From: Moritz Bunkus Date: Wed, 19 Jan 2011 10:16:41 +0000 (+0100) Subject: Optionaler Passwortcheck mit cracklib X-Git-Tag: release-2.6.3~61^2~7^2~1^2~13 X-Git-Url: http://wagnertech.de/git?a=commitdiff_plain;h=6b352f389e016855f98e52efcff612a7f4c7c8e4;p=kivitendo-erp.git Optionaler Passwortcheck mit cracklib Conflicts: locale/de/all --- diff --git a/SL/Auth/PasswordPolicy.pm b/SL/Auth/PasswordPolicy.pm index dd7e8e9c1..e5806a7a5 100644 --- a/SL/Auth/PasswordPolicy.pm +++ b/SL/Auth/PasswordPolicy.pm @@ -4,14 +4,15 @@ use strict; use parent qw(Rose::Object); -use constant OK => 0; -use constant TOO_SHORT => 1; -use constant TOO_LONG => 2; -use constant MISSING_LOWERCASE => 4; -use constant MISSING_UPPERCASE => 8; -use constant MISSING_DIGIT => 16; -use constant MISSING_SPECIAL_CHAR => 32; -use constant INVALID_CHAR => 64; +use constant OK => 0; +use constant TOO_SHORT => 1; +use constant TOO_LONG => 2; +use constant MISSING_LOWERCASE => 4; +use constant MISSING_UPPERCASE => 8; +use constant MISSING_DIGIT => 16; +use constant MISSING_SPECIAL_CHAR => 32; +use constant INVALID_CHAR => 64; +use constant WEAK => 128; use Rose::Object::MakeMethods::Generic ( @@ -34,6 +35,11 @@ sub verify { $result |= MISSING_SPECIAL_CHAR() if $cfg->{require_special_character} && $password !~ $cfg->{special_characters_re}; $result |= INVALID_CHAR() if $cfg->{invalid_characters_re} && $password =~ $cfg->{invalid_characters_re}; + if ($cfg->{use_cracklib}) { + require Crypt::Cracklib; + $result |= WEAK() if !Crypt::Cracklib::check($password); + } + return $result; } @@ -47,6 +53,7 @@ sub errors { push @errors, $::locale->text('A lower-case character is required.') if $result & MISSING_LOWERCASE(); push @errors, $::locale->text('An upper-case character is required.') if $result & MISSING_UPPERCASE(); push @errors, $::locale->text('A digit is required.') if $result & MISSING_DIGIT(); + push @errors, $::locale->text('The password is weak (e.g. it can be found in a dictionary).') if $result & WEAK(); if ($result & MISSING_SPECIAL_CHAR()) { my $char_list = join ' ', sort split(m//, $self->config->{special_characters}); diff --git a/config/lx_office.conf.default b/config/lx_office.conf.default index dd4dffa4f..3e168affe 100644 --- a/config/lx_office.conf.default +++ b/config/lx_office.conf.default @@ -53,6 +53,9 @@ invalid_characters = # Whether or not to check the policy if the password is set from the # user administration. disable_policy_for_admin = +# Whether or not to check for weak passwords with the "cracklib" +# library. Requires the Perl module "Crypt::Cracklib" to be installed. +use_cracklib = [debug] # Use DBIx::Log4perl for logging DBI calls. The string LXDEBUGFILE diff --git a/locale/de/all b/locale/de/all index 4951e6de8..123433ef9 100644 --- a/locale/de/all +++ b/locale/de/all @@ -1686,6 +1686,7 @@ $self->{texts} = { 'The parts have been transferred.' => 'Die Waren wurden umgelagert.', 'The password is too long (maximum length: #1).' => 'Das Passwort ist zu lang (maximale Länge: #1).', 'The password is too short (minimum length: #1).' => 'Das Password ist zu kurz (minimale Länge: #1).', + 'The password is weak (e.g. it can be found in a dictionary).' => 'Das Passwort ist schwach (z.B. wenn es in einem Wörterbuch steht).', 'The payments have been posted.' => 'Die Zahlungen wurden gebucht.', 'The pg_dump process could not be started.' => 'Der pg_dump-Prozess konnte nicht gestartet werden.', 'The pg_restore process could not be started.' => 'Der pg_restore-Prozess konnte nicht gestartet werden.', @@ -1704,7 +1705,7 @@ $self->{texts} = { 'The selected warehouse does not exist.' => 'Das ausgewählte Lager existiert nicht.', 'The selected warehouse is empty.' => 'Das ausgewählte Lager ist leer.', 'The session is invalid or has expired.' => 'Sie sind von Lx-Office abgemeldet.', - 'The settings were saved, but the password was not changed.' => 'Die Einstellungen wurden gespeichert, aber das Passwort wurde nicht geändert.', + 'The settings were saved, but the password was not changed.' => 'Die Einstellungen wurden gespeichert, aber das Passwort wurde nicht geändert.', 'The source warehouse does not contain any bins.' => 'Das Quelllager enthält keine Lagerplätze.', 'The start date is missing.' => 'Das Startdatum fehlt.', 'The subject is missing.' => 'Der Betreff fehlt.',