3 # check password quality using cracklib given a new password, optionally the
4 # old password, and a list of ldap/gecos words via stdin, each on a line by
5 # itself (send an empty line if you want to skip the old password check)
7 # Copyright (c) 2008 Peter Palfrader
9 import sys, tempfile, os
13 if not dir.startswith('/tmp/pwcheck-'):
14 raise ValueError, 'cleanup got a weird dir to remove: '+dir
15 for f in 'dict.hwm dict.pwd dict.pwi wordlist wordlist-cleaned'.split(' '):
19 if os.path.exists(dir):
26 for b in "/usr/sbin/crack_mkdict /usr/sbin/cracklib-format".split(' '):
30 for b in "/usr/sbin/crack_packer /usr/sbin/cracklib-packer".split(' '):
34 if crack_mkdict is None or crack_packer is None:
35 print "Could not find crack formater or packer"
39 newpass = sys.stdin.readline().strip()
40 oldpass = sys.stdin.readline().strip()
41 ldapwords = map( lambda x: x.strip(), sys.stdin.readlines())
47 cracklib.min_length = 11
49 # check against the default dictionary
51 cracklib.VeryFascistCheck(newpass, oldpass, '/var/cache/cracklib/cracklib_dict')
56 # and against a dictionary created from the ldap info on this user
57 if len(ldapwords) > 0:
58 # squeeze's cracklib-packer complains about '*' on input - it
59 # says 'skipping line: 1'
60 while '-' in ldapwords:
62 while '*' in ldapwords:
65 tmpdir = tempfile.mkdtemp('', 'pwcheck-')
66 F = open(tmpdir+'/wordlist', "w")
72 F.write(w1[0]+w2+"\n");
75 r = os.system(crack_mkdict+" "+tmpdir+"/wordlist > "+tmpdir+"/wordlist-cleaned")
77 print "crack_mkdict returned non-zero exit status %d."%(r)
80 r = os.system(crack_packer+" "+tmpdir+"/dict < "+tmpdir+"/wordlist-cleaned > /dev/null")
82 print "crack_packer returned non-zero exit status %d."%(r)
87 cracklib.VeryFascistCheck(newpass, None, tmpdir+"/dict")
89 print "ldap data based check: "+str(e)