cracklib patch crashes kadmind

Jason jason.calvert at abbott.com
Thu Oct 3 22:40:30 EDT 2002 

Well that is exactly what I did, grabed the patch, and slurped out the
server_dict.c section, patched and compiled it with #define
KADM5_USE_CRACKLIB 1, but when I try to change a password with kadmin
or kpasswd it kills the kadmind server.  I am using a redhat 7.3
cracklib rpm, so maybe I should get the source for craklib or
something.  It does not make sense as it works fine with the default
server_dict, but not with the cracklib patch, yet the calls to
cracklib seem quite simple and straight forward.

Now that I know it works for everyone else, I think I will start with
a fresh rebuild of the krb5 and cracklib, as I am the only one to have
this problem.  Although I might just have to debug it to see what the
hell is going on with my build that is not with everyone else's.

I will let you know what if I decide to find out whats up.

Thanks all for you input.

Jason  

ray at securityfoo.net (Raymond M Schneider) wrote in message news:<20021003182802.A26951 at securityfoo.net>...
> just some more info on this... i just grabbed the Kens monsterpatch,
> stripped out everything except for the server_dict.c diff, and applied it
> to server_dict.c from the latest MIT (that I just grabbed a moment ago).
> 
> Every hunk applied successfully. After applying the patch, if you dont mind
> having the use of cracklib forced all the time, then just set 
> 
> #define KADM5_USE_CRACKLIB 1
> 
> somewhere in the file before it is used, and whalla...done. this is 
> essentially what i have done in the past, and at least this part of the
> monster patch applies cleanly. 
> 
> below ive included the stripped out bits from the monster patch for you:
> 
> have fun.
> 
> -ray
> 
> Index: lib/kadm5/srv/server_dict.c
> diff -c krb5/lib/kadm5/srv/server_dict.c:1.1.1.2 krb5/lib/kadm5/srv/server_dict.
> c:1.5
> *** krb5/lib/kadm5/srv/server_dict.c:1.1.1.2    Mon Nov  3 16:35:35 1997
> --- krb5/lib/kadm5/srv/server_dict.c    Thu Dec  4 12:23:30 1997
> ***************
> *** 17,29 ****
> --- 17,39 ----
>   #include    <stdlib.h>
>   #include    <stdio.h>
>   #include    <string.h>
> + #ifdef HAVE_MEMORY_H
>   #include    <memory.h>
> + #endif
>   #include    <syslog.h>
>   #include    "server_internal.h"
>   
> + #ifndef KADM5_USE_CRACKLIB
>   static char       **word_list = NULL;     /* list of word pointers */
>   static char       *word_block = NULL;     /* actual word data */
>   static int        word_count = 0;         /* number of words */
> + 
> + #else /* KADM5_USE_CRACKLIB */
> + static char           *dict_path = NULL;
> + extern char           *FascistCheck();
> + 
> + #endif /* KADM5_USE_CRACKLIB */
> + 
>   extern int        errno;
>   
>   /*
> ***************
> *** 47,52 ****
> --- 57,63 ----
>       return (strcasecmp(*(char **)s1, *(char **)s2));
>   }
>   
> + #ifndef KADM5_USE_CRACKLIB
>   /*
>    * Function: init-dict
>    * 
> ***************
> *** 196,198 ****
> --- 207,287 ----
>         word_count = 0;
>       return;
>   }
> + 
> + #else /* KADM5_USE_CRACKLIB */
> + 
> + /*
> +  * Get dictionary file path from params, check it and store for later
> +  * use by find_word().
> +  */
> + int init_dict(kadm5_config_params *params)
> + {
> +     struct stat st;
> +     char *dict_file;
> + 
> + 
> +     if (dict_path)    /* Already been initialized */
> +       return KADM5_OK;
> + 
> +     if (! (params->mask & KADM5_CONFIG_DICT_FILE)) {
> +       syslog(LOG_INFO, "No dictionary file specified, continuing "
> +              "without one.");
> +       return KADM5_OK;
> +     }
> + 
> +     /*
> +      * Check for one of the cracklib dictionary files. We'll
> +      * assume that if it's there, then the other two are.
> +      *
> +      * Note that for cracklib the path specified is just the
> +      * prefix filename. The actual files will be the path
> +      * plus an appened ".hwm", ".pwd", and ".pwi".
> +      */
> +      
> +     dict_file = malloc(strlen(params->dict_file) + 5);
> +     
> +     if (dict_file == NULL) {
> +       syslog(LOG_ERR, "malloc() failed.");
> +       return errno;
> +     }
> + 
> +     strcpy(dict_file, params->dict_file);
> +     strcat(dict_file, ".hwm");
> + 
> +     if (stat(dict_file, &st) == 0) {
> +       dict_path = params->dict_file;
> +       syslog(LOG_INFO, "Using cracklib dictionary with prefix %s", dict_path);
> +     } else {
> +       syslog(LOG_ERR, "WARNING!  Cannot find cracklib dictionary file %s, "
> +              "continuing without one.", dict_file);
> +     }
> + 
> +     free(dict_file);
> +     return KADM5_OK;
> + }
> +   
> + int
> + find_word(const char *word)
> + {
> +     char *msg;
> + 
> + 
> +     if (dict_path == NULL)
> +       return WORD_NOT_FOUND;
> + 
> +     if (msg = FascistCheck(word, dict_path)) {
> +       syslog(LOG_INFO, "cracklib rejected new change: %s", msg);
> +       return KADM5_OK;
> +     } else {
> +       return WORD_NOT_FOUND;
> +     }
> + }
> + 
> + void
> + destroy_dict(void)
> + {
> +     dict_path = NULL;
> +     return;
> + }
> + 
> + #endif /* KADM5_USE_CRACKLIB */
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> http://mailman.mit.edu/mailman/listinfo/kerberos

More information about the Kerberos mailing list