diff options
author | Tomas Mraz <tmraz@redhat.com> | 2016-10-31 10:36:07 +0100 |
---|---|---|
committer | Tomas Mraz <tmraz@redhat.com> | 2016-10-31 10:36:07 +0100 |
commit | df472befdc08b076bf1f2a863cb73801727ded80 (patch) | |
tree | b5abf752b1dd6c5a1021a28a6e75d3c8ee9a7cab | |
parent | 42dbacce20fb8e1628a2bb99517d4cccda1256a2 (diff) | |
download | libpwquality-df472befdc08b076bf1f2a863cb73801727ded80.tar.gz |
Make the user check optional.
-rw-r--r-- | doc/man/pam_pwquality.8.pod | 7 | ||||
-rw-r--r-- | doc/man/pwquality.conf.5.pod | 6 | ||||
-rw-r--r-- | src/check.c | 3 | ||||
-rw-r--r-- | src/pwqprivate.h | 2 | ||||
-rw-r--r-- | src/pwquality.conf | 8 | ||||
-rw-r--r-- | src/pwquality.h | 1 | ||||
-rw-r--r-- | src/settings.c | 8 |
7 files changed, 34 insertions, 1 deletions
diff --git a/doc/man/pam_pwquality.8.pod b/doc/man/pam_pwquality.8.pod index 2d258bf..6b115f8 100644 --- a/doc/man/pam_pwquality.8.pod +++ b/doc/man/pam_pwquality.8.pod @@ -195,6 +195,13 @@ matches a word in a dictionary. Currently the dictionary check is performed using the I<cracklib> library. The default is 1 which means that this check is enabled. +=item B<usercheck=>I<N> + +If nonzero, check whether the password (with possible modifications) +contains the user name in some form. The default is 1 which means that +this check is enabled. It is not performed for user names shorter +than 3 characters. + =item B<badwords=>I<< <list of words> >> The words more than 3 characters long from this space separated list are diff --git a/doc/man/pwquality.conf.5.pod b/doc/man/pwquality.conf.5.pod index 94e61b6..ad558f6 100644 --- a/doc/man/pwquality.conf.5.pod +++ b/doc/man/pwquality.conf.5.pod @@ -101,6 +101,12 @@ If nonzero, check whether the password (with possible modifications) matches a word in a dictionary. Currently the dictionary check is performed using the cracklib library. (default 1) +=item B<usercheck=>I<N> + +If nonzero, check whether the password (with possible modifications) +contains the user name in some form. It is not performed for user names shorter +than 3 characters. (default 1) + =item B<badwords> Space separated list of words that must not be contained in the password. These diff --git a/src/check.c b/src/check.c index 0488029..07d6054 100644 --- a/src/check.c +++ b/src/check.c @@ -560,7 +560,8 @@ password_check(pwquality_settings_t *pwq, if (!rv && sequence(pwq, new, auxerror)) rv = PWQ_ERROR_MAX_SEQUENCE; - if (!rv && usermono && usercheck(pwq, newmono, usermono)) + if (!rv && usermono && pwq->user_check && + usercheck(pwq, newmono, usermono)) rv = PWQ_ERROR_USER_CHECK; if (!rv && user && pwq->gecos_check) diff --git a/src/pwqprivate.h b/src/pwqprivate.h index 6b0e9e2..f72828d 100644 --- a/src/pwqprivate.h +++ b/src/pwqprivate.h @@ -25,6 +25,7 @@ struct pwquality_settings { int max_sequence; int gecos_check; int dict_check; + int user_check; char *bad_words; char *dict_path; }; @@ -42,6 +43,7 @@ struct setting_mapping { #define PWQ_DEFAULT_LOW_CREDIT 0 #define PWQ_DEFAULT_OTH_CREDIT 0 #define PWQ_DEFAULT_DICT_CHECK 1 +#define PWQ_DEFAULT_USER_CHECK 1 #define PWQ_TYPE_INT 1 #define PWQ_TYPE_STR 2 diff --git a/src/pwquality.conf b/src/pwquality.conf index 75e8db8..8155aec 100644 --- a/src/pwquality.conf +++ b/src/pwquality.conf @@ -46,5 +46,13 @@ # The check is enabled if the value is not 0. # gecoscheck = 0 # +# Whether to check for the words from the cracklib dictionary. +# The check is enabled if the value is not 0. +# dictcheck = 1 +# +# Whether to check if it contains the user name in some form. +# The check is enabled if the value is not 0. +# usercheck = 1 +# # Path to the cracklib dictionaries. Default is to use the cracklib default. # dictpath = diff --git a/src/pwquality.h b/src/pwquality.h index 32f5f02..49d2377 100644 --- a/src/pwquality.h +++ b/src/pwquality.h @@ -28,6 +28,7 @@ extern "C" { #define PWQ_SETTING_BAD_WORDS 13 #define PWQ_SETTING_MAX_SEQUENCE 14 #define PWQ_SETTING_DICT_CHECK 15 +#define PWQ_SETTING_USER_CHECK 16 #define PWQ_MAX_ENTROPY_BITS 256 #define PWQ_MIN_ENTROPY_BITS 56 diff --git a/src/settings.c b/src/settings.c index a5f22be..3d3f465 100644 --- a/src/settings.c +++ b/src/settings.c @@ -34,6 +34,7 @@ pwquality_default_settings(void) pwq->low_credit = PWQ_DEFAULT_LOW_CREDIT; pwq->oth_credit = PWQ_DEFAULT_OTH_CREDIT; pwq->dict_check = PWQ_DEFAULT_DICT_CHECK; + pwq->user_check = PWQ_DEFAULT_USER_CHECK; return pwq; } @@ -62,6 +63,7 @@ static const struct setting_mapping s_map[] = { { "maxsequence", PWQ_SETTING_MAX_SEQUENCE, PWQ_TYPE_INT}, { "gecoscheck", PWQ_SETTING_GECOS_CHECK, PWQ_TYPE_INT}, { "dictcheck", PWQ_SETTING_DICT_CHECK, PWQ_TYPE_INT}, + { "usercheck", PWQ_SETTING_USER_CHECK, PWQ_TYPE_INT}, { "badwords", PWQ_SETTING_BAD_WORDS, PWQ_TYPE_STR}, { "dictpath", PWQ_SETTING_DICT_PATH, PWQ_TYPE_STR} }; @@ -333,6 +335,9 @@ pwquality_set_int_value(pwquality_settings_t *pwq, int setting, int value) case PWQ_SETTING_DICT_CHECK: pwq->dict_check = value; break; + case PWQ_SETTING_USER_CHECK: + pwq->user_check = value; + break; default: return PWQ_ERROR_NON_INT_SETTING; } @@ -413,6 +418,9 @@ pwquality_get_int_value(pwquality_settings_t *pwq, int setting, int *value) case PWQ_SETTING_DICT_CHECK: *value = pwq->dict_check; break; + case PWQ_SETTING_USER_CHECK: + *value = pwq->user_check; + break; default: return PWQ_ERROR_NON_INT_SETTING; } |