Fix the cracklib autoconf check so that HAVE_CRACK_H gets defined. Don't copy around the cracklib dictpath into a fixed-width buffer, when we can just point at the existing strings; and allow the means to specify a default dictionary when no dictionary is specified in pam.conf. Authors: Steve Langasek Upstream status: committed to CVS Index: Linux-PAM/modules/pam_cracklib/pam_cracklib.c =================================================================== --- Linux-PAM/modules/pam_cracklib/pam_cracklib.c.orig +++ Linux-PAM/modules/pam_cracklib/pam_cracklib.c @@ -56,6 +56,10 @@ extern char *FascistCheck(char *pw, const char *dictpath); #endif +#ifndef CRACKLIB_DICTS +#define CRACKLIB_DICTS NULL +#endif + /* For Translators: "%s%s" could be replaced with " " or "". */ #define PROMPT1 _("New %s%spassword: ") /* For Translators: "%s%s" could be replaced with " " or "". */ @@ -94,7 +98,7 @@ int oth_credit; int use_authtok; char prompt_type[BUFSIZ]; - char cracklib_dictpath[PATH_MAX]; + char *cracklib_dictpath; }; #define CO_RETRY_TIMES 1 @@ -159,14 +163,15 @@ } else if (!strncmp(*argv,"use_authtok",11)) { opt->use_authtok = 1; } else if (!strncmp(*argv,"dictpath=",9)) { - strncpy(opt->cracklib_dictpath, *argv+9, - sizeof(opt->cracklib_dictpath) - 1); + opt->cracklib_dictpath = *argv+9; + if (!*(opt->cracklib_dictpath)) { + opt->cracklib_dictpath = CRACKLIB_DICTS; + } } else { pam_syslog(pamh,LOG_ERR,"pam_parse: unknown option; %s",*argv); } } opt->prompt_type[sizeof(opt->prompt_type) - 1] = '\0'; - opt->cracklib_dictpath[sizeof(opt->cracklib_dictpath) - 1] = '\0'; return ctrl; } @@ -514,8 +519,7 @@ options.use_authtok = CO_USE_AUTHTOK; memset(options.prompt_type, 0, BUFSIZ); strcpy(options.prompt_type,"UNIX"); - memset(options.cracklib_dictpath, 0, - sizeof (options.cracklib_dictpath)); + options.cracklib_dictpath = CRACKLIB_DICTS; ctrl = _pam_parse(pamh, &options, argc, argv); @@ -609,7 +613,7 @@ const char *crack_msg; D(("against cracklib")); - if ((crack_msg = FascistCheck(token1,options.cracklib_dictpath[0] == '\0'?NULL:options.cracklib_dictpath))) { + if ((crack_msg = FascistCheck(token1,options.cracklib_dictpath))) { if (ctrl & PAM_DEBUG_ARG) pam_syslog(pamh,LOG_DEBUG,"bad password: %s",crack_msg); pam_error(pamh, _("BAD PASSWORD: %s"), crack_msg); Index: Linux-PAM/configure.in =================================================================== --- Linux-PAM/configure.in.orig +++ Linux-PAM/configure.in @@ -312,7 +312,7 @@ AC_HELP_STRING([--disable-cracklib],[do not use cracklib]), WITH_CRACKLIB=$enableval, WITH_CRACKLIB=yes) if test x"$WITH_CRACKLIB" != xno ; then - AC_CHECK_HEADER([crack.h], + AC_CHECK_HEADERS([crack.h], AC_CHECK_LIB([crack], [FascistCheck], LIBCRACK="-lcrack", LIBCRACK="")) else LIBCRACK=""