Unbreak and otherwise improve this port:

* Use standard source of PECL-sources -- the old MASTER_SITE is
	  gone, and good riddance too, because the difference between
	  0.4 and 0.4.1 was an irrelevant one-liner.
	* Patch to use modern PHP ZEND API
	* Patch to actually use cracklib as advertized -- since the
	  port's inception it LIB_DEPENDed on security/cracklib and
	  advertized its use in pkg-descr, lying on both accounts.
	* Throw in a couple of basic usage tests rejecting bad passwords
	  and accepting good ones.

Special thanks to Nathan Neulinger for making the necessary cracklib function
accessible and to cy@ for promptly updating security/cracklib to use
Nathan's latest release.
This commit is contained in:
Mikhail Teterin 2015-04-14 01:27:51 +00:00
parent 4e33706127
commit a5677f353b
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=383970
5 changed files with 250 additions and 10 deletions

View file

@ -2,29 +2,35 @@
# $FreeBSD$ # $FreeBSD$
PORTNAME= crack PORTNAME= crack
PORTVERSION= 0.4.1 PORTVERSION= 0.4
PORTREVISION= 5 PORTEPOCH= 1
CATEGORIES= security www CATEGORIES= security www
MASTER_SITES= http://www.osuweb.net/~ahaning/ MASTER_SITES= http://pecl.php.net/get/
PKGNAMEPREFIX= pecl- PKGNAMEPREFIX= pecl-
EXTRACT_SUFX= .tgz
DIST_SUBDIR= PECL DIST_SUBDIR= PECL
MAINTAINER= ports@FreeBSD.org MAINTAINER= ports@FreeBSD.org
COMMENT= PECL extension to cracklib COMMENT= PECL extension to cracklib
DEPRECATED= requires php53, security EOL reached 14 Aug 2014 LICENSE= PHP30
EXPIRATION_DATE= 2015-04-15
LIB_DEPENDS= libcrack.so:${PORTSDIR}/security/cracklib LIB_DEPENDS= libcrack.so:${PORTSDIR}/security/cracklib
USES= tar:tgz
USE_PHP= yes USE_PHP= yes
USE_PHPIZE= yes USE_PHPIZE= yes
USE_PHP_BUILD= yes USE_PHP_BUILD= yes
USE_PHPEXT= yes USE_PHPEXT= yes
PHP_MODNAME= crack PHP_MODNAME= crack
IGNORE_WITH_PHP=5 55 56 EXTRACT_AFTER_ARGS=--no-same-permissions --no-same-owner --exclude libcrack
CONFIGURE_ARGS= --with-crack=${LOCALBASE}
CFLAGS+= -Wno-deprecated
WRKSRC= ${WRKDIR}/crack-0.4 post-configure:
${REINPLACE_CMD} -e 's|^\$$ini_overwrites.*|&'"'"'crack.default_dictionary=\"${LOCALBASE}/libdata/cracklib/pw_dict\"'"'"',|' \
${WRKSRC}/run-tests.php
test check regression-test: build
${MAKE} -C ${WRKSRC} test < /dev/null
.include <bsd.port.mk> .include <bsd.port.mk>

View file

@ -1,2 +1,2 @@
SHA256 (PECL/crack-0.4.1.tgz) = d9ba43b3678fb46db0eee659d9e000e9bad682bc7702d33f6d7e293d7f6f08ad SHA256 (PECL/crack-0.4.tgz) = 00a5250a6c82b39c1aefcb6e1ce0980da5df49c9bfc6ade9a8e867d89e87f560
SIZE (PECL/crack-0.4.1.tgz) = 25143 SIZE (PECL/crack-0.4.tgz) = 25524

View file

@ -0,0 +1,169 @@
--- crack.c 2005-09-21 05:00:06.000000000 -0400
+++ crack.c 2015-04-13 20:41:24.000000000 -0400
@@ -32,5 +32,5 @@
#include "php_crack.h"
-#include "libcrack/src/cracklib.h"
+#include <packer.h>
/* True global resources - no need for thread safety here */
@@ -39,5 +39,5 @@
/* {{{ crack_functions[]
*/
-function_entry crack_functions[] = {
+zend_function_entry crack_functions[] = {
PHP_FE(crack_opendict, NULL)
PHP_FE(crack_closedict, NULL)
@@ -91,42 +91,7 @@
/* {{{ php_crack_checkpath
*/
-static int php_crack_checkpath(char* path TSRMLS_DC)
+static int php_crack_checkpath(const char* path TSRMLS_DC)
{
- char *filename;
- int filename_len;
- int result = SUCCESS;
-
- if (PG(safe_mode)) {
- filename_len = strlen(path) + 10;
- filename = (char *) emalloc(filename_len);
- if (NULL == filename) {
- return FAILURE;
- }
-
- memset(filename, '\0', filename_len);
- strcpy(filename, path);
- strcat(filename, ".pwd");
- if (!php_checkuid(filename, "r", CHECKUID_CHECK_FILE_AND_DIR)) {
- efree(filename);
- return FAILURE;
- }
-
- memset(filename, '\0', filename_len);
- strcpy(filename, path);
- strcat(filename, ".pwi");
- if (!php_checkuid(filename, "r", CHECKUID_CHECK_FILE_AND_DIR)) {
- efree(filename);
- return FAILURE;
- }
-
- memset(filename, '\0', filename_len);
- strcpy(filename, path);
- strcat(filename, ".hwm");
- if (!php_checkuid(filename, "r", CHECKUID_CHECK_FILE_AND_DIR)) {
- efree(filename);
- return FAILURE;
- }
- }
-
+
if (php_check_open_basedir(path TSRMLS_CC)) {
return FAILURE;
@@ -155,7 +120,6 @@
{
if ((-1 == CRACKG(default_dict)) && (NULL != CRACKG(default_dictionary))) {
- CRACKLIB_PWDICT *pwdict;
- printf("trying to open: %s\n", CRACKG(default_dictionary));
- pwdict = cracklib_pw_open(CRACKG(default_dictionary), "r");
+ PWDICT *pwdict;
+ pwdict = PWOpen(CRACKG(default_dictionary), "r");
if (NULL != pwdict) {
ZEND_REGISTER_RESOURCE(return_value, pwdict, le_crack);
@@ -172,8 +136,8 @@
static void php_crack_module_dtor(zend_rsrc_list_entry *rsrc TSRMLS_DC)
{
- CRACKLIB_PWDICT *pwdict = (CRACKLIB_PWDICT *) rsrc->ptr;
+ PWDICT *pwdict = (PWDICT *) rsrc->ptr;
if (pwdict != NULL) {
- cracklib_pw_close(pwdict);
+ PWClose(pwdict);
}
}
@@ -245,5 +209,5 @@
char *path;
int path_len;
- CRACKLIB_PWDICT *pwdict;
+ PWDICT *pwdict;
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &path, &path_len) == FAILURE) {
@@ -255,5 +219,5 @@
}
- pwdict = cracklib_pw_open(path, "r");
+ pwdict = PWOpen(path, "r");
if (NULL == pwdict) {
#if ZEND_MODULE_API_NO >= 20021010
@@ -276,5 +240,5 @@
zval *dictionary = NULL;
int id = -1;
- CRACKLIB_PWDICT *pwdict;
+ PWDICT *pwdict;
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|r", &dictionary)) {
@@ -293,5 +257,5 @@
}
}
- ZEND_FETCH_RESOURCE(pwdict, CRACKLIB_PWDICT *, &dictionary, id, "crack dictionary", le_crack);
+ ZEND_FETCH_RESOURCE(pwdict, PWDICT *, &dictionary, id, "crack dictionary", le_crack);
if (NULL == dictionary) {
@@ -319,5 +283,5 @@
int gecos_len;
char *message;
- CRACKLIB_PWDICT *pwdict;
+ PWDICT *pwdict;
int id = -1;
@@ -327,10 +291,36 @@
}
- if (zend_parse_parameters_ex(ZEND_PARSE_PARAMS_QUIET, ZEND_NUM_ARGS() TSRMLS_CC, "rs", &dictionary, &password, &password_len) == FAILURE) {
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|ssr", &password, &password_len, &username, &username_len, &gecos, &gecos_len, &dictionary) == FAILURE) {
- RETURN_FALSE;
- }
+ switch (ZEND_NUM_ARGS()) {
+ case 1:
+ id = zend_parse_parameters(1 TSRMLS_CC, "s",
+ &password, &password_len);
+ dictionary = NULL;
+ break;
+ case 2:
+ id = zend_parse_parameters(2 TSRMLS_CC, "rs",
+ &dictionary,
+ &password, &password_len);
+ break;
+ case 3:
+ id = zend_parse_parameters(3 TSRMLS_CC, "sss",
+ &password, &password_len,
+ &username, &username_len,
+ &gecos, &gecos_len);
+ dictionary = NULL;
+ break;
+ case 4:
+ id = zend_parse_parameters(3 TSRMLS_CC, "sssr",
+ &password, &password_len,
+ &username, &username_len,
+ &gecos, &gecos_len,
+ &dictionary);
+ break;
+ default:
+ WRONG_PARAM_COUNT;
}
-
+
+ if (id == FAILURE)
+ RETURN_FALSE;
+
if (NULL == dictionary) {
id = php_crack_get_default_dict(INTERNAL_FUNCTION_PARAM_PASSTHRU);
@@ -344,7 +334,7 @@
}
}
- ZEND_FETCH_RESOURCE(pwdict, CRACKLIB_PWDICT *, &dictionary, id, "crack dictionary", le_crack);
+ ZEND_FETCH_RESOURCE(pwdict, PWDICT *, &dictionary, id, "crack dictionary", le_crack);
- message = cracklib_fascist_look_ex(pwdict, password, username, gecos);
+ message = FascistLookUser(pwdict, password, username, gecos);
if (NULL == message) {

View file

@ -0,0 +1,56 @@
Add a few tests to verify basic usage. Additional contributions welcome.
-mi
+++ tests/002.phpt 2015-04-13 20:40:26.000000000 -0400
@@ -0,0 +1,16 @@
+--TEST--
+Verify rejection of very simple password
+--SKIPIF--
+--POST--
+--GET--
+--FILE--
+<?php
+if (crack_check("password")) {
+ echo "Bad, password 'password' accepted\n";
+} else {
+ echo "Good, password 'password' rejected\n";
+}
+
+?>
+--EXPECT--
+Good, password 'password' rejected
+++ tests/003.phpt 2015-04-13 20:48:28.000000000 -0400
@@ -0,0 +1,15 @@
+--TEST--
+Verify rejection of password identical to username
+--SKIPIF--
+--POST--
+--GET--
+--FILE--
+<?php
+if (crack_check("b1934c823b137a492a13decfb939593e", "b1934c823b137a492a13decfb939593e", NULL)) {
+ echo "Bad, password identical to username accepted\n";
+} else {
+ echo "Good, password identical to username rejected\n";
+}
+?>
+--EXPECTREGEX--
+Good, password identical to username rejected
+++ tests/004.phpt 2015-04-13 20:40:43.000000000 -0400
@@ -0,0 +1,15 @@
+--TEST--
+Verify acceptance of good password
+--SKIPIF--
+--POST--
+--GET--
+--FILE--
+<?php
+if (crack_check("6f763fbe906fc3c2fd57f3bcfa4afe79")) {
+ echo "Good, harsh password accepted\n";
+} else {
+ echo "Bad, password harsh rejected\n";
+}
+?>
+--EXPECT--
+Good, harsh password accepted

View file

@ -0,0 +1,9 @@
--- config.m4 2005-09-21 05:00:06.000000000 -0400
+++ config.m4 2015-04-09 21:44:51.000000000 -0400
@@ -9,6 +9,4 @@
if test "$PHP_CRACK" != "yes"; then
- AC_MSG_ERROR(Only the bundled library is supported right now)
-
for i in $PHP_CRACK/lib $PHP_CRACK/cracklib /usr/local/lib /usr/lib; do
test -f $i/libcrack.$SHLIB_SUFFIX_NAME -o -f $i/libcrack.a && CRACK_LIBDIR=$i && break