Don't attempt to load a password quality verifier from NULL

When kadm5_add_passwd_quality_verifier is called with a NULL
check_library parameter and [password_quality].policy_libraries
is set, the function calls add_verifier() for each string in the
policy_libraries section and then falls through to the non-NULL
case and calls add_verifier() a final time with a NULL argument.
This leads to dlopening the running executable and then failing
since it contains no password quality verifier.

If the check_library argument is NULL, only call add_verifier()
for the configured policy_libraries and do not fall through to
the non-NULL case.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>

lib/kadm5/password_quality.c

@@ -395,8 +395,10 @@ kadm5_add_passwd_quality_verifier(krb5_context context,
 		return ret;
 	    tmp++;
 	}
+	return 0;
+    } else {
+	return add_verifier(context, check_library);
     }
-    return add_verifier(context, check_library);
 #else
     return 0;
 #endif /* HAVE_DLOPEN */