websms/freeipa
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Import Upstream version 4.12.4

Browse Source
This commit is contained in:
geos_one
2025-08-12 22:28:56 +02:00
parent 03a8170b15
commit 9181ee2487
1629 changed files with 874094 additions and 554378 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
util/Makefile.am
View File

@@ -1,20 +1,31 @@
NULL =
AUTOMAKE_OPTIONS = 1.7 subdir-objects
AM_CPPFLAGS = $(CRYPTO_CFLAGS) $(KRB5_CFLAGS) $(LDAP_CFLAGS)
AM_CPPFLAGS = $(CRYPTO_CFLAGS) $(KRB5_CFLAGS) $(LDAP_CFLAGS) $(PWQUALITY_CFLAGS)
noinst_LTLIBRARIES = libutil.la
libutil_la_SOURCES = ipa_krb5.c \
libutil_la_SOURCES = \
ipa_hostname.c \
ipa_hostname.h \
ipa_krb5.c \
ipa_krb5.h \
ipa_mspac.h \
ipa_ldap.c \
ipa_ldap.h \
ipa_pwd.c \
ipa_pwd.h \
ipa_pwd_ntlm.c
ipa_pwd_ntlm.c \
$(NULL)
libutil_la_LIBADD = $(CRYPTO_LIBS) $(KRB5_LIBS) $(LDAP_LIBS)
libutil_la_LIBADD = $(CRYPTO_LIBS) $(KRB5_LIBS) $(LDAP_LIBS) $(PWQUALITY_LIBS)
check_PROGRAMS = t_pwd
TESTS = $(check_PROGRAMS)
t_pwd_LDADD = libutil.la
if ENABLE_SERVER
check_PROGRAMS += t_policy
t_policy_LDADD = libutil.la
endif
TESTS = $(check_PROGRAMS)

184
util/Makefile.in
View File

@@ -1,7 +1,7 @@
# Makefile.in generated by automake 1.16.2 from Makefile.am.
# Makefile.in generated by automake 1.17 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2020 Free Software Foundation, Inc.
# Copyright (C) 1994-2024 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -70,6 +70,8 @@ am__make_running_with_option = \
test $$has_opt = yes
am__make_dryrun = (target_option=n; $(am__make_running_with_option))
am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
am__rm_f = rm -f $(am__rm_f_notfound)
am__rm_rf = rm -rf $(am__rm_f_notfound)
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
@@ -88,7 +90,8 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
check_PROGRAMS = t_pwd$(EXEEXT)
check_PROGRAMS = t_pwd$(EXEEXT) $(am__EXEEXT_1)
@ENABLE_SERVER_TRUE@am__append_1 = t_policy
subdir = util
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
@@ -107,17 +110,22 @@ mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
@ENABLE_SERVER_TRUE@am__EXEEXT_1 = t_policy$(EXEEXT)
LTLIBRARIES = $(noinst_LTLIBRARIES)
am__DEPENDENCIES_1 =
libutil_la_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
$(am__DEPENDENCIES_1)
am_libutil_la_OBJECTS = ipa_krb5.lo ipa_ldap.lo ipa_pwd.lo \
ipa_pwd_ntlm.lo
$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
am__objects_1 =
am_libutil_la_OBJECTS = ipa_hostname.lo ipa_krb5.lo ipa_ldap.lo \
ipa_pwd.lo ipa_pwd_ntlm.lo $(am__objects_1)
libutil_la_OBJECTS = $(am_libutil_la_OBJECTS)
AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
am__v_lt_0 = --silent
am__v_lt_1 =
t_policy_SOURCES = t_policy.c
t_policy_OBJECTS = t_policy.$(OBJEXT)
@ENABLE_SERVER_TRUE@t_policy_DEPENDENCIES = libutil.la
t_pwd_SOURCES = t_pwd.c
t_pwd_OBJECTS = t_pwd.$(OBJEXT)
t_pwd_DEPENDENCIES = libutil.la
@@ -136,9 +144,10 @@ am__v_at_1 =
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__maybe_remake_depfiles = depfiles
am__depfiles_remade = ./$(DEPDIR)/ipa_krb5.Plo \
./$(DEPDIR)/ipa_ldap.Plo ./$(DEPDIR)/ipa_pwd.Plo \
./$(DEPDIR)/ipa_pwd_ntlm.Plo ./$(DEPDIR)/t_pwd.Po
am__depfiles_remade = ./$(DEPDIR)/ipa_hostname.Plo \
./$(DEPDIR)/ipa_krb5.Plo ./$(DEPDIR)/ipa_ldap.Plo \
./$(DEPDIR)/ipa_pwd.Plo ./$(DEPDIR)/ipa_pwd_ntlm.Plo \
./$(DEPDIR)/t_policy.Po ./$(DEPDIR)/t_pwd.Po
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -158,8 +167,8 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@)
am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
am__v_CCLD_0 = @echo " CCLD " $@;
am__v_CCLD_1 =
SOURCES = $(libutil_la_SOURCES) t_pwd.c
DIST_SOURCES = $(libutil_la_SOURCES) t_pwd.c
SOURCES = $(libutil_la_SOURCES) t_policy.c t_pwd.c
DIST_SOURCES = $(libutil_la_SOURCES) t_policy.c t_pwd.c
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
@@ -182,8 +191,6 @@ am__define_uniq_tagged_files = \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
am__tty_colors_dummy = \
mgn= red= grn= lgn= blu= brg= std=; \
am__color_tests=no
@@ -228,10 +235,9 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__uninstall_files_from_dir = { \
test -z "$$files" \
|| { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
|| { echo " ( cd '$$dir' && rm -f" $$files ")"; \
$(am__cd) "$$dir" && rm -f $$files; }; \
{ test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
|| { echo " ( cd '$$dir' && rm -f" $$files ")"; \
$(am__cd) "$$dir" && echo $$files | $(am__xargs_n) 40 $(am__rm_f); }; \
}
am__recheck_rx = ^[ ]*:recheck:[ ]*
am__global_test_result_rx = ^[ ]*:global-test-result:[ ]*
@@ -319,6 +325,7 @@ am__sh_e_setup = case $$- in *e*) set +e;; esac
# Default flags passed to test drivers.
am__common_driver_flags = \
--color-tests "$$am__color_tests" \
$$am__collect_skipped_logs \
--enable-hard-errors "$$am__enable_hard_errors" \
--expect-failure "$$am__expect_failure"
# To be inserted before the command running the test. Creates the
@@ -343,6 +350,11 @@ if test -f "./$$f"; then dir=./; \
elif test -f "$$f"; then dir=; \
else dir="$(srcdir)/"; fi; \
tst=$$dir$$f; log='$@'; \
if test -n '$(IGNORE_SKIPPED_LOGS)'; then \
am__collect_skipped_logs='--collect-skipped-logs no'; \
else \
am__collect_skipped_logs=''; \
fi; \
if test -n '$(DISABLE_HARD_ERRORS)'; then \
am__enable_hard_errors=no; \
else \
@@ -366,6 +378,7 @@ am__set_TESTS_bases = \
bases='$(TEST_LOGS)'; \
bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
bases=`echo $$bases`
AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
RECHECK_LOGS = $(TEST_LOGS)
AM_RECURSIVE_TARGETS = check recheck
TEST_SUITE_LOG = test-suite.log
@@ -410,6 +423,8 @@ CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CRYPTO_CFLAGS = @CRYPTO_CFLAGS@
CRYPTO_LIBS = @CRYPTO_LIBS@
CSCOPE = @CSCOPE@
CTAGS = @CTAGS@
CYGPATH_W = @CYGPATH_W@
DATA_VERSION = @DATA_VERSION@
DEFS = @DEFS@
@@ -423,8 +438,10 @@ ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
ETAGS = @ETAGS@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
FILECMD = @FILECMD@
GETTEXT_DOMAIN = @GETTEXT_DOMAIN@
GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
GIT_BRANCH = @GIT_BRANCH@
@@ -432,6 +449,7 @@ GIT_VERSION = @GIT_VERSION@
GMSGFMT = @GMSGFMT@
GMSGFMT_015 = @GMSGFMT_015@
GREP = @GREP@
HTTPD_GROUP = @HTTPD_GROUP@
INI_CFLAGS = @INI_CFLAGS@
INI_LIBS = @INI_LIBS@
INSTALL = @INSTALL@
@@ -444,9 +462,12 @@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
IPAPLATFORM = @IPAPLATFORM@
IPA_DATA_DIR = @IPA_DATA_DIR@
IPA_SYSCONF_DIR = @IPA_SYSCONF_DIR@
JANSSON_CFLAGS = @JANSSON_CFLAGS@
JANSSON_LIBS = @JANSSON_LIBS@
JSLINT = @JSLINT@
KRAD_LIBS = @KRAD_LIBS@
KRB5KDC_SERVICE = @KRB5KDC_SERVICE@
KRB5_BUILD_VERSION = @KRB5_BUILD_VERSION@
KRB5_CFLAGS = @KRB5_CFLAGS@
KRB5_GSSAPI_CFLAGS = @KRB5_GSSAPI_CFLAGS@
KRB5_GSSAPI_LIBS = @KRB5_GSSAPI_LIBS@
@@ -455,6 +476,8 @@ LD = @LD@
LDAP_CFLAGS = @LDAP_CFLAGS@
LDAP_LIBS = @LDAP_LIBS@
LDFLAGS = @LDFLAGS@
LIBCURL_CFLAGS = @LIBCURL_CFLAGS@
LIBCURL_LIBS = @LIBCURL_LIBS@
LIBICONV = @LIBICONV@
LIBINTL = @LIBINTL@
LIBINTL_LIBS = @LIBINTL_LIBS@
@@ -514,6 +537,8 @@ PLATFORM_PYTHON = @PLATFORM_PYTHON@
POPT_CFLAGS = @POPT_CFLAGS@
POPT_LIBS = @POPT_LIBS@
POSUB = @POSUB@
PWQUALITY_CFLAGS = @PWQUALITY_CFLAGS@
PWQUALITY_LIBS = @PWQUALITY_LIBS@
PYLINT = @PYLINT@
PYTHON = @PYTHON@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
@@ -522,9 +547,12 @@ PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RESOLV_LIBS = @RESOLV_LIBS@
RPMLINT = @RPMLINT@
SAMBA40EXTRA_LIBPATH = @SAMBA40EXTRA_LIBPATH@
SAMBAUTIL_CFLAGS = @SAMBAUTIL_CFLAGS@
SAMBAUTIL_LIBS = @SAMBAUTIL_LIBS@
SAMBA_SECURITY_LIBS = @SAMBA_SECURITY_LIBS@
SASL_CFLAGS = @SASL_CFLAGS@
SASL_LIBS = @SASL_LIBS@
SED = @SED@
@@ -563,8 +591,10 @@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
am__include = @am__include@
am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__rm_f_notfound = @am__rm_f_notfound@
am__tar = @am__tar@
am__untar = @am__untar@
am__xargs_n = @am__xargs_n@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -610,27 +640,34 @@ sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
sysconfdir = @sysconfdir@
sysconfenvdir = @sysconfenvdir@
systemdcatalogdir = @systemdcatalogdir@
systemdsystemunitdir = @systemdsystemunitdir@
systemdtmpfilesdir = @systemdtmpfilesdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
NULL =
AUTOMAKE_OPTIONS = 1.7 subdir-objects
AM_CPPFLAGS = $(CRYPTO_CFLAGS) $(KRB5_CFLAGS) $(LDAP_CFLAGS)
AM_CPPFLAGS = $(CRYPTO_CFLAGS) $(KRB5_CFLAGS) $(LDAP_CFLAGS) $(PWQUALITY_CFLAGS)
noinst_LTLIBRARIES = libutil.la
libutil_la_SOURCES = ipa_krb5.c \
libutil_la_SOURCES = \
ipa_hostname.c \
ipa_hostname.h \
ipa_krb5.c \
ipa_krb5.h \
ipa_mspac.h \
ipa_ldap.c \
ipa_ldap.h \
ipa_pwd.c \
ipa_pwd.h \
ipa_pwd_ntlm.c
ipa_pwd_ntlm.c \
$(NULL)
libutil_la_LIBADD = $(CRYPTO_LIBS) $(KRB5_LIBS) $(LDAP_LIBS)
TESTS = $(check_PROGRAMS)
libutil_la_LIBADD = $(CRYPTO_LIBS) $(KRB5_LIBS) $(LDAP_LIBS) $(PWQUALITY_LIBS)
t_pwd_LDADD = libutil.la
@ENABLE_SERVER_TRUE@t_policy_LDADD = libutil.la
TESTS = $(check_PROGRAMS)
all: all-am
.SUFFIXES:
@@ -666,28 +703,25 @@ $(ACLOCAL_M4): $(am__aclocal_m4_deps)
$(am__aclocal_m4_deps):
clean-checkPROGRAMS:
@list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \
echo " rm -f" $$list; \
rm -f $$list || exit $$?; \
test -n "$(EXEEXT)" || exit 0; \
list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
echo " rm -f" $$list; \
rm -f $$list
$(am__rm_f) $(check_PROGRAMS)
test -z "$(EXEEXT)" || $(am__rm_f) $(check_PROGRAMS:$(EXEEXT)=)
clean-noinstLTLIBRARIES:
-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
-$(am__rm_f) $(noinst_LTLIBRARIES)
@list='$(noinst_LTLIBRARIES)'; \
locs=`for p in $$list; do echo $$p; done | \
sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
sort -u`; \
test -z "$$locs" || { \
echo rm -f $${locs}; \
rm -f $${locs}; \
}
echo rm -f $${locs}; \
$(am__rm_f) $${locs}
libutil.la: $(libutil_la_OBJECTS) $(libutil_la_DEPENDENCIES) $(EXTRA_libutil_la_DEPENDENCIES)
$(AM_V_CCLD)$(LINK) $(libutil_la_OBJECTS) $(libutil_la_LIBADD) $(LIBS)
t_policy$(EXEEXT): $(t_policy_OBJECTS) $(t_policy_DEPENDENCIES) $(EXTRA_t_policy_DEPENDENCIES)
@rm -f t_policy$(EXEEXT)
$(AM_V_CCLD)$(LINK) $(t_policy_OBJECTS) $(t_policy_LDADD) $(LIBS)
t_pwd$(EXEEXT): $(t_pwd_OBJECTS) $(t_pwd_DEPENDENCIES) $(EXTRA_t_pwd_DEPENDENCIES)
@rm -f t_pwd$(EXEEXT)
$(AM_V_CCLD)$(LINK) $(t_pwd_OBJECTS) $(t_pwd_LDADD) $(LIBS)
@@ -698,15 +732,17 @@ mostlyclean-compile:
distclean-compile:
-rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ipa_hostname.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ipa_krb5.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ipa_ldap.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ipa_pwd.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ipa_pwd_ntlm.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t_policy.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/t_pwd.Po@am__quote@ # am--include-marker
$(am__depfiles_remade):
@$(MKDIR_P) $(@D)
@echo '# dummy' >$@-t && $(am__mv) $@-t $@
@: >>$@
am--depfiles: $(am__depfiles_remade)
@@ -805,7 +841,6 @@ distclean-tags:
am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck)
am--force-recheck:
@:
$(TEST_SUITE_LOG): $(TEST_LOGS)
@$(am__set_TESTS_bases); \
am__f_ok () { test -f "$$1" && test -r "$$1"; }; \
@@ -881,10 +916,37 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
result_count $$1 "XPASS:" $$xpass "$$red"; \
result_count $$1 "ERROR:" $$error "$$mgn"; \
}; \
output_system_information () \
{ \
echo; \
{ uname -a | $(AWK) '{ \
printf "System information (uname -a):"; \
for (i = 1; i < NF; ++i) \
{ \
if (i != 2) \
printf " %s", $$i; \
} \
printf "\n"; \
}'; } 2>&1; \
if test -r /etc/os-release; then \
echo "Distribution information (/etc/os-release):"; \
sed 8q /etc/os-release; \
elif test -r /etc/issue; then \
echo "Distribution information (/etc/issue):"; \
cat /etc/issue; \
fi; \
}; \
please_report () \
{ \
echo "Some test(s) failed. Please report this to $(PACKAGE_BUGREPORT),"; \
echo "together with the test-suite.log file (gzipped) and your system"; \
echo "information. Thanks."; \
}; \
{ \
echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \
$(am__rst_title); \
create_testsuite_report --no-color; \
output_system_information; \
echo; \
echo ".. contents:: :depth: 2"; \
echo; \
@@ -899,31 +961,30 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \
fi; \
echo "$${col}$$br$${std}"; \
echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \
echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}"; \
echo "$${col}$$br$${std}"; \
create_testsuite_report --maybe-color; \
echo "$$col$$br$$std"; \
if $$success; then :; else \
echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \
echo "$${col}See $(subdir)/$(TEST_SUITE_LOG) for debugging.$${std}";\
if test -n "$(PACKAGE_BUGREPORT)"; then \
echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \
please_report | sed -e "s/^/$${col}/" -e s/'$$'/"$${std}"/; \
fi; \
echo "$$col$$br$$std"; \
fi; \
$$success || exit 1
check-TESTS: $(check_PROGRAMS)
@list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list
@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@$(am__rm_f) $(RECHECK_LOGS)
@$(am__rm_f) $(RECHECK_LOGS:.log=.trs)
@$(am__rm_f) $(TEST_SUITE_LOG)
@set +e; $(am__set_TESTS_bases); \
log_list=`for i in $$bases; do echo $$i.log; done`; \
trs_list=`for i in $$bases; do echo $$i.trs; done`; \
log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
log_list=`echo $$log_list`; \
$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
exit $$?;
recheck: all $(check_PROGRAMS)
@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@$(am__rm_f) $(TEST_SUITE_LOG)
@set +e; $(am__set_TESTS_bases); \
bases=`for i in $$bases; do echo $$i; done \
| $(am__list_recheck_tests)` || exit 1; \
@@ -940,6 +1001,13 @@ t_pwd.log: t_pwd$(EXEEXT)
--log-file $$b.log --trs-file $$b.trs \
$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
"$$tst" $(AM_TESTS_FD_REDIRECT)
t_policy.log: t_policy$(EXEEXT)
@p='t_policy$(EXEEXT)'; \
b='t_policy'; \
$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
--log-file $$b.log --trs-file $$b.trs \
$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
"$$tst" $(AM_TESTS_FD_REDIRECT)
.test.log:
@p='$<'; \
$(am__set_b); \
@@ -954,7 +1022,6 @@ t_pwd.log: t_pwd$(EXEEXT)
@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \
@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT)
distdir: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) distdir-am
@@ -1014,15 +1081,15 @@ install-strip:
"INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
fi
mostlyclean-generic:
-test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS)
-test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs)
-test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
-$(am__rm_f) $(TEST_LOGS)
-$(am__rm_f) $(TEST_LOGS:.log=.trs)
-$(am__rm_f) $(TEST_SUITE_LOG)
clean-generic:
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
-$(am__rm_f) $(CONFIG_CLEAN_FILES)
-test . = "$(srcdir)" || $(am__rm_f) $(CONFIG_CLEAN_VPATH_FILES)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@@ -1033,10 +1100,12 @@ clean-am: clean-checkPROGRAMS clean-generic clean-libtool \
clean-noinstLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -f ./$(DEPDIR)/ipa_krb5.Plo
-rm -f ./$(DEPDIR)/ipa_hostname.Plo
-rm -f ./$(DEPDIR)/ipa_krb5.Plo
-rm -f ./$(DEPDIR)/ipa_ldap.Plo
-rm -f ./$(DEPDIR)/ipa_pwd.Plo
-rm -f ./$(DEPDIR)/ipa_pwd_ntlm.Plo
-rm -f ./$(DEPDIR)/t_policy.Po
-rm -f ./$(DEPDIR)/t_pwd.Po
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
@@ -1083,10 +1152,12 @@ install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
-rm -f ./$(DEPDIR)/ipa_krb5.Plo
-rm -f ./$(DEPDIR)/ipa_hostname.Plo
-rm -f ./$(DEPDIR)/ipa_krb5.Plo
-rm -f ./$(DEPDIR)/ipa_ldap.Plo
-rm -f ./$(DEPDIR)/ipa_pwd.Plo
-rm -f ./$(DEPDIR)/ipa_pwd_ntlm.Plo
-rm -f ./$(DEPDIR)/t_policy.Po
-rm -f ./$(DEPDIR)/t_pwd.Po
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
@@ -1129,3 +1200,10 @@ uninstall-am:
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:
# Tell GNU make to disable its built-in pattern rules.
%:: %,v
%:: RCS/%,v
%:: RCS/%
%:: s.%
%:: SCCS/s.%

98
util/ipa_hostname.c Normal file
View File

@@ -0,0 +1,98 @@
/*
* Copyright (C) 2020 FreeIPA Contributors see COPYING for license
*/
#ifndef _GNU_SOURCE
#define _GNU_SOURCE
#endif
#include <errno.h>
#include <netdb.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <unistd.h>
#include "ipa_hostname.h"
static int
_get_fqdn(char *fqdn)
{
char hostname[IPA_HOST_FQDN_LEN];
char *canonname = NULL;
struct addrinfo hints;
struct addrinfo *ai = NULL;
int r;
r = gethostname(hostname, IPA_HOST_FQDN_LEN - 1);
if (r != 0) {
goto error;
}
memset(&hints, 0, sizeof(struct addrinfo));
/* use IPv4 or IPv6 */
hints.ai_family = AF_UNSPEC;
/* optimize, RAW and STREAM return same kind of information */
hints.ai_socktype = SOCK_DGRAM;
/* any protocol */
hints.ai_protocol = 0;
/* get canonical name
* only use IPv4/6 when at least one interface for proto is configured */
hints.ai_flags = AI_CANONNAME | AI_ADDRCONFIG;
r = getaddrinfo(hostname, NULL, &hints, &ai);
if (r != 0) {
/* getaddrinfo() for gethostname() should never fail. The
* nss-myhostname provider should always add a positive match. */
errno = ENOENT;
goto error;
}
/* only the first addrinfo struct holds a canonical name value */
canonname = ai->ai_canonname;
/* check that canon name is filled and not too long */
if (!canonname) {
errno = ENOENT;
goto error;
}
if (strlen(canonname) > (IPA_HOST_FQDN_LEN - 1)) {
errno = ENAMETOOLONG;
goto error;
}
#if 0
/* refuse non-qualified short names and localhost */
if ((strchr(canonname, '.') == NULL) ||
(strcasecmp(canonname, "localhost.localdomain") == 0)) {
errno = EINVAL;
goto error;
}
#endif
strncpy(fqdn, canonname, IPA_HOST_FQDN_LEN);
/* Make double sure it is terminated */
fqdn[IPA_HOST_FQDN_LEN - 1] = '\0';
freeaddrinfo(ai);
return 0;
error:
if (ai != NULL) {
freeaddrinfo(ai);
}
return -1;
}
const char* ipa_gethostfqdn()
{
static char cached_fqdn[IPA_HOST_FQDN_LEN] = {0};
if (*cached_fqdn == '\0') {
int res = _get_fqdn(cached_fqdn);
if (res != 0) {
return NULL;
}
}
return (const char*)cached_fqdn;
}

22
util/ipa_hostname.h Normal file
View File

@@ -0,0 +1,22 @@
/*
* Copyright (C) 2020 FreeIPA Contributors see COPYING for license
*/
/* FQDN host name length including trailing NULL byte
*
* This may be longer than HOST_NAME_MAX. The hostname (effectively uname()'s
* node name) is limited to 64 characters on Linux. ipa_gethostfqdn() returns
* a FQDN from NSS which can be up to 255 octets including NULL byte.
* Effectively the FQDN is 253 ASCII characters.
*/
#define IPA_HOST_FQDN_LEN 255
/* Get the host FQDN.
*
* Returns a null-terminated static char[]. The string length is
* at most IPA_HOST_FQDN_LEN - 1. The caller MUST NOT modify this
* buffer. If modification could occur, the caller MUST copy
* the string.
*/
const char*
ipa_gethostfqdn(void);

19
util/ipa_krb5.c
View File

@@ -38,6 +38,12 @@ const char *ipapwd_password_max_len_errmsg = \
TOSTR(IPAPWD_PASSWORD_MAX_LEN) \
" chars)!";
/* Case-insensitive string values to by parsed as boolean true */
static const char *const conf_yes[] = {
"y", "yes", "true", "t", "1", "on",
NULL,
};
/* Salt types */
#define KRB5P_SALT_SIZE 16
@@ -898,6 +904,7 @@ static int prep_ksdata(krb5_context krbctx, const char *str,
ksdata = calloc(n + 1, sizeof(struct krb_key_salt));
if (NULL == ksdata) {
*err_msg = _("Out of memory!?\n");
ipa_krb5_free_ktypes(krbctx, ktypes);
return 0;
}
@@ -1237,3 +1244,15 @@ done:
}
return ret;
}
bool ipa_krb5_parse_bool(const char *str)
{
const char *const *p;
for (p = conf_yes; *p; p++) {
if (!strcasecmp(*p, str))
return true;
}
return false;
}

91
util/ipa_krb5.h
View File

@@ -1,5 +1,72 @@
/*
* Kerberos related utils for FreeIPA
*
* Authors: Simo Sorce <ssorce@redhat.com>
*
* Copyright (C) 2011 Simo Sorce, Red Hat
* see file 'COPYING' for use and warranty information
*
* This program is free software you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*
* Functions krb5_ts2tt, krb5_ts_incr, krb5_ts_after are taken from Kerberos 5:
* https://github.com/krb5/krb5/blob/master/src/include/k5-int.h
*
* Authors: Greg Hudson <ghudson@mit.edu>
*
* Copyright (C) 2017
*
* This software is being provided to you, the LICENSEE, by the
* Massachusetts Institute of Technology (M.I.T.) under the following
* license. By obtaining, using and/or copying this software, you agree
* that you have read, understood, and will comply with these terms and
* conditions:
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute
* this software and its documentation for any purpose and without fee or
* royalty is hereby granted, provided that you agree to comply with the
* following copyright notice and statements, including the disclaimer, and
* that the same appear on ALL copies of the software and documentation,
* including modifications that you make for internal use or for
* distribution:
*
* THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS
* OR WARRANTIES, EXPRESS OR IMPLIED. By way of example, but not
* limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF
* MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF
* THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY
* PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.
*
* The name of the Massachusetts Institute of Technology or M.I.T. may NOT
* be used in advertising or publicity pertaining to distribution of the
* software. Title to copyright in this software and any associated
* documentation shall at all times remain with M.I.T., and USER agrees to
* preserve same.
*
* Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
*/
#pragma once
#include <stdbool.h>
#include <time.h>
#include <lber.h>
#include <krb5/krb5.h>
@@ -87,3 +154,27 @@ int create_keys(krb5_context krbctx,
char **err_msg);
int ipa_kstuples_to_string(krb5_key_salt_tuple *kst, int n_kst, char **str);
/* Convert a krb5_timestamp to a time_t value, treating the negative range of
* krb5_timestamp as times between 2038 and 2106 (if time_t is 64-bit). */
static inline time_t
krb5_ts2tt(krb5_timestamp timestamp) {
return (time_t)(uint32_t)timestamp;
}
/* Increment a timestamp by a signed 32-bit interval, without relying on
* undefined behavior. */
static inline krb5_timestamp
krb5_ts_incr(krb5_timestamp ts, krb5_deltat delta) {
return (krb5_timestamp)((uint32_t)ts + (uint32_t)delta);
}
/* Return true if a comes after b. */
static inline bool
krb5_ts_after(krb5_timestamp a, krb5_timestamp b) {
return (uint32_t)a > (uint32_t)b;
}
/* Implement boolean string parsing function from MIT krb5:
* src/lib/krb5/krb/libdef_parse.c:_krb5_conf_boolean() */
bool ipa_krb5_parse_bool(const char *str);

97
util/ipa_pwd.c
View File

@@ -23,13 +23,18 @@
#ifndef _GNU_SOURCE
#define _GNU_SOURCE
#endif
#include "config.h"
#include <stdio.h>
#include <string.h>
#include <time.h>
#include <ctype.h>
#include <fcntl.h>
#include <syslog.h>
#include <unistd.h>
#include <errno.h>
#if defined(USE_PWQUALITY)
#include <pwquality.h>
#endif
#include <openssl/evp.h>
#include <openssl/rand.h>
#include <openssl/sha.h>
@@ -307,9 +312,6 @@ static int ipapwd_cmp_password(char *password, char *historyString)
}
size_t item_len = EVP_DecodeBlock(item_data, (unsigned char *) b64part, b64_len);
if (!item_data) {
return -1;
}
if (item_len <= SHA_SALT_LENGTH) {
ret = -1;
goto done;
@@ -406,6 +408,7 @@ cleanup:
*/
int ipapwd_check_policy(struct ipapwd_policy *policy,
char *password,
char *user,
time_t cur_time,
time_t acct_expiration,
time_t pwd_expiration,
@@ -414,6 +417,13 @@ int ipapwd_check_policy(struct ipapwd_policy *policy,
{
int pwdlen, blen;
int ret;
#if defined(USE_PWQUALITY)
pwquality_settings_t *pwq;
int check_pwquality = 0;
int entropy = 0;
char buf[PWQ_MAX_ERROR_MESSAGE_LEN];
void *auxerror;
#endif
if (!policy || !password) {
return IPAPWD_POLICY_ERROR;
@@ -462,7 +472,7 @@ int ipapwd_check_policy(struct ipapwd_policy *policy,
char *p, *n;
int size, len;
/* we want the actual lenght in bytes here */
/* we want the actual length in bytes here */
len = blen;
p = password;
@@ -526,6 +536,76 @@ int ipapwd_check_policy(struct ipapwd_policy *policy,
}
}
#if defined(USE_PWQUALITY)
/* Only call into libpwquality if at least one setting is made
* because there are a number of checks that don't have knobs
* so preserve the previous behavior.
*/
check_pwquality = policy->max_repeat + policy->max_sequence + policy->dictcheck + policy->usercheck;
if (check_pwquality > 0) {
/* Call libpwquality */
openlog(NULL, LOG_CONS | LOG_NDELAY, LOG_DAEMON);
pwq = pwquality_default_settings();
if (pwq == NULL) {
syslog(LOG_ERR, "Not able to set pwquality defaults\n");
return IPAPWD_POLICY_ERROR;
}
if (policy->min_pwd_length < 6)
syslog(LOG_WARNING, "password policy min length is < 6. Will be enforced as 6\n");
pwquality_set_int_value(pwq, PWQ_SETTING_MIN_LENGTH, policy->min_pwd_length);
pwquality_set_int_value(pwq, PWQ_SETTING_MAX_REPEAT, policy->max_repeat);
pwquality_set_int_value(pwq, PWQ_SETTING_MAX_SEQUENCE, policy->max_sequence);
pwquality_set_int_value(pwq, PWQ_SETTING_DICT_CHECK, policy->dictcheck);
pwquality_set_int_value(pwq, PWQ_SETTING_USER_CHECK, policy->usercheck);
entropy = pwquality_check(pwq, password, NULL, user, &auxerror);
pwquality_free_settings(pwq);
#ifdef TEST
if (user != NULL) {
fprintf(stderr, "Checking password for %s\n", user);
} else {
fprintf(stderr, "No user provided\n");
}
fprintf(stderr, "min length %d\n", policy->min_pwd_length);
fprintf(stderr, "max repeat %d\n", policy->max_repeat);
fprintf(stderr, "max sequence %d\n", policy->max_sequence);
fprintf(stderr, "dict check %d\n", policy->dictcheck);
fprintf(stderr, "user check %d\n", policy->usercheck);
#endif
if (entropy < 0) {
#ifdef TEST
fprintf(stderr, "Bad password '%s': %s\n", password, pwquality_strerror(buf, sizeof(buf), entropy, auxerror));
#endif
syslog(LOG_ERR, "Password is rejected with error %d: %s\n", entropy, pwquality_strerror(buf, sizeof(buf), entropy, auxerror));
switch (entropy) {
case PWQ_ERROR_MIN_LENGTH:
return IPAPWD_POLICY_PWD_TOO_SHORT;
case PWQ_ERROR_PALINDROME:
return IPAPWD_POLICY_PWD_PALINDROME;
case PWQ_ERROR_MAX_CONSECUTIVE:
return IPAPWD_POLICY_PWD_CONSECUTIVE;
case PWQ_ERROR_MAX_SEQUENCE:
return IPAPWD_POLICY_PWD_SEQUENCE;
case PWQ_ERROR_CRACKLIB_CHECK:
return IPAPWD_POLICY_PWD_DICT_WORD;
case PWQ_ERROR_USER_CHECK:
return IPAPWD_POLICY_PWD_USER;
default:
return IPAPWD_POLICY_PWD_COMPLEXITY;
}
#ifdef TEST
} else {
fprintf(stderr, "Password '%s' is ok, entropy is %d\n", password, entropy);
#endif
}
}
#endif /* USE_PWQUALITY */
if (pwd_history) {
char *hash;
int i;
@@ -549,13 +629,18 @@ char * IPAPWD_ERROR_STRINGS[] = {
"Too soon to change password",
"Password is too short",
"Password reuse not permitted",
"Password is too simple"
"Password is too simple",
"Password has too many consecutive characters",
"Password contains a monotonic sequence",
"Password is based on a dictionary word",
"Password is a palindrone",
"Password contains username"
};
char * IPAPWD_ERROR_STRING_GENERAL = "Password does not meet the policy requirements";
char * ipapwd_error2string(enum ipapwd_error err) {
if (err < 0 || err > IPAPWD_POLICY_PWD_COMPLEXITY) {
if (err < 0 || err > IPAPWD_POLICY_PWD_USER) {
/* IPAPWD_POLICY_ERROR or out of boundary, return general error */
return IPAPWD_ERROR_STRING_GENERAL;
}

16
util/ipa_pwd.h
View File

@@ -30,9 +30,6 @@
#define IPAPWD_DEFAULT_PWDLIFE (90 * 24 *3600)
#define IPAPWD_DEFAULT_MINLEN 0
/* 1 Jan 2038, 00:00 GMT */
#define IPAPWD_END_OF_TIME 2145916800
/*
* IMPORTANT: please update error string table in ipa_pwd.c if you change this
* error code table.
@@ -44,7 +41,12 @@ enum ipapwd_error {
IPAPWD_POLICY_PWD_TOO_YOUNG = 2,
IPAPWD_POLICY_PWD_TOO_SHORT = 3,
IPAPWD_POLICY_PWD_IN_HISTORY = 4,
IPAPWD_POLICY_PWD_COMPLEXITY = 5
IPAPWD_POLICY_PWD_COMPLEXITY = 5,
IPAPWD_POLICY_PWD_CONSECUTIVE = 6,
IPAPWD_POLICY_PWD_SEQUENCE = 7,
IPAPWD_POLICY_PWD_DICT_WORD = 8,
IPAPWD_POLICY_PWD_PALINDROME = 9,
IPAPWD_POLICY_PWD_USER = 10
};
struct ipapwd_policy {
@@ -56,6 +58,11 @@ struct ipapwd_policy {
int max_fail;
int failcnt_interval;
int lockout_duration;
int max_repeat;
int max_sequence;
int max_classrepeat;
int dictcheck;
int usercheck;
};
time_t ipapwd_gentime_to_time_t(char *timestr);
@@ -68,6 +75,7 @@ int ipapwd_hash_password(char *password,
int ipapwd_check_policy(struct ipapwd_policy *policy,
char *password,
char *user,
time_t cur_time,
time_t acct_expiration,
time_t pwd_expiration,

94
util/t_policy.c Normal file
View File

@@ -0,0 +1,94 @@
/*
* Copyright (C) 2020 FreeIPA Contributors see COPYING for license
*/
#ifndef _GNU_SOURCE
#define _GNU_SOURCE
#endif
#include <assert.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include "ipa_pwd.h"
static void
set_policy(struct ipapwd_policy *policy,
int min_pwd_length, int min_diff_chars, int max_repeat,
int max_sequence, int max_class_repeat, int dict_check,
int user_check)
{
/* defaults for things we aren't testing */
policy->min_pwd_life = 0;
policy->max_pwd_life = 0;
policy->history_length = 0;
/* Note: min password length in libpwqualty is hardcoded at 6 */
policy->min_pwd_length = min_pwd_length;
policy->min_complexity = min_diff_chars;
policy->max_repeat = max_repeat;
policy->max_sequence = max_sequence;
policy->max_classrepeat = max_class_repeat;
policy->dictcheck = dict_check;
policy->usercheck = user_check;
}
int main(int argc, const char *argv[]) {
(void) argc;
(void) argv;
struct ipapwd_policy policy = {0};
/* No policy applied */
set_policy(&policy, 0, 0, 0, 0, 0, 0, 0);
assert(ipapwd_check_policy(&policy, "Secret123", NULL, 0, 0, 0, 0, NULL) == IPAPWD_POLICY_OK);
assert(ipapwd_check_policy(&policy, "password", NULL, 0, 0, 0, 0, NULL) == IPAPWD_POLICY_OK);
assert(ipapwd_check_policy(&policy, "abcddcba", NULL, 0, 0, 0, 0, NULL) == IPAPWD_POLICY_OK);
/* Check that with no policy the IPA minimum is in force */
assert(ipapwd_check_policy(&policy, "abc", NULL, 3, 0, 0, 0, NULL) == IPAPWD_POLICY_OK);
/* Max repeats of 1 */
set_policy(&policy, 0, 0, 1, 0, 0, 0, 0);
assert(ipapwd_check_policy(&policy, "password", NULL, 0, 0, 0, 0, NULL) == IPAPWD_POLICY_PWD_CONSECUTIVE);
assert(ipapwd_check_policy(&policy, "Assembly", NULL, 0, 0, 0, 0, NULL) == IPAPWD_POLICY_PWD_CONSECUTIVE);
/* Minimum length lower than libpwquality allows (6) */
assert(ipapwd_check_policy(&policy, "abc", NULL, 3, 0, 0, 0, NULL) == IPAPWD_POLICY_PWD_TOO_SHORT);
/* Max repeats of 2 */
set_policy(&policy, 0, 0, 2, 0, 0, 0, 0);
assert(ipapwd_check_policy(&policy, "password", NULL, 0, 0, 0, 0, NULL) == IPAPWD_POLICY_OK);
assert(ipapwd_check_policy(&policy, "Assembly", NULL, 0, 0, 0, 0, NULL) == IPAPWD_POLICY_OK);
assert(ipapwd_check_policy(&policy, "permisssive", NULL, 0, 0, 0, 0, NULL) == IPAPWD_POLICY_PWD_CONSECUTIVE);
/* Max sequence of 1 */
set_policy(&policy, 0, 0, 0, 1, 0, 0, 0);
assert(ipapwd_check_policy(&policy, "abacab", NULL, 0, 0, 0, 0, NULL) == IPAPWD_POLICY_PWD_SEQUENCE);
assert(ipapwd_check_policy(&policy, "AbacAb", NULL, 0, 0, 0, 0, NULL) == IPAPWD_POLICY_PWD_SEQUENCE);
/* Max sequence of 2 */
set_policy(&policy, 0, 0, 0, 2, 0, 0, 0);
assert(ipapwd_check_policy(&policy, "AbacAb", NULL, 0, 0, 0, 0, NULL) == IPAPWD_POLICY_OK);
assert(ipapwd_check_policy(&policy, "abacabc", NULL, 0, 0, 0, 0, NULL) == IPAPWD_POLICY_PWD_SEQUENCE);
/* Palindrone */
set_policy(&policy, 0, 0, 0, 0, 0, 0, 0); /* Note there is no policy */
assert(ipapwd_check_policy(&policy, "password", NULL, 0, 0, 0, 0, NULL) == IPAPWD_POLICY_OK);
assert(ipapwd_check_policy(&policy, "abccba", NULL, 0, 0, 0, 0, NULL) == IPAPWD_POLICY_OK);
set_policy(&policy, 0, 0, 3, 0, 0, 0, 0); /* Set anything */
assert(ipapwd_check_policy(&policy, "abccba", NULL, 0, 0, 0, 0, NULL) == IPAPWD_POLICY_PWD_PALINDROME);
/* Dictionary check */
set_policy(&policy, 0, 0, 0, 0, 0, 1, 0);
assert(ipapwd_check_policy(&policy, "password", NULL, 0, 0, 0, 0, NULL) == IPAPWD_POLICY_PWD_DICT_WORD);
assert(ipapwd_check_policy(&policy, "Secret123", NULL, 0, 0, 0, 0, NULL) == IPAPWD_POLICY_PWD_DICT_WORD);
/* User check */
assert(ipapwd_check_policy(&policy, "userPDQ123", "user", 0, 0, 0, 0, NULL) == IPAPWD_POLICY_OK);
set_policy(&policy, 0, 0, 0, 0, 0, 0, 1);
assert(ipapwd_check_policy(&policy, "userPDQ123", "user", 0, 0, 0, 0, NULL) == IPAPWD_POLICY_PWD_USER);
return 0;
}