diff options
| -rw-r--r-- | ChangeLog | 8 | ||||
| -rw-r--r-- | modules/pam_cracklib/pam_cracklib.c | 6 | ||||
| -rw-r--r-- | xtests/Makefile.am | 5 | ||||
| -rw-r--r-- | xtests/tst-pam_cracklib1.c | 99 | ||||
| -rw-r--r-- | xtests/tst-pam_cracklib1.pamd | 2 |
5 files changed, 118 insertions, 2 deletions
@@ -1,5 +1,13 @@ 2006-08-24 Thorsten Kukuk <kukuk@thkukuk.de> + * modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Check + for error from getting second token. + * xtests/Makefile.am: Add tst-pam_cracklib1 + * xtests/tst-pam_cracklib1.c: New, check for pam_cracklib seg.fault. + * xtests/tst-pam_cracklib1.pamd: New, config for cracklib test. + +2006-08-24 Thorsten Kukuk <kukuk@thkukuk.de> + * xtests/tst-pam_dispatch4.c: New test. * xtests/tst-pam_dispatch4.pamd: PAM config for new test. diff --git a/modules/pam_cracklib/pam_cracklib.c b/modules/pam_cracklib/pam_cracklib.c index 2f146fb4..3ca4eb40 100644 --- a/modules/pam_cracklib/pam_cracklib.c +++ b/modules/pam_cracklib/pam_cracklib.c @@ -668,6 +668,12 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, continue; } + if (retval != PAM_SUCCESS) { + if (ctrl && PAM_DEBUG_ARG) + pam_syslog(pamh,LOG_DEBUG,"unable to obtain retyped password"); + continue; + } + /* Hopefully now token1 and token2 the same password ... */ if (strcmp(token1,token2) != 0) { /* tell the user */ diff --git a/xtests/Makefile.am b/xtests/Makefile.am index 44289e2e..f5549290 100644 --- a/xtests/Makefile.am +++ b/xtests/Makefile.am @@ -10,10 +10,11 @@ AM_LDFLAGS = -L$(top_builddir)/libpam -lpam \ CLEANFILES = *~ EXTRA_DIST = tst-pam_dispatch1.pamd tst-pam_dispatch2.pamd \ - tst-pam_dispatch3.pamd tst-pam_dispatch4.pamd + tst-pam_dispatch3.pamd tst-pam_dispatch4.pamd \ + tst-pam_cracklib1.pamd XTESTS = tst-pam_dispatch1 tst-pam_dispatch2 tst-pam_dispatch3 \ - tst-pam_dispatch4 + tst-pam_dispatch4 tst-pam_cracklib1 noinst_PROGRAMS = $(XTESTS) diff --git a/xtests/tst-pam_cracklib1.c b/xtests/tst-pam_cracklib1.c new file mode 100644 index 00000000..d0b92d77 --- /dev/null +++ b/xtests/tst-pam_cracklib1.c @@ -0,0 +1,99 @@ + +#include <stdio.h> +#include <string.h> +#include <security/pam_appl.h> + +/* A conversation function which uses an internally-stored value for + the responses. */ +static int +fake_conv (int num_msg, const struct pam_message **msgm, + struct pam_response **response, void *appdata_ptr) +{ + static int calls = 0; + struct pam_response *reply; + int count; + + /* Sanity test. */ + if (num_msg <= 0) + return PAM_CONV_ERR; + + /* Allocate memory for the responses. */ + reply = calloc (num_msg, sizeof (struct pam_response)); + if (reply == NULL) + return PAM_CONV_ERR; + + /* Each prompt elicits the same response. */ + for (count = 0; count < num_msg; ++count) + { + reply[count].resp_retcode = 0; + /* first call get a password, second one NULL */ + if (calls) + reply[count].resp = NULL; + else + { + ++calls; + reply[count].resp = strdup ("Kindergarten"); + } + } + + /* Set the pointers in the response structure and return. */ + *response = reply; + return PAM_SUCCESS; +} + +static struct pam_conv conv = { + fake_conv, + NULL +}; + + +/* Check that errors of optional modules are ignored and that + required modules after a sufficient one are not executed. */ + +int +main(int argc, char *argv[]) +{ + pam_handle_t *pamh=NULL; + const char *user="root"; + int retval; + int debug = 0; + + if (argc > 1 && strcmp (argv[1], "-d") == 0) + debug = 1; + + retval = pam_start("tst-pam_cracklib1", user, &conv, &pamh); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "cracklib1: pam_start returned %d\n", retval); + return 1; + } + + /* Try one, first input is correct, second is NULL */ + retval = pam_chauthtok (pamh, 0); + if (retval != PAM_AUTHTOK_RECOVERY_ERR) + { + if (debug) + fprintf (stderr, "cracklib1-1: pam_chauthtok returned %d\n", retval); + return 1; + } + + /* Try two, first input is NULL */ + retval = pam_chauthtok (pamh, 0); + if (retval != PAM_AUTHTOK_RECOVERY_ERR) + { + if (debug) + fprintf (stderr, "cracklib1-2: pam_chauthtok returned %d\n", retval); + return 1; + } + + + retval = pam_end (pamh,retval); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "cracklib1: pam_end returned %d\n", retval); + return 1; + } + return 0; +} diff --git a/xtests/tst-pam_cracklib1.pamd b/xtests/tst-pam_cracklib1.pamd new file mode 100644 index 00000000..41a9188d --- /dev/null +++ b/xtests/tst-pam_cracklib1.pamd @@ -0,0 +1,2 @@ +#%PAM-1.0 +password required pam_cracklib.so |