[packages/pam] - pam-cracklib-enforce patch replaced by upstream option enforce_for_root

baggins baggins at pld-linux.org
Tue Nov 27 12:16:18 CET 2012 

commit e712ee1b188754bb0ed6f2667821d308fbe7145a
Author: Jan Rękorajski <baggins at pld-linux.org>
Date:   Tue Nov 27 12:14:24 2012 +0100

    - pam-cracklib-enforce patch replaced by upstream option enforce_for_root

 pam-cracklib-enforce.patch | 168 ---------------------------------------------
 1 file changed, 168 deletions(-)
---
diff --git a/pam-cracklib-enforce.patch b/pam-cracklib-enforce.patch
deleted file mode 100644
index 5342463..0000000
--- a/pam-cracklib-enforce.patch
+++ /dev/null
@@ -1,168 +0,0 @@
-diff -urN -x .libs -x .deps Linux-PAM-0.99.7.1.orig/modules/pam_cracklib/README Linux-PAM-0.99.7.1/modules/pam_cracklib/README
---- Linux-PAM-0.99.7.1.orig/modules/pam_cracklib/README	2006-08-24 13:26:55.000000000 +0200
-+++ Linux-PAM-0.99.7.1/modules/pam_cracklib/README	2007-02-04 20:18:11.098999356 +0100
-@@ -162,6 +162,12 @@
- 
-     Path to the cracklib dictionaries.
- 
-+enforce=[none|users|all]
-+
-+    The module can be configured to warn of weak passwords only, but not
-+    actually enforce strong passwords. The default, none, setting will enforce
-+    strong passwords for non-root users only.
-+
- EXAMPLES
- 
- For an example of the use of this module, we show how it may be stacked with
-diff -urN Linux-PAM-0.99.7.1.orig/modules/pam_cracklib/pam_cracklib.8 Linux-PAM-0.99.7.1/modules/pam_cracklib/pam_cracklib.8
---- Linux-PAM-0.99.7.1.orig/modules/pam_cracklib/pam_cracklib.8	2006-08-24 12:04:29.000000000 +0200
-+++ Linux-PAM-0.99.7.1/modules/pam_cracklib/pam_cracklib.8	2007-02-04 19:59:32.105794691 +0100
-@@ -167,6 +198,12 @@
- .RS 4
- Path to the cracklib dictionaries.
- .RE
-+.PP
-+\fBenforce=[\fR\fB\fInone\fR\fR\fB|\fR\fB\fIusers\fR\fR\fB|\fR\fB\fIall\fR\fR\fB]\fR
-+.RS 4
-+The module can be configured to warn of weak passwords only, but not actually enforce strong passwords. The default,
-+\fInone\fR, setting will enforce strong passwords for non\-root users only.
-+.RE
- .SH "MODULE TYPES PROVIDED"
- .PP
- Only the
-diff -urN Linux-PAM-0.99.7.1.orig/modules/pam_cracklib/pam_cracklib.8.xml Linux-PAM-0.99.7.1/modules/pam_cracklib/pam_cracklib.8.xml
---- Linux-PAM-0.99.7.1.orig/modules/pam_cracklib/pam_cracklib.8.xml	2006-08-24 12:04:29.000000000 +0200
-+++ Linux-PAM-0.99.7.1/modules/pam_cracklib/pam_cracklib.8.xml	2007-02-04 19:53:15.748347303 +0100
-@@ -354,6 +354,20 @@
-           </listitem>
-         </varlistentry>
- 
-+        <varlistentry>
-+          <term>
-+	    <option>enforce=[<replaceable>none</replaceable>|<replaceable>users</replaceable>|<replaceable>all</replaceable>]</option>
-+          </term>
-+          <listitem>
-+            <para>
-+	      The module can be configured to warn of weak passwords
-+	      only, but not actually enforce strong passwords.  The
-+	      default, <replaceable>none</replaceable>, setting will
-+	      enforce strong passwords for non-root users only.
-+            </para>
-+          </listitem>
-+        </varlistentry>
-+
-       </variablelist>
-     </para>
-   </refsect1>
-diff -urN Linux-PAM-0.99.7.1.orig/modules/pam_cracklib/pam_cracklib.c Linux-PAM-0.99.7.1/modules/pam_cracklib/pam_cracklib.c
---- Linux-PAM-0.99.7.1.orig/modules/pam_cracklib/pam_cracklib.c	2006-11-07 12:00:24.000000000 +0100
-+++ Linux-PAM-0.99.7.1/modules/pam_cracklib/pam_cracklib.c	2007-02-04 19:59:27.217516126 +0100
-@@ -93,6 +93,7 @@
-         int min_class;
- 	int max_repeat;
- 	int reject_user;
-+	int enforce;
-         const char *cracklib_dictpath;
- };
- 
-@@ -108,6 +109,10 @@
- #define CO_OTH_CREDIT   1
- #define CO_USE_AUTHTOK  0
- 
-+#define ENFORCE_NONE	0
-+#define ENFORCE_USERS	1
-+#define ENFORCE_ALL	2
-+
- static int
- _pam_parse (pam_handle_t *pamh, struct cracklib_options *opt,
-             int argc, const char **argv)
-@@ -161,6 +166,15 @@
- 	     if (!*(opt->cracklib_dictpath)) {
- 		 opt->cracklib_dictpath = CRACKLIB_DICTS;
- 	     }
-+	 } else if (!strncmp(*argv,"enforce=",8)) {
-+	 	if (!strncmp(*argv+8,"none",4))
-+			opt->enforce = ENFORCE_NONE;
-+		else if (!strncmp(*argv+8,"users",5))
-+			opt->enforce = ENFORCE_USERS;
-+		else if (!strncmp(*argv+8,"all",8))
-+			opt->enforce = ENFORCE_ALL;
-+		else if (!strncmp(*argv+8,"everyone",8)) // compatibility
-+			opt->enforce = ENFORCE_ALL;
- 	 } else {
- 	     pam_syslog(pamh,LOG_ERR,"pam_parse: unknown option; %s",*argv);
- 	 }
-@@ -512,6 +526,7 @@
-     options.up_credit = CO_UP_CREDIT;
-     options.low_credit = CO_LOW_CREDIT;
-     options.oth_credit = CO_OTH_CREDIT;
-+    options.enforce = ENFORCE_USERS;
-     options.cracklib_dictpath = CRACKLIB_DICTS;
- 
-     ctrl = _pam_parse(pamh, &options, argc, argv);
-@@ -613,12 +628,31 @@
- 	    if (ctrl & PAM_DEBUG_ARG)
- 	      pam_syslog(pamh,LOG_DEBUG,"bad password: %s",crack_msg);
- 	    pam_error (pamh, _("BAD PASSWORD: %s"), crack_msg);
--	    if (getuid() || (flags & PAM_CHANGE_EXPIRED_AUTHTOK))
-+	    if (flags & PAM_CHANGE_EXPIRED_AUTHTOK)
-	      {
- 		pam_set_item (pamh, PAM_AUTHTOK, NULL);
-		retval = PAM_AUTHTOK_ERR;
-		continue;
-	      }
-+		switch (options.enforce) {
-+			case ENFORCE_NONE:
-+				retval = PAM_SUCCESS;
-+				break;
-+			case ENFORCE_USERS:
-+				if (getuid()) {
-+					pam_set_item (pamh, PAM_AUTHTOK, NULL);
-+					retval = PAM_AUTHTOK_ERR;
-+				}
-+				else retval = PAM_SUCCESS;
-+				break;
-+			case ENFORCE_ALL:
-+			default:
-+				pam_set_item (pamh, PAM_AUTHTOK, NULL);
-+				retval = PAM_AUTHTOK_ERR;
-+				break;
-+		}
-+		if (retval != PAM_SUCCESS)
-+			continue;
- 	  }
- 
- 	  /* check it for strength too... */
-@@ -624,12 +650,31 @@
- 	  retval = _pam_unix_approve_pass (pamh, ctrl, &options,
- 					   oldtoken, newtoken);
- 	  if (retval != PAM_SUCCESS) {
--	    if (getuid() || (flags & PAM_CHANGE_EXPIRED_AUTHTOK))
-+	    if (flags & PAM_CHANGE_EXPIRED_AUTHTOK)
- 	      {
- 		pam_set_item(pamh, PAM_AUTHTOK, NULL);
- 		retval = PAM_AUTHTOK_ERR;
- 		continue;
- 	      }
-+		switch (options.enforce) {
-+			case ENFORCE_NONE:
-+				retval = PAM_SUCCESS;
-+				break;
-+			case ENFORCE_USERS:
-+				if (getuid()) {
-+					pam_set_item(pamh, PAM_AUTHTOK, NULL);
-+					retval = PAM_AUTHTOK_ERR;
-+				}
-+				else retval = PAM_SUCCESS;
-+				break;
-+			case ENFORCE_ALL:
-+			default:
-+				pam_set_item(pamh, PAM_AUTHTOK, NULL);
-+				retval = PAM_AUTHTOK_ERR;
-+				break;
-+		}
-+		if (retval != PAM_SUCCESS)
-+			continue;
- 	  }
- 	  return PAM_SUCCESS;
-         }
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/pam.git/commitdiff/24c8c941325c49796a65ee8afbeca5ce72f5c62e

More information about the pld-cvs-commit mailing list