debian/patches-applied/024_debian_cracklib_dict_path


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86

Fix the cracklib autoconf check so that HAVE_CRACK_H gets defined.

Don't copy around the cracklib dictpath into a fixed-width buffer, when
we can just point at the existing strings; and allow the means to
specify a default dictionary when no dictionary is specified in
pam.conf.

Authors: Steve Langasek <vorlon@debian.org>

Upstream status: committed to CVS

Index: Linux-PAM/modules/pam_cracklib/pam_cracklib.c
===================================================================
--- Linux-PAM/modules/pam_cracklib/pam_cracklib.c.orig
+++ Linux-PAM/modules/pam_cracklib/pam_cracklib.c
@@ -56,6 +56,10 @@
 extern char *FascistCheck(char *pw, const char *dictpath);
 #endif
 
+#ifndef CRACKLIB_DICTS
+#define CRACKLIB_DICTS NULL
+#endif
+
 /* For Translators: "%s%s" could be replaced with "<service> " or "". */
 #define PROMPT1 _("New %s%spassword: ")
 /* For Translators: "%s%s" could be replaced with "<service> " or "". */
@@ -94,7 +98,7 @@
 	int oth_credit;
 	int use_authtok;
 	char prompt_type[BUFSIZ];
-        char cracklib_dictpath[PATH_MAX];
+        char *cracklib_dictpath;
 };
 
 #define CO_RETRY_TIMES  1
@@ -159,14 +163,15 @@
 	 } else if (!strncmp(*argv,"use_authtok",11)) {
 		 opt->use_authtok = 1;
 	 } else if (!strncmp(*argv,"dictpath=",9)) {
-	     strncpy(opt->cracklib_dictpath, *argv+9,
-		     sizeof(opt->cracklib_dictpath) - 1);
+	     opt->cracklib_dictpath = *argv+9;
+	     if (!*(opt->cracklib_dictpath)) {
+		 opt->cracklib_dictpath = CRACKLIB_DICTS;
+	     }
 	 } else {
 	     pam_syslog(pamh,LOG_ERR,"pam_parse: unknown option; %s",*argv);
 	 }
      }
      opt->prompt_type[sizeof(opt->prompt_type) - 1] = '\0';
-     opt->cracklib_dictpath[sizeof(opt->cracklib_dictpath) - 1] = '\0';
 
      return ctrl;
 }
@@ -514,8 +519,7 @@
     options.use_authtok = CO_USE_AUTHTOK;
     memset(options.prompt_type, 0, BUFSIZ);
     strcpy(options.prompt_type,"UNIX");
-    memset(options.cracklib_dictpath, 0,
-	   sizeof (options.cracklib_dictpath));
+    options.cracklib_dictpath = CRACKLIB_DICTS;
 
     ctrl = _pam_parse(pamh, &options, argc, argv);
 
@@ -609,7 +613,7 @@
             const char *crack_msg;
 
 	    D(("against cracklib"));
-            if ((crack_msg = FascistCheck(token1,options.cracklib_dictpath[0] == '\0'?NULL:options.cracklib_dictpath))) {
+            if ((crack_msg = FascistCheck(token1,options.cracklib_dictpath))) {
                 if (ctrl & PAM_DEBUG_ARG)
                     pam_syslog(pamh,LOG_DEBUG,"bad password: %s",crack_msg);
                 pam_error(pamh, _("BAD PASSWORD: %s"), crack_msg);
Index: Linux-PAM/configure.in
===================================================================
--- Linux-PAM/configure.in.orig
+++ Linux-PAM/configure.in
@@ -312,7 +312,7 @@
         AC_HELP_STRING([--disable-cracklib],[do not use cracklib]),
         WITH_CRACKLIB=$enableval, WITH_CRACKLIB=yes)
 if test x"$WITH_CRACKLIB" != xno ; then
-        AC_CHECK_HEADER([crack.h],
+        AC_CHECK_HEADERS([crack.h],
               AC_CHECK_LIB([crack], [FascistCheck], LIBCRACK="-lcrack", LIBCRACK=""))
 else
 	LIBCRACK=""