Russ Allbery [Sun, 25 Dec 2016 19:50:14 +0000 (11:50 -0800)]
Change CrackLib tests for system CrackLib
The upstream test suite contains a few tests that fail with the
normal system CrackLib rules. Modify them to expect passes so
that we can run the full test suite during the build.
Also remove CrackLib when testing character classes, since it
rejects the passwords used for minimum_different testing as too
simplistic.
Gbp-Pq: Name 0001-Change-CrackLib-tests-for-system-CrackLib.patch
Russ Allbery [Fri, 31 Aug 2018 23:53:16 +0000 (16:53 -0700)]
Update standards version to 4.2.1
* Update standards version to 4.2.1.
- Enable verbose test output.
- Install the upstream release notes as NEWS.gz, not changelog.gz.
- Add Rules-Requires-Root: no.
- Use https for URLs in debian/copyright.
- Change priority to optional.
Russ Allbery [Sun, 25 Dec 2016 19:51:50 +0000 (11:51 -0800)]
Fix test suite results with system CrackLib
* Patch the upstream test suite to change the expected results for a few
passwords that are rejected by the embedded CrackLib but accepted by
the system CrackLib (which the Debian package is built with).
Russ Allbery [Mon, 19 Dec 2016 02:58:34 +0000 (18:58 -0800)]
Handle errors in heimdal-strength tests better
In Travis CI, the heimdal-strength test was failing with a broken
pipe. Apparently the timing was such that the child process would
exit with an error before IPC::Run could try to write the input,
and then IPC::Run would die with a broken pipe. Work around this
by allowing a flag to be passed to run_heimdal_strength saying whether
to expect an error, and don't send input in that case.
Russ Allbery [Sat, 26 Nov 2016 07:02:05 +0000 (23:02 -0800)]
Move configuration instructions to man pages
Create a new krb5-strength man page that gets the configuration
instructions for the plugins (with the proper path substituted in
by the Makefile) and move other configuration details to the
heimdal-strength and heimdal-history man pages. Duplicate the
documentation for cracklib_maxlen in the heimdal-strength man page.
This will make it easier to automate generation of the README file,
since it will now require less complex formatting.
Russ Allbery [Mon, 7 Nov 2016 06:23:13 +0000 (22:23 -0800)]
Fix some sorting bugs in embedded CrackLib
Patch the mkdict and packer in the embedded copy of CrackLib to force
C locale when sorting (avoiding a corrupted dictionary) and warn and
skip out-of-order words rather than creating a corrupted dictionary.
Patch from Mark Sirota.
Russ Allbery [Mon, 7 Nov 2016 02:27:57 +0000 (18:27 -0800)]
Update to rra-c-util 5.7 and C TAP Harness 4.1
Update to rra-c-util 6.2:
* Use calloc in preference to malloc wherever appropriate.
* Use reallocarray in preference to realloc wherever appropriate.
* Suppress warnings from Kerberos headers under make warnings.
* Support the embedded Kerberos in Solaris 10 in library probes.
* Add missing va_end in xasprintf implementation.
* Fix logic in Test::RRA::Automake for new Automake dist checking.
* Fix all return-value checks for snprintf to avoid off-by-one error.
* Update warning flags for make warnings to GCC 6.1.0.
* Fix Test::RRA::Config for new "do" semantics in Perl 5.22.2.
* Add a new test for obsolete eyrie.org URLs.
* Require Test::Strict 0.25 or newer for Perl strictness checks.
Update to C TAP Harness 4.1:
* Replace all remaining uses of sprintf.
* Test lists may now have comments and blank lines.
* runtests -v will show the complete output from a test.
* Fix segfault in runtests when given an empty test list.
* Tests use C_TAP_SOURCE and C_TAP_BUILD instead of SOURCE and BUILD.
Jorj Bauer [Sun, 6 Nov 2016 23:08:57 +0000 (15:08 -0800)]
Add option to bypass CrackLib for longer passwords
Add a trapdoor length, after which cracklib doesn't function. This is
done via a cracklib_maxlen option to krb5.conf. passwords of that length
or shorter are still vetted. (0, the default, performs the cracklib
fascist check at any length.)
CrackLib was designed to work with passwords, when passwords were 5-8
characters long. CrackLib makes working with passphrases difficult,
rejecting some good ones. The SQLite dictionary can be seeded with
Engligh trigrams, providing a compensating control. Ergo, CrackLib
shouldn't be vetting passphrases; we should leave that to SQLite.
Russ Allbery [Wed, 19 Oct 2016 16:12:30 +0000 (09:12 -0700)]
Double buffer size in Mangle to allow for duplicate rules
No duplicating rules are enabled for the default rule set that is
run by the krb5-strength package, but close the latent security
vulnerability anyway.
Russ Allbery [Thu, 15 May 2014 05:03:42 +0000 (22:03 -0700)]
Fix heimdal-history with the default DB_File::Lock
Change the DB_File::Lock calling method in heimdal-history to work
properly with the (buggy) CPAN version of DB_File::Lock, instead of
relying on Debian's patched version. Thanks to Bernt Jernberg for the
report.
Russ Allbery [Thu, 27 Mar 2014 19:58:58 +0000 (12:58 -0700)]
Begin error messages with a capital letter
Change the error messages returned for passwords that fail strength
checking to start with a capital letter. This appears to be more
consistent with the error message conventions used inside Heimdal.
Russ Allbery [Wed, 26 Mar 2014 07:52:01 +0000 (00:52 -0700)]
Manage a _history user and the history database directory
* Create a _history user and group and a /var/lib/heimdal-history
directory on package installation for the use of heimdal-history,
remove the user and the standard database on purge, and remove the
directory if empty on package purge or removal.
Russ Allbery [Wed, 26 Mar 2014 07:14:01 +0000 (00:14 -0700)]
Add upstream signing key and check upstream signatures
* Add the upstream signing key to debian/upstream/signing-key.asc and
configure uscan to do signature validation. Configure uscan to
download the xz tarball instead of the gz tarball.
Russ Allbery [Wed, 26 Mar 2014 03:58:30 +0000 (20:58 -0700)]
Stick to SQLite interfaces in 3.7
Use sqlite3_close instead of sqlite3_close_v2. We don't need the
new semantics of sqlite3_close_v2. Also use sqlite3_errmsg instead
of sqlite3_errstr, which actually appears to be better, assuming it
works as documented.
Russ Allbery [Tue, 25 Mar 2014 20:06:37 +0000 (13:06 -0700)]
Refactor krb5-strength-wordlist
Separate the filter construction into a separate function and use
a hash for command-line arguments to make perlcritic happier with
the complexity of the main routine.
Russ Allbery [Tue, 25 Mar 2014 18:21:34 +0000 (11:21 -0700)]
Separate krb5-strength-wordlist filtering to another test
Rather than merging the wordlist filtering test with the CDB test,
move it to a different unit test program. This is probably overkill
for the tiny test that we do, but oh well. It will make adding more
tests later somewhat easier if we ever do.
Russ Allbery [Tue, 25 Mar 2014 08:07:27 +0000 (01:07 -0700)]
Add real Autoconf probing for SQLite
Change all the defines to look for HAVE_SQLITE instead of
HAVE_SQLITE3, since non-v3 versions are so old that I'm not going
to worry about the naming. Add an Autoconf probe for SQLite that
tries pkg-config first and falls back on library probing.
Russ Allbery [Tue, 25 Mar 2014 07:09:39 +0000 (00:09 -0700)]
Add support for SQLite dictionaries
The krb5-strength plugin and heimdal-strength program now support a
SQLite password dictionary. This format of dictionary can detect any
password within edit distance one of a dictionary word, meaning that
the dictionary word can be formed by adding, removing, or changing a
single character in the password. A SQLite password dictionary can be
used alone or in combination with any of the other supported
dictionary types. SQLite dictionary support is based on work by David
Mazières.
Russ Allbery [Tue, 25 Mar 2014 02:16:12 +0000 (19:16 -0700)]
Rename cdbmake-wordlist and add SQLite support
cdbmake-wordlist has been renamed to krb5-strength-wordlist.
Generating CDB dictionaries now requires the -c option; see the
documentation for more information. A SQLite database of dictionary
words can now be created instead, using the -s option.
Russ Allbery [Thu, 6 Mar 2014 19:45:24 +0000 (11:45 -0800)]
Wipe password copies before freeing them
We make a copy of the user's password in several places when doing
checks for passwords based on the user's principal. Be sure to
wipe those copies with memset before freeing them.
Russ Allbery [Thu, 27 Feb 2014 06:22:48 +0000 (22:22 -0800)]
Fix the -s flag to heimdal-history (alternate quality checker)
heimdal-history claimed to support an -s option that specified a
different path to the quality check program to run, but it didn't
actually work. Add support for it.
Russ Allbery [Thu, 27 Feb 2014 04:04:54 +0000 (20:04 -0800)]
Skip Perl strictness testing if module prereqs are missing
Modify the standard Perl strictness test, which also checks Perl
scripts for syntax errors, to support a list of prerequisite
modules. Skip the test if any of those modules can't be loaded,
since they'll otherwise cause failures. This makes the testing
more robust given that we have some scripts that require a bunch
of Perl modules not needed by the main package.
Russ Allbery [Thu, 27 Feb 2014 02:52:21 +0000 (18:52 -0800)]
Add minimum_different configuration option
A new configuration option, minimum_different, can be set to require
that passwords contain at least that many unique characters. This can
be used to reject long strings of identical characters or short
patterns, which may pass other checks but still be too easy to guess.