29 lines
1.2 KiB
Diff
29 lines
1.2 KiB
Diff
From 2f6cd189bde18f5e73ed0a24c731681b085fc874 Mon Sep 17 00:00:00 2001
|
|
From: fdub <fdub@users.noreply.github.com>
|
|
Date: Wed, 1 Nov 2023 15:29:32 +0100
|
|
Subject: [PATCH] Make maxclassrepeat=1 behavior consistent with docs
|
|
|
|
When setting maxclassrepeat=1, the rule would be inactive and allow passwords containing 2 consecutive characters from the same class. Only when setting maxclassrepeat>=2, the rule would behave as expected.
|
|
|
|
This issue was already addressed in pam_cracklib many years ago: https://github.com/linux-pam/linux-pam/pull/9
|
|
---
|
|
src/check.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/src/check.c b/src/check.c
|
|
index d24bebc..79d4c9c 100644
|
|
--- a/src/check.c
|
|
+++ b/src/check.c
|
|
@@ -238,7 +238,7 @@ simple(pwquality_settings_t *pwq, const char *new, void **auxerror)
|
|
} else
|
|
sameclass++;
|
|
}
|
|
- if (pwq->max_class_repeat > 1 && sameclass > pwq->max_class_repeat) {
|
|
+ if (pwq->max_class_repeat > 0 && sameclass > pwq->max_class_repeat) {
|
|
if (auxerror)
|
|
*auxerror = (void *)(long)pwq->max_class_repeat;
|
|
return PWQ_ERROR_MAX_CLASS_REPEAT;
|
|
--
|
|
2.33.0
|
|
|