cracklib patch crashes kadmind
Raymond M Schneider
ray at securityfoo.net
Thu Oct 3 18:28:02 EDT 2002
just some more info on this... i just grabbed the Kens monsterpatch,
stripped out everything except for the server_dict.c diff, and applied it
to server_dict.c from the latest MIT (that I just grabbed a moment ago).
Every hunk applied successfully. After applying the patch, if you dont mind
having the use of cracklib forced all the time, then just set
#define KADM5_USE_CRACKLIB 1
somewhere in the file before it is used, and whalla...done. this is
essentially what i have done in the past, and at least this part of the
monster patch applies cleanly.
below ive included the stripped out bits from the monster patch for you:
have fun.
-ray
Index: lib/kadm5/srv/server_dict.c
diff -c krb5/lib/kadm5/srv/server_dict.c:1.1.1.2 krb5/lib/kadm5/srv/server_dict.
c:1.5
*** krb5/lib/kadm5/srv/server_dict.c:1.1.1.2 Mon Nov 3 16:35:35 1997
--- krb5/lib/kadm5/srv/server_dict.c Thu Dec 4 12:23:30 1997
***************
*** 17,29 ****
--- 17,39 ----
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
+ #ifdef HAVE_MEMORY_H
#include <memory.h>
+ #endif
#include <syslog.h>
#include "server_internal.h"
+ #ifndef KADM5_USE_CRACKLIB
static char **word_list = NULL; /* list of word pointers */
static char *word_block = NULL; /* actual word data */
static int word_count = 0; /* number of words */
+
+ #else /* KADM5_USE_CRACKLIB */
+ static char *dict_path = NULL;
+ extern char *FascistCheck();
+
+ #endif /* KADM5_USE_CRACKLIB */
+
extern int errno;
/*
***************
*** 47,52 ****
--- 57,63 ----
return (strcasecmp(*(char **)s1, *(char **)s2));
}
+ #ifndef KADM5_USE_CRACKLIB
/*
* Function: init-dict
*
***************
*** 196,198 ****
--- 207,287 ----
word_count = 0;
return;
}
+
+ #else /* KADM5_USE_CRACKLIB */
+
+ /*
+ * Get dictionary file path from params, check it and store for later
+ * use by find_word().
+ */
+ int init_dict(kadm5_config_params *params)
+ {
+ struct stat st;
+ char *dict_file;
+
+
+ if (dict_path) /* Already been initialized */
+ return KADM5_OK;
+
+ if (! (params->mask & KADM5_CONFIG_DICT_FILE)) {
+ syslog(LOG_INFO, "No dictionary file specified, continuing "
+ "without one.");
+ return KADM5_OK;
+ }
+
+ /*
+ * Check for one of the cracklib dictionary files. We'll
+ * assume that if it's there, then the other two are.
+ *
+ * Note that for cracklib the path specified is just the
+ * prefix filename. The actual files will be the path
+ * plus an appened ".hwm", ".pwd", and ".pwi".
+ */
+
+ dict_file = malloc(strlen(params->dict_file) + 5);
+
+ if (dict_file == NULL) {
+ syslog(LOG_ERR, "malloc() failed.");
+ return errno;
+ }
+
+ strcpy(dict_file, params->dict_file);
+ strcat(dict_file, ".hwm");
+
+ if (stat(dict_file, &st) == 0) {
+ dict_path = params->dict_file;
+ syslog(LOG_INFO, "Using cracklib dictionary with prefix %s", dict_path);
+ } else {
+ syslog(LOG_ERR, "WARNING! Cannot find cracklib dictionary file %s, "
+ "continuing without one.", dict_file);
+ }
+
+ free(dict_file);
+ return KADM5_OK;
+ }
+
+ int
+ find_word(const char *word)
+ {
+ char *msg;
+
+
+ if (dict_path == NULL)
+ return WORD_NOT_FOUND;
+
+ if (msg = FascistCheck(word, dict_path)) {
+ syslog(LOG_INFO, "cracklib rejected new change: %s", msg);
+ return KADM5_OK;
+ } else {
+ return WORD_NOT_FOUND;
+ }
+ }
+
+ void
+ destroy_dict(void)
+ {
+ dict_path = NULL;
+ return;
+ }
+
+ #endif /* KADM5_USE_CRACKLIB */
More information about the Kerberos
mailing list