Issue 7412 - check_password contrib module
Summary: check_password contrib module
Status: VERIFIED WONTFIX
Alias: None
Product: OpenLDAP
Classification: Unclassified
Component: contrib (show other issues)
Version: unspecified
Hardware: All All
: --- normal
Target Milestone: ---
Assignee: OpenLDAP project
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-10-11 10:09 UTC by Clément OUDOT
Modified: 2021-04-01 16:48 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this issue.
Description Clément OUDOT 2012-10-11 10:09:16 UTC
Full_Name: Cl�ment OUDOT
Version: 
OS: GNU/Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (88.173.78.196)


As said by Guillaume Rousse in ITS#7348 (
http://www.openldap.org/its/index.cgi/Incoming?id=7348;selectid=7348#themesg), I
would like to contribute the check_password module to OpenLDAP.

---
 contrib/slapd-modules/README                       |   3 +
 contrib/slapd-modules/check-password/Makefile      |  52 +++
 contrib/slapd-modules/check-password/README        | 146 +++++++++
 .../slapd-modules/check-password/check_password.c  | 356 +++++++++++++++=
++++++
 4 files changed, 557 insertions(+)
 create mode 100644 contrib/slapd-modules/check-password/Makefile
 create mode 100644 contrib/slapd-modules/check-password/README
 create mode 100644 contrib/slapd-modules/check-password/check_password.c=


diff --git a/contrib/slapd-modules/README b/contrib/slapd-modules/README
index db74379..d8005ff 100644
--- a/contrib/slapd-modules/README
+++ b/contrib/slapd-modules/README
@@ -20,6 +20,9 @@ allop (overlay)
 autogroup (overlay)
 	Automated updates of group memberships.
=20
+check_password (plugin)
+	External password quality check module for ppolicy
+
 cloak (overlay)
 	Hide specific attributes unless explicitely requested
=20
diff --git a/contrib/slapd-modules/check-password/Makefile b/contrib/slap=
d-modules/check-password/Makefile
new file mode 100644
index 0000000..42dd18f
--- /dev/null
+++ b/contrib/slapd-modules/check-password/Makefile
@@ -0,0 +1,52 @@
+
+LDAP_SRC =3D ../../..
+LDAP_BUILD =3D ../../..
+LDAP_INC =3D -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)=
/servers/slapd
+LDAP_LIB =3D $(LDAP_BUILD)/libraries/libldap_r/libldap_r.la \
+	$(LDAP_BUILD)/libraries/liblber/liblber.la
+
+CRACKLIB_PATH =3D /usr/share/cracklib/pw_dict
+CRACKLIB_INC =3D=20
+CRACKLIB_LIB =3D -lcrack
+
+CONFIG_PATH =3D /etc/openldap/check_password.conf
+
+LIBTOOL =3D $(LDAP_BUILD)/libtool
+CC =3D gcc
+OPT =3D -g -O2 -Wall
+DEFS =3D -DHAVE_CRACKLIB -DCRACKLIB_DICTPATH=3D"\"$(CRACKLIB_PATH)\"" \
+	-DCONFIG_FILE=3D"\"$(CONFIG_PATH)\"" -DDEBUG
+INCS =3D $(LDAP_INC) $(CRACKLIB_INC)
+LIBS =3D $(LDAP_LIB) $(CRACKLIB_LIB)
+
+PROGRAMS =3D check_password.la
+LTVER =3D 0:0:0
+
+prefix=3D/usr/local
+exec_prefix=3D$(prefix)
+ldap_subdir=3D/openldap
+
+libdir=3D$(exec_prefix)/lib
+libexecdir=3D$(exec_prefix)/libexec
+moduledir =3D $(libexecdir)$(ldap_subdir)
+
+.SUFFIXES: .c .o .lo
+
+.c.lo:
+	$(LIBTOOL) --mode=3Dcompile $(CC) $(OPT) $(DEFS) $(INCS) -c $<
+
+all: $(PROGRAMS)
+
+check_password.la:	check_password.lo
+	$(LIBTOOL) --mode=3Dlink $(CC) $(OPT) -version-info $(LTVER) \
+	-rpath $(moduledir) -module -o $@ $? $(LIBS)
+
+clean:
+	rm -rf *.o *.lo *.la .libs
+
+install: $(PROGRAMS)
+	mkdir -p $(DESTDIR)$(moduledir)
+	for p in $(PROGRAMS) ; do \
+		$(LIBTOOL) --mode=3Dinstall cp $$p $(DESTDIR)$(moduledir) ; \
+	done
+
diff --git a/contrib/slapd-modules/check-password/README b/contrib/slapd-=
modules/check-password/README
new file mode 100644
index 0000000..10191c2
--- /dev/null
+++ b/contrib/slapd-modules/check-password/README
@@ -0,0 +1,146 @@
+
+check_password.c - OpenLDAP pwdChecker library
+
+2007-06-06 Michael Steinmann <msl@calivia.com>
+2008-01-30 Pierre-Yves Bonnetain <py.bonnetain@ba-cst.com>
+2009        Clement Oudot <clem.oudot@gmail.com> - LTB-project
+2009        Jerome HUET - LTB-project
+
+check_password.c is an OpenLDAP pwdPolicyChecker module used to check th=
e
+strength and quality of user-provided passwords.
+
+This module is used as an extension of the OpenLDAP password policy cont=
rols,
+see slapo-ppolicy(5) section pwdCheckModule.
+
+check_password.c will run a number of checks on the passwords to ensure =
minimum
+strength and quality requirements are met. Passwords that do not meet th=
ese
+requirements are rejected.
+
+
+Password checks
+---------------
+ - passwords shorter than 6 characters are rejected if cracklib is used =
(because
+   cracklib WILL reject them).
+
+ - syntactic checks controls how many different character classes are us=
ed
+   (lower, upper, digit and punctuation characters). The minimum number =
of
+   classes is defined in a configuration file. You ca


The attached patch file is derived from OpenLDAP Software. All of the
modifications to OpenLDAP Software represented in the following patch(es) were
developed by Cl�ment OUDOT clem.oudot@gmail.com. I have not assigned rights
and/or interest in this work to any party. 

I, Cl�ment OUDOT, hereby place the following modifications to OpenLDAP Software
(and only these modifications) into the public domain. Hence, these
modifications may be freely used and/or redistributed for any purpose with or
without attribution and/or other notice. 
Comment 1 guillomovitch@gmail.com 2013-03-01 09:00:21 UTC
Any feedback in this request ?
-- 
Guillaume Rousse
INRIA, Direction des systèmes d'information
Domaine de Voluceau
Rocquencourt - BP 105
78153 Le Chesnay
Tel: 01 39 63 58 31

Comment 2 Howard Chu 2014-04-04 09:48:42 UTC
clem.oudot@gmail.com wrote:
> Full_Name: Clément OUDOT
> Version:
> OS: GNU/Linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (88.173.78.196)
>
>
> As said by Guillaume Rousse in ITS#7348 (
> http://www.openldap.org/its/index.cgi/Incoming?id=7348;selectid=7348#themesg), I
> would like to contribute the check_password module to OpenLDAP.

> diff --git a/contrib/slapd-modules/check-password/README b/contrib/slapd-=
> modules/check-password/README
> new file mode 100644
> index 0000000..10191c2
> --- /dev/null
> +++ b/contrib/slapd-modules/check-password/README
> @@ -0,0 +1,146 @@
> +
> +check_password.c - OpenLDAP pwdChecker library
> +
> +2007-06-06 Michael Steinmann <msl@calivia.com>
> +2008-01-30 Pierre-Yves Bonnetain <py.bonnetain@ba-cst.com>
> +2009        Clement Oudot <clem.oudot@gmail.com> - LTB-project
> +2009        Jerome HUET - LTB-project

> The attached patch file is derived from OpenLDAP Software. All of the
> modifications to OpenLDAP Software represented in the following patch(es) were
> developed by Clément OUDOT clem.oudot@gmail.com. I have not assigned rights
> and/or interest in this work to any party.

Something is not clear here. Your README clearly lists 3 other authors' names, 
yet your rights statement claims that you are the sole author. I don't see how 
we can safely touch this contribution with such ambiguous provenance.
>
> I, Clément OUDOT, hereby place the following modifications to OpenLDAP Software
> (and only these modifications) into the public domain. Hence, these
> modifications may be freely used and/or redistributed for any purpose with or
> without attribution and/or other notice.
>
>


-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Comment 3 dcoutadeur@linagora.com 2014-04-04 16:53:47 UTC
Hi,

Can you consider this alternative to replace ltb-check-password module 
into the contrib overlays ?

(ITS#7832) Proposing ppolicy extended module for OpenLDAP
http://www.openldap.org/its/index.cgi?findid=7832

Thank you in advance.

David

Comment 4 OpenLDAP project 2017-04-13 15:20:29 UTC
has patch/contrib
Comment 5 Quanah Gibson-Mount 2017-04-13 15:20:29 UTC
changed notes
moved from Incoming to Contrib
Comment 6 Quanah Gibson-Mount 2020-03-20 14:56:40 UTC
Closing this report due to the issues in comment#2
Comment 7 Clément OUDOT 2021-04-01 16:48:26 UTC
Agree with closing the issue.

Having ppm module will be a much better option.