diff options
author | Tomas Mraz <tmraz@redhat.com> | 2015-07-16 13:57:57 +0200 |
---|---|---|
committer | Tomas Mraz <tmraz@redhat.com> | 2015-07-16 13:57:57 +0200 |
commit | 81cd3fc9c56e5fa8dcc258aac8f1a84dd287b4fa (patch) | |
tree | bf54f557c72e18bf59a7ecab12ef15f39c6c1180 | |
parent | b0810b9b2555fcf4870420688da8878260c0261c (diff) | |
download | libpwquality-81cd3fc9c56e5fa8dcc258aac8f1a84dd287b4fa.tar.gz |
Make the cracklib check optional - on by default.
-rw-r--r-- | doc/man/pam_pwquality.8 | 10 | ||||
-rw-r--r-- | doc/man/pwquality.conf.5 | 7 | ||||
-rw-r--r-- | python/pwquality.c | 5 | ||||
-rw-r--r-- | src/check.c | 16 | ||||
-rw-r--r-- | src/pwqprivate.h | 2 | ||||
-rw-r--r-- | src/pwquality.h | 1 | ||||
-rw-r--r-- | src/settings.c | 12 |
7 files changed, 44 insertions, 9 deletions
diff --git a/doc/man/pam_pwquality.8 b/doc/man/pam_pwquality.8 index b1f35e3..31ab6d4 100644 --- a/doc/man/pam_pwquality.8 +++ b/doc/man/pam_pwquality.8 @@ -250,6 +250,16 @@ field of the user are contained in the new password\&. The default is 0 which means that this check is disabled\&. .RE .PP +\fBdictcheck=\fR\fB\fIN\fR\fR +.RS 4 +If nonzero, check whether the password (with possible modifications) +matches a word in a dictionary\&. Currently the dictionary check is performed +using the +\fBcracklib\fR +library\&. +The default is 1 which means that this check is enabled\&. +.RE +.PP \fBbadwords=\fR\fB\fI<list of words>\fR\fR .RS 4 The words more than 3 characters long from this space separated list are diff --git a/doc/man/pwquality.conf.5 b/doc/man/pwquality.conf.5 index a2d2d70..7315e1c 100644 --- a/doc/man/pwquality.conf.5 +++ b/doc/man/pwquality.conf.5 @@ -99,6 +99,13 @@ field of the user's passwd entry are contained in the new password. The check is disabled if the value is 0. (default 0) .RE .PP +\fBdictcheck\fR +.RS 4 +If nonzero, check whether the password (with possible modifications) +matches a word in a dictionary. Currently the dictionary check is performed +using the cracklib library. (default 1) +.RE +.PP \fBbadwords\fR .RS 4 Space separated list of words that must not be contained in the password. These diff --git a/python/pwquality.c b/python/pwquality.c index fdf24f8..dfe72af 100644 --- a/python/pwquality.c +++ b/python/pwquality.c @@ -126,6 +126,11 @@ static PyGetSetDef pwqsettings_getseters[] = { "Match words from the passwd GECOS field if available", (void *)PWQ_SETTING_GECOS_CHECK }, + { "dictcheck", + (getter)pwqsettings_getint, (setter)pwqsettings_setint, + "Perform the dictionary check", + (void *)PWQ_SETTING_DICT_CHECK + }, { "badwords", (getter)pwqsettings_getstr, (setter)pwqsettings_setstr, "List of words more than 3 characters long that are forbidden", diff --git a/src/check.c b/src/check.c index 8b59f2f..d1c59b7 100644 --- a/src/check.c +++ b/src/check.c @@ -669,11 +669,13 @@ pwquality_check(pwquality_settings_t *pwq, const char *password, if (score != 0) return score; - msg = FascistCheck(password, pwq->dict_path); - if (msg) { - if (auxerror) - *auxerror = (void *)msg; - return PWQ_ERROR_CRACKLIB_CHECK; + if (pwq->dict_check) { + msg = FascistCheck(password, pwq->dict_path); + if (msg) { + if (auxerror) + *auxerror = (void *)msg; + return PWQ_ERROR_CRACKLIB_CHECK; + } } score = password_score(pwq, password); @@ -684,8 +686,8 @@ pwquality_check(pwquality_settings_t *pwq, const char *password, /* * Copyright (c) Cristian Gafton <gafton@redhat.com>, 1996. * All rights reserved - * Copyright (c) Red Hat, Inc, 2011 - * Copyright (c) Tomas Mraz <tm@t8m.info>, 2011 + * Copyright (c) Red Hat, Inc, 2011, 2015 + * Copyright (c) Tomas Mraz <tm@t8m.info>, 2011, 2015 * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/src/pwqprivate.h b/src/pwqprivate.h index 692fae6..6b0e9e2 100644 --- a/src/pwqprivate.h +++ b/src/pwqprivate.h @@ -24,6 +24,7 @@ struct pwquality_settings { int max_class_repeat; int max_sequence; int gecos_check; + int dict_check; char *bad_words; char *dict_path; }; @@ -40,6 +41,7 @@ struct setting_mapping { #define PWQ_DEFAULT_UP_CREDIT 0 #define PWQ_DEFAULT_LOW_CREDIT 0 #define PWQ_DEFAULT_OTH_CREDIT 0 +#define PWQ_DEFAULT_DICT_CHECK 1 #define PWQ_TYPE_INT 1 #define PWQ_TYPE_STR 2 diff --git a/src/pwquality.h b/src/pwquality.h index 698351f..2f09e82 100644 --- a/src/pwquality.h +++ b/src/pwquality.h @@ -27,6 +27,7 @@ extern "C" { #define PWQ_SETTING_GECOS_CHECK 12 #define PWQ_SETTING_BAD_WORDS 13 #define PWQ_SETTING_MAX_SEQUENCE 14 +#define PWQ_SETTING_DICT_CHECK 15 #define PWQ_MAX_ENTROPY_BITS 256 #define PWQ_MIN_ENTROPY_BITS 56 diff --git a/src/settings.c b/src/settings.c index 6c242e8..655f262 100644 --- a/src/settings.c +++ b/src/settings.c @@ -32,6 +32,7 @@ pwquality_default_settings(void) pwq->up_credit = PWQ_DEFAULT_UP_CREDIT; pwq->low_credit = PWQ_DEFAULT_LOW_CREDIT; pwq->oth_credit = PWQ_DEFAULT_OTH_CREDIT; + pwq->dict_check = PWQ_DEFAULT_DICT_CHECK; return pwq; } @@ -59,6 +60,7 @@ static const struct setting_mapping s_map[] = { { "maxclassrepeat", PWQ_SETTING_MAX_CLASS_REPEAT, PWQ_TYPE_INT}, { "maxsequence", PWQ_SETTING_MAX_SEQUENCE, PWQ_TYPE_INT}, { "gecoscheck", PWQ_SETTING_GECOS_CHECK, PWQ_TYPE_INT}, + { "dictcheck", PWQ_SETTING_DICT_CHECK, PWQ_TYPE_INT}, { "badwords", PWQ_SETTING_BAD_WORDS, PWQ_TYPE_STR}, { "dictpath", PWQ_SETTING_DICT_PATH, PWQ_TYPE_STR} }; @@ -252,6 +254,9 @@ pwquality_set_int_value(pwquality_settings_t *pwq, int setting, int value) case PWQ_SETTING_GECOS_CHECK: pwq->gecos_check = value; break; + case PWQ_SETTING_DICT_CHECK: + pwq->dict_check = value; + break; default: return PWQ_ERROR_NON_INT_SETTING; } @@ -326,6 +331,9 @@ pwquality_get_int_value(pwquality_settings_t *pwq, int setting, int *value) case PWQ_SETTING_GECOS_CHECK: *value = pwq->gecos_check; break; + case PWQ_SETTING_DICT_CHECK: + *value = pwq->dict_check; + break; default: return PWQ_ERROR_NON_INT_SETTING; } @@ -350,8 +358,8 @@ pwquality_get_str_value(pwquality_settings_t *pwq, int setting, const char **val } /* - * Copyright (c) Red Hat, Inc, 2011 - * Copyright (c) Tomas Mraz <tm@t8m.info>, 2011 + * Copyright (c) Red Hat, Inc, 2011, 2015 + * Copyright (c) Tomas Mraz <tm@t8m.info>, 2011, 2015 * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions |