diff options
author | Tomas Mraz <tmraz@redhat.com> | 2012-05-24 14:10:07 +0200 |
---|---|---|
committer | Tomas Mraz <tmraz@redhat.com> | 2012-05-24 14:10:07 +0200 |
commit | 1189e9681b3718729b03c07a59085442e1c2df67 (patch) | |
tree | a493811b210488eaf94166114de72c22e5ff113e /src | |
parent | 33e8e4e2a942aea024beef98ee197c34281f674d (diff) | |
download | libpwquality-1189e9681b3718729b03c07a59085442e1c2df67.tar.gz |
Add enforce_for_root option to the PAM module.
Diffstat (limited to 'src')
-rw-r--r-- | src/pam_pwquality.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/pam_pwquality.c b/src/pam_pwquality.c index 4319602..52535c9 100644 --- a/src/pam_pwquality.c +++ b/src/pam_pwquality.c @@ -42,6 +42,7 @@ struct module_options { int retry_times; + int enforce_for_root; pwquality_settings_t *pwq; }; @@ -79,6 +80,8 @@ _pam_parse (pam_handle_t *pamh, struct module_options *opt, opt->retry_times = strtol(*argv+6, &ep, 10); if (!ep || (opt->retry_times < 1)) opt->retry_times = CO_RETRY_TIMES; + } else if (!strncmp(*argv, "enforce_for_root", 16)) { + opt->enforce_for_root = 1; } else if (!strncmp(*argv, "difignore=", 10)) { /* ignored for compatibility with pam_cracklib */ } else if (!strncmp(*argv, "reject_username", 15)) { @@ -177,7 +180,8 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, pam_syslog(pamh, LOG_DEBUG, "bad password: %s", msg); pam_error(pamh, _("BAD PASSWORD: %s"), msg); - if (getuid() || (flags & PAM_CHANGE_EXPIRED_AUTHTOK)) { + if (getuid() || options.enforce_for_root || + (flags & PAM_CHANGE_EXPIRED_AUTHTOK)) { pam_set_item(pamh, PAM_AUTHTOK, NULL); retval = PAM_AUTHTOK_ERR; continue; |