- added try_first_pass option to pam_cracklib

- use try_first_pass for pam_unix and pam_cracklib in system-auth (#182350)
This commit is contained in:
Tomáš Mráz 2006-02-24 10:46:47 +00:00
parent 222bbd42b7
commit 48968f9a9f
3 changed files with 57 additions and 4 deletions

View File

@ -0,0 +1,46 @@
--- Linux-PAM-0.99.3.0/modules/pam_cracklib/pam_cracklib.c.try-first-pass 2006-01-08 10:49:05.000000000 +0100
+++ Linux-PAM-0.99.3.0/modules/pam_cracklib/pam_cracklib.c 2006-02-24 10:42:53.000000000 +0100
@@ -93,6 +93,7 @@
int low_credit;
int oth_credit;
int use_authtok;
+ int try_first_pass;
char prompt_type[BUFSIZ];
char cracklib_dictpath[PATH_MAX];
};
@@ -158,6 +159,10 @@
opt->oth_credit = 0;
} else if (!strncmp(*argv,"use_authtok",11)) {
opt->use_authtok = 1;
+ } else if (!strncmp(*argv,"use_first_pass",14)) {
+ opt->use_authtok = 1;
+ } else if (!strncmp(*argv,"try_first_pass",14)) {
+ opt->try_first_pass = 1;
} else if (!strncmp(*argv,"dictpath=",9)) {
strncpy(opt->cracklib_dictpath, *argv+9,
sizeof(opt->cracklib_dictpath) - 1);
@@ -559,7 +564,7 @@
* set PAM_AUTHTOK and return
*/
- if (options.use_authtok == 1) {
+ if (options.use_authtok == 1 || options.try_first_pass == 1) {
const void *item = NULL;
retval = pam_get_item(pamh, PAM_AUTHTOK, &item);
@@ -570,11 +575,13 @@
} else if (item != NULL) { /* we have a password! */
token1 = x_strdup(item);
item = NULL;
+ options.use_authtok = 1; /* don't ask for the password again */
} else {
retval = PAM_AUTHTOK_RECOVERY_ERR; /* didn't work */
}
-
- } else {
+ }
+
+ if (options.use_authtok != 1) {
/* Prepare to ask the user for the first time */
resp = NULL;
retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &resp,

View File

@ -11,7 +11,7 @@
Summary: A security tool which provides authentication for applications. Summary: A security tool which provides authentication for applications.
Name: pam Name: pam
Version: 0.99.3.0 Version: 0.99.3.0
Release: 1.2 Release: 2
License: GPL or BSD License: GPL or BSD
Group: System Environment/Base Group: System Environment/Base
Source0: ftp.us.kernel.org:/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2 Source0: ftp.us.kernel.org:/pub/linux/libs/pam/pre/library/Linux-PAM-%{version}.tar.bz2
@ -31,6 +31,7 @@ Patch34: pam-0.99.2.1-dbpam.patch
Patch70: pam-0.99.2.1-selinux-nofail.patch Patch70: pam-0.99.2.1-selinux-nofail.patch
Patch72: pam-0.99.3.0-pie.patch Patch72: pam-0.99.3.0-pie.patch
Patch80: pam-0.99.2.1-selinux-drop-multiple.patch Patch80: pam-0.99.2.1-selinux-drop-multiple.patch
Patch81: pam-0.99.3.0-cracklib-try-first-pass.patch
BuildRoot: %{_tmppath}/%{name}-root BuildRoot: %{_tmppath}/%{name}-root
Requires: cracklib, cracklib-dicts >= 2.8 Requires: cracklib, cracklib-dicts >= 2.8
@ -86,6 +87,7 @@ cp $RPM_SOURCE_DIR/config-util.pamd .
%patch70 -p1 -b .nofail %patch70 -p1 -b .nofail
%patch72 -p1 -b .pie %patch72 -p1 -b .pie
%patch80 -p1 -b .drop-multiple %patch80 -p1 -b .drop-multiple
%patch81 -p1 -b .try-first-pass
for readme in modules/pam_*/README ; do for readme in modules/pam_*/README ; do
cp -f ${readme} doc/txts/README.`dirname ${readme} | sed -e 's|^modules/||'` cp -f ${readme} doc/txts/README.`dirname ${readme} | sed -e 's|^modules/||'`
@ -351,6 +353,11 @@ fi
%{_libdir}/libpam_misc.so %{_libdir}/libpam_misc.so
%changelog %changelog
* Fri Feb 24 2006 Tomas Mraz <tmraz@redhat.com> 0.99.3.0-2
- added try_first_pass option to pam_cracklib
- use try_first_pass for pam_unix and pam_cracklib in
system-auth (#182350)
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 0.99.3.0-1.2 * Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 0.99.3.0-1.2
- bump again for double-long bug on ppc(64) - bump again for double-long bug on ppc(64)

View File

@ -2,13 +2,13 @@
# This file is auto-generated. # This file is auto-generated.
# User changes will be destroyed the next time authconfig is run. # User changes will be destroyed the next time authconfig is run.
auth required pam_env.so auth required pam_env.so
auth sufficient pam_unix.so likeauth nullok auth sufficient pam_unix.so try_first_pass nullok
auth required pam_deny.so auth required pam_deny.so
account required pam_unix.so account required pam_unix.so
password required pam_cracklib.so retry=3 password required pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so nullok use_authtok md5 shadow password sufficient pam_unix.so try_first_pass use_authtok nullok md5 shadow
password required pam_deny.so password required pam_deny.so
session required pam_limits.so session required pam_limits.so