Commit 2117c159 authored by Paul Cammish's avatar Paul Cammish
Browse files

Re-impliments password strength checking and tests

parent bde7354d
......@@ -18,7 +18,7 @@
# --help Show usage
#
# --manual Show full manual
#
#
# DESCRIPTION
#
# Takes a password from standard input, as an argument, or the first line of a
......@@ -31,11 +31,11 @@
# 5 SHA-256
# 6 SHA-512
#
# It outputs the encrypted password to standard out, prepended with the marker.
# It outputs the encrypted password to standard out, prepended with the marker.
#
# EXAMPLES
#
# sympl-encrypt-password "my password"
# sympl-encrypt-password "my password"
#
# produces "{CRYPT}$1$M7$/ElErZcP9VN8fRgJfOKQa.".
#
......@@ -67,7 +67,7 @@ opts = GetoptLong.new(
[ '--marker', '-k', GetoptLong::OPTIONAL_ARGUMENT ]
)
manual = help = false
manual = help = false
$VERBOSELOCAL = false
algorithm = "6"
marker = "{CRYPT}"
......@@ -122,10 +122,10 @@ end
if ARGV.length == 0
warn "Reading from standard input" if $VERBOSELOCAL
#
#
# Read the password in from STDIN
#
password = STDIN.gets.chomp
password = STDIN.gets.chomp
elsif File.exist?(ARGV.first)
#
# Read the password from a file
......@@ -138,7 +138,7 @@ elsif File.exist?(ARGV.first)
#
if password.nil?
warn "No password found in #{ARGV.first}."
password = ARGV.first
password = ARGV.first
else
#
# Remove any stray line ending
......@@ -146,18 +146,26 @@ elsif File.exist?(ARGV.first)
password.chomp!
end
else
#
#
# Use the ARGV
#
warn "Using password from the command line" if $VERBOSELOCAL
password = ARGV.first
end
# TODO Replace this with updated version from ruby-password
#c = CrackLib::Fascist(password)
#warn "This is a weak password -- #{c.reason}." unless c.ok?
# Check the password strength and reject if it's too weak
reason = "OK"
pw = Password.new( password )
begin
pw.check
rescue Password::WeakPassword => reason
end
if reason != "OK"
warn "This is a weak password -- #{reason}."
end
#
#
# Collect some salt.
#
salt = 8.times.collect{SALT[rand(SALT.length)]}.join
......@@ -167,4 +175,3 @@ warn "Encrypting password #{password.inspect} using the #{ALGORITHMS[algorithm]}
# And encrypt and output.
puts marker+password.chomp.crypt("$#{algorithm}$#{salt}$")
......@@ -21,9 +21,9 @@ module Symbiosis
def self.syslog=(s)
@@syslog = s
end
include EventMachine::Protocols::LineProtocol
# C: <open connection to port 106>
# S: 200 poppassd (version 1.1) ready.
# C: USER fred
......@@ -56,7 +56,7 @@ module Symbiosis
@username = $1
@authorised = false
send_data "300 Please send your current password\r\n"
when /^PASS (.+)$/i
@authorised = false
ans = do_authorise($1)
......@@ -72,7 +72,7 @@ module Symbiosis
else
send_data "500 I don't understand what you're saying.\r\n"
end
rescue StandardError => err
send_data "500 Something bad has happened. Sorry!\r\n"
......@@ -124,17 +124,23 @@ module Symbiosis
return "400 Please login before trying to change your password\r\n"
end
# TODO: Reimpliment this with ruby-password
# WARN: Password strength checking is disabled
#
# c = CrackLib::Fascist(passwd)
#
# unless c.ok?
# syslog.notice "Password change failed for user #{@mailbox.username} -- #{c.reason}"
# return "400 Sorry, that password is too weak -- #{c.reason}\r\n"
# end
#
# Check password strength and reject if too weak
#
reason = "OK"
pw = Password.new( passwd )
begin
pw.check
rescue Password::WeakPassword => reason
end
if reason != "OK"
syslog.notice "Password change failed for user #{@mailbox.username} -- #{reason}"
return "400 Sorry, that password is too weak -- #{reason}\r\n"
end
begin
@mailbox.password = passwd
rescue StandardError => err
syslog.err "Password change failed for user #{@mailbox.username} because #{err.to_s}"
......
......@@ -153,26 +153,23 @@ class TestEmailPoppassd < Test::Unit::TestCase
end
def test_weak_pasword
@mailbox.password = "abc"
assert @mailbox.login("abc")
new_password = "typewriter"
results = do_test_script(["USER #{@mailbox.username}", "PASS abc", "NEWPASS #{new_password}", "QUIT"])
# we should get back 200 (hello), 300 (please log in), 200 (authd), 400 (temp fail), 200 (bye)
expected_results = [/^2\d\d /, /^3\d\d /, /^2\d\d/, /^4\d\d /, /^2\d\d /]
results.zip(expected_results).each do |r, e|
assert_match e, r
end
# Disabled due to Issue #17 - "symbiosis-password-test doesn't do anything serious"
#
# @mailbox.password = "abc"
# assert @mailbox.login("abc")
#
# new_password = "typewriter"
#
# results = do_test_script(["USER #{@mailbox.username}", "PASS abc", "NEWPASS #{new_password}", "QUIT"])
#
# # we should get back 200 (hello), 300 (please log in), 200 (authd), 400 (temp fail), 200 (bye)
# expected_results = [/^2\d\d /, /^3\d\d /, /^2\d\d/, /^4\d\d /, /^2\d\d /]
#
# results.zip(expected_results).each do |r, e|
# assert_match e, r
# end
#
# # now make sure the password hasn't changed.
# assert(@mailbox.login("abc"))
# assert(!@mailbox.login(new_password))
# now make sure the password hasn't changed.
assert(@mailbox.login("abc"))
assert(!@mailbox.login(new_password))
end
def do_skip(msg)
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment