Unbreak and otherwise improve this port:

	* Use standard source of PECL-sources -- the old MASTER_SITE is
	  gone, and good riddance too, because the difference between
	  0.4 and 0.4.1 was an irrelevant one-liner.
	* Patch to use modern PHP ZEND API
	* Patch to actually use cracklib as advertized -- since the
	  port's inception it LIB_DEPENDed on security/cracklib and
	  advertized its use in pkg-descr, lying on both accounts.
	* Throw in a couple of basic usage tests rejecting bad passwords
	  and accepting good ones.

Special thanks to Nathan Neulinger for making the necessary cracklib function
accessible and to cy@ for promptly updating security/cracklib to use
Nathan's latest release.

3 files changed, 234 insertions, 0 deletions

diff --git a/security/pecl-crack/files/patch-modern-api b/security/pecl-crack/files/patch-modern-api
new file mode 100644
index 000000000000..978b917c50aa
--- /dev/null
+++ b/security/pecl-crack/files/patch-modern-api
@@ -0,0 +1,169 @@
+--- crack.c	2005-09-21 05:00:06.000000000 -0400
++++ crack.c	2015-04-13 20:41:24.000000000 -0400
+@@ -32,5 +32,5 @@
+ 
+ #include "php_crack.h"
+-#include "libcrack/src/cracklib.h"
++#include <packer.h>
+ 
+ /* True global resources - no need for thread safety here */
+@@ -39,5 +39,5 @@
+ /* {{{ crack_functions[]
+  */
+-function_entry crack_functions[] = {
++zend_function_entry crack_functions[] = {
+ 	PHP_FE(crack_opendict,			NULL)
+ 	PHP_FE(crack_closedict,			NULL)
+@@ -91,42 +91,7 @@
+ /* {{{ php_crack_checkpath
+  */
+-static int php_crack_checkpath(char* path TSRMLS_DC)
++static int php_crack_checkpath(const char* path TSRMLS_DC)
+ {
+-	char *filename;
+-	int filename_len;
+-	int result = SUCCESS;
+-	
+-	if (PG(safe_mode)) {
+-		filename_len = strlen(path) + 10;
+-		filename = (char *) emalloc(filename_len);
+-		if (NULL == filename) {
+-			return FAILURE;
+-		}
+-        
+-		memset(filename, '\0', filename_len);
+-		strcpy(filename, path);
+-		strcat(filename, ".pwd");
+-		if (!php_checkuid(filename, "r", CHECKUID_CHECK_FILE_AND_DIR)) {
+-			efree(filename);
+-			return FAILURE;
+-		}
+-		
+-		memset(filename, '\0', filename_len);
+-		strcpy(filename, path);
+-		strcat(filename, ".pwi");
+-		if (!php_checkuid(filename, "r", CHECKUID_CHECK_FILE_AND_DIR)) {
+-			efree(filename);
+-			return FAILURE;
+-		}
+-		
+-		memset(filename, '\0', filename_len);
+-		strcpy(filename, path);
+-		strcat(filename, ".hwm");
+-		if (!php_checkuid(filename, "r", CHECKUID_CHECK_FILE_AND_DIR)) {
+-			efree(filename);
+-			return FAILURE;
+-		}
+-	}
+-	
++
+ 	if (php_check_open_basedir(path TSRMLS_CC)) {
+ 		return FAILURE;
+@@ -155,7 +120,6 @@
+ {
+ 	if ((-1 == CRACKG(default_dict)) && (NULL != CRACKG(default_dictionary))) {
+-		CRACKLIB_PWDICT *pwdict;
+-		printf("trying to open: %s\n", CRACKG(default_dictionary));
+-		pwdict = cracklib_pw_open(CRACKG(default_dictionary), "r");
++		PWDICT *pwdict;
++		pwdict = PWOpen(CRACKG(default_dictionary), "r");
+ 		if (NULL != pwdict) {
+ 			ZEND_REGISTER_RESOURCE(return_value, pwdict, le_crack);
+@@ -172,8 +136,8 @@
+ static void php_crack_module_dtor(zend_rsrc_list_entry *rsrc TSRMLS_DC)
+ {
+-	CRACKLIB_PWDICT *pwdict = (CRACKLIB_PWDICT *) rsrc->ptr;
++	PWDICT *pwdict = (PWDICT *) rsrc->ptr;
+ 	
+ 	if (pwdict != NULL) {
+-		cracklib_pw_close(pwdict);
++		PWClose(pwdict);
+ 	}
+ }
+@@ -245,5 +209,5 @@
+ 	char *path;
+ 	int path_len;
+-	CRACKLIB_PWDICT *pwdict;
++	PWDICT *pwdict;
+ 	
+ 	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &path, &path_len) == FAILURE) {
+@@ -255,5 +219,5 @@
+ 	}
+ 	
+-	pwdict = cracklib_pw_open(path, "r");
++	pwdict = PWOpen(path, "r");
+ 	if (NULL == pwdict) {
+ #if ZEND_MODULE_API_NO >= 20021010
+@@ -276,5 +240,5 @@
+ 	zval *dictionary = NULL;
+ 	int id = -1;
+-	CRACKLIB_PWDICT *pwdict;
++	PWDICT *pwdict;
+ 	
+ 	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|r", &dictionary)) {
+@@ -293,5 +257,5 @@
+ 		}
+ 	}
+-	ZEND_FETCH_RESOURCE(pwdict, CRACKLIB_PWDICT *, &dictionary, id, "crack dictionary", le_crack);
++	ZEND_FETCH_RESOURCE(pwdict, PWDICT *, &dictionary, id, "crack dictionary", le_crack);
+ 	
+ 	if (NULL == dictionary) {
+@@ -319,5 +283,5 @@
+ 	int gecos_len;
+ 	char *message;
+-	CRACKLIB_PWDICT *pwdict;
++	PWDICT *pwdict;
+ 	int id = -1;
+ 	
+@@ -327,10 +291,36 @@
+ 	}
+ 	
+-	if (zend_parse_parameters_ex(ZEND_PARSE_PARAMS_QUIET, ZEND_NUM_ARGS() TSRMLS_CC, "rs", &dictionary, &password, &password_len) == FAILURE) {
+-		if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|ssr", &password, &password_len, &username, &username_len, &gecos, &gecos_len, &dictionary) == FAILURE) {
+-			RETURN_FALSE;
+-		}
++	switch (ZEND_NUM_ARGS()) {
++	case 1:
++		id = zend_parse_parameters(1 TSRMLS_CC, "s",
++		    &password, &password_len);
++		dictionary = NULL;
++		break;
++	case 2:
++		id = zend_parse_parameters(2 TSRMLS_CC, "rs",
++		    &dictionary,
++		    &password, &password_len);
++		break;
++	case 3:
++		id = zend_parse_parameters(3 TSRMLS_CC, "sss",
++		    &password, &password_len,
++		    &username, &username_len,
++		    &gecos, &gecos_len);
++		dictionary = NULL;
++		break;
++	case 4:
++		id = zend_parse_parameters(3 TSRMLS_CC, "sssr",
++		    &password, &password_len,
++		    &username, &username_len,
++		    &gecos, &gecos_len,
++		    &dictionary);
++		break;
++	default:
++		WRONG_PARAM_COUNT;
+ 	}
+-	
++
++	if (id == FAILURE)
++		RETURN_FALSE;
++
+ 	if (NULL == dictionary) {
+ 		id = php_crack_get_default_dict(INTERNAL_FUNCTION_PARAM_PASSTHRU);
+@@ -344,7 +334,7 @@
+ 		}
+ 	}
+-	ZEND_FETCH_RESOURCE(pwdict, CRACKLIB_PWDICT *, &dictionary, id, "crack dictionary", le_crack);
++	ZEND_FETCH_RESOURCE(pwdict, PWDICT *, &dictionary, id, "crack dictionary", le_crack);
+ 	
+-	message = cracklib_fascist_look_ex(pwdict, password, username, gecos);
++	message = FascistLookUser(pwdict, password, username, gecos);
+ 	
+ 	if (NULL == message) {
diff --git a/security/pecl-crack/files/patch-tests b/security/pecl-crack/files/patch-tests
new file mode 100644
index 000000000000..37d6f81855ba
--- /dev/null
+++ b/security/pecl-crack/files/patch-tests
@@ -0,0 +1,56 @@
+Add a few tests to verify basic usage. Additional contributions welcome.
+
+	-mi
+
++++ tests/002.phpt	2015-04-13 20:40:26.000000000 -0400
+@@ -0,0 +1,16 @@
++--TEST--
++Verify rejection of very simple password
++--SKIPIF--
++--POST--
++--GET--
++--FILE--
++<?php 
++if (crack_check("password")) {
++	echo "Bad, password 'password' accepted\n";
++} else {
++	echo "Good, password 'password' rejected\n";
++}
++
++?>
++--EXPECT--
++Good, password 'password' rejected
++++ tests/003.phpt	2015-04-13 20:48:28.000000000 -0400
+@@ -0,0 +1,15 @@
++--TEST--
++Verify rejection of password identical to username
++--SKIPIF--
++--POST--
++--GET--
++--FILE--
++<?php 
++if (crack_check("b1934c823b137a492a13decfb939593e", "b1934c823b137a492a13decfb939593e", NULL)) {
++	echo "Bad, password identical to username accepted\n";
++} else {
++	echo "Good, password identical to username rejected\n";
++}
++?>
++--EXPECTREGEX--
++Good, password identical to username rejected
++++ tests/004.phpt	2015-04-13 20:40:43.000000000 -0400
+@@ -0,0 +1,15 @@
++--TEST--
++Verify acceptance of good password
++--SKIPIF--
++--POST--
++--GET--
++--FILE--
++<?php 
++if (crack_check("6f763fbe906fc3c2fd57f3bcfa4afe79")) {
++	echo "Good, harsh password accepted\n";
++} else {
++	echo "Bad, password harsh rejected\n";
++}
++?>
++--EXPECT--
++Good, harsh password accepted
diff --git a/security/pecl-crack/files/patch-use-real-libcrack b/security/pecl-crack/files/patch-use-real-libcrack
new file mode 100644
index 000000000000..6907d9466588
--- /dev/null
+++ b/security/pecl-crack/files/patch-use-real-libcrack
@@ -0,0 +1,9 @@
+--- config.m4	2005-09-21 05:00:06.000000000 -0400
++++ config.m4	2015-04-09 21:44:51.000000000 -0400
+@@ -9,6 +9,4 @@
+ 
+   if test "$PHP_CRACK" != "yes"; then
+-    AC_MSG_ERROR(Only the bundled library is supported right now)
+-    
+     for i in $PHP_CRACK/lib $PHP_CRACK/cracklib /usr/local/lib /usr/lib; do
+       test -f $i/libcrack.$SHLIB_SUFFIX_NAME -o -f $i/libcrack.a && CRACK_LIBDIR=$i && break