commit e712ee1b188754bb0ed6f2667821d308fbe7145a
Author: Jan Rękorajski <[email protected]>
Date: Tue Nov 27 12:14:24 2012 +0100
- pam-cracklib-enforce patch replaced by upstream option enforce_for_root
pam-cracklib-enforce.patch | 168 ---------------------------------------------
1 file changed, 168 deletions(-)
---
diff --git a/pam-cracklib-enforce.patch b/pam-cracklib-enforce.patch
deleted file mode 100644
index 5342463..0000000
--- a/pam-cracklib-enforce.patch
+++ /dev/null
@@ -1,168 +0,0 @@
-diff -urN -x .libs -x .deps
Linux-PAM-0.99.7.1.orig/modules/pam_cracklib/README
Linux-PAM-0.99.7.1/modules/pam_cracklib/README
---- Linux-PAM-0.99.7.1.orig/modules/pam_cracklib/README 2006-08-24
13:26:55.000000000 +0200
-+++ Linux-PAM-0.99.7.1/modules/pam_cracklib/README 2007-02-04
20:18:11.098999356 +0100
-@@ -162,6 +162,12 @@
-
- Path to the cracklib dictionaries.
-
-+enforce=[none|users|all]
-+
-+ The module can be configured to warn of weak passwords only, but not
-+ actually enforce strong passwords. The default, none, setting will enforce
-+ strong passwords for non-root users only.
-+
- EXAMPLES
-
- For an example of the use of this module, we show how it may be stacked with
-diff -urN Linux-PAM-0.99.7.1.orig/modules/pam_cracklib/pam_cracklib.8
Linux-PAM-0.99.7.1/modules/pam_cracklib/pam_cracklib.8
---- Linux-PAM-0.99.7.1.orig/modules/pam_cracklib/pam_cracklib.8
2006-08-24 12:04:29.000000000 +0200
-+++ Linux-PAM-0.99.7.1/modules/pam_cracklib/pam_cracklib.8 2007-02-04
19:59:32.105794691 +0100
-@@ -167,6 +198,12 @@
- .RS 4
- Path to the cracklib dictionaries.
- .RE
-+.PP
-+\fBenforce=[\fR\fB\fInone\fR\fR\fB|\fR\fB\fIusers\fR\fR\fB|\fR\fB\fIall\fR\fR\fB]\fR
-+.RS 4
-+The module can be configured to warn of weak passwords only, but not actually
enforce strong passwords. The default,
-+\fInone\fR, setting will enforce strong passwords for non\-root users only.
-+.RE
- .SH "MODULE TYPES PROVIDED"
- .PP
- Only the
-diff -urN Linux-PAM-0.99.7.1.orig/modules/pam_cracklib/pam_cracklib.8.xml
Linux-PAM-0.99.7.1/modules/pam_cracklib/pam_cracklib.8.xml
---- Linux-PAM-0.99.7.1.orig/modules/pam_cracklib/pam_cracklib.8.xml
2006-08-24 12:04:29.000000000 +0200
-+++ Linux-PAM-0.99.7.1/modules/pam_cracklib/pam_cracklib.8.xml 2007-02-04
19:53:15.748347303 +0100
-@@ -354,6 +354,20 @@
- </listitem>
- </varlistentry>
-
-+ <varlistentry>
-+ <term>
-+
<option>enforce=[<replaceable>none</replaceable>|<replaceable>users</replaceable>|<replaceable>all</replaceable>]</option>
-+ </term>
-+ <listitem>
-+ <para>
-+ The module can be configured to warn of weak passwords
-+ only, but not actually enforce strong passwords. The
-+ default, <replaceable>none</replaceable>, setting will
-+ enforce strong passwords for non-root users only.
-+ </para>
-+ </listitem>
-+ </varlistentry>
-+
- </variablelist>
- </para>
- </refsect1>
-diff -urN Linux-PAM-0.99.7.1.orig/modules/pam_cracklib/pam_cracklib.c
Linux-PAM-0.99.7.1/modules/pam_cracklib/pam_cracklib.c
---- Linux-PAM-0.99.7.1.orig/modules/pam_cracklib/pam_cracklib.c
2006-11-07 12:00:24.000000000 +0100
-+++ Linux-PAM-0.99.7.1/modules/pam_cracklib/pam_cracklib.c 2007-02-04
19:59:27.217516126 +0100
-@@ -93,6 +93,7 @@
- int min_class;
- int max_repeat;
- int reject_user;
-+ int enforce;
- const char *cracklib_dictpath;
- };
-
-@@ -108,6 +109,10 @@
- #define CO_OTH_CREDIT 1
- #define CO_USE_AUTHTOK 0
-
-+#define ENFORCE_NONE 0
-+#define ENFORCE_USERS 1
-+#define ENFORCE_ALL 2
-+
- static int
- _pam_parse (pam_handle_t *pamh, struct cracklib_options *opt,
- int argc, const char **argv)
-@@ -161,6 +166,15 @@
- if (!*(opt->cracklib_dictpath)) {
- opt->cracklib_dictpath = CRACKLIB_DICTS;
- }
-+ } else if (!strncmp(*argv,"enforce=",8)) {
-+ if (!strncmp(*argv+8,"none",4))
-+ opt->enforce = ENFORCE_NONE;
-+ else if (!strncmp(*argv+8,"users",5))
-+ opt->enforce = ENFORCE_USERS;
-+ else if (!strncmp(*argv+8,"all",8))
-+ opt->enforce = ENFORCE_ALL;
-+ else if (!strncmp(*argv+8,"everyone",8)) // compatibility
-+ opt->enforce = ENFORCE_ALL;
- } else {
- pam_syslog(pamh,LOG_ERR,"pam_parse: unknown option; %s",*argv);
- }
-@@ -512,6 +526,7 @@
- options.up_credit = CO_UP_CREDIT;
- options.low_credit = CO_LOW_CREDIT;
- options.oth_credit = CO_OTH_CREDIT;
-+ options.enforce = ENFORCE_USERS;
- options.cracklib_dictpath = CRACKLIB_DICTS;
-
- ctrl = _pam_parse(pamh, &options, argc, argv);
-@@ -613,12 +628,31 @@
- if (ctrl & PAM_DEBUG_ARG)
- pam_syslog(pamh,LOG_DEBUG,"bad password: %s",crack_msg);
- pam_error (pamh, _("BAD PASSWORD: %s"), crack_msg);
-- if (getuid() || (flags & PAM_CHANGE_EXPIRED_AUTHTOK))
-+ if (flags & PAM_CHANGE_EXPIRED_AUTHTOK)
- {
- pam_set_item (pamh, PAM_AUTHTOK, NULL);
- retval = PAM_AUTHTOK_ERR;
- continue;
- }
-+ switch (options.enforce) {
-+ case ENFORCE_NONE:
-+ retval = PAM_SUCCESS;
-+ break;
-+ case ENFORCE_USERS:
-+ if (getuid()) {
-+ pam_set_item (pamh, PAM_AUTHTOK, NULL);
-+ retval = PAM_AUTHTOK_ERR;
-+ }
-+ else retval = PAM_SUCCESS;
-+ break;
-+ case ENFORCE_ALL:
-+ default:
-+ pam_set_item (pamh, PAM_AUTHTOK, NULL);
-+ retval = PAM_AUTHTOK_ERR;
-+ break;
-+ }
-+ if (retval != PAM_SUCCESS)
-+ continue;
- }
-
- /* check it for strength too... */
-@@ -624,12 +650,31 @@
- retval = _pam_unix_approve_pass (pamh, ctrl, &options,
- oldtoken, newtoken);
- if (retval != PAM_SUCCESS) {
-- if (getuid() || (flags & PAM_CHANGE_EXPIRED_AUTHTOK))
-+ if (flags & PAM_CHANGE_EXPIRED_AUTHTOK)
- {
- pam_set_item(pamh, PAM_AUTHTOK, NULL);
- retval = PAM_AUTHTOK_ERR;
- continue;
- }
-+ switch (options.enforce) {
-+ case ENFORCE_NONE:
-+ retval = PAM_SUCCESS;
-+ break;
-+ case ENFORCE_USERS:
-+ if (getuid()) {
-+ pam_set_item(pamh, PAM_AUTHTOK, NULL);
-+ retval = PAM_AUTHTOK_ERR;
-+ }
-+ else retval = PAM_SUCCESS;
-+ break;
-+ case ENFORCE_ALL:
-+ default:
-+ pam_set_item(pamh, PAM_AUTHTOK, NULL);
-+ retval = PAM_AUTHTOK_ERR;
-+ break;
-+ }
-+ if (retval != PAM_SUCCESS)
-+ continue;
- }
- return PAM_SUCCESS;
- }
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/pam.git/commitdiff/24c8c941325c49796a65ee8afbeca5ce72f5c62e
_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
