\n" \ + "that consists of %d characters.\n") + +#define MESSAGE_EXPLAIN_PASSWORD_CLASSES(count) \ + P2_("A valid password should be a mix of upper and lower case letters,\n" \ + "digits, and other characters. You can use a password\n" \ + "that consists of %d characters from at least %d of these 4 classes.\n" \ "An upper case letter that begins the password and a digit that\n" \ - "ends it do not count towards the number of character classes used.\n" -#define MESSAGE_EXPLAIN_PASSWORD_ALL_CLASSES \ - "A valid password should be a mix of upper and lower case letters,\n" \ - "digits, and other characters. You can use a%s %d character long\n" \ - "password with characters from all of these classes. An upper\n" \ + "ends it do not count towards the number of character classes used.\n", \ + count), (count) +#define MESSAGE_EXPLAIN_PASSWORD_ALL_CLASSES(count) \ + P2_("A valid password should be a mix of upper and lower case letters,\n" \ + "digits, and other characters. You can use a password\n" \ + "that consists of %d characters from all of these classes. An upper\n" \ "case letter that begins the password and a digit that ends it do\n" \ - "not count towards the number of character classes used.\n" -#define MESSAGE_EXPLAIN_PASSWORD_ALT \ - "A valid password should be a mix of upper and lower case letters,\n" \ - "digits, and other characters. You can use a%s %d character long\n" \ - "password with characters from at least 3 of these 4 classes, or\n" \ - "a%s %d character long password containing characters from all the\n" \ - "classes. An upper case letter that begins the password and a\n" \ + "not count towards the number of character classes used.\n", \ + count), (count) +#define MESSAGE_EXPLAIN_PASSWORD_ALT_1(count) \ + P2_("A valid password should be a mix of upper and lower case letters,\n" \ + "digits, and other characters. You can use a password\n" \ + "that consists of %d characters from at least 3 of these 4 classes, or\n", \ + count), (count) +#define MESSAGE_EXPLAIN_PASSWORD_ALT_2(count) \ + P2_("a password containing %d characters from all the classes.\n" \ + "An upper case letter that begins the password and a\n" \ "digit that ends it do not count towards the number of character\n" \ - "classes used.\n" -#define MESSAGE_EXPLAIN_PASSPHRASE \ + "classes used.\n", \ + count), (count) +#define MESSAGE_EXPLAIN_PASSPHRASE(count) \ + P3_("A passphrase should be of at least %d word, %d to %d characters\n" \ + "long, and contain enough different characters.\n", \ "A passphrase should be of at least %d words, %d to %d characters\n" \ - "long, and contain enough different characters.\n" + "long, and contain enough different characters.\n", \ + count), (count) + #define MESSAGE_RANDOM \ - "Alternatively, if no one else can see your terminal now, you can\n" \ - "pick this as your password: \"%s\".\n" + _("Alternatively, if no one else can see your terminal now, you can\n" \ + "pick this as your password: \"%s\".\n") #define MESSAGE_RANDOMONLY \ - "This system is configured to permit randomly generated passwords\n" \ + _("This system is configured to permit randomly generated passwords\n" \ "only. If no one else can see your terminal now, you can pick this\n" \ - "as your password: \"%s\". Otherwise come back later.\n" + "as your password: \"%s\". Otherwise come back later.\n") #define MESSAGE_RANDOMFAILED \ - "This system is configured to use randomly generated passwords\n" \ + _("This system is configured to use randomly generated passwords\n" \ "only, but the attempt to generate a password has failed. This\n" \ "could happen for a number of reasons: you could have requested\n" \ "an impossible password length, or the access to kernel random\n" \ - "number pool could have failed." + "number pool could have failed.") #define MESSAGE_TOOLONG \ - "This password may be too long for some services. Choose another." + _("This password may be too long for some services. Choose another.") #define MESSAGE_TRUNCATED \ - "Warning: your longer password will be truncated to 8 characters." + _("Warning: your longer password will be truncated to 8 characters.") #define MESSAGE_WEAKPASS \ - "Weak password: %s." + _("Weak password: %s.") #define MESSAGE_NOTRANDOM \ - "Sorry, you've mistyped the password that was generated for you." + _("Sorry, you've mistyped the password that was generated for you.") #define MESSAGE_MISTYPED \ - "Sorry, passwords do not match." + _("Sorry, passwords do not match.") #define MESSAGE_RETRY \ - "Try again." + _("Try again.") + +static int logaudit(pam_handle_t *pamh, int status, int flags) +{ +#ifdef HAVE_LIBAUDIT + if (!(flags & F_NO_AUDIT)) { + int rc; + + rc = pam_modutil_audit_write(pamh, AUDIT_USER_CHAUTHTOK, + "pam_passwdqc", status); + + return status != PAM_SUCCESS ? status : rc; + } else { + /* audit is disabled */ + return status; + } +#else /* !HAVE_LIBAUDIT */ + (void) pamh; + (void) flags; + return status; +#endif +} static int converse(pam_handle_t *pamh, int style, l_const char *text, struct pam_response **resp) @@ -285,7 +327,7 @@ } if (status != PAM_SUCCESS) - return status; + return logaudit(pamh, status, params.pam.flags); } if (flags & PAM_PRELIM_CHECK) @@ -293,12 +335,12 @@ status = pam_get_item(pamh, PAM_USER, &item); if (status != PAM_SUCCESS) - return status; + return logaudit(pamh, status, params.pam.flags); user = item; status = pam_get_item(pamh, PAM_OLDAUTHTOK, &item); if (status != PAM_SUCCESS) - return status; + return logaudit(pamh, status, params.pam.flags); oldpass = item; if (params.pam.flags & F_NON_UNIX) { @@ -315,13 +357,13 @@ pw = getpwnam(user); endpwent(); if (!pw) - return PAM_USER_UNKNOWN; + return logaudit(pamh, PAM_USER_UNKNOWN, params.pam.flags); if ((params.pam.flags & F_CHECK_OLDAUTHTOK) && !am_root(pamh) && (!oldpass || check_pass(pw, oldpass))) status = PAM_AUTH_ERR; _passwdqc_memzero(pw->pw_passwd, strlen(pw->pw_passwd)); if (status != PAM_SUCCESS) - return status; + return logaudit(pamh, status, params.pam.flags); } randomonly = params.qc.min[4] > params.qc.max; @@ -334,11 +376,11 @@ if (params.pam.flags & F_USE_AUTHTOK) { status = pam_get_item(pamh, PAM_AUTHTOK, &item); if (status != PAM_SUCCESS) - return status; + return logaudit(pamh, status, params.pam.flags); newpass = item; if (!newpass || (check_max(¶ms.qc, pamh, newpass) && enforce)) - return PAM_AUTHTOK_ERR; + return logaudit(pamh, PAM_AUTHTOK_ERR, params.pam.flags); check_reason = passwdqc_check(¶ms.qc, newpass, oldpass, pw); if (check_reason) { @@ -347,7 +389,7 @@ if (enforce) status = PAM_AUTHTOK_ERR; } - return status; + return logaudit(pamh, status, params.pam.flags); } retries_left = params.pam.retry; @@ -361,41 +403,38 @@ else status = say(pamh, PAM_TEXT_INFO, MESSAGE_INTRO_PASSWORD); if (status != PAM_SUCCESS) - return status; + return logaudit(pamh, status, params.pam.flags); if (!randomonly && params.qc.min[0] == params.qc.min[4]) status = say(pamh, PAM_TEXT_INFO, MESSAGE_EXPLAIN_PASSWORD_1CLASS, - params.qc.min[4] == 8 || params.qc.min[4] == 11 ? "n" : "", params.qc.min[4]); + else if (!randomonly && params.qc.min[3] == params.qc.min[4]) status = say(pamh, PAM_TEXT_INFO, - MESSAGE_EXPLAIN_PASSWORD_CLASSES, - params.qc.min[4] == 8 || params.qc.min[4] == 11 ? "n" : "", - params.qc.min[4], + MESSAGE_EXPLAIN_PASSWORD_CLASSES(params.qc.min[4]), params.qc.min[1] != params.qc.min[3] ? 3 : 2); else if (!randomonly && params.qc.min[3] == INT_MAX) status = say(pamh, PAM_TEXT_INFO, - MESSAGE_EXPLAIN_PASSWORD_ALL_CLASSES, - params.qc.min[4] == 8 || params.qc.min[4] == 11 ? "n" : "", - params.qc.min[4]); - else if (!randomonly) + MESSAGE_EXPLAIN_PASSWORD_ALL_CLASSES(params.qc.min[4])); + else if (!randomonly) { status = say(pamh, PAM_TEXT_INFO, - MESSAGE_EXPLAIN_PASSWORD_ALT, - params.qc.min[3] == 8 || params.qc.min[3] == 11 ? "n" : "", - params.qc.min[3], - params.qc.min[4] == 8 || params.qc.min[4] == 11 ? "n" : "", - params.qc.min[4]); + MESSAGE_EXPLAIN_PASSWORD_ALT_1(params.qc.min[3])); + if (status == PAM_SUCCESS) { + status = say(pamh, PAM_TEXT_INFO, + MESSAGE_EXPLAIN_PASSWORD_ALT_2(params.qc.min[4])); + } + } if (status != PAM_SUCCESS) - return status; + return logaudit(pamh, status, params.pam.flags); if (!randomonly && params.qc.passphrase_words && params.qc.min[2] <= params.qc.max) { - status = say(pamh, PAM_TEXT_INFO, MESSAGE_EXPLAIN_PASSPHRASE, - params.qc.passphrase_words, + status = say(pamh, PAM_TEXT_INFO, + MESSAGE_EXPLAIN_PASSPHRASE(params.qc.passphrase_words), params.qc.min[2], params.qc.max); if (status != PAM_SUCCESS) - return status; + return logaudit(pamh, status, params.pam.flags); } randompass = passwdqc_random(¶ms.qc); @@ -409,7 +448,7 @@ } else if (randomonly) { say(pamh, PAM_ERROR_MSG, am_root(pamh) ? MESSAGE_RANDOMFAILED : MESSAGE_MISCONFIGURED); - return PAM_AUTHTOK_ERR; + return logaudit(pamh, PAM_AUTHTOK_ERR, params.pam.flags); } status = converse(pamh, PAM_PROMPT_ECHO_OFF, PROMPT_NEWPASS1, &resp); @@ -419,7 +458,7 @@ if (status != PAM_SUCCESS) { pwqc_overwrite_string(randompass); pwqc_drop_mem(randompass); - return status; + return logaudit(pamh, status, params.pam.flags); } trypass = strdup(resp->resp); @@ -429,7 +468,7 @@ if (!trypass) { pwqc_overwrite_string(randompass); pwqc_drop_mem(randompass); - return PAM_AUTHTOK_ERR; + return logaudit(pamh, PAM_AUTHTOK_ERR, params.pam.flags); } if (check_max(¶ms.qc, pamh, trypass) && enforce) { @@ -486,7 +525,7 @@ goto retry; } - return status; + return logaudit(pamh, status, params.pam.flags); } #ifdef PAM_MODULE_ENTRY diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/passwdqc-1.3.1/passwdqc.conf.5 new/passwdqc-1.4.0/passwdqc.conf.5 --- old/passwdqc-1.3.1/passwdqc.conf.5 2013-04-23 16:14:07.000000000 +0200 +++ new/passwdqc-1.4.0/passwdqc.conf.5 2019-12-18 19:06:30.000000000 +0100 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2000-2003,2005,2008 Solar Designer +.\" Copyright (c) 2000-2003,2005,2008,2019 Solar Designer .\" All rights reserved. .\" Copyright (c) 2001 Networks Associates Technology, Inc. .\" All rights reserved. @@ -35,9 +35,9 @@ .\" SUCH DAMAGE. .\" .\" $FreeBSD: src/lib/libpam/modules/pam_passwdqc/pam_passwdqc.8,v 1.4 2002/05/30 14:49:57 ru Exp $ -.\" $Owl: Owl/packages/passwdqc/passwdqc/passwdqc.conf.5,v 1.11 2013/04/23 14:14:07 solar Exp $ +.\" $Owl: Owl/packages/passwdqc/passwdqc/passwdqc.conf.5,v 1.15 2019/12/16 22:53:55 ldv Exp $ .\" -.Dd March 13, 2010 +.Dd December 16, 2019 .Dt PASSWDQC.CONF 5 .Os "Openwall Project" .Sh NAME @@ -244,14 +244,21 @@ .Cm use_authtok is that the former is incompatible with .Cm ask_oldauthtok . +.It Cm noaudit +If audit is enabled at build time, the PAM module logs audit events once +user tries to change their credentials. This option disables that audit +logging. .El .Sh FILES -.Pa /etc/passwdqc.conf . +.Pa /etc/passwdqc.conf +(not read unless this suggested file location is specified with the +.Cm config=/etc/passwdqc.conf +option). .Sh SEE ALSO .Xr getpwnam 3 , .Xr pam_passwdqc 8 . .Pp -http://www.openwall.com/passwdqc/ +https://www.openwall.com/passwdqc/ .Sh AUTHORS The pam_passwdqc module was written for Openwall GNU/*/Linux by .An Solar Designer Aq solar at openwall.com . diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/passwdqc-1.3.1/passwdqc.h new/passwdqc-1.4.0/passwdqc.h --- old/passwdqc-1.3.1/passwdqc.h 2016-07-20 22:33:53.000000000 +0200 +++ new/passwdqc-1.4.0/passwdqc.h 2019-12-25 18:09:02.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000-2002,2016 by Solar Designer + * Copyright (c) 2000-2002,2016,2019 by Solar Designer * Copyright (c) 2008,2009 by Dmitry V. Levin * See LICENSE */ @@ -48,8 +48,9 @@ #define F_CHECK_OLDAUTHTOK 0x00000040 #define F_USE_FIRST_PASS 0x00000100 #define F_USE_AUTHTOK 0x00000200 +#define F_NO_AUDIT 0x00000400 -#define PASSWDQC_VERSION "1.3.1" +#define PASSWDQC_VERSION "1.4.0" extern void (*_passwdqc_memzero)(void *, size_t); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/passwdqc-1.3.1/passwdqc.spec new/passwdqc-1.4.0/passwdqc.spec --- old/passwdqc-1.3.1/passwdqc.spec 2016-07-20 22:55:40.000000000 +0200 +++ new/passwdqc-1.4.0/passwdqc.spec 2019-12-25 18:09:02.000000000 +0100 @@ -1,13 +1,13 @@ -# $Owl: Owl/packages/passwdqc/passwdqc/passwdqc.spec,v 1.64 2016/07/20 20:55:40 solar Exp $ +# $Owl: Owl/packages/passwdqc/passwdqc/passwdqc.spec,v 1.67 2019/12/25 11:42:06 ldv Exp $ Summary: A password/passphrase strength checking and policy enforcement toolset. Name: passwdqc -Version: 1.3.1 +Version: 1.4.0 Release: owl1 License: BSD-compatible Group: System Environment/Base -URL: http://www.openwall.com/passwdqc/ -Source: http://www.openwall.com/passwdqc/%name-%version.tar.gz +URL: https://www.openwall.com/passwdqc/ +Source: https://www.openwall.com/passwdqc/%name-%version.tar.gz Provides: pam_passwdqc = %version-%release Obsoletes: pam_passwdqc < %version-%release BuildRequires: pam-devel @@ -73,6 +73,24 @@ %_libdir/lib*.so %changelog +* Wed Dec 25 2019 Dmitry V. Levin <ldv-at-owl.openwall.com> 1.4.0-owl1 +- Implemented i18n support in pam_passwdqc, contributed by Oleg Solovyov, +Andrey Cherepanov, and me. The i18n support is off by default, it can be +enabled if Linux-PAM is built using --enable-nls configure option. +- Implemented audit support in pam_passwdqc, contributed by Oleg Solovyov +and me. The audit support is off by default, it can be enabled if Linux-PAM +is built using --enable-audit configure option. + +* Mon Dec 09 2019 Solar Designer <solar-at-owl.openwall.com> 1.3.2-owl1 +- Define _DEFAULT_SOURCE for our use of crypt(3) on newer glibc. +The problem was identified and this change tested by Dmitry V. Levin. +- Clarified in the man pages that /etc/passwdqc.conf is not read unless this +suggested file location is specified with the config= option. +- Clarified the OpenBSD configuration example. +- Escape the minus sign in the OpenBSD configuration example to make the +manpage linter happy, patch by Jackson Doak via Unit 193: +https://www.openwall.com/lists/passwdqc-users/2019/04/16/1 + * Wed Jul 20 2016 Solar Designer <solar-at-owl.openwall.com> 1.3.1-owl1 - With "non-unix", initialize the pw_dir field in fake_pw now that (since passwdqc 1.1.3 in 2009) passwdqc_check.c uses that field. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/passwdqc-1.3.1/passwdqc_check.c new/passwdqc-1.4.0/passwdqc_check.c --- old/passwdqc-1.3.1/passwdqc_check.c 2016-07-21 14:22:55.000000000 +0200 +++ new/passwdqc-1.4.0/passwdqc_check.c 2019-12-16 11:34:46.000000000 +0100 @@ -11,32 +11,34 @@ #include "passwdqc.h" #include "wordset_4k.h" +#include "passwdqc_i18n.h" + #define REASON_ERROR \ - "check failed" + _("check failed") #define REASON_SAME \ - "is the same as the old one" + _("is the same as the old one") #define REASON_SIMILAR \ - "is based on the old one" + _("is based on the old one") #define REASON_SHORT \ - "too short" + _("too short") #define REASON_LONG \ - "too long" + _("too long") #define REASON_SIMPLESHORT \ - "not enough different characters or classes for this length" + _("not enough different characters or classes for this length") #define REASON_SIMPLE \ - "not enough different characters or classes" + _("not enough different characters or classes") #define REASON_PERSONAL \ - "based on personal login information" + _("based on personal login information") #define REASON_WORD \ - "based on a dictionary word and not a passphrase" + _("based on a dictionary word and not a passphrase") #define REASON_SEQ \ - "based on a common sequence of characters and not a passphrase" + _("based on a common sequence of characters and not a passphrase") #define FIXED_BITS 15 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/passwdqc-1.3.1/passwdqc_i18n.h new/passwdqc-1.4.0/passwdqc_i18n.h --- old/passwdqc-1.3.1/passwdqc_i18n.h 1970-01-01 01:00:00.000000000 +0100 +++ new/passwdqc-1.4.0/passwdqc_i18n.h 2019-12-18 19:06:30.000000000 +0100 @@ -0,0 +1,23 @@ +/* + * Copyright (c) 2017 by Dmitry V. Levin + * Copyright (c) 2017 by Oleg Solovyov + * See LICENSE. + */ + +#ifndef PASSWDQC_I18N_H__ +#define PASSWDQC_I18N_H__ + +#ifdef ENABLE_NLS +#include <libintl.h> +#define _(msgid) dgettext(PACKAGE, msgid) +#define P2_(msgid, count) (dngettext(PACKAGE, (msgid), (msgid), (count))) +#define P3_(msgid, msgid_plural, count) (dngettext(PACKAGE, (msgid), (msgid_plural), (count))) +#define N_(msgid) msgid +#else +#define _(msgid) (msgid) +#define P2_(msgid, count) (msgid) +#define P3_(msgid, msgid_plural, count) ((count) == 1 ? (msgid) : (msgid_plural)) +#define N_(msgid) msgid +#endif + +#endif /* PASSWDQC_I18N_H__ */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/passwdqc-1.3.1/passwdqc_parse.c new/passwdqc-1.4.0/passwdqc_parse.c --- old/passwdqc-1.3.1/passwdqc_parse.c 2016-07-20 22:12:50.000000000 +0200 +++ new/passwdqc-1.4.0/passwdqc_parse.c 2019-12-16 11:34:46.000000000 +0100 @@ -120,6 +120,8 @@ params->pam.flags |= F_USE_FIRST_PASS | F_USE_AUTHTOK; } else if (!strcmp(option, "use_authtok")) { params->pam.flags |= F_USE_AUTHTOK; + } else if (!strcmp(option, "noaudit")) { + params->pam.flags |= F_NO_AUDIT; } else if ((p = skip_prefix(option, "config="))) { if ((rc = passwdqc_params_load(params, reason, p))) goto parse_error; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/passwdqc-1.3.1/po/passwdqc.pot new/passwdqc-1.4.0/po/passwdqc.pot --- old/passwdqc-1.3.1/po/passwdqc.pot 1970-01-01 01:00:00.000000000 +0100 +++ new/passwdqc-1.4.0/po/passwdqc.pot 2019-12-16 01:31:02.000000000 +0100 @@ -0,0 +1,217 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2017-08-10 15:00+0300\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <[email protected]>\n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=INTEGER; plural=EXPRESSION;\n" + +#: pam_passwdqc.c:60 +msgid "Enter current password: " +msgstr "" + +#: pam_passwdqc.c:62 +msgid "Enter new password: " +msgstr "" + +#: pam_passwdqc.c:64 +msgid "Re-type new password: " +msgstr "" + +#: pam_passwdqc.c:67 +msgid "System configuration error. Please contact your administrator." +msgstr "" + +#: pam_passwdqc.c:71 +msgid "" +"\n" +"You can now choose the new password.\n" +msgstr "" + +#: pam_passwdqc.c:73 +msgid "" +"\n" +"You can now choose the new password or passphrase.\n" +msgstr "" + +#: pam_passwdqc.c:76 +#, c-format +msgid "" +"A good password should be a mix of upper and lower case letters,\n" +"digits, and other characters. You can use a password\n" +"that consists of %d characters.\n" +msgstr "" + +#: pam_passwdqc.c:81 +#, c-format +msgid "" +"A valid password should be a mix of upper and lower case letters,\n" +"digits, and other characters. You can use a password\n" +"that consists of %d characters from at least %d of these 4 classes.\n" +"An upper case letter that begins the password and a digit that\n" +"ends it do not count towards the number of character classes used.\n" +msgid_plural "" +"A valid password should be a mix of upper and lower case letters,\n" +"digits, and other characters. You can use a password\n" +"that consists of %d characters from at least %d of these 4 classes.\n" +"An upper case letter that begins the password and a digit that\n" +"ends it do not count towards the number of character classes used.\n" +msgstr[0] "" +msgstr[1] "" + +#: pam_passwdqc.c:88 +#, c-format +msgid "" +"A valid password should be a mix of upper and lower case letters,\n" +"digits, and other characters. You can use a password\n" +"that consists of %d characters from all of these classes. An upper\n" +"case letter that begins the password and a digit that ends it do\n" +"not count towards the number of character classes used.\n" +msgid_plural "" +"A valid password should be a mix of upper and lower case letters,\n" +"digits, and other characters. You can use a password\n" +"that consists of %d characters from all of these classes. An upper\n" +"case letter that begins the password and a digit that ends it do\n" +"not count towards the number of character classes used.\n" +msgstr[0] "" +msgstr[1] "" + +#: pam_passwdqc.c:95 +#, c-format +msgid "" +"A valid password should be a mix of upper and lower case letters,\n" +"digits, and other characters. You can use a password\n" +"that consists of %d characters from at least 3 of these 4 classes, or\n" +msgid_plural "" +"A valid password should be a mix of upper and lower case letters,\n" +"digits, and other characters. You can use a password\n" +"that consists of %d characters from at least 3 of these 4 classes, or\n" +msgstr[0] "" +msgstr[1] "" + +#: pam_passwdqc.c:100 +#, c-format +msgid "" +"a password containing %d characters from all the classes.\n" +"An upper case letter that begins the password and a\n" +"digit that ends it do not count towards the number of character\n" +"classes used.\n" +msgid_plural "" +"a password containing %d characters from all the classes.\n" +"An upper case letter that begins the password and a\n" +"digit that ends it do not count towards the number of character\n" +"classes used.\n" +msgstr[0] "" +msgstr[1] "" + +#: pam_passwdqc.c:106 +#, c-format +msgid "" +"A passphrase should be of at least %d word, %d to %d characters\n" +"long, and contain enough different characters.\n" +msgid_plural "" +"A passphrase should be of at least %d words, %d to %d characters\n" +"long, and contain enough different characters.\n" +msgstr[0] "" +msgstr[1] "" + +#: pam_passwdqc.c:113 +#, c-format +msgid "" +"Alternatively, if no one else can see your terminal now, you can\n" +"pick this as your password: \"%s\".\n" +msgstr "" + +#: pam_passwdqc.c:116 +#, c-format +msgid "" +"This system is configured to permit randomly generated passwords\n" +"only. If no one else can see your terminal now, you can pick this\n" +"as your password: \"%s\". Otherwise come back later.\n" +msgstr "" + +#: pam_passwdqc.c:120 +msgid "" +"This system is configured to use randomly generated passwords\n" +"only, but the attempt to generate a password has failed. This\n" +"could happen for a number of reasons: you could have requested\n" +"an impossible password length, or the access to kernel random\n" +"number pool could have failed." +msgstr "" + +#: pam_passwdqc.c:126 +msgid "This password may be too long for some services. Choose another." +msgstr "" + +#: pam_passwdqc.c:128 +msgid "Warning: your longer password will be truncated to 8 characters." +msgstr "" + +#: pam_passwdqc.c:130 +#, c-format +msgid "Weak password: %s." +msgstr "" + +#: pam_passwdqc.c:132 +msgid "Sorry, you've mistyped the password that was generated for you." +msgstr "" + +#: pam_passwdqc.c:134 +msgid "Sorry, passwords do not match." +msgstr "" + +#: pam_passwdqc.c:136 +msgid "Try again." +msgstr "" + +#: passwdqc_check.c:17 +msgid "check failed" +msgstr "" + +#: passwdqc_check.c:20 +msgid "is the same as the old one" +msgstr "" + +#: passwdqc_check.c:22 +msgid "is based on the old one" +msgstr "" + +#: passwdqc_check.c:25 +msgid "too short" +msgstr "" + +#: passwdqc_check.c:27 +msgid "too long" +msgstr "" + +#: passwdqc_check.c:30 +msgid "not enough different characters or classes for this length" +msgstr "" + +#: passwdqc_check.c:32 +msgid "not enough different characters or classes" +msgstr "" + +#: passwdqc_check.c:35 +msgid "based on personal login information" +msgstr "" + +#: passwdqc_check.c:38 +msgid "based on a dictionary word and not a passphrase" +msgstr "" + +#: passwdqc_check.c:41 +msgid "based on a common sequence of characters and not a passphrase" +msgstr "" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/passwdqc-1.3.1/po/ru.po new/passwdqc-1.4.0/po/ru.po --- old/passwdqc-1.3.1/po/ru.po 1970-01-01 01:00:00.000000000 +0100 +++ new/passwdqc-1.4.0/po/ru.po 2019-12-16 01:31:02.000000000 +0100 @@ -0,0 +1,295 @@ +# A passphrase strength checking and policy enforcement toolset. +# Copyright (c) 2000-2003,2005,2008,2010,2013,2016 by Solar Designer +# Copyright (c) 2008,2009 by Dmitry V. Levin +# This file is distributed under the same license as the passwdqc package. +# +# Oleg Solovyov <[email protected]>, 2017. +# Andrey Cherepanov <[email protected]>, 2017. +msgid "" +msgstr "" +"Project-Id-Version: passwdqc 1.3.1\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2017-08-10 15:00+0300\n" +"PO-Revision-Date: 2017-08-10 15:00+0300\n" +"Last-Translator: Andrey Cherepanov <[email protected]>\n" +"Language-Team: Russian\n" +"Language: ru\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" +"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n" + +#: pam_passwdqc.c:60 +msgid "Enter current password: " +msgstr "Введите старый пароль: " + +#: pam_passwdqc.c:62 +msgid "Enter new password: " +msgstr "Введите новый пароль: " + +#: pam_passwdqc.c:64 +msgid "Re-type new password: " +msgstr "Повторите новый пароль: " + +#: pam_passwdqc.c:67 +msgid "System configuration error. Please contact your administrator." +msgstr "Ошибка настройки системы. Свяжитесь с вашим администратором." + +#: pam_passwdqc.c:71 +msgid "" +"\n" +"You can now choose the new password.\n" +msgstr "" +"\n" +"Вы можете выбрать новый пароль.\n" + +#: pam_passwdqc.c:73 +msgid "" +"\n" +"You can now choose the new password or passphrase.\n" +msgstr "" +"\n" +"Вы можете выбрать новый пароль или парольную фразу.\n" + +#: pam_passwdqc.c:76 +#, c-format +msgid "" +"A good password should be a mix of upper and lower case letters,\n" +"digits, and other characters. You can use a password\n" +"that consists of %d characters.\n" +msgstr "" +"В хорошем пароле приветствуется наличие заглавных и строчных букв,\n" +"цифр и прочих символов. Пароль должен содержать достаточное \n" +"количество символов (не менее %d).\n" + +#: pam_passwdqc.c:81 +#, c-format +msgid "" +"A valid password should be a mix of upper and lower case letters,\n" +"digits, and other characters. You can use a password\n" +"that consists of %d characters from at least %d of these 4 classes.\n" +"An upper case letter that begins the password and a digit that\n" +"ends it do not count towards the number of character classes used.\n" +msgid_plural "" +"A valid password should be a mix of upper and lower case letters,\n" +"digits, and other characters. You can use a password\n" +"that consists of %d characters from at least %d of these 4 classes.\n" +"An upper case letter that begins the password and a digit that\n" +"ends it do not count towards the number of character classes used.\n" +msgstr[0] "" +"Пароль должен содержать заглавные, строчные буквы, цифры и другие\n" +"символы и может содержать от %d символа, принадлежащего минимум %d классам.\n" +"При подсчете классов не учитываются заглавная буква в начале и цифра\n" +"в конце.\n" +msgstr[1] "" +"Пароль должен содержать заглавные, строчные буквы, цифры и другие\n" +"символы и может содержать от %d символов, принадлежащих минимум %d классам.\n" +"При подсчете классов не учитываются заглавная буква в начале и цифра\n" +"в конце.\n" +msgstr[2] "" +"Пароль должен содержать заглавные, строчные буквы, цифры и другие\n" +"символы и может содержать от %d символов, принадлежащих минимум %d классам.\n" +"При подсчете классов не учитываются заглавная буква в начале и цифра\n" +"в конце.\n" + +#: pam_passwdqc.c:88 +#, c-format +msgid "" +"A valid password should be a mix of upper and lower case letters,\n" +"digits, and other characters. You can use a password\n" +"that consists of %d characters from all of these classes. An upper\n" +"case letter that begins the password and a digit that ends it do\n" +"not count towards the number of character classes used.\n" +msgid_plural "" +"A valid password should be a mix of upper and lower case letters,\n" +"digits, and other characters. You can use a password\n" +"that consists of %d characters from all of these classes. An upper\n" +"case letter that begins the password and a digit that ends it do\n" +"not count towards the number of character classes used.\n" +msgstr[0] "" +"Пароль должен содержать заглавные, строчные буквы, цифры, другие\n" +"символы и может содержать от %d символа, принадлежащего всем классам.\n" +"При подсчете классов не учитываются заглавная буква в начале и цифра\n" +"в конце.\n" +msgstr[1] "" +"Пароль должен содержать заглавные, строчные буквы, цифры, другие\n" +"символы. Ваш пароль может содержать от %d символов, принадлежащих всем " +"классам.\n" +"При подсчете классов не учитываются заглавная буква в начале и цифра\n" +"в конце.\n" +msgstr[2] "" +"Пароль должен содержать заглавные, строчные буквы, цифры, другие\n" +"символы. Ваш пароль может содержать от %d символов, принадлежащих всем " +"классам.\n" +"При подсчете классов не учитываются заглавная буква в начале и цифра\n" +"в конце.\n" + +#: pam_passwdqc.c:95 +#, c-format +msgid "" +"A valid password should be a mix of upper and lower case letters,\n" +"digits, and other characters. You can use a password\n" +"that consists of %d characters from at least 3 of these 4 classes, or\n" +msgid_plural "" +"A valid password should be a mix of upper and lower case letters,\n" +"digits, and other characters. You can use a password\n" +"that consists of %d characters from at least 3 of these 4 classes, or\n" +msgstr[0] "" +"Пароль должен содержать заглавные, строчные буквы,\n" +"цифры и другие символы и может содержать от %d символа, принадлежащего " +"минимум 3 классам из 4, или \n" +msgstr[1] "" +"Пароль должен содержать заглавные, строчные буквы,\n" +"цифры и другие символы и может содержать от %d символов, принадлежащих " +"минимум 3 классам из 4, или \n" +msgstr[2] "" +"Пароль должен содержать заглавные, строчные буквы,\n" +"цифры и другие символы и может содержать от %d символов, принадлежащих " +"минимум 3 классам из 4, или \n" + +#: pam_passwdqc.c:100 +#, c-format +msgid "" +"a password containing %d characters from all the classes.\n" +"An upper case letter that begins the password and a\n" +"digit that ends it do not count towards the number of character\n" +"classes used.\n" +msgid_plural "" +"a password containing %d characters from all the classes.\n" +"An upper case letter that begins the password and a\n" +"digit that ends it do not count towards the number of character\n" +"classes used.\n" +msgstr[0] "" +"от %d символа, принадлежащего всем классам.\n" +"При подсчете классов не учитываются заглавная буква в начале и цифра в " +"конце.\n" +msgstr[1] "" +"от %d символов, принадлежащих всем классам.\n" +"При подсчете классов не учитываются заглавная буква в начале и цифра в " +"конце.\n" +msgstr[2] "" +"от %d символов, принадлежащих всем классам.\n" +"При подсчете классов не учитываются заглавная буква в начале и цифра в " +"конце.\n" + +#: pam_passwdqc.c:106 +#, c-format +msgid "" +"A passphrase should be of at least %d word, %d to %d characters\n" +"long, and contain enough different characters.\n" +msgid_plural "" +"A passphrase should be of at least %d words, %d to %d characters\n" +"long, and contain enough different characters.\n" +msgstr[0] "" +"Парольная фраза должна состоять как минимум из %d слова, и содержать\n" +"от %d до %d символов, среди которых достаточно различных.\n" +msgstr[1] "" +"Парольная фраза должна состоять как минимум из %d слов, и содержать\n" +"от %d до %d символов, среди которых достаточно различных.\n" +msgstr[2] "" +"Парольная фраза должна состоять как минимум из %d слов, и содержать\n" +"от %d до %d символов, среди которых достаточно различных.\n" + +#: pam_passwdqc.c:113 +#, c-format +msgid "" +"Alternatively, if no one else can see your terminal now, you can\n" +"pick this as your password: \"%s\".\n" +msgstr "" +"Если ваш терминал никто не видит, вы можете набрать предлагаемый пароль: \"%" +"s\".\n" + +#: pam_passwdqc.c:116 +#, c-format +msgid "" +"This system is configured to permit randomly generated passwords\n" +"only. If no one else can see your terminal now, you can pick this\n" +"as your password: \"%s\". Otherwise come back later.\n" +msgstr "" +"Система настроена на использование только случайно генерированных паролей.\n" +"Если ваш терминал никто не видит, вы можете набрать предлагаемый пароль: " +"\"%s\".\n" +"В противном случае попробуйте повторить попытку позже.\n" + +#: pam_passwdqc.c:120 +msgid "" +"This system is configured to use randomly generated passwords\n" +"only, but the attempt to generate a password has failed. This\n" +"could happen for a number of reasons: you could have requested\n" +"an impossible password length, or the access to kernel random\n" +"number pool could have failed." +msgstr "" +"Система настроена на использование только случайно генерированных паролей, " +"но\n" +"создать пароль не удалось. Это могло произойти по нескольким\n" +"причинам: вы запросили слишком длинный пароль, либо было отказано в доступе\n" +"к пулу случайных чисел ядра." + +#: pam_passwdqc.c:126 +msgid "This password may be too long for some services. Choose another." +msgstr "" +"Этот пароль может оказаться слишком длинным для некоторых служб. Выберите " +"другой." + +#: pam_passwdqc.c:128 +msgid "Warning: your longer password will be truncated to 8 characters." +msgstr "Внимание: ваш пароль будет усечён до 8 символов." + +#: pam_passwdqc.c:130 +#, c-format +msgid "Weak password: %s." +msgstr "Слабый пароль: %s." + +#: pam_passwdqc.c:132 +msgid "Sorry, you've mistyped the password that was generated for you." +msgstr "Извините, вы ошиблись при вводе созданного для вас пароля." + +#: pam_passwdqc.c:134 +msgid "Sorry, passwords do not match." +msgstr "Пароли не совпадают." + +#: pam_passwdqc.c:136 +msgid "Try again." +msgstr "Попробуйте ещё раз." + +#: passwdqc_check.c:17 +msgid "check failed" +msgstr "проверка не удалась" + +#: passwdqc_check.c:20 +msgid "is the same as the old one" +msgstr "совпадает со старым" + +#: passwdqc_check.c:22 +msgid "is based on the old one" +msgstr "основан на старом" + +#: passwdqc_check.c:25 +msgid "too short" +msgstr "слишком короткий" + +#: passwdqc_check.c:27 +msgid "too long" +msgstr "слишком длинный" + +#: passwdqc_check.c:30 +msgid "not enough different characters or classes for this length" +msgstr "недостаточно символов или классов для заданной длины" + +#: passwdqc_check.c:32 +msgid "not enough different characters or classes" +msgstr "недостаточно символов или классов" + +#: passwdqc_check.c:35 +msgid "based on personal login information" +msgstr "основан на персональных данных" + +#: passwdqc_check.c:38 +msgid "based on a dictionary word and not a passphrase" +msgstr "основан на слове из словаря и не является парольной фразой" + +#: passwdqc_check.c:41 +msgid "based on a common sequence of characters and not a passphrase" +msgstr "" +"основан на простой последовательности символов и не является парольной фразой" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/passwdqc-1.3.1/pwqcheck.1 new/passwdqc-1.4.0/pwqcheck.1 --- old/passwdqc-1.3.1/pwqcheck.1 2010-03-15 05:17:19.000000000 +0100 +++ new/passwdqc-1.4.0/pwqcheck.1 2019-12-10 00:29:53.000000000 +0100 @@ -1,6 +1,6 @@ .\" Copyright (c) 2009 Dmitry V. Levin .\" All rights reserved. -.\" Copyright (c) 2000-2003,2005,2008,2010 Solar Designer +.\" Copyright (c) 2000-2003,2005,2008,2010,2019 Solar Designer .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -18,9 +18,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Owl: Owl/packages/passwdqc/passwdqc/pwqcheck.1,v 1.15 2010/03/15 04:17:19 solar Exp $ +.\" $Owl: Owl/packages/passwdqc/passwdqc/pwqcheck.1,v 1.19 2019/12/09 23:29:53 solar Exp $ .\" -.Dd March 15, 2010 +.Dd December 9, 2019 .Dt PWQCHECK 1 .Os "Openwall Project" .Sh NAME @@ -160,7 +160,8 @@ This is needed to use .Nm as the passwordcheck program on OpenBSD - e.g., with -":passwordcheck=/usr/bin/pwqcheck -1:\\" +":passwordcheck=/usr/bin/pwqcheck \-1:\\" +(without the quotes, but with the trailing backslash) in the "default" section in .Cm /etc/login.conf . .It Cm -2 @@ -205,14 +206,17 @@ .Nm also exits with non-zero status when it detects a weak passphrase. .Sh FILES -.Pa /etc/passwdqc.conf . +.Pa /etc/passwdqc.conf +(not read unless this suggested file location is specified with the +.Cm config=/etc/passwdqc.conf +option). .Sh SEE ALSO .Xr pwqgen 1 , .Xr passwd 5 , .Xr passwdqc.conf 5 , .Xr pam_passwdqc 8 . .Pp -http://www.openwall.com/passwdqc/ +https://www.openwall.com/passwdqc/ .Sh AUTHORS The pam_passwdqc module was written for Openwall GNU/*/Linux by Solar Designer. The diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/passwdqc-1.3.1/pwqcheck.php new/passwdqc-1.4.0/pwqcheck.php --- old/passwdqc-1.3.1/pwqcheck.php 2013-04-24 03:57:26.000000000 +0200 +++ new/passwdqc-1.4.0/pwqcheck.php 2019-12-09 23:39:41.000000000 +0100 @@ -8,12 +8,12 @@ * PHP application's users and passwords" article submitted to "the Month of * PHP Security" (which was May 2010): * - * http://www.openwall.com/articles/PHP-Users-Passwords#enforcing-password-policy + * https://www.openwall.com/articles/PHP-Users-Passwords#enforcing-password-policy * * The pwqcheck() function is a wrapper around the pwqcheck(1) program from * the passwdqc package: * - * http://www.openwall.com/passwdqc/ + * https://www.openwall.com/passwdqc/ * * Returns 'OK' if the new password/passphrase passes the requirements. * Otherwise returns a message explaining one of the reasons why the diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/passwdqc-1.3.1/pwqgen.1 new/passwdqc-1.4.0/pwqgen.1 --- old/passwdqc-1.3.1/pwqgen.1 2013-04-23 16:14:07.000000000 +0200 +++ new/passwdqc-1.4.0/pwqgen.1 2019-12-10 00:29:53.000000000 +0100 @@ -1,5 +1,7 @@ .\" Copyright (c) 2009 Dmitry V. Levin .\" All rights reserved. +.\" Copyright (c) 2019 Solar Designer +.\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted. @@ -16,9 +18,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Owl: Owl/packages/passwdqc/passwdqc/pwqgen.1,v 1.11 2013/04/23 14:14:07 solar Exp $ +.\" $Owl: Owl/packages/passwdqc/passwdqc/pwqgen.1,v 1.13 2019/12/09 23:29:53 solar Exp $ .\" -.Dd March 13, 2010 +.Dd December 9, 2019 .Dt PWQGEN 1 .Os "Openwall Project" .Sh NAME @@ -65,14 +67,17 @@ invalid option, invalid parameter value, when it fails to obtain enough randomness, and in any case when it fails to generate a passphrase. .Sh FILES -.Pa /etc/passwdqc.conf . +.Pa /etc/passwdqc.conf +(not read unless this suggested file location is specified with the +.Cm config=/etc/passwdqc.conf +option). .Sh SEE ALSO .Xr pwqcheck 1 , .Xr urandom 4 , .Xr passwdqc.conf 5 , .Xr pam_passwdqc 8 . .Pp -http://www.openwall.com/passwdqc/ +https://www.openwall.com/passwdqc/ .Sh AUTHORS The pam_passwdqc module was written for Openwall GNU/*/Linux by Solar Designer. The diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/passwdqc-1.3.1/wordset_4k.c new/passwdqc-1.4.0/wordset_4k.c --- old/passwdqc-1.3.1/wordset_4k.c 2013-04-23 14:22:39.000000000 +0200 +++ new/passwdqc-1.4.0/wordset_4k.c 2019-12-09 23:39:41.000000000 +0100 @@ -16,7 +16,7 @@ * At least two other sci.crypt postings by Dianelos Georgoudis also state * that the word list is in the public domain, and so did the web page at: * - * http://web.archive.org/web/%2a/http://www.tecapro.com/makepass.html + * https://web.archive.org/web/%2a/http://www.tecapro.com/makepass.html * * which existed until 2006 and is available from the Wayback Machine as of * this writing (March 2010). Specifically, the web page said: @@ -28,7 +28,7 @@ * "To download a copy click here" was a link to free/makepass.lst, which is * currently available via the Wayback Machine: * - * http://web.archive.org/web/%2a/http://www.tecapro.com/free/makepass.lst + * https://web.archive.org/web/%2a/http://www.tecapro.com/free/makepass.lst * * Even though the original description of the list stated that "each word * must contain between 3 and 6 characters", there were two 7-character words:
