From: Russ Allbery <eagle@eyrie.org>
Date: Mon, 7 Nov 2016 05:59:54 +0000 (-0800)
Subject: Also check cracklib_maxlen with heimdal-strength
X-Git-Tag: release/3.1~9
X-Git-Url: https://git.eyrie.org/?a=commitdiff_plain;h=ba8da31136ee83582be53300c955e24e06b2edcf;p=kerberos%2Fkrb5-strength.git

Also check cracklib_maxlen with heimdal-strength
---

diff --git a/tests/tools/heimdal-strength-t b/tests/tools/heimdal-strength-t
index 3130fb1..1c958ac 100755
--- a/tests/tools/heimdal-strength-t
+++ b/tests/tools/heimdal-strength-t
@@ -158,6 +158,9 @@ for my $type (qw(cdb classes cracklib length letter principal sqlite)) {
 # We run the principal tests three times, for CrackLib, CDB, and SQLite.
 $count += 2 * scalar(@{ $tests{principal} });
 
+# We run the length checks twice.
+$count += scalar(@{ $tests{length} });
+
 # We can now calculate our plan based on three tests for each password test,
 # plus 21 additional tests for error handling.
 plan(tests => $count * 3 + 21);
@@ -189,6 +192,24 @@ for my $test (@{ $tests{length} }) {
     check_password($test);
 }
 
+# Add a CrackLib dictionary and a maximum password length setting.
+$krb5_conf = create_krb5_conf(
+    {
+        password_dictionary => "$datadir/dictionary",
+        minimum_length      => 12,
+        cracklib_maxlen     => 11,
+    }
+);
+local $ENV{KRB5_CONFIG} = $krb5_conf;
+
+# Run the length checks again.  They should have the same result, even though
+# there's a CrackLib dictionary, since the dictionary hit is above the minimum
+# length.
+note('Password length checks with cracklib_maxlen');
+for my $test (@{ $tests{length} }) {
+    check_password($test);
+}
+
 # Install the krb5.conf file for simple character class restrictions.
 $krb5_conf = create_krb5_conf(
     {