]> granicus.if.org Git - linux-pam/commitdiff
Relevant BUGIDs:
authorThorsten Kukuk <kukuk@thkukuk.de>
Thu, 24 Aug 2006 11:26:10 +0000 (11:26 +0000)
committerThorsten Kukuk <kukuk@thkukuk.de>
Thu, 24 Aug 2006 11:26:10 +0000 (11:26 +0000)
Purpose of commit: bugfix

Commit summary:
---------------

2006-08-24  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Check
        for error from getting second token.
        * xtests/Makefile.am: Add tst-pam_cracklib1
        * xtests/tst-pam_cracklib1.c: New, check for pam_cracklib seg.fault.
        * xtests/tst-pam_cracklib1.pamd: New, config for cracklib test.

ChangeLog
modules/pam_cracklib/pam_cracklib.c
xtests/Makefile.am
xtests/tst-pam_cracklib1.c [new file with mode: 0644]
xtests/tst-pam_cracklib1.pamd [new file with mode: 0644]

index 49b47e7415cbf7b6ca12958f1468f59cbddf254a..6c52898d9900feccbcaff361a55e3ecec5743a16 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2006-08-24  Thorsten Kukuk  <kukuk@thkukuk.de>
+
+       * modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Check
+       for error from getting second token.
+       * xtests/Makefile.am: Add tst-pam_cracklib1
+       * xtests/tst-pam_cracklib1.c: New, check for pam_cracklib seg.fault.
+       * xtests/tst-pam_cracklib1.pamd: New, config for cracklib test.
+
 2006-08-24  Thorsten Kukuk  <kukuk@thkukuk.de>
 
        * xtests/tst-pam_dispatch4.c: New test.
index 2f146fb4381ff50ff67632bbaff2f91e21782a43..3ca4eb403f00b9a9e692da9838c07d7eebd97935 100644 (file)
@@ -668,6 +668,12 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
                 continue;
             }
 
+           if (retval != PAM_SUCCESS) {
+             if (ctrl && PAM_DEBUG_ARG)
+                pam_syslog(pamh,LOG_DEBUG,"unable to obtain retyped password");
+             continue;
+           }
+
             /* Hopefully now token1 and token2 the same password ... */
             if (strcmp(token1,token2) != 0) {
                 /* tell the user */
index 44289e2e09d226c788dc4b9b1da23d502ca689f2..f554929077bd4cb8b21d8b0b74cbe00f9f3763d6 100644 (file)
@@ -10,10 +10,11 @@ AM_LDFLAGS = -L$(top_builddir)/libpam -lpam \
 CLEANFILES = *~
 
 EXTRA_DIST = tst-pam_dispatch1.pamd tst-pam_dispatch2.pamd \
-       tst-pam_dispatch3.pamd tst-pam_dispatch4.pamd
+       tst-pam_dispatch3.pamd tst-pam_dispatch4.pamd \
+       tst-pam_cracklib1.pamd
 
 XTESTS = tst-pam_dispatch1 tst-pam_dispatch2 tst-pam_dispatch3 \
-       tst-pam_dispatch4
+       tst-pam_dispatch4 tst-pam_cracklib1
 
 noinst_PROGRAMS = $(XTESTS)
 
diff --git a/xtests/tst-pam_cracklib1.c b/xtests/tst-pam_cracklib1.c
new file mode 100644 (file)
index 0000000..d0b92d7
--- /dev/null
@@ -0,0 +1,99 @@
+
+#include <stdio.h>
+#include <string.h>
+#include <security/pam_appl.h>
+
+/* A conversation function which uses an internally-stored value for
+   the responses. */
+static int
+fake_conv (int num_msg, const struct pam_message **msgm,
+          struct pam_response **response, void *appdata_ptr)
+{
+  static int calls = 0;
+  struct pam_response *reply;
+  int count;
+
+  /* Sanity test. */
+  if (num_msg <= 0)
+    return PAM_CONV_ERR;
+
+  /* Allocate memory for the responses. */
+  reply = calloc (num_msg, sizeof (struct pam_response));
+  if (reply == NULL)
+    return PAM_CONV_ERR;
+
+  /* Each prompt elicits the same response. */
+  for (count = 0; count < num_msg; ++count)
+    {
+      reply[count].resp_retcode = 0;
+      /* first call get a password, second one NULL */
+      if (calls)
+       reply[count].resp = NULL;
+      else
+       {
+         ++calls;
+         reply[count].resp = strdup ("Kindergarten");
+       }
+    }
+
+  /* Set the pointers in the response structure and return. */
+  *response = reply;
+  return PAM_SUCCESS;
+}
+
+static struct pam_conv conv = {
+    fake_conv,
+    NULL
+};
+
+
+/* Check that errors of optional modules are ignored and that
+   required modules after a sufficient one are not executed.  */
+
+int
+main(int argc, char *argv[])
+{
+  pam_handle_t *pamh=NULL;
+  const char *user="root";
+  int retval;
+  int debug = 0;
+
+  if (argc > 1 && strcmp (argv[1], "-d") == 0)
+    debug = 1;
+
+  retval = pam_start("tst-pam_cracklib1", user, &conv, &pamh);
+  if (retval != PAM_SUCCESS)
+    {
+      if (debug)
+       fprintf (stderr, "cracklib1: pam_start returned %d\n", retval);
+      return 1;
+    }
+
+  /* Try one, first input is correct, second is NULL */
+  retval = pam_chauthtok (pamh, 0);
+  if (retval != PAM_AUTHTOK_RECOVERY_ERR)
+    {
+      if (debug)
+       fprintf (stderr, "cracklib1-1: pam_chauthtok returned %d\n", retval);
+      return 1;
+    }
+
+  /* Try two, first input is NULL */
+  retval = pam_chauthtok (pamh, 0);
+  if (retval != PAM_AUTHTOK_RECOVERY_ERR)
+    {
+      if (debug)
+        fprintf (stderr, "cracklib1-2: pam_chauthtok returned %d\n", retval);
+      return 1;
+    }
+
+
+  retval = pam_end (pamh,retval);
+  if (retval != PAM_SUCCESS)
+    {
+      if (debug)
+       fprintf (stderr, "cracklib1: pam_end returned %d\n", retval);
+      return 1;
+    }
+  return 0;
+}
diff --git a/xtests/tst-pam_cracklib1.pamd b/xtests/tst-pam_cracklib1.pamd
new file mode 100644 (file)
index 0000000..41a9188
--- /dev/null
@@ -0,0 +1,2 @@
+#%PAM-1.0
+password       required        pam_cracklib.so