1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
Fix the cracklib autoconf check so that HAVE_CRACK_H gets defined.
Don't copy around the cracklib dictpath into a fixed-width buffer, when
we can just point at the existing strings; and allow the means to
specify a default dictionary when no dictionary is specified in
pam.conf.
Authors: Steve Langasek <vorlon@debian.org>
Upstream status: committed to CVS
Index: Linux-PAM/modules/pam_cracklib/pam_cracklib.c
===================================================================
--- Linux-PAM/modules/pam_cracklib/pam_cracklib.c.orig
+++ Linux-PAM/modules/pam_cracklib/pam_cracklib.c
@@ -56,6 +56,10 @@
extern char *FascistCheck(char *pw, const char *dictpath);
#endif
+#ifndef CRACKLIB_DICTS
+#define CRACKLIB_DICTS NULL
+#endif
+
/* For Translators: "%s%s" could be replaced with "<service> " or "". */
#define PROMPT1 _("New %s%spassword: ")
/* For Translators: "%s%s" could be replaced with "<service> " or "". */
@@ -94,7 +98,7 @@
int oth_credit;
int use_authtok;
char prompt_type[BUFSIZ];
- char cracklib_dictpath[PATH_MAX];
+ char *cracklib_dictpath;
};
#define CO_RETRY_TIMES 1
@@ -159,14 +163,15 @@
} else if (!strncmp(*argv,"use_authtok",11)) {
opt->use_authtok = 1;
} else if (!strncmp(*argv,"dictpath=",9)) {
- strncpy(opt->cracklib_dictpath, *argv+9,
- sizeof(opt->cracklib_dictpath) - 1);
+ opt->cracklib_dictpath = *argv+9;
+ if (!*(opt->cracklib_dictpath)) {
+ opt->cracklib_dictpath = CRACKLIB_DICTS;
+ }
} else {
pam_syslog(pamh,LOG_ERR,"pam_parse: unknown option; %s",*argv);
}
}
opt->prompt_type[sizeof(opt->prompt_type) - 1] = '\0';
- opt->cracklib_dictpath[sizeof(opt->cracklib_dictpath) - 1] = '\0';
return ctrl;
}
@@ -514,8 +519,7 @@
options.use_authtok = CO_USE_AUTHTOK;
memset(options.prompt_type, 0, BUFSIZ);
strcpy(options.prompt_type,"UNIX");
- memset(options.cracklib_dictpath, 0,
- sizeof (options.cracklib_dictpath));
+ options.cracklib_dictpath = CRACKLIB_DICTS;
ctrl = _pam_parse(pamh, &options, argc, argv);
@@ -609,7 +613,7 @@
const char *crack_msg;
D(("against cracklib"));
- if ((crack_msg = FascistCheck(token1,options.cracklib_dictpath[0] == '\0'?NULL:options.cracklib_dictpath))) {
+ if ((crack_msg = FascistCheck(token1,options.cracklib_dictpath))) {
if (ctrl & PAM_DEBUG_ARG)
pam_syslog(pamh,LOG_DEBUG,"bad password: %s",crack_msg);
pam_error(pamh, _("BAD PASSWORD: %s"), crack_msg);
Index: Linux-PAM/configure.in
===================================================================
--- Linux-PAM/configure.in.orig
+++ Linux-PAM/configure.in
@@ -312,7 +312,7 @@
AC_HELP_STRING([--disable-cracklib],[do not use cracklib]),
WITH_CRACKLIB=$enableval, WITH_CRACKLIB=yes)
if test x"$WITH_CRACKLIB" != xno ; then
- AC_CHECK_HEADER([crack.h],
+ AC_CHECK_HEADERS([crack.h],
AC_CHECK_LIB([crack], [FascistCheck], LIBCRACK="-lcrack", LIBCRACK=""))
else
LIBCRACK=""
|