From 43b4e5a6c41f5c43cad18810f9229e40e8c4a57e Mon Sep 17 00:00:00 2001 From: Alejandro Colomar Date: Mon, 30 Oct 2023 12:53:37 +0100 Subject: [PATCH 1/2] Remove FascistHistory() and FascistHistoryPw() calls These functions don't seem to exist anymore. I can't find them in Debian, nor in a web search. They probably were functions from an ancient implementation of cracklib that doesn't exist anymore. $ git remote -v origin git@github.com:cracklib/cracklib.git (fetch) origin git@github.com:cracklib/cracklib.git (push) $ grep -rni fascisthistory $ git log --grep FascistHistory $ git log -S FascistHistory Closes: Cc: Mike Frysinger Acked-by: Michael Vetter Signed-off-by: Alejandro Colomar --- configure.ac | 4 ---- libmisc/obscure.c | 8 -------- src/passwd.c | 33 ++------------------------------- 3 files changed, 2 insertions(+), 43 deletions(-) diff --git a/configure.ac b/configure.ac index 2c8cca3f..5c8c7764 100644 --- a/configure.ac +++ b/configure.ac @@ -526,10 +526,6 @@ if test "$with_libcrack" = "yes"; then echo "checking cracklib flavour, don't be surprised by the results" AC_CHECK_LIB(crack, FascistCheck, [LIBCRACK=-lcrack AC_DEFINE(HAVE_LIBCRACK, 1, [Defined if you have libcrack.])]) - AC_CHECK_LIB(crack, FascistHistory, - AC_DEFINE(HAVE_LIBCRACK_HIST, 1, [Defined if you have the ts&szs cracklib.])) - AC_CHECK_LIB(crack, FascistHistoryPw, - AC_DEFINE(HAVE_LIBCRACK_PW, 1, [Defined if it includes *Pw functions.])) fi if test "$with_btrfs" != "no"; then diff --git a/libmisc/obscure.c b/libmisc/obscure.c index ccffb71d..4070d4e4 100644 --- a/libmisc/obscure.c +++ b/libmisc/obscure.c @@ -100,11 +100,7 @@ static /*@observer@*//*@null@*/const char *password_check ( #ifdef HAVE_LIBCRACK char *dictpath; -#ifdef HAVE_LIBCRACK_PW - char *FascistCheckPw (); -#else char *FascistCheck (); -#endif #endif if (strcmp (new, old) == 0) { @@ -133,11 +129,7 @@ static /*@observer@*//*@null@*/const char *password_check ( dictpath = getdef_str ("CRACKLIB_DICTPATH"); if (NULL != dictpath) { -#ifdef HAVE_LIBCRACK_PW - msg = FascistCheckPw (new, dictpath, pwdp); -#else msg = FascistCheck (new, dictpath); -#endif } #endif } diff --git a/src/passwd.c b/src/passwd.c index 67608619..a4f49320 100644 --- a/src/passwd.c +++ b/src/passwd.c @@ -114,7 +114,6 @@ static bool do_update_pwd = false; /* local function prototypes */ NORETURN static void usage (int); -static bool reuse (const char *, const struct passwd *); static int new_password (const struct passwd *); static void check_password (const struct passwd *, const struct spwd *); @@ -163,27 +162,6 @@ usage (int status) exit (status); } -static bool reuse (const char *pass, const struct passwd *pw) -{ -#ifdef HAVE_LIBCRACK_HIST - const char *reason; - -#ifdef HAVE_LIBCRACK_PW - const char *FascistHistoryPw (const char *, const struct passwd *); - - reason = FascistHistory (pass, pw); -#else /* !HAVE_LIBCRACK_PW */ - const char *FascistHistory (const char *, int); - - reason = FascistHistory (pass, pw->pw_uid); -#endif /* !HAVE_LIBCRACK_PW */ - if (NULL != reason) { - (void) printf (_("Bad password: %s. "), reason); - return true; - } -#endif /* HAVE_LIBCRACK_HIST */ - return false; -} /* * new_password - validate old password and replace with new (both old and @@ -202,10 +180,6 @@ static int new_password (const struct passwd *pw) int pass_max_len = -1; const char *method; -#ifdef HAVE_LIBCRACK_HIST - int HistUpdate (const char *, const char *); -#endif /* HAVE_LIBCRACK_HIST */ - /* * Authenticate the user. The user will be prompted for their own * password. @@ -306,7 +280,7 @@ static int new_password (const struct passwd *pw) STRFCPY (pass, cp); erase_pass (cp); - if (!amroot && (!obscure (orig, pass, pw) || reuse (pass, pw))) { + if (!amroot && !obscure(orig, pass, pw)) { (void) puts (_("Try again.")); continue; } @@ -317,7 +291,7 @@ static int new_password (const struct passwd *pw) * --marekm */ if (amroot && !warned && getdef_bool ("PASS_ALWAYS_WARN") - && (!obscure (orig, pass, pw) || reuse (pass, pw))) { + && !obscure(orig, pass, pw)) { (void) puts (_("\nWarning: weak password (enter it again to use it anyway).")); warned = true; continue; @@ -357,9 +331,6 @@ static int new_password (const struct passwd *pw) return -1; } -#ifdef HAVE_LIBCRACK_HIST - HistUpdate (pw->pw_name, crypt_passwd); -#endif /* HAVE_LIBCRACK_HIST */ STRFCPY (crypt_passwd, cp); return 0; } -- 2.43.0 From 45f34ee8c196a98397504cb7ed8576b6f1825cf9 Mon Sep 17 00:00:00 2001 From: Alejandro Colomar Date: Mon, 30 Oct 2023 13:31:42 +0100 Subject: [PATCH 2/2] Remove libcrack support Signed-off-by: Alejandro Colomar --- configure.ac | 11 ----------- etc/login.defs | 5 ----- lib/getdef.c | 1 - libmisc/obscure.c | 22 ---------------------- libsubid/Makefile.am | 1 - src/Makefile.am | 2 +- 7 files changed, 2 insertions(+), 42 deletions(-) diff --git a/configure.ac b/configure.ac index 5c8c7764..c2b0a1a5 100644 --- a/configure.ac +++ b/configure.ac @@ -243,9 +243,6 @@ AC_ARG_WITH(skey, AC_ARG_WITH(tcb, [AS_HELP_STRING([--with-tcb], [use tcb support (incomplete) @<:@default=yes if found@:>@])], [with_tcb=$withval], [with_tcb=maybe]) -AC_ARG_WITH(libcrack, - [AS_HELP_STRING([--with-libcrack], [use libcrack @<:@default=no@:>@])], - [with_libcrack=$withval], [with_libcrack=no]) AC_ARG_WITH(sha-crypt, [AS_HELP_STRING([--with-sha-crypt], [allow the SHA256 and SHA512 password encryption algorithms @<:@default=yes@:>@])], [with_sha_crypt=$withval], [with_sha_crypt=yes]) @@ -521,13 +518,6 @@ if test "$with_audit" != "no"; then fi fi -AC_SUBST(LIBCRACK) -if test "$with_libcrack" = "yes"; then - echo "checking cracklib flavour, don't be surprised by the results" - AC_CHECK_LIB(crack, FascistCheck, - [LIBCRACK=-lcrack AC_DEFINE(HAVE_LIBCRACK, 1, [Defined if you have libcrack.])]) -fi - if test "$with_btrfs" != "no"; then AC_CHECK_HEADERS([sys/statfs.h linux/magic.h linux/btrfs_tree.h], \ [btrfs_headers="yes"], [btrfs_headers="no"]) @@ -768,7 +758,6 @@ echo echo "shadow will be compiled with the following features:" echo echo " auditing support: $with_audit" -echo " CrackLib support: $with_libcrack" echo " PAM support: $with_libpam" if test "$with_libpam" = "yes"; then echo " suid account management tools: $enable_acct_tools_setuid" diff --git a/etc/login.defs b/etc/login.defs index 114dbcd9..33622c29 100644 --- a/etc/login.defs +++ b/etc/login.defs @@ -227,11 +227,6 @@ PASS_WARN_AGE 7 # SU_WHEEL_ONLY no -# -# If compiled with cracklib support, sets the path to the dictionaries -# -CRACKLIB_DICTPATH /var/cache/cracklib/cracklib_dict - # # Min/max values for automatic uid selection in useradd(8) # diff --git a/lib/getdef.c b/lib/getdef.c index 977660c2..d64e6343 100644 --- a/lib/getdef.c +++ b/lib/getdef.c @@ -39,7 +39,6 @@ struct itemdef { #define PAMDEFS \ {"CHFN_AUTH", NULL}, \ {"CHSH_AUTH", NULL}, \ - {"CRACKLIB_DICTPATH", NULL}, \ {"ENV_HZ", NULL}, \ {"ENVIRON_FILE", NULL}, \ {"ENV_TZ", NULL}, \ diff --git a/libmisc/obscure.c b/libmisc/obscure.c index 4070d4e4..2aece68b 100644 --- a/libmisc/obscure.c +++ b/libmisc/obscure.c @@ -12,11 +12,6 @@ #ident "$Id$" -/* - * This version of obscure.c contains modifications to support "cracklib" - * by Alec Muffet (alec.muffett@uk.sun.com). You must obtain the Cracklib - * library source code for this function to operate. - */ #include #include @@ -97,12 +92,6 @@ static /*@observer@*//*@null@*/const char *password_check ( const char *msg = NULL; char *oldmono, *newmono, *wrapped; -#ifdef HAVE_LIBCRACK - char *dictpath; - - char *FascistCheck (); -#endif - if (strcmp (new, old) == 0) { return _("no change"); } @@ -121,17 +110,6 @@ static /*@observer@*//*@null@*/const char *password_check ( msg = _("too similar"); } else if (strstr (wrapped, newmono) != NULL) { msg = _("rotated"); - } else { -#ifdef HAVE_LIBCRACK - /* - * Invoke Alec Muffett's cracklib routines. - */ - - dictpath = getdef_str ("CRACKLIB_DICTPATH"); - if (NULL != dictpath) { - msg = FascistCheck (new, dictpath); - } -#endif } strzero (newmono); strzero (oldmono); diff --git a/libsubid/Makefile.am b/libsubid/Makefile.am index 5ba0ab35..b6488e77 100644 --- a/libsubid/Makefile.am +++ b/libsubid/Makefile.am @@ -8,7 +8,6 @@ MISCLIBS = \ $(LIBAUDIT) \ $(LIBSELINUX) \ $(LIBSEMANAGE) \ - $(LIBCRACK) \ $(LIBCRYPT_NOPAM) \ $(LIBSKEY) \ $(LIBMD) \ diff --git a/src/Makefile.am b/src/Makefile.am index fcfee9d2..b6cb09ef 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -123,7 +123,7 @@ login_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(L newgrp_LDADD = $(LDADD) $(LIBAUDIT) $(LIBCRYPT) $(LIBECONF) newusers_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF) -ldl nologin_LDADD = -passwd_LDADD = $(LDADD) $(LIBPAM) $(LIBCRACK) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBECONF) -ldl +passwd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBECONF) -ldl pwck_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) pwconv_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) pwunconv_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) -- 2.43.0