FreeBSD Bugzilla – Attachment 113076 Details for
Bug 154597
[pam] pam_passwdqc incorrectly tells the user their password must be MAX_INT characters long in some cases
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
file.diff
file.diff (text/plain), 3.22 KB, created by
Ted Stodgell
on 2011-02-08 19:30:08 UTC
(
hide
)
Description:
file.diff
Filename:
MIME Type:
Creator:
Ted Stodgell
Created:
2011-02-08 19:30:08 UTC
Size:
3.22 KB
patch
obsolete
>--- pam_passwdqc.c 2002-04-16 17:25:21.000000000 -0500 >+++ pam_passwdqc.c.new 2011-02-08 10:33:05.000000000 -0600 >@@ -100,15 +100,20 @@ > "a%s %d character long password containing characters from all the\n" \ > "classes. Characters that form a common pattern are discarded by\n" \ > "the check.\n" >+#define MESSAGE_EXPLAIN_PASSWORD_3 \ >+ "A valid password should be a mix of upper and lower case letters,\n" \ >+ "digits and other characters. You must use a%s %d character long\n" \ >+ "password containing characters from all 4 classes. Characters that\n" \ >+ "form a common pattern are discarded by the check.\n" > #define MESSAGE_EXPLAIN_PASSPHRASE \ > "A passphrase should be of at least %d words, %d to %d characters\n" \ > "long and contain enough different characters.\n" > #define MESSAGE_RANDOM \ >- "Alternatively, if noone else can see your terminal now, you can\n" \ >+ "Alternatively, if no one else can see your terminal now, you can\n" \ > "pick this as your password: \"%s\".\n" > #define MESSAGE_RANDOMONLY \ > "This system is configured to permit randomly generated passwords\n" \ >- "only. If noone else can see your terminal now, you can pick this\n" \ >+ "only. If no one else can see your terminal now, you can pick this\n" \ > "as your password: \"%s\". Otherwise, come back later.\n" > #define MESSAGE_RANDOMFAILED \ > "This system is configured to use randomly generated passwords\n" \ >@@ -201,6 +206,7 @@ > p = *argv + 4; > for (i = 0; i < 5; i++) { > if (!strncmp(p, "disabled", 8)) { >+ /* disabled fields are set to INT_MAX */ > v = INT_MAX; > p += 8; > } else { >@@ -434,16 +440,44 @@ > return status; > > if (!randomonly && params.qc.min[3] <= params.qc.min[4]) >+ /* Password needs at least 3 different classes of character. >+ * N4 is either larger than N3, or set to "disabled". >+ */ > status = say(pamh, PAM_TEXT_INFO, MESSAGE_EXPLAIN_PASSWORD_1, > params.qc.min[3] == 8 || params.qc.min[3] == 11 ? "n" : "", > params.qc.min[3]); > else >- if (!randomonly) >+ if (!randomonly && INT_MAX != params.qc.min[3]) >+ /* Password needs at least 3 different classes of character. >+ * N3 and N4 were both assigned numeric values. >+ */ > status = say(pamh, PAM_TEXT_INFO, MESSAGE_EXPLAIN_PASSWORD_2, > params.qc.min[3] == 8 || params.qc.min[3] == 11 ? "n" : "", > params.qc.min[3], > params.qc.min[4] == 8 || params.qc.min[4] == 11 ? "n" : "", > params.qc.min[4]); >+ else >+ if (!randomonly) >+ /* Password must use all 4 different classes of character. >+ * Only N4 has a value. >+ * >+ * Previously, MESSAGE_EXPLAIN_PASSWORD_2 was used in cases >+ * where N3 was disabled and only N4 was defined with a value, >+ * e.g. min=disabled,disabled,disabled,disabled,12. >+ * >+ * When this happens, >+ * params.qc.min[3] gets set to MAX_INT, and >+ * MESSAGE_EXPLAN_PASSWORD_2 tells you that your password must >+ * be MAX_INT characters long if you want to use only 3 different >+ * classes of character! >+ * >+ * We don't want to allow only 3 classes of character... at all. >+ * Thus, MESSAGE_EXPLAIN_PASSWORD_3. >+ */ >+ status = say(pamh, PAM_TEXT_INFO, MESSAGE_EXPLAIN_PASSWORD_3, >+ params.qc.min[4] == 8 || params.qc.min[4] == 11 ? "n" : "", >+ params.qc.min[4]); >+ > if (status != PAM_SUCCESS) > return status;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=113076">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 154597
: 113076