[linux-pam] pam_umask: correct the documentation of GECOS field parsing
by Tomáš Mráz
commit 333aa74b2679ff786559994689ed149f5fd648a1
Author: Tomas Mraz <tmraz(a)fedoraproject.org>
Date: Wed Jun 27 18:21:13 2012 +0200
pam_umask: correct the documentation of GECOS field parsing
modules/pam_umask/pam_umask.8.xml: Correct the documentation of GECOS field
parsing.
modules/pam_umask/pam_umask.8.xml | 19 ++++++++-----------
1 files changed, 8 insertions(+), 11 deletions(-)
---
diff --git a/modules/pam_umask/pam_umask.8.xml b/modules/pam_umask/pam_umask.8.xml
index 3b7e197..1e8d130 100644
--- a/modules/pam_umask/pam_umask.8.xml
+++ b/modules/pam_umask/pam_umask.8.xml
@@ -53,17 +53,7 @@
</listitem>
<listitem>
<para>
- umask= entry of the users GECOS field
- </para>
- </listitem>
- <listitem>
- <para>
- pri= entry of the users GECOS field
- </para>
- </listitem>
- <listitem>
- <para>
- ulimit= entry of the users GECOS field
+ umask= entry in the user's GECOS field
</para>
</listitem>
<listitem>
@@ -78,6 +68,13 @@
</listitem>
</itemizedlist>
</para>
+ <para>
+ The GECOS field is split on comma ',' characters. The module
+ also in addition to the umask= entry recognizes pri= entry,
+ which sets the nice priority value for the session, and
+ ulimit= entry, which sets the maximum size of files the processes
+ in the session can create.
+ </para>
</refsect1>
11 years, 10 months
[linux-pam] pam_cracklib: Add monotonic character sequence checking.
by Tomáš Mráz
commit d7687ef4ba7e0e776f0216f1fcb36859acc3fe15
Author: Tomas Mraz <tmraz(a)fedoraproject.org>
Date: Fri Jun 22 13:36:45 2012 +0200
pam_cracklib: Add monotonic character sequence checking.
modules/pam_cracklib/pam_cracklib.c (_pam_parse): Parse the maxsequence option.
(sequence): New function to check for too long monotonic sequence of characters.
(password_check): Call the sequence().
modules/pam_cracklib/pam_cracklib.8.xml: Document the maxsequence check.
modules/pam_cracklib/pam_cracklib.8.xml | 23 +++++++++++++++++
modules/pam_cracklib/pam_cracklib.c | 41 +++++++++++++++++++++++++++++++
2 files changed, 64 insertions(+), 0 deletions(-)
---
diff --git a/modules/pam_cracklib/pam_cracklib.8.xml b/modules/pam_cracklib/pam_cracklib.8.xml
index 7c0ae70..9c929bf 100644
--- a/modules/pam_cracklib/pam_cracklib.8.xml
+++ b/modules/pam_cracklib/pam_cracklib.8.xml
@@ -114,6 +114,14 @@
</listitem>
</varlistentry>
<varlistentry>
+ <term>Too long monotonic character sequence</term>
+ <listitem>
+ <para>
+ Optional check for too long monotonic character sequence.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
<term>Contains user name</term>
<listitem>
<para>
@@ -349,6 +357,21 @@
<varlistentry>
<term>
+ <option>maxsequence=<replaceable>N</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ Reject passwords which contain monotonic character sequences
+ longer than N. The default is 0 which means that this check
+ is disabled. Examples of such sequence are '12345' or 'fedcb'.
+ Note that most such passwords will not pass the simplicity
+ check unless the sequence is only a minor part of the password.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
<option>maxclassrepeat=<replaceable>N</replaceable></option>
</term>
<listitem>
diff --git a/modules/pam_cracklib/pam_cracklib.c b/modules/pam_cracklib/pam_cracklib.c
index 4c3030f..5691347 100644
--- a/modules/pam_cracklib/pam_cracklib.c
+++ b/modules/pam_cracklib/pam_cracklib.c
@@ -101,6 +101,7 @@ struct cracklib_options {
int oth_credit;
int min_class;
int max_repeat;
+ int max_sequence;
int max_class_repeat;
int reject_user;
int gecos_check;
@@ -174,6 +175,10 @@ _pam_parse (pam_handle_t *pamh, struct cracklib_options *opt,
opt->max_repeat = strtol(*argv+10,&ep,10);
if (!ep)
opt->max_repeat = 0;
+ } else if (!strncmp(*argv,"maxsequence=",12)) {
+ opt->max_sequence = strtol(*argv+12,&ep,10);
+ if (!ep)
+ opt->max_sequence = 0;
} else if (!strncmp(*argv,"maxclassrepeat=",15)) {
opt->max_class_repeat = strtol(*argv+15,&ep,10);
if (!ep)
@@ -478,6 +483,39 @@ static int consecutive(struct cracklib_options *opt, const char *new)
return 0;
}
+static int sequence(struct cracklib_options *opt, const char *new)
+{
+ char c;
+ int i;
+ int sequp = 1;
+ int seqdown = 1;
+
+ if (opt->max_sequence == 0)
+ return 0;
+
+ if (new[0] == '\0')
+ return 0;
+
+ for (i = 1; new[i]; i++) {
+ c = new[i-1];
+ if (new[i] == c+1) {
+ ++sequp;
+ if (sequp > opt->max_sequence)
+ return 1;
+ seqdown = 1;
+ } else if (new[i] == c-1) {
+ ++seqdown;
+ if (seqdown > opt->max_sequence)
+ return 1;
+ sequp = 1;
+ } else {
+ sequp = 1;
+ seqdown = 1;
+ }
+ }
+ return 0;
+}
+
static int wordcheck(const char *new, char *word)
{
char *f, *b;
@@ -622,6 +660,9 @@ static const char *password_check(pam_handle_t *pamh, struct cracklib_options *o
if (!msg && consecutive(opt, new))
msg = _("contains too many same characters consecutively");
+ if (!msg && sequence(opt, new))
+ msg = _("contains too long of a monotonic character sequence");
+
if (!msg && (usercheck(opt, newmono, usermono) || gecoscheck(pamh, opt, newmono, user)))
msg = _("contains the user name in some form");
11 years, 10 months
[linux-pam] pam_timestamp: Fix copy&paste error in manpage.
by Tomáš Mráz
commit e01a134b72b027042fc555793181d9b025c53a15
Author: Tomas Mraz <tmraz(a)fedoraproject.org>
Date: Fri Jun 1 11:12:21 2012 +0200
pam_timestamp: Fix copy&paste error in manpage.
modules/pam_timestamp/pam_timestamp.8.xml: Fix AUTHOR section.
modules/pam_timestamp/pam_timestamp.8.xml | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/modules/pam_timestamp/pam_timestamp.8.xml b/modules/pam_timestamp/pam_timestamp.8.xml
index fc6a927..07a5cf1 100644
--- a/modules/pam_timestamp/pam_timestamp.8.xml
+++ b/modules/pam_timestamp/pam_timestamp.8.xml
@@ -181,7 +181,7 @@ session optional pam_timestamp.so
<refsect1 id='pam_timestamp-author'>
<title>AUTHOR</title>
<para>
- pam_tally was written by Nalin Dahyabhai.
+ pam_timestamp was written by Nalin Dahyabhai.
</para>
</refsect1>
11 years, 11 months