]> eyrie.org Git - kerberos/krb5-strength.git/log
kerberos/krb5-strength.git
5 years agoChange CrackLib tests for system CrackLib archive/debian/3.1-2
Russ Allbery [Sun, 25 Dec 2016 19:50:14 +0000 (11:50 -0800)]
Change CrackLib tests for system CrackLib

The upstream test suite contains a few tests that fail with the
normal system CrackLib rules.  Modify them to expect passes so
that we can run the full test suite during the build.

Also remove CrackLib when testing character classes, since it
rejects the passwords used for minimum_different testing as too
simplistic.

Gbp-Pq: Name 0001-Change-CrackLib-tests-for-system-CrackLib.patch

5 years agoFinalize changes for 3.1-2 debian/3.1-2
Russ Allbery [Sat, 1 Sep 2018 00:07:47 +0000 (17:07 -0700)]
Finalize changes for 3.1-2

5 years agoRemove obsolete debian/source/options
Russ Allbery [Fri, 31 Aug 2018 23:59:07 +0000 (16:59 -0700)]
Remove obsolete debian/source/options

* Remove obsolete debian/source/options that was forcing the compression
  format to xz (now the default).

5 years agoAdd upstream-vcs-tag configuration to debian/gbp.conf
Russ Allbery [Fri, 31 Aug 2018 23:58:23 +0000 (16:58 -0700)]
Add upstream-vcs-tag configuration to debian/gbp.conf

5 years agoRefresh upstream signing key
Russ Allbery [Fri, 31 Aug 2018 23:57:34 +0000 (16:57 -0700)]
Refresh upstream signing key

5 years agoRemove trailing whitespace in debian/changelog
Russ Allbery [Fri, 31 Aug 2018 23:56:35 +0000 (16:56 -0700)]
Remove trailing whitespace in debian/changelog

5 years agoUpdate to debhelper compatibility levl V11
Russ Allbery [Fri, 31 Aug 2018 23:55:29 +0000 (16:55 -0700)]
Update to debhelper compatibility levl V11

5 years agoBump debian/watch version to 4 and use https
Russ Allbery [Fri, 31 Aug 2018 23:53:57 +0000 (16:53 -0700)]
Bump debian/watch version to 4 and use https

5 years agoUpdate standards version to 4.2.1
Russ Allbery [Fri, 31 Aug 2018 23:53:16 +0000 (16:53 -0700)]
Update standards version to 4.2.1

* Update standards version to 4.2.1.
  - Enable verbose test output.
  - Install the upstream release notes as NEWS.gz, not changelog.gz.
  - Add Rules-Requires-Root: no.
  - Use https for URLs in debian/copyright.
  - Change priority to optional.

7 years agoRemove another stray --parallel flag debian/3.1-1
Russ Allbery [Sun, 25 Dec 2016 20:43:21 +0000 (12:43 -0800)]
Remove another stray --parallel flag

7 years agoFinalize changes for 3.1-1
Russ Allbery [Sun, 25 Dec 2016 20:40:45 +0000 (12:40 -0800)]
Finalize changes for 3.1-1

7 years agoReplace missing PACKAGE setting in debian/rules
Russ Allbery [Sun, 25 Dec 2016 20:34:38 +0000 (12:34 -0800)]
Replace missing PACKAGE setting in debian/rules

Was too aggressive about removing this.

7 years agoFix test suite results with system CrackLib
Russ Allbery [Sun, 25 Dec 2016 19:51:50 +0000 (11:51 -0800)]
Fix test suite results with system CrackLib

* Patch the upstream test suite to change the expected results for a few
  passwords that are rejected by the embedded CrackLib but accepted by
  the system CrackLib (which the Debian package is built with).

7 years agoUpdate to debhelper compatibility level V10
Russ Allbery [Sun, 25 Dec 2016 19:37:02 +0000 (11:37 -0800)]
Update to debhelper compatibility level V10

* Update to debhelper compatibility level V10.
  - Remove explicit dh-autoreconf dependency and invocation.
  - Remove explicit --parallel flags.

7 years agoUpdate standards version to 3.9.8
Russ Allbery [Sun, 25 Dec 2016 19:34:24 +0000 (11:34 -0800)]
Update standards version to 3.9.8

7 years agoEnable all hardening flags
Russ Allbery [Sun, 25 Dec 2016 19:32:56 +0000 (11:32 -0800)]
Enable all hardening flags

7 years agoRefresh upstream signing key
Russ Allbery [Sun, 25 Dec 2016 19:32:29 +0000 (11:32 -0800)]
Refresh upstream signing key

7 years agoRefresh debian/copyright for new upstream release
Russ Allbery [Sun, 25 Dec 2016 19:31:20 +0000 (11:31 -0800)]
Refresh debian/copyright for new upstream release

7 years agoRun wrap-and-sort -ast
Russ Allbery [Sun, 25 Dec 2016 19:29:50 +0000 (11:29 -0800)]
Run wrap-and-sort -ast

7 years agoSwitch to https for all package URLs
Russ Allbery [Sun, 25 Dec 2016 19:29:18 +0000 (11:29 -0800)]
Switch to https for all package URLs

7 years agoRe-enable treating test suite failures as build failures
Russ Allbery [Sun, 25 Dec 2016 19:26:34 +0000 (11:26 -0800)]
Re-enable treating test suite failures as build failures

* Re-enable treating test suite failures as package build failures now
  that bug #724570 in CrackLib was fixed in Debian.

7 years agoAdd changelog for new upstream release
Russ Allbery [Sun, 25 Dec 2016 19:24:29 +0000 (11:24 -0800)]
Add changelog for new upstream release

7 years agoMerge tag 'upstream/3.1' into debian/master
Russ Allbery [Sun, 25 Dec 2016 19:21:47 +0000 (11:21 -0800)]
Merge tag 'upstream/3.1' into debian/master

Upstream version 3.1

7 years agoNew upstream version 3.1 upstream/3.1
Russ Allbery [Sun, 25 Dec 2016 19:21:45 +0000 (11:21 -0800)]
New upstream version 3.1

7 years agoSwitch to the DEP-14 branch layout
Russ Allbery [Sun, 25 Dec 2016 19:21:15 +0000 (11:21 -0800)]
Switch to the DEP-14 branch layout

* Switch to the DEP-14 branch layout and update debian/gbp.conf and
  Vcs-Git accordingly.

7 years agoUpdate files included in the distribution release/3.1
Russ Allbery [Sun, 25 Dec 2016 19:09:04 +0000 (11:09 -0800)]
Update files included in the distribution

7 years agoRelease 3.1
Russ Allbery [Sun, 25 Dec 2016 19:07:59 +0000 (11:07 -0800)]
Release 3.1

7 years agoAdd NEWS entry for require_classes of a number of classes
Russ Allbery [Sun, 25 Dec 2016 19:07:33 +0000 (11:07 -0800)]
Add NEWS entry for require_classes of a number of classes

7 years agoCoding style cleanup and tests for minimum classes
Russ Allbery [Fri, 23 Dec 2016 19:43:11 +0000 (11:43 -0800)]
Coding style cleanup and tests for minimum classes

Add tests for specifying a minimum number of classes, refactor for
coding style a bit, and add new tests for the new syntax errors.

7 years agoAdd support for requiring a number of character classes
Toby Blake [Mon, 19 Dec 2016 21:17:44 +0000 (13:17 -0800)]
Add support for requiring a number of character classes

Extend the required_classes config option to allow requiring at
least a given number of different character classes (whatever they
are).

7 years agoHandle errors in heimdal-strength tests better
Russ Allbery [Mon, 19 Dec 2016 02:58:34 +0000 (18:58 -0800)]
Handle errors in heimdal-strength tests better

In Travis CI, the heimdal-strength test was failing with a broken
pipe.  Apparently the timing was such that the child process would
exit with an error before IPC::Run could try to write the input,
and then IPC::Run would die with a broken pipe.  Work around this
by allowing a flag to be passed to run_heimdal_strength saying whether
to expect an error, and don't send input in that case.

7 years agoAdd DocKnot metadata and regenerate README
Russ Allbery [Sun, 18 Dec 2016 19:24:27 +0000 (11:24 -0800)]
Add DocKnot metadata and regenerate README

This also adds a Markdown version of README, mostly for GitHub.

7 years agoMove configuration instructions to man pages
Russ Allbery [Sat, 26 Nov 2016 07:02:05 +0000 (23:02 -0800)]
Move configuration instructions to man pages

Create a new krb5-strength man page that gets the configuration
instructions for the plugins (with the proper path substituted in
by the Makefile) and move other configuration details to the
heimdal-strength and heimdal-history man pages.  Duplicate the
documentation for cracklib_maxlen in the heimdal-strength man page.

This will make it easier to automate generation of the README file,
since it will now require less complex formatting.

7 years agoFix some sorting bugs in embedded CrackLib
Russ Allbery [Mon, 7 Nov 2016 06:23:13 +0000 (22:23 -0800)]
Fix some sorting bugs in embedded CrackLib

Patch the mkdict and packer in the embedded copy of CrackLib to force
C locale when sorting (avoiding a corrupted dictionary) and warn and
skip out-of-order words rather than creating a corrupted dictionary.
Patch from Mark Sirota.

7 years agoAlso check cracklib_maxlen with heimdal-strength
Russ Allbery [Mon, 7 Nov 2016 05:59:54 +0000 (21:59 -0800)]
Also check cracklib_maxlen with heimdal-strength

7 years agoFinalize Travis-CI configuration
Russ Allbery [Mon, 7 Nov 2016 03:08:42 +0000 (19:08 -0800)]
Finalize Travis-CI configuration

Now that all the bugs are fixed.  (Probably should have done that
in a branch with a pull request.  Oh well.)

7 years agoOne more attempt to fix perltidy on Travis-CI
Russ Allbery [Mon, 7 Nov 2016 03:03:38 +0000 (19:03 -0800)]
One more attempt to fix perltidy on Travis-CI

7 years agoHopefully fix perltidy failure in Travis-CI
Russ Allbery [Mon, 7 Nov 2016 02:58:24 +0000 (18:58 -0800)]
Hopefully fix perltidy failure in Travis-CI

7 years agoMore Travis-CI debugging of test failure
Russ Allbery [Mon, 7 Nov 2016 02:52:51 +0000 (18:52 -0800)]
More Travis-CI debugging of test failure

7 years agoTemporarily run perl/critic test verbose for Travis
Russ Allbery [Mon, 7 Nov 2016 02:45:40 +0000 (18:45 -0800)]
Temporarily run perl/critic test verbose for Travis

Need to figure out why this is failing.

7 years agoAdd Travis-CI configuration
Russ Allbery [Mon, 7 Nov 2016 02:36:09 +0000 (18:36 -0800)]
Add Travis-CI configuration

7 years agoUpdate to rra-c-util 5.7 and C TAP Harness 4.1
Russ Allbery [Mon, 7 Nov 2016 02:27:57 +0000 (18:27 -0800)]
Update to rra-c-util 5.7 and C TAP Harness 4.1

Update to rra-c-util 6.2:

* Use calloc in preference to malloc wherever appropriate.
* Use reallocarray in preference to realloc wherever appropriate.
* Suppress warnings from Kerberos headers under make warnings.
* Support the embedded Kerberos in Solaris 10 in library probes.
* Add missing va_end in xasprintf implementation.
* Fix logic in Test::RRA::Automake for new Automake dist checking.
* Fix all return-value checks for snprintf to avoid off-by-one error.
* Update warning flags for make warnings to GCC 6.1.0.
* Fix Test::RRA::Config for new "do" semantics in Perl 5.22.2.
* Add a new test for obsolete eyrie.org URLs.
* Require Test::Strict 0.25 or newer for Perl strictness checks.

Update to C TAP Harness 4.1:

* Replace all remaining uses of sprintf.
* Test lists may now have comments and blank lines.
* runtests -v will show the complete output from a test.
* Fix segfault in runtests when given an empty test list.
* Tests use C_TAP_SOURCE and C_TAP_BUILD instead of SOURCE and BUILD.

7 years agoFix Perl critic error in tests/tools/wordlist-t
Russ Allbery [Mon, 7 Nov 2016 02:11:16 +0000 (18:11 -0800)]
Fix Perl critic error in tests/tools/wordlist-t

Don't pass $_ explicitly as an argument to length().

7 years agoRename autogen to bootstrap
Russ Allbery [Mon, 7 Nov 2016 01:36:04 +0000 (17:36 -0800)]
Rename autogen to bootstrap

Rename the script to bootstrap from a Git checkout to bootstrap,
matching the emerging consensus in the Autoconf world.

7 years agoAdd NEWS, documentation, and test suite for cracklib_maxlen
Russ Allbery [Sun, 6 Nov 2016 23:37:17 +0000 (15:37 -0800)]
Add NEWS, documentation, and test suite for cracklib_maxlen

Also fix a few coding style nits.

7 years agoFix misuse of Readonly in make-c-data
Russ Allbery [Sun, 6 Nov 2016 23:36:45 +0000 (15:36 -0800)]
Fix misuse of Readonly in make-c-data

This script was initializing variables with Readonly via assignment
rather than the fat arrow.  The latter is the correct syntax.

7 years agoAdd option to bypass CrackLib for longer passwords
Jorj Bauer [Sun, 6 Nov 2016 23:08:57 +0000 (15:08 -0800)]
Add option to bypass CrackLib for longer passwords

Add a trapdoor length, after which cracklib doesn't function.  This is
done via a cracklib_maxlen option to krb5.conf. passwords of that length
or shorter are still vetted.  (0, the default, performs the cracklib
fascist check at any length.)

CrackLib was designed to work with passwords, when passwords were 5-8
characters long.  CrackLib makes working with passphrases difficult,
rejecting some good ones.  The SQLite dictionary can be seeded with
Engligh trigrams, providing a compensating control.  Ergo, CrackLib
shouldn't be vetting passphrases; we should leave that to SQLite.

7 years agoAdd a NEWS entry for CrackLib security issues
Russ Allbery [Wed, 19 Oct 2016 16:20:54 +0000 (09:20 -0700)]
Add a NEWS entry for CrackLib security issues

7 years agoRemove remaking CrackLib FascistGecos reference
Russ Allbery [Wed, 19 Oct 2016 16:15:19 +0000 (09:15 -0700)]
Remove remaking CrackLib FascistGecos reference

All this code was previously removed, but there was still a
reference protected by #ifdef.  Get rid of that too.

7 years agoDouble buffer size in Mangle to allow for duplicate rules
Russ Allbery [Wed, 19 Oct 2016 16:12:30 +0000 (09:12 -0700)]
Double buffer size in Mangle to allow for duplicate rules

No duplicating rules are enabled for the default rule set that is
run by the krb5-strength package, but close the latent security
vulnerability anyway.

Patch from Howard Guo <hguo@suse.com>.

10 years agoFix heimdal-history with the default DB_File::Lock
Russ Allbery [Thu, 15 May 2014 05:03:42 +0000 (22:03 -0700)]
Fix heimdal-history with the default DB_File::Lock

Change the DB_File::Lock calling method in heimdal-history to work
properly with the (buggy) CPAN version of DB_File::Lock, instead of
relying on Debian's patched version.  Thanks to Bernt Jernberg for the
report.

10 years agoPrefer *.tar.xz in debian/watch to match packaging
Russ Allbery [Sun, 13 Apr 2014 19:24:15 +0000 (12:24 -0700)]
Prefer *.tar.xz in debian/watch to match packaging

10 years agoFix Upstream-Contact email address in debian/copyright
Russ Allbery [Sun, 13 Apr 2014 19:23:25 +0000 (12:23 -0700)]
Fix Upstream-Contact email address in debian/copyright

10 years agoBegin error messages with a capital letter
Russ Allbery [Thu, 27 Mar 2014 19:58:58 +0000 (12:58 -0700)]
Begin error messages with a capital letter

Change the error messages returned for passwords that fail strength
checking to start with a capital letter.  This appears to be more
consistent with the error message conventions used inside Heimdal.

10 years agoCheck before removing /var/lib/heimdal-history debian/3.0-1
Russ Allbery [Wed, 26 Mar 2014 08:15:14 +0000 (01:15 -0700)]
Check before removing /var/lib/heimdal-history

10 years agoAdd dependency on adduser
Russ Allbery [Wed, 26 Mar 2014 07:56:47 +0000 (00:56 -0700)]
Add dependency on adduser

10 years agoManage a _history user and the history database directory
Russ Allbery [Wed, 26 Mar 2014 07:52:01 +0000 (00:52 -0700)]
Manage a _history user and the history database directory

* Create a _history user and group and a /var/lib/heimdal-history
  directory on package installation for the use of heimdal-history,
  remove the user and the standard database on purge, and remove the
  directory if empty on package purge or removal.

10 years agoFinalize changes for 3.0-1
Russ Allbery [Wed, 26 Mar 2014 07:36:23 +0000 (00:36 -0700)]
Finalize changes for 3.0-1

10 years agoAdd pkg-config build dependency
Russ Allbery [Wed, 26 Mar 2014 07:29:26 +0000 (00:29 -0700)]
Add pkg-config build dependency

10 years agoFix dependency for Perl DBD::SQLite package
Russ Allbery [Wed, 26 Mar 2014 07:25:24 +0000 (00:25 -0700)]
Fix dependency for Perl DBD::SQLite package

10 years agoAdd upstream signing key and check upstream signatures
Russ Allbery [Wed, 26 Mar 2014 07:14:01 +0000 (00:14 -0700)]
Add upstream signing key and check upstream signatures

* Add the upstream signing key to debian/upstream/signing-key.asc and
  configure uscan to do signature validation.  Configure uscan to
  download the xz tarball instead of the gz tarball.

10 years agoAdd dependencies and description for new features
Russ Allbery [Wed, 26 Mar 2014 07:11:29 +0000 (00:11 -0700)]
Add dependencies and description for new features

Also add an explanation for the Recommends so that people know
why they may need to install them.

10 years agoRemove single-debian-patch local options
Russ Allbery [Wed, 26 Mar 2014 07:04:56 +0000 (00:04 -0700)]
Remove single-debian-patch local options

If I ever have to carry any patches, I'll use gbp pq, so remove
these settings.

10 years agoAdd changelog for upstream 3.0 release
Russ Allbery [Wed, 26 Mar 2014 07:04:21 +0000 (00:04 -0700)]
Add changelog for upstream 3.0 release

10 years agoMerge tag 'upstream/3.0' into debian
Russ Allbery [Wed, 26 Mar 2014 06:58:01 +0000 (23:58 -0700)]
Merge tag 'upstream/3.0' into debian

Upstream version 3.0

10 years agoImported Upstream version 3.0 upstream/3.0
Russ Allbery [Wed, 26 Mar 2014 06:57:54 +0000 (23:57 -0700)]
Imported Upstream version 3.0

10 years agoDocument minimum_different in heimdal-strength man page release/3.0
Russ Allbery [Wed, 26 Mar 2014 06:48:04 +0000 (23:48 -0700)]
Document minimum_different in heimdal-strength man page

10 years agoFurther README changes for the addition of SQLite and history
Russ Allbery [Wed, 26 Mar 2014 06:47:23 +0000 (23:47 -0700)]
Further README changes for the addition of SQLite and history

10 years agoRelease 3.0
Russ Allbery [Wed, 26 Mar 2014 06:33:48 +0000 (23:33 -0700)]
Release 3.0

10 years agoRemove duplicate copyright declaration from heimdal-history
Russ Allbery [Wed, 26 Mar 2014 06:32:07 +0000 (23:32 -0700)]
Remove duplicate copyright declaration from heimdal-history

This confuses build-license

10 years agoAdd license statement to autogen
Russ Allbery [Wed, 26 Mar 2014 06:31:47 +0000 (23:31 -0700)]
Add license statement to autogen

It's now long enough that build-license cares about it.

10 years agoSkip more tests for valgrind checking
Russ Allbery [Wed, 26 Mar 2014 06:23:23 +0000 (23:23 -0700)]
Skip more tests for valgrind checking

Also fully-qualify the path to the suppression file, which may
matter if the tests change working directories.

10 years agoFix a memory leak during SQLite dictionary initialization
Russ Allbery [Wed, 26 Mar 2014 06:23:09 +0000 (23:23 -0700)]
Fix a memory leak during SQLite dictionary initialization

10 years agoFix skipped test count with Heimdal and no SQLite
Russ Allbery [Wed, 26 Mar 2014 06:08:42 +0000 (23:08 -0700)]
Fix skipped test count with Heimdal and no SQLite

10 years agoStick to SQLite interfaces in 3.7
Russ Allbery [Wed, 26 Mar 2014 03:58:30 +0000 (20:58 -0700)]
Stick to SQLite interfaces in 3.7

Use sqlite3_close instead of sqlite3_close_v2.  We don't need the
new semantics of sqlite3_close_v2.  Also use sqlite3_errmsg instead
of sqlite3_errstr, which actually appears to be better, assuming it
works as documented.

10 years agoReplace remaining references to cdbmake-wordlist
Russ Allbery [Tue, 25 Mar 2014 23:25:09 +0000 (16:25 -0700)]
Replace remaining references to cdbmake-wordlist

10 years agoAdd additional Perl module requirements for bootstrap
Russ Allbery [Tue, 25 Mar 2014 22:52:15 +0000 (15:52 -0700)]
Add additional Perl module requirements for bootstrap

10 years agoUpdate to rra-c-util 5.4
Russ Allbery [Tue, 25 Mar 2014 22:49:20 +0000 (15:49 -0700)]
Update to rra-c-util 5.4

* Use Lancaster Consensus environment variables to control tests.
* Work around perltidy bug that leaves behind stray log files.

RELEASE_TESTING, AUTOMATED_TESTING, and AUTHOR_TESTING are now used
to control whether to run tests that may not be of interest to the
end user.

10 years agoPerformance tuning of krb5-strength-wordlist for SQLite
Russ Allbery [Tue, 25 Mar 2014 22:28:35 +0000 (15:28 -0700)]
Performance tuning of krb5-strength-wordlist for SQLite

Apply some performance tuning from various threads at Perl Monks
to increase the speed of the bulk creation of the SQLite database.

10 years agoFix typo in the wordlist-sqlite-t test
Russ Allbery [Tue, 25 Mar 2014 22:28:17 +0000 (15:28 -0700)]
Fix typo in the wordlist-sqlite-t test

10 years agoRefactor krb5-strength-wordlist
Russ Allbery [Tue, 25 Mar 2014 20:06:37 +0000 (13:06 -0700)]
Refactor krb5-strength-wordlist

Separate the filter construction into a separate function and use
a hash for command-line arguments to make perlcritic happier with
the complexity of the main routine.

10 years agoFix perltidy error in wordlist-sqlite test
Russ Allbery [Tue, 25 Mar 2014 19:28:52 +0000 (12:28 -0700)]
Fix perltidy error in wordlist-sqlite test

10 years agoAdd test for krb5-strength-wordlist SQLite generation
Russ Allbery [Tue, 25 Mar 2014 18:40:17 +0000 (11:40 -0700)]
Add test for krb5-strength-wordlist SQLite generation

10 years agoSeparate krb5-strength-wordlist filtering to another test
Russ Allbery [Tue, 25 Mar 2014 18:21:34 +0000 (11:21 -0700)]
Separate krb5-strength-wordlist filtering to another test

Rather than merging the wordlist filtering test with the CDB test,
move it to a different unit test program.  This is probably overkill
for the tiny test that we do, but oh well.  It will make adding more
tests later somewhat easier if we ever do.

10 years agoAdd stopword for heimdal-strength documentation
Russ Allbery [Tue, 25 Mar 2014 18:20:28 +0000 (11:20 -0700)]
Add stopword for heimdal-strength documentation

10 years agoDocument the SQLite requirements in README
Russ Allbery [Tue, 25 Mar 2014 08:11:35 +0000 (01:11 -0700)]
Document the SQLite requirements in README

10 years agoAdd real Autoconf probing for SQLite
Russ Allbery [Tue, 25 Mar 2014 08:07:27 +0000 (01:07 -0700)]
Add real Autoconf probing for SQLite

Change all the defines to look for HAVE_SQLITE instead of
HAVE_SQLITE3, since non-v3 versions are so old that I'm not going
to worry about the naming.  Add an Autoconf probe for SQLite that
tries pkg-config first and falls back on library probing.

10 years agoAdd a full complement of edit distance one SQLite checks
Russ Allbery [Tue, 25 Mar 2014 07:42:29 +0000 (00:42 -0700)]
Add a full complement of edit distance one SQLite checks

Fix one logic error uncovered by the more complete tests, which
produced the wrong result when the edit involved a sequence of
repeated characters.

10 years agoAdd support for SQLite dictionaries
Russ Allbery [Tue, 25 Mar 2014 07:09:39 +0000 (00:09 -0700)]
Add support for SQLite dictionaries

The krb5-strength plugin and heimdal-strength program now support a
SQLite password dictionary.  This format of dictionary can detect any
password within edit distance one of a dictionary word, meaning that
the dictionary word can be formed by adding, removing, or changing a
single character in the password.  A SQLite password dictionary can be
used alone or in combination with any of the other supported
dictionary types.  SQLite dictionary support is based on work by David
Mazières.

10 years agoFix minor perlcritic errors in krb5-strength-wordlist
Russ Allbery [Tue, 25 Mar 2014 06:48:26 +0000 (23:48 -0700)]
Fix minor perlcritic errors in krb5-strength-wordlist

Add a missing stopword for spell checking and ignore the literal
newlines in the SQL code constants.

10 years agoFix CDB krb5-strength-wordlist check for no overwrite behavior
Russ Allbery [Tue, 25 Mar 2014 05:58:07 +0000 (22:58 -0700)]
Fix CDB krb5-strength-wordlist check for no overwrite behavior

We now decline to overwrite an existing file, so adjust the test
suite to remove the generated file between tests.

10 years agoRename cdbmake-wordlist and add SQLite support
Russ Allbery [Tue, 25 Mar 2014 02:16:12 +0000 (19:16 -0700)]
Rename cdbmake-wordlist and add SQLite support

cdbmake-wordlist has been renamed to krb5-strength-wordlist.
Generating CDB dictionaries now requires the -c option; see the
documentation for more information.  A SQLite database of dictionary
words can now be created instead, using the -s option.

10 years agoWipe password copies before freeing them
Russ Allbery [Thu, 6 Mar 2014 19:45:24 +0000 (11:45 -0800)]
Wipe password copies before freeing them

We make a copy of the user's password in several places when doing
checks for passwords based on the user's principal.  Be sure to
wipe those copies with memset before freeing them.

10 years agoUpdate to rra-c-util 5.3 and C TAP Harness 3.0
Russ Allbery [Thu, 6 Mar 2014 03:49:23 +0000 (19:49 -0800)]
Update to rra-c-util 5.3 and C TAP Harness 3.0

Update to rra-c-util 5.3:

* Fix portable/krb5.h build with a C++ compiler.

Update to C TAP Harness 3.0:

* Reopen standard input to /dev/null when running a test list.
* Don't leak extraneous file descriptors to tests.

10 years agoAdd a test suite for heimdal-history
Russ Allbery [Thu, 27 Feb 2014 06:31:42 +0000 (22:31 -0800)]
Add a test suite for heimdal-history

10 years agoFix POD stopwords for heimdal-history
Russ Allbery [Thu, 27 Feb 2014 06:31:30 +0000 (22:31 -0800)]
Fix POD stopwords for heimdal-history

10 years agoFix the -s flag to heimdal-history (alternate quality checker)
Russ Allbery [Thu, 27 Feb 2014 06:22:48 +0000 (22:22 -0800)]
Fix the -s flag to heimdal-history (alternate quality checker)

heimdal-history claimed to support an -s option that specified a
different path to the quality check program to run, but it didn't
actually work.  Add support for it.

10 years agoSupport -q option to heimdal-history to suppress syslog
Russ Allbery [Thu, 27 Feb 2014 06:22:15 +0000 (22:22 -0800)]
Support -q option to heimdal-history to suppress syslog

The -q option to heimdal-history will prevent it from logging to
syslog.  This is needed for the test suite to avoid spamming the
local syslog log.

10 years agoSkip Perl strictness testing if module prereqs are missing
Russ Allbery [Thu, 27 Feb 2014 04:04:54 +0000 (20:04 -0800)]
Skip Perl strictness testing if module prereqs are missing

Modify the standard Perl strictness test, which also checks Perl
scripts for syntax errors, to support a list of prerequisite
modules.  Skip the test if any of those modules can't be loaded,
since they'll otherwise cause failures.  This makes the testing
more robust given that we have some scripts that require a bunch
of Perl modules not needed by the main package.

10 years agoAdd minimum_different configuration option
Russ Allbery [Thu, 27 Feb 2014 02:52:21 +0000 (18:52 -0800)]
Add minimum_different configuration option

A new configuration option, minimum_different, can be set to require
that passwords contain at least that many unique characters.  This can
be used to reject long strings of identical characters or short
patterns, which may pass other checks but still be too easy to guess.