lib/yfront/src/passwd_checker.erl

   1 %%%-------------------------------------------------------------------
   2 %%% Created : 1 Dec 2006 by Tobbe <tobbe@tornkvist.org>
   3 %%% Desc.   : A (pro-active) password checker.
   4 %%%
   5 %%% @author Torbjörn Törnkvist <tobbe@tornkvist.org>
   6 %%%
   7 %%% @doc <b>passwd_checker</b> is a pro-active password checker.
   8 %%%       It makes use of a tiny port program that uses cracklib.
   9 %%%
  10 %%%       Download the dictionaries you want to use, e.g see:
  11 %%%
  12 %%%          http://www.cotse.com/tools/wordlists.htm
  13 %%%
  14 %%%       Then rebuild the dictionary, on Gentoo:
  15 %%%
  16 %%%          create-cracklib-dict /usr/share/dict/*
  17 %%%
  18 %%%       On RedHat:
  19 %%%
  20 %%%          mkdict /usr/share/dict/* | packer /usr/lib/cracklib_dict
  21 %%%
  22 %%%       On Ubuntu/Debian, see the man page for cracklib. You'll
  23 %%%       probably need to set the environment variable CRACKLIB_DICTPATH
  24 %%%       to: CRACKLIB_DICTPATH=/var/cache/cracklib/cracklib_dict
  25 %%%
  26 %%%       See also:
  27 %%%
  28 %%%          http://gdub.wordpress.com/2006/08/26/using-cracklib-to-require-stronger-passwords/
  29 %%%
  30 %%%
  31 %%% @end
  32 %%%-------------------------------------------------------------------
  33 -module(passwd_checker).
  34
  35 -export([check/1, check/2, format/1]).
  36
  37 -include("../include/passwd_checker.hrl").
  38
  39
  40 cracklib_dict_path() -> "/usr/lib/cracklib_dict".
  41
  42 %%%
  43 %%% @doc Textual error messages.
  44 %%%
  45 format(?PWD_CHK_TOO_SHORT)  -> "too short";           % Should be gettext'ified when needed...
  46 format(?PWD_CHK_DICTIONARY) -> "too common";
  47 format(_)                   -> "not secure enough".
  48
  49 %%%
  50 %%% @doc Check if the password is good enough.
  51 %%%      By setting the environment variable CRACKLIB_DICTPATH to the
  52 %%%      full path name + filename prefix of the cracklib dictionary
  53 %%%      database, it will override the default in cracklib_dict_path/0.
  54 %%%
  55 check(Passwd) ->
  56     case os:getenv("CRACKLIB_DICTPATH") of
  57         Path when list(Path) ->
  58             check(Passwd, Path);
  59         _ ->
  60             check(Passwd, cracklib_dict_path())
  61     end.
  62
  63 %%%
  64 %%% @doc Check if the password is good enough.
  65 %%%      Specify the path to the cracklib dictionaries.
  66 %%%
  67 check(Passwd, CrackDictPath) ->
  68     PrivDir = code:priv_dir(yfront),
  69     Cmd = PrivDir++"/passwd_checker "++Passwd++" "++CrackDictPath,
  70     case os:cmd(Cmd) of
  71         "ok"++_ -> ok;
  72         Error   -> {error, analyse_string(Error)}
  73     end.
  74
  75 %%% lame attempt of returning some more (lang. independent) detailed info...
  76 analyse_string(Str) ->
  77     is_too_short(Str).
  78
  79 is_too_short(Str) ->
  80     case substr(Str, "too short") of
  81         true -> ?PWD_CHK_TOO_SHORT;
  82         _    -> is_dictionary(Str)
  83     end.
  84
  85 is_dictionary(Str) ->
  86     case substr(Str, "dictionary") of
  87         true -> ?PWD_CHK_DICTIONARY;
  88         _    -> ?PWD_CHK_OTHER
  89     end.
  90
  91 substr(Str, Sub) ->
  92     case string:index(Str, Sub) of
  93         I when I>0 -> true;
  94         _          -> false
  95     end.
  96