Current Path : /usr/src/crypto/heimdal/lib/kadm5/ |
FreeBSD hs32.drive.ne.jp 9.1-RELEASE FreeBSD 9.1-RELEASE #1: Wed Jan 14 12:18:08 JST 2015 root@hs32.drive.ne.jp:/sys/amd64/compile/hs32 amd64 |
Current File : //usr/src/crypto/heimdal/lib/kadm5/check-cracklib.pl |
#!/usr/pkg/bin/perl # # Sample password verifier for Heimdals external password # verifier, see the chapter "Password changing" in the the info # documentation for more information about the protocol used. # # Three checks # 1. Check that password is not the principal name # 2. Check that the password passes cracklib # 3. Check that password isn't repeated for this principal # # The repeat check must be last because some clients ask # twice when getting "no" back and thus the error message # would be wrong. # # Prereqs (example versions): # # * perl (5.8.5) http://www.perl.org/ # * cracklib (2.8.5) http://sourceforge.net/projects/cracklib # * Crypt-Cracklib perlmodule (0.01) http://search.cpan.org/~daniel/ # # Sample dictionaries: # cracklib-words (1.1) http://sourceforge.net/projects/cracklib # miscfiles (1.4.2) http://directory.fsf.org/miscfiles.html # # Configuration for krb5.conf or kdc.conf # # [password_quality] # policies = builtin:external-check # external_program = <your-path>/check-cracklib.pl # # $Id: check-cracklib.pl 20578 2007-05-07 22:21:51Z lha $ use strict; use Crypt::Cracklib; use Digest::MD5; # NEED TO CHANGE THESE TO MATCH YOUR SYSTEM my $database = '/usr/lib/cracklib_dict'; my $historydb = '/var/heimdal/historydb'; # NEED TO CHANGE THESE TO MATCH YOUR SYSTEM my %params; sub check_basic { my $principal = shift; my $passwd = shift; if ($principal eq $passwd) { return "Principal name as password is not allowed"; } return "ok"; } sub check_repeat { my $principal = shift; my $passwd = shift; my $result = 'Do not reuse passwords'; my %DB; my $md5context = new Digest::MD5; $md5context->reset(); $md5context->add($principal, ":", $passwd); my $key=$md5context->hexdigest(); dbmopen(%DB,$historydb,0600) or die "Internal: Could not open $historydb"; $result = "ok" if (!$DB{$key}); $DB{$key}=scalar(time()); dbmclose(%DB) or die "Internal: Could not close $historydb"; return $result; } sub badpassword { my $reason = shift; print "$reason\n"; exit 0 } while (<>) { last if /^end$/; if (!/^([^:]+): (.+)$/) { die "key value pair not correct: $_"; } $params{$1} = $2; } die "missing principal" if (!defined $params{'principal'}); die "missing password" if (!defined $params{'new-password'}); my $reason; $reason = check_basic($params{'principal'}, $params{'new-password'}); badpassword($reason) if ($reason ne "ok"); $reason = fascist_check($params{'new-password'}, $database); badpassword($reason) if ($reason ne "ok"); $reason = check_repeat($params{'principal'}, $params{'new-password'}); badpassword($reason) if ($reason ne "ok"); print "APPROVED\n"; exit 0