debian/0000755000000000000000000000000012313576656007204 5ustar debian/cracklib-runtime.manpages0000644000000000000000000000015012273252362014136 0ustar debian/cracklib-format.8 debian/update-cracklib.8 debian/cracklib-check.8 debian/create-cracklib-dict.8 debian/cracklib-runtime.triggers0000644000000000000000000000026212273252362014175 0ustar # These are the directories listed in the default /etc/cracklib/cracklib.conf interest /usr/share/dict interest /usr/dict interest /usr/local/share/dict interest /usr/local/dict debian/cracklib-runtime.dirs0000644000000000000000000000002412273252362013304 0ustar /var/cache/cracklib debian/python-cracklib.preinst0000644000000000000000000000031312273252362013666 0ustar #!/bin/sh # TODO: remove this file after releasing Squeeze set -e if [ "$1" = upgrade ] then if dpkg --compare-versions "$2" lt 2.8.13-13; then pycentral pkgremove python-cracklib fi fi #DEBHELPER# debian/cracklib-runtime.postrm0000644000000000000000000000016712273252362013677 0ustar #! /bin/sh set -e if [ "$1" = "purge" ]; then rm -rf /var/cache/cracklib/ /etc/cracklib/ fi #DEBHELPER# exit 0 debian/cracklib-runtime.xml0000644000000000000000000002225112273252362013151 0ustar
cracklib utilities cracklib2 is a library containing a C function which may be used in a passwd (1) like program. The idea is simple: try to prevent users from choosing passwords that could be guessed by crack by filtering them out, at source. cracklib2 is not a replacement passwd (1) program. cracklib2 is a library. cracklib-runtime contains run-time support programs which use the shared library in libcrack2 including programs to build the password dictionary databases used by the functions in the shared library. 1998 1999 Jean Pierre LeJacq 2003 Martin Pitt 2008 Jan Dittberner This package and this document is free software; you may redistribute it and/or modify it under the terms of the GNU General Public License version 2 as published by the Free Software Foundation. A copy of the GNU General Public License version 2 is available as /usr/share/common-licenses/GPL-2 in the Debian GNU/Linux distribution or on the World Wide Web at http://www.gnu.org/copyleft/gpl.html. You can also obtain it by writing to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. Jean Pierre LeJacq Original Debian packaging jplejacq@quoininc.com Martin Pitt Debian package maintainer before version 2.8. mpitt@debian.org Jan Dittberner Reformulation to DocBook XML, updated to reflect new packaging and upstream version. Current Debian package maintainer. jandd@debian.org $Date: 2008-06-26 21:38:06 +0200 (Do, 26 Jun 2008) $
Upstream <package>cracklib2</package> utilities.
<package>cracklib2</package> dictionary utilities.
cracklib-format cracklib-format takes a list of text files each containing a list of words, one per line, It lowercases all words, removes control characters, and sorts the lists. It outputs the cleaned up list to standard output. For more information see the manual page of cracklib-format.
cracklib-packer cracklib-packer reads from standard input a list of sorted and cleaned words and creates a database from the result. For more information see the manual page of cracklib-packer.
cracklib-unpacker cracklib-unpacker reads from a database created by cracklib-packer and outputs on standard output the list of words that make up the database. For more information see the manual page of cracklib-unpacker.
create-cracklib-dict create-cracklib-dict takes one or more word list files as arguments and converts them into cracklib dictionaries for use by password checking programs. The results are placed in the default compiled-in dictionary location (). If you wish to store the dictionary in a different location, use the cracklib-format and cracklib-packer commands directly.
<package>cracklib2</package>'s test utility <application>cracklib-check.</application> cracklib-check takes a list of passwords from stdin and checks them via libcrack2's FascistCheck sub routine. cracklib-check prints each checked password and the corresponding result of FascistCheck to stdout. The password and the result are separated by a colon.
Debian <package>cracklib2</package> utilities.
update-cracklib update-cracklib uses cracklib-format and cracklib-packer to update the default cracklib dictionary it uses the word lists configured in /etc/cracklib/cracklib.conf. For more information see the manual page of cracklib-format.
Debian dictionaries cracklib2 uses a word database that is in a binary format generated by the utilities cracklib-format and cracklib-packer. Three files are created with the suffixes of .hwm, .pwd, and .pwi. These files are not byte-order independent, in fact they are probably architecture specific, mostly due to speed constraints.
Database location for cracklib utilities. All cracklib utilities can use a dictionary database location specified as a command line argument. The utilities use a default dictionary database if nothing else is specified. On a Debian system the database is located in the directory /var/cache/cracklib/cracklib_dict and is generated daily with the program /etc/cron.daily/cracklib.
Word lists for creating dictionary databases. cracklib2 is only as good as the word dictionary database you create. Basically, you want to include any word that a malicious user could guess. It could include: Names (including nicknames and user ids) of all users. Names of pets, relatives, cars, ... of all users. Computer, network, printer, ... names. Insurance numbers, employee numbers, ... of users. * ... Debian provides a number of word lists that can be used as sources for creating the cracklib2 dictionary database. The package wenglish provides a standard ASCII word list that can be directly used. The package ispell also supplies a large word list but it is in binary format. I haven't figured out how to decode this binary format so that the resulting word list can be used by cracklib2.
debian/libcrack2-dev.manpages0000644000000000000000000000002612273252362013315 0ustar debian/FascistCheck.3 debian/cracklib-runtime.postinst0000644000000000000000000000106512273252362014234 0ustar #! /bin/sh set -e run_update_cracklib () { if [ -r /etc/cracklib/cracklib.conf ]; then update-cracklib > /dev/null fi } if [ "$1" = "triggered" ]; then run_update_cracklib exit 0 fi [ "$1" = "configure" ] || exit 0 run_update_cracklib # /etc/cron.daily/cracklib -> cracklib-runtime transition if dpkg --compare-versions "$2" le "2.7-17"; then if [ -e /etc/cron.daily/cracklib ]; then rm -f /etc/cron.daily/cracklib-runtime mv /etc/cron.daily/cracklib /etc/cron.daily/cracklib-runtime fi fi #DEBHELPER# exit 0 debian/copyright0000644000000000000000000003644312273252362011137 0ustar This package was debianized by Jean Pierre LeJacq on Wed, 25 Feb 1998. Martin Pitt was the package's maintainer up to version 2.7.19-1. The current maintainer is Jan Dittberner . It was downloaded from http://sourceforge.net/projects/cracklib Copyright (c) 1993 Alec Muffett , Copyright (c) 2005-2009 Nathan Neulinger , Copyright (c) 2008-2009 Jan Dittberner Modifications: Added cronjob, configuration file, and man pages. This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. A copy of the GNU Lesser General Public License 2.1 is available as /usr/share/common-licenses/LGPL-2.1 in the Debian GNU/Linux distribution or on the World Wide Web at http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html. You can also obtain it by writing to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. Copyright information: CrackLib was originally licensed with a variant of the Artistic license. In the interests of wider acceptance and more modern licensing, it was switched with the original author's blessing to GPL v2. This approval was carried out in email discussions in 2005, and has been reconfirmed as of 2007-10-01 with the following email from Alec Muffett. Cracklib's license was changed from the GPL to the LGPL after consensus of all previous developers in October 2008, effective with release 2.8.15 released on 2009-11-19. See the email discussion below for both license changes. ------------------------------------- ----------- EFFECTIVE OCT 2008, LICENSE IS BEING CHANGED TO LGPL-2.1 (though not reflected in released code until Nov 2009 - slow release cycle...) ----------- Discussion thread from mailing list archive, with approval from everyone actively involved or holding original licensing rights included. [Cracklib-devel] cracklib license From: Mike Frysinger - 2007-10-02 01:16 Attachments: Message as HTML looks like 2.8.11 is out and marked as "GPL-2" ... releasing libraries unde= r=20 GPL-2 is not desirable at all ... this is why the LGPL-2.1 exists =2Dmike Re: [Cracklib-devel] cracklib license From: Neulinger, Nathan - 2007-10-02 01:18 I understand that, and you're welcome to bring it up with Alec directly and see if he wants to relicense his code as LGPL... but at this point, it was enough to just get it consistent and documented as to what it was released under. This wasn't actually a license change, just a clarification of the licensing that was already in place.=20 -- Nathan =20 ------------------------------------------------------------ Nathan Neulinger EMail: nneul@um... University of Missouri - Rolla Phone: (573) 341-6679 UMR Information Technology Fax: (573) 341-4216 > -----Original Message----- > From: cracklib-devel-bounces@li... > [mailto:cracklib-devel-bounces@li...] On Behalf Of > Mike Frysinger > Sent: Monday, October 01, 2007 8:15 PM > To: cracklib-devel@li... > Subject: [Cracklib-devel] cracklib license >=20 > looks like 2.8.11 is out and marked as "GPL-2" ... releasing > libraries under > GPL-2 is not desirable at all ... this is why the LGPL-2.1 exists > -mike Re: [Cracklib-devel] cracklib license From: Mike Frysinger - 2007-10-02 01:33 Attachments: Message as HTML On Monday 01 October 2007, Neulinger, Nathan wrote: > I understand that, and you're welcome to bring it up with Alec directly > and see if he wants to relicense his code as LGPL... but at this point, > it was enough to just get it consistent and documented as to what it was > released under. This wasn't actually a license change, just a > clarification of the licensing that was already in place. the original license (before moving to sourceforge -- aka, 2.7) was not=20 GPL-2 ... it was a modified artistic license ... i didnt notice the license= =20 change until it was mentioned in the latest notes. unlike the old license, GPL-2 prevents people from using cracklib unless th= eir=20 applications are also GPL-2 which imo is just wrong. it isnt the place of = a=20 library to dictact to application writes what license they should be using.= =20 thus LGPL-2.1 enters to fill this void. =2Dmike Re: [Cracklib-devel] cracklib license From: Neulinger, Nathan - 2007-10-02 01:46 Seems like the ideal thing here would be for you and the other distro maintainers to get together with Alec in a conversation and come to a decision as to what licensing scheme y'all want. I haven't really done much other than cleaning up the packaging and patches and a small bit of additional code, so whatever licensing y'all come up with is fine by me. -- Nathan =20 ------------------------------------------------------------ Nathan Neulinger EMail: nneul@um... University of Missouri - Rolla Phone: (573) 341-6679 UMR Information Technology Fax: (573) 341-4216 > -----Original Message----- > From: cracklib-devel-bounces@li... > [mailto:cracklib-devel-bounces@li...] On Behalf Of > Mike Frysinger > Sent: Monday, October 01, 2007 8:33 PM > To: Neulinger, Nathan > Cc: cracklib-devel@li...; Alec Muffett > Subject: Re: [Cracklib-devel] cracklib license >=20 > On Monday 01 October 2007, Neulinger, Nathan wrote: > > I understand that, and you're welcome to bring it up with Alec > directly > > and see if he wants to relicense his code as LGPL... but at this > point, > > it was enough to just get it consistent and documented as to what > it was > > released under. This wasn't actually a license change, just a > > clarification of the licensing that was already in place. >=20 > the original license (before moving to sourceforge -- aka, 2.7) was > not > GPL-2 ... it was a modified artistic license ... i didnt notice the > license > change until it was mentioned in the latest notes. >=20 > unlike the old license, GPL-2 prevents people from using cracklib > unless their > applications are also GPL-2 which imo is just wrong. it isnt the > place of a > library to dictact to application writes what license they should > be using. > thus LGPL-2.1 enters to fill this void. > -mike Re: [Cracklib-devel] cracklib license From: Alec Muffett - 2007-10-02 08:57 > Seems like the ideal thing here would be for you and the other distro > maintainers to get together with Alec in a conversation and come to a > decision as to what licensing scheme y'all want. I haven't really done > much other than cleaning up the packaging and patches and a small > bit of > additional code, so whatever licensing y'all come up with is fine > by me. I am sympathetic. Guys, what do you reckon? What I am hearing so far is that LGPL makes sense, since it can be linked with any code, not just GPL... -a Re: [Cracklib-devel] cracklib license From: Devin Reade - 2007-10-02 15:04 I would like to see it under LGPL as well. I think it is in everyone's best interests to have as secure systems as possible, and I think tainting it via GPL will just make it less likely that the library gets used, and will not usually cause companies/developers to GPL the dependent code (where it is not already GPL). I like GPL, I use it when I can, but I don't think that it's the correct license in this situation. Devin -- If it's sinful, it's more fun. Re: [Cracklib-devel] cracklib license From: Nalin Dahyabhai - 2008-01-28 16:32 On Tue, Oct 02, 2007 at 09:57:31AM +0100, Alec Muffett wrote: > > Seems like the ideal thing here would be for you and the other distro > > maintainers to get together with Alec in a conversation and come to a > > decision as to what licensing scheme y'all want. I haven't really done > > much other than cleaning up the packaging and patches and a small > > bit of > > additional code, so whatever licensing y'all come up with is fine > > by me. > > I am sympathetic. Guys, what do you reckon? > > What I am hearing so far is that LGPL makes sense, since it can be > linked with any code, not just GPL... My apologies for not chiming in in anything resembling a reasonable timeframe. I'd also suggest the LGPL, for the reason you noted above. Alternately, GPLv2 with the option of using the library under a later version of the GPL would permit applications which were released under version 3 of the GPL to use the library, too, which would be sufficient for the packages which are included in Fedora. FWIW, I'd personally lean toward LGPL. In any case, I thank you both for working on sorting this out. Cheers, Nalin Re: [Cracklib-devel] cracklib license From: Mike Frysinger - 2008-10-05 21:27 Attachments: Message as HTML On Monday 28 January 2008, Nalin Dahyabhai wrote: > On Tue, Oct 02, 2007 at 09:57:31AM +0100, Alec Muffett wrote: > > > Seems like the ideal thing here would be for you and the other distro > > > maintainers to get together with Alec in a conversation and come to a > > > decision as to what licensing scheme y'all want. I haven't really done > > > much other than cleaning up the packaging and patches and a small > > > bit of > > > additional code, so whatever licensing y'all come up with is fine > > > by me. > > > > I am sympathetic. Guys, what do you reckon? > > > > What I am hearing so far is that LGPL makes sense, since it can be > > linked with any code, not just GPL... > > My apologies for not chiming in in anything resembling a reasonable > timeframe. > > I'd also suggest the LGPL, for the reason you noted above. Alternately, > GPLv2 with the option of using the library under a later version of the > GPL would permit applications which were released under version 3 of the > GPL to use the library, too, which would be sufficient for the packages > which are included in Fedora. FWIW, I'd personally lean toward LGPL. > > In any case, I thank you both for working on sorting this out. looks like everyone is OK with LGPL-2.1 (GNU Lesser license), so can we make the change now ? -mike Re: [Cracklib-devel] cracklib license From: Alec Muffett - 2008-10-05 23:18 >> In any case, I thank you both for working on sorting this out. > > looks like everyone is OK with LGPL-2.1 (GNU Lesser license), so can we make > the change now ? yes. go for it. thanks++ -a Re: [Cracklib-devel] cracklib license From: Mike Frysinger - 2008-10-25 22:34 Attachments: Message as HTML On Sunday 05 October 2008, Alec Muffett wrote: > >> In any case, I thank you both for working on sorting this out. > > > > looks like everyone is OK with LGPL-2.1 (GNU Lesser license), so can we > > make the change now ? > > yes. go for it. thanks++ Nathan Neulinger is the only one who can actually make said change ... -mike ----------- BELOW IS ORIGINAL LICENSING DISCUSSION RE CHANGING TO GPL from Artistic. ----------- CrackLib was originally licensed with a variant of the Artistic license. In the interests of wider acceptance and more modern licensing, it was switched with the original author's blessing to GPL v2. This approval was carried out in email discussions in 2005, and has been reconfirmed as of 2007-10-01 with the following email from Alec Muffett. The below email references nneul@umr.edu address, as that is the address that was used at the time. For any future emails regarding this, please use nneul@neulinger.org. ------------------------------------- From alecm@crypticide.com Mon Oct 1 12:26:03 2007 Received: from umr-exproto2.cc.umr.edu ([131.151.0.192]) by UMR-CMAIL1.umr.edu with Microsoft SMTPSVC(6.0.3790.3959); Mon, 1 Oct 2007 12:26:03 -0500 Received: from scansrv2.srv.mst.edu ([131.151.1.114]) by umr-exproto2.cc.umr.edu with Microsoft SMTPSVC(6.0.3790.3959); Mon, 1 Oct 2007 12:26:02 -0500 Received: (qmail 8022 invoked from network); 1 Oct 2007 16:59:55 -0000 Received: from smtp1.srv.mst.edu (131.151.1.43) by scanin-ipvs.cc.umr.edu with SMTP; 1 Oct 2007 16:59:55 -0000 Received: from spunkymail-mx8.g.dreamhost.com (mx1.spunky.mail.dreamhost.com [208.97.132.47]) by smtp1.srv.mst.edu (8.13.1/8.13.1) with ESMTP id l91Gxtpr020623 for ; Mon, 1 Oct 2007 11:59:55 -0500 Received: from rutherford.zen.co.uk (rutherford.zen.co.uk [212.23.3.142]) by spunkymail-mx8.g.dreamhost.com (Postfix) with ESMTP id 2C7734D311 for ; Mon, 1 Oct 2007 09:59:50 -0700 (PDT) Received: from [82.68.43.14] (helo=[192.168.1.3]) by rutherford.zen.co.uk with esmtp (Exim 4.50) id 1IcOcX-0004Qt-6L for nneul@neulinger.org; Mon, 01 Oct 2007 16:59:49 +0000 Mime-Version: 1.0 (Apple Message framework v752.2) In-Reply-To: <1b1b3fd80710010908k11dac0afp1f2dd471059ff9a4@mail.gmail.com> References: <1190922867.3457.147.camel@localhost.localdomain> <1b1b3fd80710010908k11dac0afp1f2dd471059ff9a4@mail.gmail.com> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <117A1264-F6DC-4E25-B0DD-56FBFEBE6E9F@crypticide.com> Content-Transfer-Encoding: 7bit From: Alec Muffett Subject: Re: cracklib license Date: Mon, 1 Oct 2007 17:59:46 +0100 To: Nathan Neulinger X-Mailer: Apple Mail (2.752.2) X-Originating-Rutherford-IP: [82.68.43.14] Return-Path: alecm@crypticide.com X-OriginalArrivalTime: 01 Oct 2007 17:26:03.0008 (UTC) FILETIME=[2420C000:01C80450] Status: RO Content-Length: 585 Lines: 21 > > ---------- Forwarded message ---------- > From: Neulinger, Nathan > Date: Sep 27, 2007 2:58 PM > Subject: RE: cracklib license > To: alecm@crypto.dircon.co.uk > > Any chance you could write me a self-contained email stating clearly > that the license is being changed to GPL, so I could include that > email > in the repository and clean up the repository/tarballs? I have all the > original discussion, but something succinct and self contained > would be > ideal. The license for my code in the Cracklib distribution is henceforth GPL. Happy now? :-) -a debian/test_cracklib.py0000644000000000000000000001125612273252362012362 0ustar # -*- python -*- # -*- coding: utf-8 -*- """ Test suite for cracklib's Python binding. """ import os import sys import unittest import cracklib __version__ = '2.8.19' tests = [] dictpath = None class TestModuleFunctions(unittest.TestCase): def test_VeryFascistCheck(self): try: cracklib.VeryFascistCheck('test', dictpath=dictpath) self.fail('expected ValueError') except ValueError: pass try: cracklib.VeryFascistCheck('LhIRI6JXpKhUqBjT', dictpath=dictpath) except ValueError: self.fail('password should be good enough') def test_palindrome(self): try: cracklib.VeryFascistCheck('ot23#xyx#32to', dictpath=dictpath) self.fail('expected ValueError') except ValueError: e = sys.exc_info()[1] self.assertEqual('is a palindrome', str(e)) def test_same(self): try: cracklib.VeryFascistCheck('test', 'test', dictpath=dictpath) self.fail('expected ValueError') except ValueError: e = sys.exc_info()[1] self.assertEqual('is the same as the old one', str(e)) def test_case_change(self): try: cracklib.VeryFascistCheck('test', 'TeSt', dictpath=dictpath) self.fail('expected ValueError') except ValueError: e = sys.exc_info()[1] self.assertEqual('case changes only', str(e)) def test_similar(self): try: cracklib.VeryFascistCheck('test12', 'test34', dictpath=dictpath) self.fail('expected ValueError') except ValueError: e = sys.exc_info()[1] self.assertEqual('is too similar to the old one', str(e)) def test_simple(self): try: cracklib.VeryFascistCheck('t3sx24', dictpath=dictpath) self.fail('expected ValueError') except ValueError: e = sys.exc_info()[1] self.assertEqual('is too simple', str(e)) def test_simple_lower(self): for passwd in ['t' * i for i in range( cracklib.MIN_LENGTH - cracklib.LOW_CREDIT)]: self.assertEquals( 1, cracklib.simple(passwd), 'password {0} should be detected as too simple'.format( passwd)) self.assertEquals(0, cracklib.simple( 't' * (cracklib.MIN_LENGTH - cracklib.LOW_CREDIT))) def test_simple_upper(self): for passwd in ['T' * i for i in range( cracklib.MIN_LENGTH - cracklib.UP_CREDIT)]: self.assertEquals( 1, cracklib.simple(passwd), 'password {0} should be detected as too simple'.format( passwd)) self.assertEquals(0, cracklib.simple( 'T' * (cracklib.MIN_LENGTH - cracklib.UP_CREDIT))) def test_simple_digit(self): for passwd in ['1' * i for i in range( cracklib.MIN_LENGTH - cracklib.DIG_CREDIT)]: self.assertEquals( 1, cracklib.simple(passwd), 'password {0} should be detected as too simple'.format( passwd)) self.assertEquals(0, cracklib.simple( '1' * (cracklib.MIN_LENGTH - cracklib.DIG_CREDIT))) def test_simple_other(self): for passwd in ['#' * i for i in range( cracklib.MIN_LENGTH - cracklib.OTH_CREDIT)]: self.assertEquals( 1, cracklib.simple(passwd), 'password {0} should be detected as too simple'.format( passwd)) self.assertEquals(0, cracklib.simple( '#' * (cracklib.MIN_LENGTH - cracklib.OTH_CREDIT))) def test_simple_combinations(self): testset = '#a' * (cracklib.MIN_LENGTH // 2) for passwd in [testset[:i] for i in range( cracklib.MIN_LENGTH - cracklib.LOW_CREDIT - cracklib.OTH_CREDIT)]: self.assertEquals( 1, cracklib.simple(passwd), 'password {0} should be detected as too simple'.format( passwd)) self.assertEquals(0, cracklib.simple( testset[:(cracklib.MIN_LENGTH - cracklib.LOW_CREDIT - cracklib.OTH_CREDIT)])) tests.append(TestModuleFunctions) def run(verbosity=1, repeat=1, use_dictpath=None): global dictpath print(('cracklib is installed in: ' + os.path.dirname(__file__))) print(('cracklib version: ' + __version__)) print((sys.version)) dictpath=use_dictpath suite = unittest.TestSuite() for cls in tests: for _ in range(repeat): suite.addTest(unittest.makeSuite(cls)) runner = unittest.TextTestRunner(verbosity=verbosity) return runner.run(suite) debian/libcrack2.docs0000644000000000000000000000004112273252362011673 0ustar debian/doc/libcrack2.html README debian/cracklib-runtime.preinst0000644000000000000000000000230512273252362014033 0ustar #!/bin/sh set -e # Remove a no-longer used conffile rm_conffile() { local PKGNAME="$1" local CONFFILE="$2" [ -e "$CONFFILE" ] || return 0 local md5sum="$(md5sum $CONFFILE | sed -e 's/ .*//')" local old_md5sum="$(dpkg-query -W -f='${Conffiles}' $PKGNAME | \ sed -n -e "\' $CONFFILE ' { s/ obsolete$//; s/.* //; p }")" if [ "$md5sum" != "$old_md5sum" ]; then echo "Obsolete conffile $CONFFILE has been modified by you." echo "Saving as $CONFFILE.dpkg-bak ..." mv -f "$CONFFILE" "$CONFFILE".dpkg-bak else echo "Removing obsolete conffile $CONFFILE ..." rm -f "$CONFFILE" fi } case "$1" in install|upgrade) # /etc/cron.daily/cracklib -> cracklib-runtime transition if dpkg --compare-versions "$2" le "2.7-17"; then rm_conffile cracklib-runtime "/etc/cron.daily/cracklib" fi # /etc/logcheck/ignore.d.{server,workstation}/cracklib-runtime removal if dpkg --compare-versions "$2" le "2.8.15-8"; then rm_conffile cracklib-runtime "/etc/logcheck/ignore.d.server/cracklib-runtime" rm_conffile cracklib-runtime "/etc/logcheck/ignore.d.workstation/cracklib-runtime" fi esac #DEBHELPER# exit 0 debian/cracklib-runtime.doc-base0000644000000000000000000000066012273252362014026 0ustar Document: cracklib-runtime Title: cracklib2 - utilities Author: Jean Pierre LeJacq Abstract: Run-time support programs which use the shared library in cracklib2 including programs to build the password dictionary databases used by the functions in the shared library. Section: System/Security Format: HTML Index: /usr/share/doc/cracklib-runtime/cracklib-runtime.html Files: /usr/share/doc/cracklib-runtime/cracklib-runtime.html debian/cracklib-runtime.links0000644000000000000000000000023212273252362013464 0ustar /usr/share/man/man8/cracklib-format.8 /usr/share/man/man8/cracklib-packer.8 /usr/share/man/man8/cracklib-format.8 /usr/share/man/man8/cracklib-unpacker.8 debian/update-cracklib.80000644000000000000000000000217712273252362012324 0ustar .TH update\-cracklib 8 "June 09, 2003" "Martin Pitt" .SH NAME update\-cracklib \- Regenerate cracklib dictionary .SH SYNOPSIS .B update\-cracklib .br .SH DESCRIPTION .B update\-cracklib builds a compressed and accumulated version of wordlists stored in the directories given in cracklib's configuration file /etc/cracklib/cracklib.conf. Programs using cracklib2 need this database to be of any use. .PP By default this script is called by cron every day. .SH RESULT .B update\-cracklib prints out two numbers: the number of words read from the ASCII dictionaries and the number of words eventually written into the cracklib database; if no error occurred, these should be equal. .PP 0 is returned on success, otherwise an error message is printed to standard error and \-1 is returned. .SH FILES .TP .B /etc/cracklib/cracklib.conf shell script that sets .B cracklib_dictpath_src which must be a space separated list of source dictionary files. .SH SEE ALSO .BR cracklib (3), .BR crack_mkdict (8) .SH AUTHOR This program and manual page was written by Martin Pitt for the Debian GNU/Linux System (but may be used by others). debian/cracklib-check.80000644000000000000000000000121712273252362012111 0ustar .TH cracklib\-check 8 "Sat Jun 21 22:44:33 CEST 2008" "Jan Dittberner" .SH NAME cracklib\-check \- Check passwords using libcrack2 .SH SYNOPSIS .B cracklib\-check .br .SH DESCRIPTION .B cracklib\-check takes a list of passwords from stdin and checks them via libcrack2's .BR FascistCheck (3) sub routine. .SH RESULT .B cracklib\-check prints each checked password and the corresponding result of .BR FascistCheck (3) to stdout. The password and the result are separated by a colon. .SH SEE ALSO .BR FascistCheck (3) .SH AUTHOR This man page was written by Jan Dittberner for the Debian GNU/Linux System (but may be used by others). debian/changelog0000644000000000000000000011026712313576656011065 0ustar cracklib2 (2.9.1-1build1) trusty; urgency=medium * No-change rebuild to drop Python 3.3 support. -- Matthias Klose Sun, 23 Mar 2014 15:28:46 +0000 cracklib2 (2.9.1-1) unstable; urgency=medium * New upstream version * refresh debian/patches/libcrack2-error-safer-check-variant.patch * debian/control: - bump Standards-Version to 3.9.5 (No changes) - run wrap-and-sort * add debian/patches/improve_test_737040.patch to check for proper behavior of Python low level code * Fix "python-cracklib accepts anything" by modifying debian/patches/libcrack2-error-safer-check-varian.patch to perform proper error message copying (Closes: #737040) -- Jan Dittberner Sat, 01 Feb 2014 21:11:22 +0100 cracklib2 (2.9.0-2) unstable; urgency=low [ Jan Dittberner ] * Fix "Please add a udeb for early password quality checking in d-i" (Closes: #658089) * add udeb package stanza in debian/control * bump compatibility level in debian/compat to 9 * debian/rules: - move sequence before args in dh call - copy files for libcrack2-udeb - include compiled cracklib dictionary in udeb [ Eleanor Chen ] * Add "stage1" support to not build python bits during bootstrapping. (Closes: #721354) [ Martin Pitt ] * debian/control: Wrap build dependencies. * Add missing docbook-xml build dependency. (Closes: #724842) -- Martin Pitt Wed, 23 Oct 2013 08:11:31 +0200 cracklib2 (2.9.0-1) unstable; urgency=low * New upstream version - refresh debian/patches/libcrack2-error-safer-check-variant.patch - add new FascistCheckUser to debian/libcrack2.symbols - update library link in debian/libcrack2.links * debian/control: use canonical VCS-* URLs * Fix "Build for multiarch" (Closes: #679962) - add multiarch support contributed by Iain Lane - Use docbook2html instead of xmlto, for determinstic output. - Fix non-SGML characters in cracklib-runtime.xml - remove debian/libcrack2.links -- Jan Dittberner Mon, 12 Aug 2013 10:36:09 +0200 cracklib2 (2.8.22-1) unstable; urgency=low * New upstream version. * Fix "FTBFS with Python 3.3: ImportError: No module named '_cracklib'" with upstream changes (Closes: #681749) * refresh debian/patches/install-debian-python-modules.patch and debian/patches/libcrack2-error-safer-check-variant.patch * drop debian/patches/pass-dict-to-cracklib-test.patch included in new upstream version, remove line from debian/patches/series * Bump Standards-Version to 3.9.4 (No changes necessary) -- Jan Dittberner Sun, 19 May 2013 11:02:35 +0200 cracklib2 (2.8.19-2) unstable; urgency=low * add debian/patches/libcrack2-error-safer-check-variant.patch to provide __DEBIAN_SPECIFIC__SafeFascistCheck that does not call exit (Closes: #682735) * add __DEBIAN_SPECIFIC__SafeFascistCheck to debian/libcrack2.symbols -- Jan Dittberner Tue, 02 Oct 2012 09:15:16 +0200 cracklib2 (2.8.19-1) unstable; urgency=low * New upstream version * remove debian/patches/top-500-worst-passwords.patch, applied upstream * add autotools-dev to Build-Depends * debian/rules: - use aclocal, libtoolize, automake and autoreconf instead of autogen.sh - do not remove config.h.in - add autotools_dev to dh --with options - build in debian/buildtmp/{base,pythonX.Y} - build and install Python code using setup.py - run Python tests * enable hardening build flags - add dpkg-dev (>= 1.16.1~) to Build-Depends - add DPKG_EXPORT_BUILDFLAGS=1 and include /usr/share/dpkg/buildflags.mk in debian/rules * remove debian/tmp/* from debian/cracklib-runtime.install, remove debian/libcrack2-dev.install, remove debian/libcrack2.install * add debian/test_cracklib.py with unit tests (missing in upstream tarball) * add debian/patches/install-debian-python-modules.patch to install debian/test_cracklib.py and debian/crack.py * add debian/patches/pass-dict-to-cracklib-test.patch to allow running Python tests using a specific dictionary * add Python3 support - debian/control: - add new binary package python3-cracklib - add python3-all-dev (>= 3.1.3-2~) and python3-setuptools to Build-Depends - debian/rules: - add python3 to dh --with options - add override_dh_python2 and override_dh_python3 to run dh_python2 for python-cracklib and dh_python3 for python3-cracklib only - define PY3VERS and use it for configuring, building, testing and installing python3-cracklib -- Jan Dittberner Sun, 20 May 2012 01:24:02 +0200 cracklib2 (2.8.18-4) unstable; urgency=low [ Fabian Greffrath ] * Extend the tiny example wordlist included with the cracklib package itself with the words from the list of "The Top 500 Worst Passwords of All Time" [1], modulo the ones that fail the regular cracklib tests anyway (Closes: 657464). [1] * Move the /usr/share/cracklib/cracklib-small wordlist file from the libcrack2 to the cracklib-runtime package and install it into /usr/share/dict. So there will always be at least the tiny example wordlist to compile a database from, even if no other package providing a wordlist (though recommended) is installed. * Do not install the /usr/share/cracklib/cracklib.magic file anymore. It was installed in the wrong location anyway and the file(1) tool is able to independently detect cracklib databases since at least 2005. * Remove config.h.in in the clean rule in debian/rules, fixes FTBFS twice in a row. [ Jan Dittberner ] * update patch debian/patches/top-500-worst-passwords.patch to add additional words suggested by Fabian to dicts/cracklib-small -- Jan Dittberner Fri, 27 Jan 2012 15:38:32 +0100 cracklib2 (2.8.18-3) unstable; urgency=low * switch from python-support to dh_python2 - remove python-support and python-all from Build-Depends - remove XS-Python-Version, remove XB-Python-Version from python-cracklib stanza - add --with python2 to dh invocation - bump minimum required python-all-dev version to 2.6.6-3~ * bump Standards-Version to 3.9.2 (no changes needed) -- Jan Dittberner Sat, 11 Jun 2011 22:29:23 +0200 cracklib2 (2.8.18-2) unstable; urgency=low * upload to unstable -- Jan Dittberner Sun, 06 Feb 2011 13:06:26 +0100 cracklib2 (2.8.18-1) experimental; urgency=low * New upstream version. * remove debian/patches/596281-fix-python-extension-segfault.patch and debian/patches/series, patch has been applied upstream -- Jan Dittberner Thu, 30 Sep 2010 19:43:41 +0200 cracklib2 (2.8.16-4) unstable; urgency=low * debian/control: remove Conflicts, Provides and Breaks refering to versions and packages before Lenny, keep python-cracklib's Conflicts with python-crack to force deinstallation of transitional package -- Jan Dittberner Mon, 13 Sep 2010 19:00:03 +0200 cracklib2 (2.8.16-3) unstable; urgency=low * debian/control: update to Standards-Version to 3.9.1 - use Breaks instead of Conflicts for libcrack2's incompatibility with cracklib2 (<< 2.8.12-1) and libcrack2-dev's incompatibility with cracklib2-dev (<< 2.8.12-1) * add debian/patches/596281-fix-python-extension-segfault.patch: in cracklib-python's C module, make sure we initialize defaultdict to NULL at the start of _cracklib_FascistCheck. This fixes a bug where that variable was freed when not NULL without ever having been assigned any value to. This happened when we called FascistCheck() with a dictionary path of our own. Thanks to Peter Palfrader for the patch (Closes: #596281). -- Jan Dittberner Fri, 10 Sep 2010 18:44:23 +0200 cracklib2 (2.8.16-2) unstable; urgency=low * fix bashism in debian/rules (Closes: #581479) -- Jan Dittberner Thu, 13 May 2010 11:58:43 +0200 cracklib2 (2.8.16-1) unstable; urgency=low * use LC_COLLATE=C for speedup dictionary sorts (Closes: #569081) * new Upstream release * remove debian/patches/03-packer-dont-print-skipping-line.patch, debian/patches/svn-r152-python-use-translations.patch and debian/patches/series. All patches have been applied upstream -- Jan Dittberner Wed, 03 Mar 2010 11:54:55 +0100 cracklib2 (2.8.15-9) unstable; urgency=low * fix wrong paths in debian/cracklib-runtime.preinst -- Jan Dittberner Thu, 04 Feb 2010 18:11:47 +0100 cracklib2 (2.8.15-8) unstable; urgency=low * remove old logcheck ignore.d.{workstation,server} conffiles in preinst script (thanks for the hint to Hannes von Haugwitz) * debian/control: - remove Build-Depends-Indep and add python-setuptools to Build-Depends - remove python-crack transitional binary package - extend python-cracklib Conflicts to all python-crack versions - add python-cracklib Replaces python-crack -- Jan Dittberner Thu, 04 Feb 2010 17:45:36 +0100 cracklib2 (2.8.15-7) unstable; urgency=low * remove debian/cracklib-runtime.logcheck.ignore.{server,workstation} because both server and workstation levels of logcheck include paranoid level rules (Closes: #567476) * debian/control: update Standards-Version to 3.8.4 (no changes needed) -- Jan Dittberner Wed, 03 Feb 2010 18:18:23 +0100 cracklib2 (2.8.15-6) unstable; urgency=low * debian/control: set Recommends for cracklib-runtime to wamerican | wordlist instead of wordlist only to provide a sane default for installations that have no existing wordlist (Closes: #566099) -- Jan Dittberner Sun, 24 Jan 2010 00:31:43 +0100 cracklib2 (2.8.15-5) unstable; urgency=low * switch packaging to git * debian/control: replace Vcs-Svn with Vcs-Git, change Vcs-Browser -- Jan Dittberner Tue, 29 Dec 2009 12:52:10 +0100 cracklib2 (2.8.15-4) unstable; urgency=low * remove explicit quilt usage. quilt is implicitly used for source format 3.0 (quilt) * debian/control: - remove quilt from Build-Depends * debian/rules: - remove --with quilt * remove debian/README.source -- Jan Dittberner Tue, 01 Dec 2009 22:08:47 +0100 cracklib2 (2.8.15-3) unstable; urgency=low * debian/rules: install egg-info for python-cracklib * debian/control: add Build-Depends-Indep: python-setuptools to allow egg_info generation -- Jan Dittberner Mon, 23 Nov 2009 19:38:18 +0100 cracklib2 (2.8.15-2) unstable; urgency=low * add debian/patches/svn-r152-python-use-translations.patch to use cracklib translations in the Python binding (Closes: #557390) and update debian/patches/series accordingly -- Jan Dittberner Sat, 21 Nov 2009 22:20:26 +0100 cracklib2 (2.8.15-1) unstable; urgency=low * New upstream release - license changed to LGPL - integrate patch 01-use-src-path-for-python.patch from 2.8.14-1 * debian/copyright: updated licensing information * remove debian/patches/01-usr-src-path-for-python.patch included in upstream release, update debian/patches/series -- Jan Dittberner Thu, 19 Nov 2009 07:52:09 +0100 cracklib2 (2.8.14-1) unstable; urgency=low * New upstream release - integrate Debian patches - added and updated translations - improved Python binding * remove patches debian/patches/01-cracklib-format-optim.patch, debian/patches/02-ccwarnings.patch and debian/patches/04-enable-gettext.patch that have been applied upstream, update debian/patches/series accordingly * debian/patches/03-packer-dont-print-skipping-line.patch annotated with DEP-3 tags * add debian/patches/01-use-src-path-for-python.patch to allow building Python extension outside the source folder * debian/copyright: update upstream copyright * debian/libcrack2.install, debian/libcrack2.links: update library version to 2.8.1 * debian/libcrack2.symbols: add GetDefaultCracklibDict -- Jan Dittberner Wed, 18 Nov 2009 19:03:01 +0100 cracklib2 (2.8.13-13) unstable; urgency=low * debian/changelog: use "Closes" instead of wrong "fixes" for 2.8.13-12 * switch to python-support * add debian/python-cracklib.preinst to call pycentral on first update * debian/control: - update Standards-Version to 3.8.3 (no changes needed) - add ${misc:Depends} - update debhelper dependency version - replace Build-Depends python-central with python-support * debian/rules: - switch to dh7 - install NEWS as upstream changelog * add debian/source/format to switch to 3.0 (quilt) source format -- Jan Dittberner Sat, 14 Nov 2009 23:10:41 +0100 cracklib2 (2.8.13-12) unstable; urgency=low * debian/rules: remove config.guess and config.sub in clean target (Closes: #539550) -- Jan Dittberner Sat, 01 Aug 2009 22:52:31 +0200 cracklib2 (2.8.13-11) unstable; urgency=low * debian/rules: - remove more autogenerated files in debian/rules (fixes Lintian warning) * debian/control: - change Maintainer email address to new DD account * debian/cracklib-check.8, debian/libcrack2.xml, debian/cracklib- runtime.xml, debian/create-cracklib-dict.8, debian/copyright: - update email address -- Jan Dittberner Fri, 24 Jul 2009 00:14:50 +0200 cracklib2 (2.8.13-10) unstable; urgency=low * debian/control: - update Standards-Version to 3.8.2 (no changes necessary) - make python-cracklib depend on cracklib-runtime (Closes: #533194) -- Jan Dittberner Thu, 25 Jun 2009 09:20:25 +0200 cracklib2 (2.8.13-9) unstable; urgency=low * debian/control: update Standards-Version to 3.8.1 (no changes necessary) * debian/compat: update debhelper compatibility to 7 to make Lintian happy * remove debian/libcrack2.postinst, debian/libcrack2.prerm and debian/cracklib-runtime.prerm and modify debian/cracklib- runtime.postinst to fix postinst-has-useless-call-to-install-docs and prerm-has-useless-call-to-install-docs Lintian warnings -- Jan Dittberner Sun, 24 May 2009 20:10:42 +0200 cracklib2 (2.8.13-8) unstable; urgency=low * debian/cracklib-runtime.postinst: add call to install-docs and add debian/cracklib-runtime.prerm, debian/libcrack2.prerm, debian/libcrack2.postinst to add missing calls to install-docs (fixes 4 lintian errors) -- Jan Dittberner Tue, 17 Mar 2009 21:23:51 +0100 cracklib2 (2.8.13-7) unstable; urgency=low [ Jan Dittberner ] * debian/control: remove duplicate Priority field of python-cracklib and Section field of libcrack2 * remove debian/libcrack2.postinst and debian/libcrack2.postrm as their functionality is automatically generated by debhelper [ Alessio Treglia ] * debian/rules: Include /usr/share/python/python.mk and use py_sitename_sh macro, so that installation will work correctly with the forthcoming Python 2.6 as well. (LP: #342383) -- Martin Pitt Mon, 16 Mar 2009 10:04:28 +0100 cracklib2 (2.8.13-6) unstable; urgency=low * add more verbose descriptions to libcrack2-dev and python-cracklib (fixes Lintian info) * change debhelper dependency to (>= 7) to allow the use of dh_prep and make lintian happy * debian/control: switch Vcs-Browser to viewsvn -- Jan Dittberner Sun, 22 Feb 2009 00:22:17 +0100 cracklib2 (2.8.13-5) unstable; urgency=low * add debian/cracklib-runtime.triggers to get triggered by installation of dictionary files * add trigger support to debian/cracklib-runtime.postinst and change code structure to avoid duplication -- Jan Dittberner Wed, 31 Dec 2008 15:03:29 +0100 cracklib2 (2.8.13-4) unstable; urgency=low * debian/update-cracklib: add a check whether all installed dictionaries were used to create the existing cracklib dictionary (Closes: #508255 and LP: #304307) * add descriptions to the quilt patches (fixes lintian warnings) -- Jan Dittberner Tue, 09 Dec 2008 22:13:20 +0100 cracklib2 (2.8.13-3) unstable; urgency=low * debian/patches/04-enable-gettext.patch fixes gettext not correctly initialized (Closes: #503826) thanks to Marc Dequènes -- Jan Dittberner Tue, 28 Oct 2008 20:50:24 +0100 cracklib2 (2.8.13-2) unstable; urgency=low [ Steve Langasek ] * debian/update-cracklib: don't rely on [ -nt ] to return true when the second file is non-existent, since this fails under dash. LP: #278743. [ Jan Dittberner ] * integrate Ubuntu bugfix -- Jan Dittberner Sun, 19 Oct 2008 23:23:19 +0200 cracklib2 (2.8.13-1) unstable; urgency=low * new upstream release * removed debian/patches/04-improved-python-binding.patch, it has been included upstream * refreshed debian/patchs/02-ccwarnings.patch * change debian/rules to use lib in top_builddir * use set -e in debian/cracklib-runtime.preinst to fix lintian warning maintainer-script-ignores-errors -- Jan Dittberner Sat, 27 Sep 2008 14:37:35 +0200 cracklib2 (2.8.12-8) unstable; urgency=low * provide a python-crack wrapper to mimic the behavior of the python- crack package in Etch (Closes: #499056) * fix inconsistent spaces vs. tabs usage in debian/cracklib-runtime.cron.daily * fix logcheck rules' regexes * debian/control - python-cracklib Provides python-crack and Conflicts with python-crack (<< 2.8.12-1) - add transitional package python-crack to easy Etch migration -- Jan Dittberner Mon, 15 Sep 2008 23:29:03 +0200 cracklib2 (2.8.12-7) unstable; urgency=low * fixes global name 'default_dictpath' is not defined (Closes: #499013) -- Jan Dittberner Mon, 15 Sep 2008 20:45:25 +0200 cracklib2 (2.8.12-6) unstable; urgency=low * add debian/libcrack2.symbols containing versioned symbols for libcrack2 * debian/copyright - updated maintainer information - removed shared libraries and headers from Modifications as they are provided by upstream * change cracklib-runtime's daily cron job's log output if no change happens and update logcheck rules accordingly (Closes: #498354) * debian/rules - add dh_installlogcheck to binary-common -- Jan Dittberner Wed, 10 Sep 2008 23:28:54 +0200 cracklib2 (2.8.12-5) unstable; urgency=low * remove debian/patches/05-use-autogen_sh.patch because of the valuable input from debian-mentors * remove the files modified or added by ./autogen.sh * debian/rules uses autogen.sh again * debian/control - re-add libtool, autoconf, and automake to build dependencies -- Jan Dittberner Mon, 25 Aug 2008 22:48:18 +0200 cracklib2 (2.8.12-4) unstable; urgency=low * add debian/patches/05-use-autogen_sh.patch instead of calling autogen.sh (fixes Lintian warning patch-system-but-direct-changes-in-diff) * debian/control: remove build dependencies to autoconf, automake and libtool * remove absolute path to update-cracklib from debian/cracklib-runtime.postinst (fixes Lintian warning command-with-path-in-maintainer-script) * update regular expression in debian/watch to not match obsolete 3.0pre versions -- Jan Dittberner Fri, 15 Aug 2008 20:52:29 +0200 cracklib2 (2.8.12-3) unstable; urgency=low * debian/control + remove Recommends for old wenglish package + add a reasonable description to python-cracklib (Closes: #492968) * fix Lintian info 'hypen-used-as-minus-sign' in debian/update-cracklib.8 * debian/README.source file added -- Jan Dittberner Wed, 30 Jul 2008 23:33:35 +0200 cracklib2 (2.8.12-2) unstable; urgency=low * debian/patches/04-improved-python-binding.patch patches upstream python bindings to provide the functionallity and documentation strings python-crack had (upstream will apply this patch in the future) * debian/rules uses autogen.sh * only update cracklib dictionary if any of the source dictionaries has changed (Closes: #380546) * debian/control + make Conflicts/Replaces version specific to be compliant to policy section 2.5 + add libtool, autoconf, and automake to build dependencies -- Jan Dittberner Tue, 15 Jul 2008 19:59:54 +0200 cracklib2 (2.8.12-1) unstable; urgency=low * switch to new upstream branch (Closes: #355692) * update copyright file to reflect the change from an Artistic License derivative license to the GPL-2 and mention new upstream * debian/rules + switch from cdbs to debhelper + change default dictionary path to /var/lib/cracklib/pw_dict + fix rpath issues in built utils using chrpath * debian/control + update to Standards-Version 3.8.0 + add Homepage field + provide a new binary package python-cracklib using python-central + add Build-Depends for python-all, python-all-dev, python-central, quilt, and chrpath + add XS-Python and XB-Python fields to debian/control + rename binary package cracklib2 to libcrack2 and cracklib2-dev to libcrack2-dev, add the corresponding Provides, Conflicts and Replaces + make libcrack2-dev depend on libcrack2 with the same binary:Version + change Maintainer to Jan Dittberner + set Uploaders field to previous Maintainer Martin Pitt + add Vcs-Svn and Vcs-Svn-Browser to debian/control * fix debian/cracklib-runtime.preinst to use dpkg-query instead of directly accessing /var/lib/dpkg/status * add debian/pycompat for dh_python * update script update-cracklib to use cracklib-format and cracklib-packer * man pages for the new commands, updated existing man pages (Closes: #429993) * add debian/watch file for uscan * let debian/examples/cracklib_example.c use NULL to specify the default dictionary path * convert HTML documentation to DocBook XML and update it * fix man2html URLs in documentation to reflect man2html's current URL syntax * add README, README-DAWG, and README-WORDS from upstream package * add quilt rules to debian/rules * removed some Debian patches that are no longer required because of upstream improvements * debian/patches/05-mkdict.patch: Adapted to new upstream version, renamed to 01-cracklib-format-optim.patch. * debian/patches/07-ccwarnings.patch: Adapted to new upstream version, renamed to 02-ccwarnings.patch. * debian/patches/12-packer-dont-print-skipping-line.c.patch: Adapted to new upstream version, renamed to 03-packer-dont-print-skipping-line.patch. -- Jan Dittberner Thu, 10 Jul 2008 21:20:38 +0200 cracklib2 (2.7-19.1) unstable; urgency=low * NMU * debian/rules: + Fixed FTBFS if built twice in a row, Thanks to Kumar Appaiah for help! (Closes: #424163, #442527) -- Kartik Mistry Wed, 26 Mar 2008 21:17:44 +0530 cracklib2 (2.7-19) unstable; urgency=high * debian/patches/01-crack-h.patch: Change to apply with -p1 to fix FTBFS due to recent cdbs change. Thanks to Julien Cristau! (closes: #372273) -- Martin Pitt Sat, 10 Jun 2006 17:50:21 +0200 cracklib2 (2.7-18) unstable; urgency=low * debian/cracklib-runtime.{preinst,postinst}: Properly handle the /etc/cron.daily/cracklib -> cracklib-runtime transition. (closes: #316488) -- Martin Pitt Thu, 14 Jul 2005 00:14:50 +0300 cracklib2 (2.7-17) unstable; urgency=low * Converted to cdbs. * debian/control: Made short descriptions Policy conformant. * Added debian/patches/12-packer-dont-print-skipping-line.c.patch: - util/packer.c: Do not print a confusing "Skipping line..." message on empty lines in dictionaries. (closes: #304583) * debian/crack_mkdict.8: Fixed "utilties" typo. (closes: #310335) * debian/crack_teststr.8: Fixed "utilties" typo. (closes: #310336) -- Martin Pitt Wed, 8 Jun 2005 00:40:04 +0200 cracklib2 (2.7-16) unstable; urgency=high * Urgency high since this fixes an RC bug present in Sarge. * Added debian/patches/10-check-corrupt-dict.diff: - packlib.c, FindPW(): If GetPW() returns NULL we have a corrupt dictionary. Check for NULL and exit with an appropriate error message instead of strcmp()'ing against NULL which triggers a segfault. * Added debian/patches/11-mkdict-C-locale.diff: - Run crack_mkdict with locale C; other locales might mess up the dictionary. - Thanks to Kenshi Muto for his help with this bug. - Closes: #309746 -- Martin Pitt Sun, 22 May 2005 12:49:14 +0200 cracklib2 (2.7-15) unstable; urgency=high * Added missing "Depends: ${shlibs:Depends}" to cracklib-runtime. Thanks to Maks Attems for discovering this. (closes: #280668) * Urgency high since this is an RC bug and no code changes were made. -- Martin Pitt Thu, 11 Nov 2004 19:41:15 +0100 cracklib2 (2.7-14) unstable; urgency=low * cracklib-runtime: suggest non-virtual wordlist package 'wenglish' as first alternative (closes: #271282) -- Martin Pitt Mon, 18 Oct 2004 09:12:35 +0200 cracklib2 (2.7-13) unstable; urgency=low * overhauled HTML documentation (e. g. now describes integration with libpam-cracklib) * converted HTML documentation to XHTML 1.1 * updated my maintainer address -- Martin Pitt Tue, 21 Oct 2003 15:53:29 +0200 cracklib2 (2.7-12) unstable; urgency=low * 09-multidicts.diff: fixes bug in packlib.c: dictionary search was faulty after dictionary switch; thanks to Chris Dunlop! (closes: #215085) -- Martin Pitt Fri, 10 Oct 2003 11:20:04 +0200 cracklib2 (2.7-11) unstable; urgency=low * updated Standards-Version * 08-dictsearch.diff: fixes bug in dictionary search algorithm, some words were not found before; thanks to Chris Dunlop! (closes: #213574) -- Martin Pitt Wed, 1 Oct 2003 11:55:13 +0200 cracklib2 (2.7-10) unstable; urgency=low * changed priority of cracklib2-dev to extra, as in override file * utils/mkdict: changed order of commands to eliminate empty lines; thanks to Bart Cortooms! (closes: #199014) -- Martin Pitt Sun, 29 Jun 2003 15:52:24 +0200 cracklib2 (2.7-9) unstable; urgency=low * new maintainer (closes: #194025) * NMU acks (most of this stuff is not needed any more because of the new build system) (closes: #62393, #69187, #70239, #72244, #75376, #87355, #91135, #91136, #91407, #91414, #91429, #95291, #97705, #97855, #99512, #107112, #108822, #111525); thanks to Colin Watson, Sebastian Rittau, and Lenart Janos * debian/control: updated maintainer and standards-version, moved -dev to section libdevel * updated debian/copyright (maintainer, correct upstream URL) * rewrote debian/ directory from scratch * cracklib.conf now also searches in dictionary directories below /usr/local (closes: #46024) * cracklib-runtime recommends wordlist now (closes: #54214, #67856, #46025) * corrected all links in cracklib*.html (closes: #112238) * corrected SEE ALSO links in manpages (closes: #90718) * cracklib2-dev now comes with packer.h (closes: #173705) * moved functionality of cronjob to /usr/sbin/update-cracklib and call this script in cracklib-runtime's postinst (closes: #36976) * cronjob now logs to cron.info (was 'notice' before) * cronjob result output is now properly redirected to logger (closes: #45567) * packed wordlist are world-readable now (they are created from world-readable files, should be no problem) (closes: #146955) * removed 'readonly' variable attribute from cronjob since it is bash-specific (closes: #114749) * cracklib(3) is an alias (symlink) for FascistCheck(3) (closes: #90717) * cleaned up and documented example application * all files: deleted CVS references from former maintainer * deleted 'Local variables:' stuff at end of changelog * patch 07-ccwarnings.diff to eliminate all (but one) compiler warning * added linda overrides for nonstandard package name * added logcheck ignores for cronjob -- Martin Pitt Fri, 13 Jun 2003 10:37:10 +0200 cracklib2 (2.7-8.5) unstable; urgency=medium * Non-maintainer upload. Urgency medium as this is keeping other packages out of testing. * debian/dpkg.common/rules: Move calls to dpkg-shlibdeps and dpkg-gencontrol from the build target to binary, as dpkg-shlibdeps doesn't like being called as non-root (closes: #97855). * Call ldconfig without arguments, for the Hurd (closes: #108822). * Fix typo in crack_teststr(8)'s NAME section (closes: #99512). * Exit 0 and don't complain in the syslog if cracklib-runtime is removed but not purged (closes: #95291). * logger is no longer used as a result of the above (closes: #62393). -- Colin Watson Wed, 3 Oct 2001 01:37:09 +0100 cracklib2 (2.7-8.4) unstable; urgency=low * Another non-maintainer upload to fix the disappearing changelog entry. (Closes: #111525) -- Sebastian Rittau Sat, 8 Sep 2001 14:24:27 +0200 cracklib2 (2.7-8.3) unstable; urgency=low * Non-maintainer upload with permission of maintainer. * Closes an annoying warning produced by the cron.daily scipt when /bin/sh is linked against /bin/ash. (Closes: #107112) * Fixed a similar problem in debian/dpkg.common/clean. -- Sebastian Rittau Wed, 5 Sep 2001 19:08:44 +0200 cracklib2 (2.7-8.2) unstable; urgency=low * Non-maintainer upload. * debian/dpkg.common/modifysrc: Support build environments where the .orig.tar.gz is not present in the parent directory (thanks, Mikko Markus Torni; closes: #87355). * debhelper namespacing was fixed in previous NMU, but fixed it more neatly while I'm here (closes: #75376). * Move to FHS locations for documentation (thanks, Jonathon M. Abbott; closes: #91135, #91136, #91407, #91414, #91429). * Don't link with -nodefaultlibs, as it has bad effects on some platforms (closes: #72244). * Add Section: and Priority: to the .deb's control file (lintian). * Bump Standards-Version: to 3.1.1 and add build-dependency on debhelper (>= 2.0.89) (closes: #70239). * Fixed debian/dpkg.common/{check,substfiles}: both of them grepped the output of dpkg-parsechangelog for "Version: " instead of "^Version: ", which broke with the above changelog entry. -- Colin Watson Wed, 16 May 2001 17:46:51 +0100 cracklib2 (2.7-8.1) unstable; urgency=medium * Non-maintainer upload. * Fixed path to Debhelper and added correct namespace, fixes Bug#69187. -- Lenart Janos Fri, 23 Feb 2001 18:34:33 +0100 cracklib2 (2.7-8) unstable; urgency=low * Corrected control file where shared library package was not correctly depending on shlibs information. -- Jean Pierre LeJacq Fri, 2 Apr 1999 14:32:19 -0500 cracklib2 (2.7-7) unstable; urgency=low * Correct broken link to shared library. Fixes Bug#35331. Thanks to Hartmut Koptein . * Upgraded algorithm which decides which files in standard dictionary directories should be included in cracklib dictionary. Now includes support for non-ASCII text and compressed text files. Fixes Bug#27510. Thanks to Francesco Potorti and Julian Gilbey . -- Jean Pierre LeJacq Fri, 2 Apr 1999 08:58:56 -0500 cracklib2 (2.7-6) unstable; urgency=high * Corrected build programs that prevent inclusion of pristine upstream source. * Corrected cron.daily script to redirect message syslog per suggestion of Ralph Giles. Fixes Bug#27511, Bug#27743, Bug#28897, Bug#29100, Bug#29500, Bug#29995, Bug#30576, Bug#31060, Bug#31666, Bug#31683, Bug#33042 and Bug#34782. Thanks to Francesco Potorti , J.H.M. Dassen , Branden Robinson , James Spooner , Manoj Srivastava , Ben , , Elie Rosenblum , Ralph Giles , Ian Eure and . * Corrected control file by removing suggestion for non-existent cracklib-dict package. I still intended to add this package in the future. Fixes Bug#29300. Thanks to Julian Gilbey . * Corrected control file by adding dependency on file package. Fixes Bug#31686. Thanks to Ralph Giles . * Upgraded crack_packer man-page to document output. Fixes Bug#27511 and Bug#28897. Thanks to Francesco Potorti . * Upgraded to Debian policy standard version 2.5.0.0. * Upgraded control file to remove statement that cracklib is not used by other Debian packages. Fixes Bug#27647. Thanks to Chris . -- Jean Pierre LeJacq Mon, 29 Mar 1999 07:27:17 -0500 cracklib2 (2.7-5) frozen unstable; urgency=low * Placed in frozen distribution. Thanks to James Troup (bug#20993). * Upgraded priority from extra to optional. * Upgraded package building architecture. * Upgraded HTML documentation to show how to use cracklib in Debian distribution. Also reverted back to individual binary packages. * Upgraded doc-base title entry to be shorter since dhelp core dumps otherwise. * Removed menu files since they are generated directly by doc-base. -- Jean Pierre LeJacq Sat, 18 Apr 1998 13:55:28 -0400 cracklib2 (2.7-4) unstable; urgency=low * Replaced documentation directories to symbolic links per Debian policy manual section 5.6. Thanks to Gregory Stark (bug#19715). * Added section to explain briefly what modifications were made in the Debian version of the package compared to the upstream one per the Debian policy manual section 5.6. * Added separate menu and doc-base entry for dev package. -- Jean Pierre LeJacq Tue, 7 Apr 1998 12:51:17 -0400 cracklib2 (2.7-3) unstable; urgency=low * Corrected incorrect reference to obsolete cracklib2.6 package in control file. * Corrected name of suggested dictionary package to crack-dict since this will be shared between crack and cracklib2. * Corrected Debian sections for source and binary packages. * Upgraded documentation in control file of cracklib2 binary package to notify users how cracklib2 can be used now since it will not be included in Debian 2.0. -- Jean Pierre LeJacq Sat, 4 Apr 1998 09:55:41 -0500 cracklib2 (2.7-2) unstable; urgency=low * Upgraded postinst to call ldconfig on configuration. * Upgraded debian/rules to include target to check binary packages with lintian and HTML validation tools. * Upgraded default configuration file to add any ASCII text file in /usr/share/dict and /usr/dict to construct cracklib dictionary database. Thanks to Gregory Stark (bug#19714). * Upgraded man pages to have relative URI to HTML documentation. * Corrected misspelling in parameterized variable in FascistCheck man page. Thanks to Gregory Stark (bug#19715). * Moved removal of menu entry from prerm to postrm per lintian. * Moved dh_shlibdeps from build to binary since it now calls chown which requires root privileges. * Checked that package building and installation shell scripts work with bash, pdksh, and ash. -- Jean Pierre LeJacq Tue, 31 Mar 1998 17:16:08 -0500 cracklib2 (2.7-1) unstable; urgency=low * Upgraded to new upstream source. * Upgraded documentation to indicated new upstream source location. * Corrected bug in doc-base configuration. * Removed #!/bin/sh header in non executable configuration file per lintian. * Changed package name from cracklib2.6 to cracklib2. -- Jean Pierre LeJacq Sun, 8 Mar 1998 15:50:17 -0500 cracklib2.6 (2.6-1) unstable; urgency=low * Initial release. -- Jean Pierre LeJacq Wed, 25 Feb 1998 09:21:54 -0500 debian/crack.py0000644000000000000000000000022312273252362010624 0ustar # # wrapper script to provide the python-cracklib functionality with the # module name of the older python-crack package # from cracklib import * debian/create-cracklib-dict.80000644000000000000000000000143612273252362013223 0ustar .TH create\-cracklib\-dict 8 "Sat Jun 21 22:45:42 CEST 2008" "Jan Dittberner" .SH NAME create\-cracklib\-dict \- Check passwords using libcrack2 .SH SYNOPSIS .B create\-cracklib\-dict wordlist ... .br .SH DESCRIPTION .B create\-cracklib\-dict takes one or more word list files as arguments and converts them into cracklib dictionaries for use by password checking programs. The results are placed in the default compiled-in dictionary location. If you wish to store the dictionary in a different location, use the cracklib-format and cracklib-packer commands directly. .SH SEE ALSO .BR cracklib\-format (8), .BR cracklib\-packer (8), .BR cracklib\-check (8), .SH AUTHOR This man page was written by Jan Dittberner for the Debian GNU/Linux System (but may be used by others). debian/libcrack2-dev.links0000644000000000000000000000010212273252362012635 0ustar /usr/share/man/man3/FascistCheck.3 /usr/share/man/man3/cracklib.3 debian/examples/0000755000000000000000000000000012273252362011010 5ustar debian/examples/README0000644000000000000000000000107312273252362011671 0ustar Example for cracklib2 --------------------- This example demonstrates the usage of cracklib2. Just enter a potential password and the program will answer whether it is good, and if not, why. Usage: copy Makefile and cracklib_example.c into a writable directory, run 'make' and start 'cracklib_example'. You must have the package cracklib-runtime installed to actually make it work, since otherwise cracklib has no wordlists to check against. cracklib-runtime also provides a test program crack_testlib(8) which has a similar function. Martin Pitt debian/examples/Makefile0000644000000000000000000000027012273252362012447 0ustar # Makefile for cracklib2 example. CC=gcc CFLAGS=-g -O2 -Wall LDFLAGS= cracklib_example: cracklib_example.o $(CC) $(LDFLAGS) -o $@ -lcrack $^ clean: rm -f *.o *~ cracklib_example debian/examples/cracklib_example.c0000644000000000000000000000214412273252362014442 0ustar /* copyright: Copyright (C) 1998, 1999 Jean Pierre LeJacq Cleaned up 2003 by Martin Pitt Adapted to new upstream 2008 by Jan Dittberner Distributed under the GNU GENERAL PUBLIC LICENSE. description: cracklib_example - an example of using cracklib Nothing fancy here. Simply need to call FascistCheck() with the potential password and the path+prefix to the dictionary database. I'm using the path+prefix, CRACKLIB_DICTPATH, used by the utilities in the cracklib-runtime package. FascistCheck() will return non-NULL if the password is not selected. */ #include #include int main() { char password[80U] = ""; char const* msg; puts( "Example program using cracklib" ); printf( "Enter potential password: " ); scanf( "%79s", password ); msg = FascistCheck( password, NULL ); if( msg ) { puts( "Please use a different password." ); printf( "The one you have chosen is unsuitable because:\n %s\n", msg ); } else puts( "Good password." ); return 0; } debian/cracklib-runtime.logcheck.ignore.paranoid0000644000000000000000000000026612273252362017210 0ustar ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ cracklib: updated dictionary \(read/written words: ([0-9]+) \1\)\.$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ cracklib: no dictionary update necessary\.$ debian/libcrack2.symbols0000644000000000000000000000133412273252362012441 0ustar libcrack.so.2 libcrack2 #MINVER# Capitalise@Base 2.8.12 Char2Int@Base 2.8.12 Chop@Base 2.8.12 Clone@Base 2.8.12 FascistCheck@Base 2.8.12 FascistCheckUser@Base 2.9.0 FascistGecos@Base 2.8.12 FascistLook@Base 2.8.12 FindPW@Base 2.8.12 GTry@Base 2.8.12 GetPW@Base 2.8.12 Lowercase@Base 2.8.12 Mangle@Base 2.8.12 MatchClass@Base 2.8.12 PMatch@Base 2.8.12 PWClose@Base 2.8.12 PWOpen@Base 2.8.12 Pluralise@Base 2.8.12 PolyPurge@Base 2.8.12 PolyStrchr@Base 2.8.12 PolySubst@Base 2.8.12 Purge@Base 2.8.12 PutPW@Base 2.8.12 Reverse@Base 2.8.12 Substitute@Base 2.8.12 Suffix@Base 2.8.12 Trim@Base 2.8.12 Uppercase@Base 2.8.12 GetDefaultCracklibDict@Base 2.8.14 __DEBIAN_SPECIFIC__SafeFascistCheck@Base 2.8.19-2~ debian/pycompat0000644000000000000000000000000212273252362010741 0ustar 2 debian/compat0000644000000000000000000000000212273252362010370 0ustar 9 debian/cracklib-runtime.install0000644000000000000000000000010212273252362014006 0ustar debian/cracklib.conf etc/cracklib debian/update-cracklib usr/sbin debian/cracklib-format.80000644000000000000000000000722212273252362012326 0ustar .\" source: .\" /var/cvs/projects/debian/cracklib/debian/dpkg.src/cracklib-runtime.crack_mkdict.8.in,v .\" .\" revision: .\" @(#) cracklib-runtime.crack_mkdict.8.in,v 1.7 1999/04/02 14:50:43 jplejacq Exp .\" .\" copyright: .\" Copyright (C) 1998, 1999 Jean Pierre LeJacq .\" .\" Distributed under the GNU GENERAL PUBLIC LICENSE. .\" .TH cracklib\-format 8 "Sat Jun 21 22:43:12 CEST 2008" "2.7-8.5" "Debian GNU/Linux manual" .SH NAME cracklib\-format, cracklib\-packer, cracklib\-unpacker \- cracklib dictionary utilities .SH SYNOPSIS .B cracklib\-format .IR file .IR ... .B cracklib\-packer .IR cracklib_dictpath .B cracklib\-unpacker .IR cracklib_dictpath .SH DESCRIPTION .B cracklib\-format takes a list of text files each containing a list of words, one per line, It lowercases all words, removes control characters, and sorts the lists. It outputs the cleaned up list to standard output. The text files may be optionally compressed with .BR gzip (1). If you supply massive amounts of text to .B cracklib\-format you must have enough free space available for use by the .BR sort (1) command. If you do not have 20Mb free in /var/tmp (or whatever temporary area your .BR sort (1) command uses), have a look at the .B /usr/sbin/cracklib\-format program which is a .BR sh (1) program. You can usually tweak the .BR sort (1) command to use any large area of disk you desire, by use of the .B \-T option. .B cracklib\-format has a hook for this. .B cracklib\-packer reads from standard input a list of sorted and cleaned words and creates a database in the directory and prefix given by the command line argument .B cracklib_dictpath. Three files are created with the suffixes of .hwm, .pwd, and .pwi. These three files are in the format that the .BR FascistCheck (3) subroutine, .BR cracklib\-unpacker (8), and .BR cracklib\-check (8), utilities understand. The number of words read and written are printed on .BR stdout (3). .B cracklib\-unpacker reads from the database in the directory and prefix given by the command line argument .B cracklib_dictpath and outputs on standard output the list of words that make up the database. The database is in a binary format generated by the utilities .BR cracklib\-format (8) and .BR cracklib\-packer (8). On a Debian system the database is located in the directory /var/cache/cracklib/cracklib_dict and is generated daily with the program /etc/cron.daily/cracklib. The location is also defined in the header file .B crack.h using the constant .B CRACKLIB_DICTPATH though none of the subroutines in the cracklib libraries have this location hardcoded into their implementations. .SH FILES .TP .I /var/cache/cracklib/cracklib_dict.[hwm|pwd|pwi] cracklib dictionary database files used by utilities. .TP .I /etc/cron.daily/cracklib cracklib daily cron program to rebuild the cracklib dictionary database. .TP .I /etc/cracklib/cracklib.conf cracklib configuration file used by the cracklib daily cron program to rebuild the cracklib dictionary database. .TP .I /usr/include/crack.h cracklib header file defining the subroutine .BR FascistCheck(3) and the constant .B CRACKLIB_DICTPATH used to compile in the location of the cracklib dictionary database for these utilities. .TP .I /usr/sbin/cracklib\-format cracklib shell script to create initial list of words for dictionary database. .SH SEE ALSO .BR FascistCheck (3), .BR cracklib\-check (8), .BR update\-cracklib (8), .BR create\-cracklib\-dict (8) .br /usr/share/doc/libcrack2/libcrack2.html .br /usr/share/doc/cracklib-runtime/cracklib-runtime.html .SH AUTHOR .B cracklib2 is written by Alec Muffett . Manual added by Jean Pierre LeJacq . debian/cracklib-runtime.docs0000644000000000000000000000004112273252362013272 0ustar debian/doc/cracklib-runtime.html debian/update-cracklib0000644000000000000000000000223612273252362012152 0ustar #!/bin/sh # update-cracklib - Regenerate cracklib word lists # # This script is based on the original cron job written by Jean Pierre # LeJacq . set -e umask 0022 if [ -r "/etc/cracklib/cracklib.conf" ] then . /etc/cracklib/cracklib.conf else echo Error: cannot read configuration file /etc/cracklib/cracklib.conf exit 1 fi if [ ! -d /var/cache/cracklib/ ]; then install -d -m 755 /var/cache/cracklib/ fi if [ -n "${cracklib_dictpath_src}" -a -n "${cracklib_dictpath}" ] then export LC_COLLATE=C processed=0 for i in ${cracklib_dictpath_src} do if ! [ -e /var/cache/cracklib/src-dicts ] \ || ! grep -q "$i" /var/cache/cracklib/src-dicts \ || ! [ -e "${cracklib_dictpath}.pwd" ] \ || [ "$i" -nt "${cracklib_dictpath}.pwd" ] then if [ $processed = 0 ] then /usr/sbin/cracklib-format ${cracklib_dictpath_src} | \ /usr/sbin/cracklib-packer processed=1 echo "${cracklib_dictpath_src}" > \ /var/cache/cracklib/src-dicts fi fi done fi exit 0 debian/patches/0000755000000000000000000000000012273252362010621 5ustar debian/patches/install-debian-python-modules.patch0000644000000000000000000000066712273252362017526 0ustar Subject: install Debian specific Python modules Author: Jan Dittberner --- a/python/setup.py.in +++ b/python/setup.py.in @@ -42,7 +42,7 @@ author_email="jan@dittberner.info", url="http://cracklib.sourceforge.net/", license="GPLv2+", - py_modules=['cracklib', 'test_cracklib'], + py_modules=['cracklib', 'test_cracklib', 'crack'], ext_modules=extensions, zip_safe=False, classifiers=[ debian/patches/improve_test_737040.patch0000644000000000000000000000615212273252362015212 0ustar Author: Jan Dittberner Subject: improve Python test to cover low level FascistCheck Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737040 --- a/python/test_cracklib.py +++ b/python/test_cracklib.py @@ -15,6 +15,13 @@ class TestModuleFunctions(unittest.TestCase): + def test_FascistCheck(self): + try: + cracklib.FascistCheck('test', dictpath=dictpath) + self.fail('expected ValueError') + except ValueError: + pass + def test_VeryFascistCheck(self): try: cracklib.VeryFascistCheck('test', dictpath=dictpath) @@ -68,7 +75,7 @@ def test_simple_lower(self): for passwd in ['t' * i for i in range( - cracklib.MIN_LENGTH - cracklib.LOW_CREDIT)]: + cracklib.MIN_LENGTH - cracklib.LOW_CREDIT)]: self.assertEquals( 1, cracklib.simple(passwd), 'password {0} should be detected as too simple'.format( @@ -78,7 +85,7 @@ def test_simple_upper(self): for passwd in ['T' * i for i in range( - cracklib.MIN_LENGTH - cracklib.UP_CREDIT)]: + cracklib.MIN_LENGTH - cracklib.UP_CREDIT)]: self.assertEquals( 1, cracklib.simple(passwd), 'password {0} should be detected as too simple'.format( @@ -88,7 +95,7 @@ def test_simple_digit(self): for passwd in ['1' * i for i in range( - cracklib.MIN_LENGTH - cracklib.DIG_CREDIT)]: + cracklib.MIN_LENGTH - cracklib.DIG_CREDIT)]: self.assertEquals( 1, cracklib.simple(passwd), 'password {0} should be detected as too simple'.format( @@ -98,7 +105,7 @@ def test_simple_other(self): for passwd in ['#' * i for i in range( - cracklib.MIN_LENGTH - cracklib.OTH_CREDIT)]: + cracklib.MIN_LENGTH - cracklib.OTH_CREDIT)]: self.assertEquals( 1, cracklib.simple(passwd), 'password {0} should be detected as too simple'.format( @@ -109,14 +116,16 @@ def test_simple_combinations(self): testset = '#a' * (cracklib.MIN_LENGTH // 2) for passwd in [testset[:i] for i in range( - cracklib.MIN_LENGTH - cracklib.LOW_CREDIT - cracklib.OTH_CREDIT)]: + cracklib.MIN_LENGTH - + cracklib.LOW_CREDIT - + cracklib.OTH_CREDIT)]: self.assertEquals( 1, cracklib.simple(passwd), 'password {0} should be detected as too simple'.format( passwd)) self.assertEquals(0, cracklib.simple( testset[:(cracklib.MIN_LENGTH - cracklib.LOW_CREDIT - - cracklib.OTH_CREDIT)])) + cracklib.OTH_CREDIT)])) tests.append(TestModuleFunctions) @@ -127,7 +136,7 @@ print(('cracklib is installed in: ' + os.path.dirname(__file__))) print(('cracklib version: ' + __version__)) print((sys.version)) - dictpath=use_dictpath + dictpath = use_dictpath suite = unittest.TestSuite() for cls in tests: debian/patches/libcrack2-error-safer-check-variant.patch0000644000000000000000000001317112273252362020443 0ustar Subject: add a safer check variant Author: Markus Wanner Bug-Debian: http://bugs.debian.org/682735 Bug-Debian: http://bugs.debian.org/737040 --- a/lib/fascist.c +++ b/lib/fascist.c @@ -882,6 +882,60 @@ return FascistCheckUser(password, path, NULL, NULL); } +/* This Debian specific method is a work-around for Debian #682735. Please + do not rely on it being available in future verisons of cracklib2. */ +int +__DEBIAN_SPECIFIC__SafeFascistCheck(password, path, errstr, errstr_len) + const char *password; + const char *path; + char *errstr; + size_t errstr_len; +{ + PWDICT *pwp; + char pwtrunced[STRINGSIZE]; + char *error; + + /* If passed null for the path, use a compiled-in default */ + if ( ! path ) + { + path = DEFAULT_CRACKLIB_DICT; + } + + /* security problem: assume we may have been given a really long + password (buffer attack) and so truncate it to a workable size; + try to define workable size as something from which we cannot + extend a buffer beyond its limits in the rest of the code */ + + strncpy(pwtrunced, password, TRUNCSTRINGSIZE); + pwtrunced[TRUNCSTRINGSIZE - 1] = '\0'; /* enforce */ + + /* perhaps someone should put something here to check if password + is really long and syslog() a message denoting buffer attacks? */ + + if (!(pwp = PWOpen(path, "r"))) + { + return 0; + } + + + error = FascistLook(pwp, pwtrunced); + if (error != NULL) + { + strncpy(errstr, error, errstr_len); + errstr[errstr_len - 1] = '\0'; + } + else + { + errstr[0] = '\0'; + } + + /* sure seems like we should close the database, since we're only likely to check one password */ + PWClose(pwp); + pwp = (PWDICT *)0; + + return 1; +} + const char * GetDefaultCracklibDict() { --- a/lib/crack.h +++ b/lib/crack.h @@ -22,6 +22,15 @@ extern const char *FascistCheckUser(const char *pw, const char *dictpath, const char *user, const char *gecos); +/* This Debian specific method is a work-around for Debian #682735. Please + do not rely on it being available in future verisons of cracklib2. + Returns 1 (true) for success and 0 (false) in case an error occurred + opening or reading the dictionary. In the later case, please check + errno. */ +extern int __DEBIAN_SPECIFIC__SafeFascistCheck(const char *pw, + const char *dictpath, char *errmsg, + size_t errmsg_len); + /* This function returns the compiled in value for DEFAULT_CRACKLIB_DICT. */ extern const char *GetDefaultCracklibDict(void); --- a/lib/packlib.c +++ b/lib/packlib.c @@ -16,6 +16,7 @@ #ifdef HAVE_STDINT_H #include #endif +#include #include "packer.h" static const char vers_id[] = "packlib.c : v2.3p2 Alec Muffett 18 May 1993"; @@ -157,6 +158,7 @@ if (!fread((char *) &pdesc.header, sizeof(pdesc.header), 1, ifp)) { fprintf(stderr, "%s: error reading header\n", prefix); + errno = 0; pdesc.header.pih_magic = 0; fclose(ifp); @@ -180,6 +182,7 @@ if (!fread((char *) &pdesc64.header, sizeof(pdesc64.header), 1, ifp)) { fprintf(stderr, "%s: error reading header\n", prefix); + errno = 0; pdesc.header.pih_magic = 0; fclose(ifp); @@ -199,6 +202,7 @@ { /* nope, not "64-bit" after all */ fprintf(stderr, "%s: error reading header\n", prefix); + errno = 0; pdesc.header.pih_magic = 0; fclose(ifp); @@ -225,6 +229,7 @@ if (pdesc.header.pih_magic != PIH_MAGIC) { fprintf(stderr, "%s: magic mismatch\n", prefix); + errno = 0; pdesc.header.pih_magic = 0; fclose(ifp); @@ -245,6 +250,7 @@ if (pdesc.header.pih_numwords < 1) { fprintf(stderr, "%s: invalid word count\n", prefix); + errno = 0; pdesc.header.pih_magic = 0; fclose(ifp); @@ -264,6 +270,7 @@ if (pdesc.header.pih_blocklen != NUMWORDS) { fprintf(stderr, "%s: size mismatch\n", prefix); + errno = 0; pdesc.header.pih_magic = 0; fclose(ifp); --- a/python/_cracklib.c +++ b/python/_cracklib.c @@ -42,6 +42,7 @@ #ifdef HAVE_LIBINTL_H #include #endif +#include #ifdef HAVE_PTHREAD_H static pthread_mutex_t cracklib_mutex = PTHREAD_MUTEX_INITIALIZER; @@ -74,7 +75,8 @@ { char *candidate, *dict; char *defaultdict = NULL; - const char *result; + int result; + char errmsg[255]; struct stat st; char *keywords[] = {"pw", "dictpath", NULL}; char *dictfile; @@ -148,7 +150,8 @@ #endif LOCK(); - result = FascistCheck(candidate, dict ? dict : defaultdict); + result = __DEBIAN_SPECIFIC__SafeFascistCheck(candidate, + dict ? dict : defaultdict, errmsg, sizeof(errmsg)); UNLOCK(); if (defaultdict != NULL) @@ -156,10 +159,25 @@ free(defaultdict); } - if (result != NULL) + if (result) { - PyErr_SetString(PyExc_ValueError, result); - return NULL; + if ((errmsg != NULL) && (strlen(errmsg) > 0)) + { + PyErr_SetString(PyExc_ValueError, errmsg); + return NULL; + } + } + else { + if (errno == 0) + { + PyErr_SetString(PyExc_RuntimeError, "Unable to read cracklib dictionary."); + return NULL; + } + else + { + PyErr_SetFromErrnoWithFilename(PyExc_ValueError, "/var/cache/cracklib_dict.*"); + return NULL; + } } return Py_BuildValue("s", candidate); } debian/patches/series0000644000000000000000000000015012273252362012032 0ustar install-debian-python-modules.patch libcrack2-error-safer-check-variant.patch improve_test_737040.patch debian/libcrack2.xml0000644000000000000000000002004512273252362011551 0ustar
cracklib2 - a pro-active password library cracklib2 is a library containing a C function which may be used in a passwd (1) like program. The idea is simple: try to prevent users from choosing passwords that could be guessed by crack by filtering them out, at source. cracklib2 is not a replacement passwd (1) program. cracklib2 is a library. cracklib2 is an offshoot of version 5 of the crack software and contains a considerable number of ideas nicked from the new software. cracklib2's original home page provides some links on security publications and access to source code written by the author of cracklib2. While there is a README there is not much documentation available on cracklib2. Hopefully this page that I generated for the Debian/GNU Linux distribution will improve this situation. cracklib2 has been forked by NathanNeulinger who is now coordinating the further development. This fork has been blessed by the original maintainer in this article. The new upstream branch is hosted at the cracklib2 SourceForge project page. 1998 1999 Jean Pierre LeJacq 2003 Martin Pitt 2008 Jan Dittberner This package and this document is free software; you may redistribute it and/or modify it under the terms of the GNU General Public License version 2 as published by the Free Software Foundation. A copy of the GNU General Public License version 2 is available as /usr/share/common-licenses/GPL-2 in the Debian GNU/Linux distribution or on the World Wide Web at http://www.gnu.org/copyleft/gpl.html. You can also obtain it by writing to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. Jean Pierre LeJacq Original Debian packaging jplejacq@quoininc.com Martin Pitt Debian package maintainer before version 2.8. mpitt@debian.org Jan Dittberner Reformulation to DocBook XML, updated to reflect new packaging and upstream version. Current Debian package maintainer. jandd@debian.org $Date$
Why <application>cracklib2</application>? One of the most common security weaknesses in computer systems is the use of easily guessed passwords. cracklib2 tries to prevent the selection of weak passwords by checking potential passwords against dictionaries of commonly used or easily guessed words.
Who is responsible for all of this? AlecMuffet is the author of cracklib2. Jean PierreLeJacq initially produced this Debian package, MartinPitt is its current maintainer. JanDittberner packaged the new upstream version of cracklib2 and updated the documentation.
How to use <application>cracklib2</application> with Debian Ideally, the password quality check should be done when an user sets his/her password. The PAM (Pluggable Authentication Modules) architecture makes it easy to integrate arbitrary checks (like cracklib2) into programs like passwd and ssh. To use cracklib2 in Debian, install the package libpam_cracklib and follow the instructions to enable libpam_cracklib in /etc/pam.d/common-password. From now on,cracklib2 checks the password quality whenever a password is changed with passwd and rejects bad ones.
Debian <application>cracklib2</application> package overview The source package is cracklib2 which generates the following binary packages: libcrack2 Shared library and this documentation. libcrack2-dev Header files, static libraries, and symbolic links developers using cracklib2 will need. This package also provides an example program that shows the usage of cracklib2 in own applications. cracklib-runtime Run-time support programs which use the shared library in libcrack2 including programs to build the password dictionary databases used by the functions in the shared library. python-cracklib This package provides Python bindings for the shared library in libcrack2. This package does not include dictionaries since there are already lots of them in Debian (wenglish, wngerman, etc.).
debian/control0000644000000000000000000001012312273252362010572 0ustar Source: cracklib2 Section: libs Priority: optional Maintainer: Jan Dittberner Uploaders: Martin Pitt Standards-Version: 3.9.5 Build-Depends: autoconf (>=2.61), automake (>= 1.10), autotools-dev, chrpath, debhelper (>= 9), docbook-utils, docbook-xml, dpkg-dev (>= 1.16.1~), libtool, python-all-dev (>= 2.6.6-3~), python-setuptools, python3-all-dev (>= 3.1.3-2~), python3-setuptools Homepage: http://sourceforge.net/projects/cracklib Vcs-Git: git://anonscm.debian.org/pkg-cracklib/pkg-cracklib.git Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-cracklib/pkg-cracklib.git Package: libcrack2 Architecture: any Multi-Arch: same Pre-Depends: ${misc:Pre-Depends} Depends: ${misc:Depends}, ${shlibs:Depends} Recommends: cracklib-runtime Description: pro-active password checker library Shared library for cracklib2 which contains a C function which may be used in a passwd like program. The idea is simple: try to prevent users from choosing passwords that could be guessed by crack by filtering them out, at source. cracklib2 is NOT a replacement passwd program. cracklib2 is a LIBRARY. Package: libcrack2-udeb Package-Type: udeb Section: debian-installer Architecture: any Pre-Depends: ${misc:Pre-Depends} Depends: ${misc:Depends}, ${shlibs:Depends} Description: pro-active password checker library Shared library for cracklib2 which contains a C function which may be used in a passwd like program. The idea is simple: try to prevent users from choosing passwords that could be guessed by crack by filtering them out, at source. . This is an udeb package that can be used by the Debian installer. Package: libcrack2-dev Section: libdevel Priority: extra Architecture: any Depends: libcrack2 (=${binary:Version}), ${misc:Depends} Recommends: cracklib-runtime Description: pro-active password checker library - development files Header files, static libraries, documentation, and symbolic links developers using cracklib2 will need. . If you want to build software using cracklib2 you will need to install this package. For developing Python based applications for cracklib2 you need to install python-cracklib instead. Package: cracklib-runtime Section: admin Architecture: any Multi-Arch: foreign Pre-Depends: ${misc:Pre-Depends} Depends: file, libcrack2 (>=${binary:Version}), ${misc:Depends}, ${shlibs:Depends} Recommends: wamerican | wordlist Description: runtime support for password checker library cracklib2 Run-time support programs which use the shared library in libcrack2 including programs to build the password dictionary databases used by the functions in the shared library. Package: python-cracklib Section: python Architecture: any Depends: cracklib-runtime (>=${binary:Version}), libcrack2 (>=${binary:Version}), ${misc:Depends}, ${python:Depends}, ${shlibs:Depends} Provides: ${python:Provides} Conflicts: python-crack Description: Python bindings for password checker library cracklib2 This package provides Python bindings for cracklib. It contains a pythonic interface to cracklib's functions and some Python convenience functions. . You should install this package if you want to use or develop Python applications that want to interface with cracklib2. Package: python3-cracklib Section: python Architecture: any Depends: cracklib-runtime (>=${binary:Version}), libcrack2 (>=${binary:Version}), ${misc:Depends}, ${python3:Depends}, ${shlibs:Depends} Provides: ${python3:Provides} Description: Python3 bindings for password checker library cracklib2 This package provides Python bindings for cracklib. It contains a pythonic interface to cracklib's functions and some Python convenience functions. . You should install this package if you want to use or develop Python3 applications that want to interface with cracklib2. . This package provides the Python3 version of cracklib2's Python binding. debian/libcrack2.doc-base0000644000000000000000000000103512273252362012424 0ustar Document: libcrack2 Title: cracklib2 - a pro-active password checker library Author: Jean Pierre LeJacq Abstract: cracklib is a library containing a C function which may be used in a passwd like program. The idea is simple: try to prevent users from choosing passwords that could be guessed by crack by filtering them out, at source. cracklib is NOT a replacement passwd program. cracklib is a LIBRARY. Section: System/Security Format: HTML Index: /usr/share/doc/libcrack2/libcrack2.html Files: /usr/share/doc/libcrack2/libcrack2.html debian/rules0000755000000000000000000001324512273252362010257 0ustar #!/usr/bin/make -f DPKG_EXPORT_BUILDFLAGS = 1 include /usr/share/dpkg/buildflags.mk include /usr/share/python/python.mk # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) ifneq ($(DEB_STAGE),stage1) PYVERS := $(shell pyversions -vs) PY3VERS := $(shell py3versions -vs) else NOPYTHON_OPTIONS = -Npython-cracklib -Npython3-cracklib endif override_dh_auto_configure: aclocal && libtoolize && automake --add-missing && autoreconf mkdir -p $(CURDIR)/debian/buildtmp/base cd $(CURDIR)/debian/buildtmp/base; \ $(CURDIR)/configure \ --host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE) \ --prefix=/usr --disable-rpath --without-python \ --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH) \ --with-default-dict=/var/cache/cracklib/cracklib_dict \ CFLAGS="$(CFLAGS)" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS)" for i in $(PYVERS) $(PY3VERS); do \ mkdir -p $(CURDIR)/debian/buildtmp/python$$i; \ cd $(CURDIR)/debian/buildtmp/python$$i; \ $(CURDIR)/configure \ --host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE) \ --prefix=/usr --disable-rpath \ --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH) \ --with-default-dict=/var/cache/cracklib/cracklib_dict \ PYTHON_PREFIX=$(call py_builddir_sh,$$i) \ PYTHON=/usr/bin/python$$i \ CFLAGS="$(CFLAGS)" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS)"; \ done override_dh_auto_build: $(MAKE) -C $(CURDIR)/debian/buildtmp/base ifneq ($(DEB_STAGE),stage1) for i in $(PYVERS) $(PY3VERS); do \ cd $(CURDIR)/debian/buildtmp/python$$i; \ rm -rf lib; ln -s $(CURDIR)/debian/buildtmp/base/lib lib; \ cd python; \ ln -s $(CURDIR)/python/*.py \ $(CURDIR)/python/*.c \ $(CURDIR)/debian/test_cracklib.py \ $(CURDIR)/debian/crack.py \ . ; \ CFLAGS="-I$(CURDIR)/lib $(CFLAGS)" LDFLAGS="$(LDFLAGS)" CPPFLAGS="$(CPPFLAGS)" python$$i setup.py build ; \ done endif docbook2html -o debian/doc --nochunks debian/libcrack2.xml docbook2html -o debian/doc --nochunks debian/cracklib-runtime.xml override_dh_auto_test: mkdir $(CURDIR)/debian/tmp ifneq ($(DEB_STAGE),stage1) $(CURDIR)/debian/buildtmp/base/util/cracklib-packer $(CURDIR)/debian/tmp/cracklib_dict < \ $(CURDIR)/dicts/cracklib-small for i in $(PYVERS) $(PY3VERS); do \ cd $(CURDIR)/debian/buildtmp/python$$i/python/$(call py_builddir_sh,$$i); \ LD_LIBRARY_PATH=$(CURDIR)/debian/buildtmp/base/lib/.libs python$$i \ -c 'import cracklib; cracklib.test(dictpath="$(CURDIR)/debian/tmp/cracklib_dict")'; \ done endif override_dh_auto_clean: rm -rf debian/buildtmp rm -rf debian/doc if [ -f Makefile ]; then $(MAKE) clean; fi if [ -f Makefile ]; then $(MAKE) distclean; fi # remove files created or modified by autogen.sh rm -f config.guess config.sub Makefile.in aclocal.m4 configure \ dicts/Makefile.in doc/Makefile.in lib/Makefile.in m4/Makefile.in \ py-compile python/Makefile.in util/Makefile.in ltmain.sh \ m4/ltoptions.m4 m4/ltversion.m4 m4/libtool.m4 m4/ltsugar.m4 \ m4/lt~obsolete.m4 dh_auto_clean override_dh_auto_install: $(MAKE) -C $(CURDIR)/debian/buildtmp/base DESTDIR=$(CURDIR)/debian/libcrack2 install # copy files for libcrack2-udeb mkdir -p $(CURDIR)/debian/libcrack2-udeb/usr/lib/$(DEB_HOST_MULTIARCH) \ $(CURDIR)/debian/libcrack2-udeb/usr/share/locale \ $(CURDIR)/debian/libcrack2-udeb/var/cache/cracklib cp -P $(CURDIR)/debian/libcrack2/usr/lib/$(DEB_HOST_MULTIARCH)/*.so.* \ $(CURDIR)/debian/libcrack2-udeb/usr/lib/$(DEB_HOST_MULTIARCH) cp -r $(CURDIR)/debian/libcrack2/usr/share/locale/* \ $(CURDIR)/debian/libcrack2-udeb/usr/share/locale $(CURDIR)/debian/buildtmp/base/util/cracklib-packer $(CURDIR)/debian/libcrack2-udeb/var/cache/cracklib/cracklib_dict < \ $(CURDIR)/dicts/cracklib-small # move files to libcrack2-dev mkdir -p $(CURDIR)/debian/libcrack2-dev/usr/lib/$(DEB_HOST_MULTIARCH) mv $(CURDIR)/debian/libcrack2/usr/include \ $(CURDIR)/debian/libcrack2-dev/usr mv $(CURDIR)/debian/libcrack2/usr/lib/$(DEB_HOST_MULTIARCH)/*.a \ $(CURDIR)/debian/libcrack2-dev/usr/lib/$(DEB_HOST_MULTIARCH) # move files to cracklib-runtime mkdir -p $(CURDIR)/debian/cracklib-runtime/usr/share/dict mv $(CURDIR)/debian/libcrack2/usr/sbin \ $(CURDIR)/debian/cracklib-runtime/usr mv $(CURDIR)/debian/libcrack2/usr/share/cracklib/cracklib-small \ $(CURDIR)/debian/cracklib-runtime/usr/share/dict # remove unused files rm -f $(CURDIR)/debian/libcrack2/usr/lib/$(DEB_HOST_MULTIARCH)/*.la \ $(CURDIR)/debian/libcrack2/usr/lib/$(DEB_HOST_MULTIARCH)/libcrack.so rm -rf $(CURDIR)/debian/libcrack2/usr/share/cracklib chrpath -d \ $(CURDIR)/debian/cracklib-runtime/usr/sbin/cracklib-check \ $(CURDIR)/debian/cracklib-runtime/usr/sbin/cracklib-packer \ $(CURDIR)/debian/cracklib-runtime/usr/sbin/cracklib-unpacker ifneq ($(DEB_STAGE),stage1) for i in $(PYVERS); do \ cd $(CURDIR)/debian/buildtmp/python$$i/python; \ python$$i setup.py install --install-layout=deb --root $(CURDIR)/debian/python-cracklib; \ done for i in $(PY3VERS); do \ cd $(CURDIR)/debian/buildtmp/python$$i/python; \ python$$i setup.py install --install-layout=deb --root $(CURDIR)/debian/python3-cracklib; \ done endif override_dh_link: dh_link -plibcrack2-dev usr/lib/$(DEB_HOST_MULTIARCH)/libcrack.so.2 \ usr/lib/$(DEB_HOST_MULTIARCH)/libcrack.so dh_link override_dh_installchangelogs: dh_installchangelogs NEWS ifneq ($(DEB_STAGE),stage1) override_dh_python2: dh_python2 -ppython-cracklib override_dh_python3: dh_python3 -ppython3-cracklib endif %: dh $@ --with python2,python3,autotools_dev $(NOPYTHON_OPTIONS) debian/FascistCheck.30000644000000000000000000000540012273252362011607 0ustar .\" source: .\" /var/cvs/projects/debian/cracklib/debian/dpkg.src/cracklib2-dev.FascistCheck.3.in,v .\" .\" revision: .\" @(#) cracklib2-dev.FascistCheck.3.in,v 1.6 1999/03/29 15:30:21 jplejacq Exp .\" .\" copyright: .\" Copyright (C) 1998, 1999 Jean Pierre LeJacq .\" .\" Distributed under the GNU GENERAL PUBLIC LICENSE. .\" .TH FascistCheck 3 "Wed, 3 Oct 2001 01:37:09 +0100" "2.7-8.5" "Debian GNU/Linux manual" .SH NAME FascistCheck \- a pro-active password checker library .SH SYNOPSIS .B #include .sp .B "static char const CRACKLIB_DICTPATH[] = \ .\|.\|.;" .sp .B "extern char const *" .br .B "FascistCheck(char const passwd[], char const dictpath[]);" .SH DESCRIPTION cracklib is a library containing the .B FascistCheck C function which may be used in a "passwd" like program. The idea is simple: try to prevent users from choosing passwords that could be guessed by "crack" by filtering them out, at source. cracklib is an offshoot of the the version 5 of the "crack" software and contains a considerable number of ideas nicked from the new software. The first formal argument .B password is the potential password. The second formal argument .B dictpath is the full path name + filename prefix of the cracklib dictionary database. .B FascistCheck returns the NULL pointer for a good password, or a pointer to a diagnostic string if it is a weak password. The database is in a binary format generated by the utilities .BR crack_mkdict (8) and .BR crack_packer (8). On a Debian system the database is located in the directory defined by the static constant .B CRACKLIB_DICTPATH and is set to /var/cache/cracklib/cracklib_dict. None of the subroutines in the cracklib libraries have this location hard-coded into their implementations. It is generated daily with the program /etc/cron.daily/cracklib. .SH FILES .TP .I /var/cache/cracklib/cracklib_dict.[hwm|pwd|pwi] cracklib dictionary database files used by utilities. .TP .I /etc/cron.daily/cracklib cracklib daily cron program to rebuild the cracklib dictionary database. .TP .I /etc/cracklib/cracklib.conf cracklib configuration file used by the cracklib daily cron program to rebuild the cracklib dictionary database. .TP .I /usr/sbin/crack_mkdict cracklib shell script to create initial list of words for dictionary database. .TP .I /usr/share/doc/cracklib2-dev/examples Example .BR cc (1) source files that show how .B FascistCheck is used. .SH SEE ALSO .BR crack_teststr (8), .BR crack_mkdict (8), .BR update\-cracklib (8) .br /usr/share/doc/cracklib2-dev/examples .br /usr/share/doc/cracklib2/cracklib2.html .br /usr/share/doc/cracklib2-dev/cracklib2-dev.html .SH AUTHOR .B cracklib2 is written by Alec Muffett . Manual added by Jean Pierre LeJacq . debian/cracklib.conf0000644000000000000000000000341012273252362011611 0ustar # copyright: # Copyright (C) 1998, 1999 Jean Pierre LeJacq # Modified 2003 by Martin Pitt # # Distributed under the GNU GENERAL PUBLIC LICENSE. # # description: # Host configuration of cracklib. # # Defines location of database used by cracklib as well as files # used to create this database. The database location, # cracklib_dictpath, is compiled into the utility programs that are # part of the cracklib-runtime package and should not be modified. # But you should definitely add additional entries to # cracklib_dictpath_src. The entries are separated by spaces and # should be the fully qualified path to a file of words that # passwords should not match. The files may optionally be compressed # with gzip. # # The current configuration supports both the fsstnd 1.2 and fhs 2.0 # standard location for dictionaries. # # format: # posix shell syntax. # # reference: # 1. http://www.pathname.com/fhs/2.0/fhs-toc.html # 2. http://www.pathname.com/fhs/1.2/fsstnd-toc.html # database (do not modify): readonly cracklib_dictpath="/var/cache/cracklib/cracklib_dict" # database sources: cracklib_dictpath_src="" if [ -r "/usr/share/dict/cracklib" ] then cracklib_dictpath_src="${cracklib_dictpath_src} /usr/share/dict/cracklib" fi if [ -r "/usr/local/share/dict/cracklib" ] then cracklib_dictpath_src="${cracklib_dictpath_src} /usr/local/share/dict/cracklib" fi for i in /usr/share/dict /usr/dict /usr/local/share/dict /usr/local/dict do if [ -d $i ] then for file in $(find $i -type f -print) do if $(file -z -b ${file} | grep -q "text") then cracklib_dictpath_src="${cracklib_dictpath_src} ${file}" fi done fi done debian/source/0000755000000000000000000000000012273252362010472 5ustar debian/source/format0000644000000000000000000000001412273252362011700 0ustar 3.0 (quilt) debian/cracklib-runtime.cron.daily0000644000000000000000000000060012273252362014405 0ustar #!/bin/sh set -e if [ -x /usr/sbin/update-cracklib -a -r /etc/cracklib/cracklib.conf ] then status="$(/usr/sbin/update-cracklib)" if [ -n "${status}" ] then /usr/bin/logger -p cron.info -t cracklib "updated dictionary (read/written words: ${status})." else /usr/bin/logger -p cron.info -t cracklib "no dictionary update necessary." fi fi exit 0 debian/libcrack2-dev.examples0000644000000000000000000000002212273252362013334 0ustar debian/examples/* debian/watch0000644000000000000000000000007412273252362010224 0ustar version=3 http://sf.net/cracklib/ cracklib-(2\..+)\.tar\.gz