--- /dev/null
+#!/usr/bin/python
+
+# check password quality using cracklib given a new password, optionally the
+# old password, and a list of ldap/gecos words via stdin, each on a line by
+# itself (send an empty line if you want to skip the old password check)
+
+# Copyright (c) 2008 Peter Palfrader
+
+import crack, sys, tempfile, os
+
+def cleanup(dir):
+ if not dir.startswith('/tmp/pwcheck-'):
+ raise ValueError, 'cleanup got a weird dir to remove: '+dir
+ for f in 'dict.hwm dict.pwd dict.pwi wordlist wordlist-cleaned'.split(' '):
+ p = dir+'/'+f
+ if os.path.exists(p):
+ os.remove(p)
+ if os.path.exists(dir):
+ os.rmdir(dir)
+
+
+
+newpass = sys.stdin.readline().strip()
+oldpass = sys.stdin.readline().strip()
+ldapwords = map( lambda x: x.strip(), sys.stdin.readlines())
+
+if oldpass == "":
+ oldpass = None
+
+
+crack.min_length = 11
+
+# check against the default dictionary
+try:
+ crack.VeryFascistCheck(newpass, oldpass)
+except ValueError, e:
+ print e
+ sys.exit(1)
+
+# and against a dictionary created from the ldap info on this user
+if len(ldapwords) > 0:
+ tmpdir = tempfile.mkdtemp('', 'pwcheck-')
+ F = open(tmpdir+'/wordlist', "w")
+ for w in ldapwords:
+ F.write(w+"\n");
+ for w1 in ldapwords:
+ for w2 in ldapwords:
+ F.write(w1+w2+"\n");
+ F.write(w1[0]+w2+"\n");
+ F.close()
+
+ r = os.system("/usr/sbin/crack_mkdict "+tmpdir+"/wordlist > "+tmpdir+"/wordlist-cleaned")
+ if r != 0:
+ print "crack_mkdict returned non-zero exit status %d."%(r)
+ cleanup(tmpdir)
+ sys.exit(1)
+ r = os.system("/usr/sbin/crack_packer "+tmpdir+"/dict < "+tmpdir+"/wordlist-cleaned > /dev/null")
+ if r != 0:
+ print "crack_packer returned non-zero exit status %d."%(r)
+ cleanup(tmpdir)
+ sys.exit(1)
+
+ try:
+ crack.VeryFascistCheck(newpass, None, tmpdir+"/dict")
+ except ValueError, e:
+ print "ldap data based check: "+str(e)
+ cleanup(tmpdir)
+ sys.exit(1)
+
+ cleanup(tmpdir)
+
+sys.exit(0)
projects / mirror / userdir-ldap-cgi.git / blobdiff