use strict;
use Crypt::Cracklib;
use Digest::MD5;
my $database = '/usr/lib/cracklib_dict';
my $historydb = '/var/heimdal/historydb';
my $reusetime = 60;
my %params;
sub check_basic
{
my $principal = shift;
my $passwd = shift;
if ($principal eq $passwd) {
return "Principal name as password is not allowed";
}
return "ok";
}
sub check_repeat
{
my $principal = shift;
my $passwd = shift;
my $result = 'Do not reuse passwords';
my %DB;
my $md5context = new Digest::MD5;
my $timenow = scalar(time());
$md5context->reset();
$md5context->add($principal, ":", $passwd);
my $key=$md5context->hexdigest();
dbmopen(%DB,$historydb,0600) or die "Internal: Could not open $historydb";
if (!$DB{$key} || ($timenow - $DB{$key} < $reusetime)) {
$result = "ok";
$DB{$key}=$timenow;
}
dbmclose(%DB) or die "Internal: Could not close $historydb";
return $result;
}
sub badpassword
{
my $reason = shift;
print "$reason\n";
exit 0
}
while (<STDIN>) {
last if /^end$/;
if (!/^([^:]+): (.+)$/) {
die "key value pair not correct: $_";
}
$params{$1} = $2;
}
die "missing principal" if (!defined $params{'principal'});
die "missing password" if (!defined $params{'new-password'});
my $reason;
$reason = check_basic($params{'principal'}, $params{'new-password'});
badpassword($reason) if ($reason ne "ok");
$reason = fascist_check($params{'new-password'}, $database);
badpassword($reason) if ($reason ne "ok");
$reason = check_repeat($params{'principal'}, $params{'new-password'});
badpassword($reason) if ($reason ne "ok");
print "APPROVED\n";
exit 0