diff --git a/pam-pam_cracklib-add-usersubstr.patch b/pam-pam_cracklib-add-usersubstr.patch
index 977af32..b3f55b1 100644
--- a/pam-pam_cracklib-add-usersubstr.patch
+++ b/pam-pam_cracklib-add-usersubstr.patch
@@ -1,3 +1,107 @@
+Index: Linux-PAM-1.4.0/doc/sag/Linux-PAM_SAG.txt
+===================================================================
+--- Linux-PAM-1.4.0.orig/doc/sag/Linux-PAM_SAG.txt
++++ Linux-PAM-1.4.0/doc/sag/Linux-PAM_SAG.txt
+@@ -1003,6 +1003,14 @@ reject_username
+ Check whether the name of the user in straight or reversed form is
+ contained in the new password. If it is found the new password is rejected.
+
++usersubstr=N
++
++ Reject passwords which contain any substring of N or more consecutive
++ characters of the user's name straight or in reverse order.
++ N must be at least 4 for this to be applicable.
++ Also, usernames shorter than N are not checked.
++ If such a substring is found, the password is rejected.
++
+ gecoscheck
+
+ Check whether the words from the GECOS field (usually full name of the
+Index: Linux-PAM-1.4.0/doc/sag/html/sag-pam_cracklib.html
+===================================================================
+--- Linux-PAM-1.4.0.orig/doc/sag/html/sag-pam_cracklib.html
++++ Linux-PAM-1.4.0/doc/sag/html/sag-pam_cracklib.html
+@@ -198,6 +198,15 @@
+ form is contained in the new password. If it is found the
+ new password is rejected.
+
++ usersubstr=N
++
++ Reject passwords which contain any substring of N or more
++ consecutive characters of the user's name straight or in
++ reverse order.
++ N must be at least 4 for this to be applicable.
++ Also, usernames shorter than N are not checked.
++ If such a substring is found, the password is rejected.
++
+ gecoscheck
+
+ Check whether the words from the GECOS field (usually full name
+Index: Linux-PAM-1.4.0/modules/pam_cracklib/README
+===================================================================
+--- Linux-PAM-1.4.0.orig/modules/pam_cracklib/README
++++ Linux-PAM-1.4.0/modules/pam_cracklib/README
+@@ -179,6 +179,14 @@ reject_username
+ Check whether the name of the user in straight or reversed form is
+ contained in the new password. If it is found the new password is rejected.
+
++usersubstr=N
++
++ Reject passwords which contain any substring of N or more consecutive
++ characters of the user's name straight or in reverse order.
++ N must be at least 4 for this to be applicable.
++ Also, usernames shorter than N are not checked.
++ If such a substring is found, the password is rejected.
++
+ gecoscheck
+
+ Check whether the words from the GECOS field (usually full name of the
+Index: Linux-PAM-1.4.0/modules/pam_cracklib/pam_cracklib.8
+===================================================================
+--- Linux-PAM-1.4.0.orig/modules/pam_cracklib/pam_cracklib.8
++++ Linux-PAM-1.4.0/modules/pam_cracklib/pam_cracklib.8
+@@ -232,6 +232,15 @@ Reject passwords which contain more than
+ Check whether the name of the user in straight or reversed form is contained in the new password\&. If it is found the new password is rejected\&.
+ .RE
+ .PP
++\fBusersubstr=\fR\fB\fIN\fR\fR
++.RS 4
++Reject passwords which contain any substring of N or more consecutive characters of the user\*(Aqs name straight or in
++reverse order\&.
++N must be at least 4 for this to be applicable\&.
++Also, usernames shorter than N are not checked\&.
++If such a substring is found, the password is rejected\&.
++.RE
++.PP
+ \fBgecoscheck\fR
+ .RS 4
+ Check whether the words from the GECOS field (usually full name of the user) longer than 3 characters in straight or reversed form are contained in the new password\&. If any such word is found the new password is rejected\&.
+Index: Linux-PAM-1.4.0/modules/pam_cracklib/pam_cracklib.8.xml
+===================================================================
+--- Linux-PAM-1.4.0.orig/modules/pam_cracklib/pam_cracklib.8.xml
++++ Linux-PAM-1.4.0/modules/pam_cracklib/pam_cracklib.8.xml
+@@ -396,6 +396,21 @@
+
+
+
++
++
++
++
++
++
++ Reject passwords which contain any substring of N or more
++ consecutive characters of the user's name straight or in
++ reverse order. N must be at least 4 for this to be applicable.
++ Also, usernames shorter than N are not checked.
++ If such a substring is found, the password is rejected.
++
++
++
++
+
+
+
Index: Linux-PAM-1.4.0/modules/pam_cracklib/pam_cracklib.c
===================================================================
--- Linux-PAM-1.4.0.orig/modules/pam_cracklib/pam_cracklib.c
@@ -10,15 +114,7 @@ Index: Linux-PAM-1.4.0/modules/pam_cracklib/pam_cracklib.c
const char *cracklib_dictpath;
};
-@@ -100,6 +101,7 @@ struct cracklib_options {
- #define CO_LOW_CREDIT 1
- #define CO_OTH_CREDIT 1
- #define CO_MIN_WORD_LENGTH 4
-+#define CO_MIN_WORD_LENGTH 4
-
- static int
- _pam_parse (pam_handle_t *pamh, struct cracklib_options *opt,
-@@ -185,6 +187,10 @@ _pam_parse (pam_handle_t *pamh, struct c
+@@ -185,6 +186,10 @@ _pam_parse (pam_handle_t *pamh, struct c
if (!*(opt->cracklib_dictpath)) {
opt->cracklib_dictpath = CRACKLIB_DICTS;
}
@@ -29,38 +125,37 @@ Index: Linux-PAM-1.4.0/modules/pam_cracklib/pam_cracklib.c
} else {
pam_syslog(pamh,LOG_ERR,"pam_parse: unknown option; %s",*argv);
}
-@@ -525,13 +531,54 @@ static int wordcheck(const char *new, ch
+@@ -525,13 +530,54 @@ static int wordcheck(const char *new, ch
return 0;
}
--static int usercheck(struct cracklib_options *opt, const char *new,
+/*
+ * RETURNS: True if the password is unacceptable, else false
+ */
-+static int usersubstr(pam_handle_t *pamh, int len, const char *new, char *user)
++static int usersubstr(int len, const char *new, char *user)
+{
+ int i, userlen;
-+ int bad = 0; // Assume it's OK unless proven otherwise
++ int bad = 0; // Assume it's OK unless proven otherwise
+ char *subuser = calloc(len+1, sizeof(char));
+
+ if (subuser == NULL) {
-+ return 1;
++ return 1;
+ }
+
+ userlen = strlen(user);
+
+ if (len >= CO_MIN_WORD_LENGTH &&
-+ userlen > len) {
-+ for(i = 0; !bad && (i <= userlen - len); i++) {
-+ strncpy(subuser, user+i, len+1);
-+ subuser[len] = '\0';
-+ bad = wordcheck(new, subuser);
-+ }
++ userlen > len) {
++ for(i = 0; !bad && (i <= userlen - len); i++) {
++ strncpy(subuser, user+i, len+1);
++ subuser[len] = '\0';
++ bad = wordcheck(new, subuser);
++ }
+ } else {
-+ // if we already tested substrings, there's no need to test
-+ // the whole username; all substrings would've been found :)
-+ if (!bad)
-+ bad = wordcheck(new, user);
++ // if we already tested substrings, there's no need to test
++ // the whole username; all substrings would've been found :)
++ if (!bad)
++ bad = wordcheck(new, user);
+ }
+
+ free(subuser);
@@ -71,7 +166,7 @@ Index: Linux-PAM-1.4.0/modules/pam_cracklib/pam_cracklib.c
+/*
+ * RETURNS: True if the password is unacceptable, else false
+ */
-+static int usercheck(pam_handle_t *pamh, struct cracklib_options *opt, const char *new,
+ static int usercheck(struct cracklib_options *opt, const char *new,
char *user)
{
- if (!opt->reject_user)
@@ -79,21 +174,12 @@ Index: Linux-PAM-1.4.0/modules/pam_cracklib/pam_cracklib.c
+ int bad = 0;
+
+ if (opt->reject_user)
-+ bad = wordcheck(new, user);
++ bad = wordcheck(new, user);
+ if (!bad && opt->user_substr != 0)
-+ bad = usersubstr(pamh, opt->user_substr, new, user);
++ bad = usersubstr(opt->user_substr, new, user);
- return wordcheck(new, user);
+ return bad;
}
static char * str_lower(char *string)
-@@ -646,7 +693,7 @@ static const char *password_check(pam_ha
- if (!msg && sequence(opt, new))
- msg = _("contains too long of a monotonic character sequence");
-
-- if (!msg && (usercheck(opt, newmono, usermono) || gecoscheck(pamh, opt, newmono, user)))
-+ if (!msg && (usercheck(pamh, opt, newmono, usermono) || gecoscheck(pamh, opt, newmono, user)))
- msg = _("contains the user name in some form");
-
- free(usermono);