[Tickets #10611] adapt passwd-h3 / passwd-h4 to solaris defaults

bugs at horde.org bugs at horde.org
Wed Oct 5 14:24:52 UTC 2011 

DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/10611
------------------------------------------------------------------------------
  Ticket             | 10611
  Created By         | hsk at imb-jena.de
  Summary            | adapt passwd-h3 / passwd-h4 to solaris defaults
  Queue              | Passwd
  Version            | 3.1.3
  Type               | Enhancement
  State              | New
  Priority           | 2. Medium
  Milestone          |
  Patch              | 1
  Owners             |
------------------------------------------------------------------------------


hsk at imb-jena.de (2011-10-05 14:24) wrote:

on solaris, default passwd policy is:
   minimum length = 6
   minimum alpha characters = 2
   minimum non-alpha (that is numeric and special) = 1
   minimum differences required between an old and a new password = 3

to match this, in my horde installation, i have made the following
obvious changes to passwd-h3-3.1.3/main.php :

======
--- main.php__dist      Sun Jul  5 19:13:32 2009
+++ main.php    Fri May 28 17:42:05 2010
@@ -101,10 +101,28 @@
          $notification->push(sprintf(_("Your new password is too  
long; passwords may not be more than %d characters long!"),  
$password_policy['maxLength']), 'horde.warning');
          break;
      }
+    if (isset($password_policy['minDiff'])) {
+        $n = strlen($new_password0);
+        $o = strlen($old_password);
+        if (isset($password_policy['maxLength']) && $o >  
$password_policy['maxLength']) {
+            $o = $password_policy['maxLength'];
+        }
+        if ( $n < $o ) { $k = $n; $d = $o - $n; }
+        else { $k = $o; $d = $n - $o; }
+        $i = 0;
+        while ($d < $password_policy['minDiff'] && $i < $k) {
+            if (substr($new_password0, $i, 1) !=  
substr($old_password, $i, 1)) { $d++; }
+            $i++;
+        }
+        if ($d < $password_policy['minDiff']) {
+            $notification->push(sprintf(_("Your new password must  
have at least %d differences to your current password"),  
$password_policy['minDiff']), 'horde.warning');
+            break;
+        }
+    }

      // Disect the password in a localised way.
      $classes = array();
-    $alpha = $alnum = $num = $upper = $lower = $space = $symbol = 0;
+    $alpha = $nonalpha = $alnum = $num = $upper = $lower = $space =  
$symbol = 0;
      for ($i = 0; $i < strlen($new_password0); $i++) {
          $char = substr($new_password0, $i, 1);
          if (ctype_lower($char)) {
@@ -112,9 +130,9 @@
          } elseif (ctype_upper($char)) {
              $upper++; $alpha++; $alnum++; $classes['upper'] = 1;
          } elseif (ctype_digit($char)) {
-            $num++; $alnum++; $classes['number'] = 1;
+            $num++; $nonalpha++; $alnum++; $classes['number'] = 1;
          } elseif (ctype_punct($char)) {
-            $symbol++; $classes['symbol'] = 1;
+            $symbol++; $nonalpha++; $classes['symbol'] = 1;
          } elseif (ctype_space($char)) {
              $space++; $classes['symbol'] = 1;
          }
@@ -146,6 +164,11 @@
          $notification->push(sprintf(ngettext("Your new password must  
contain at least %d alphanumeric character.", "Your new password must  
contain at least %d alphanumeric characters.",  
$password_policy['minAlphaNum']), $password_policy['minAlphaNum']),  
'horde.warning');
          break;
      }
+    if (isset($password_policy['minNonAlpha']) &&
+        $password_policy['minNonAlpha'] > $nonalpha) {
+        $notification->push(sprintf(ngettext("Your new password must  
contain at least %d numeric or special character.", "Your new password  
must contain at least %d numeric or special characters.",  
$password_policy['minNonAlpha']), $password_policy['minNonAlpha']),  
'horde.warning');
+        break;
+    }
      if (isset($password_policy['minClasses']) &&
          $password_policy['minClasses'] > array_sum($classes)) {
          $notification->push(sprintf(_("Your new password must  
contain at least %d different types of characters. The types are:  
lower, upper, numeric, and symbols."),  
$password_policy['minClasses']), 'horde.warning');
======

using $backends['sudo_expect'], after configuring sudo as documented in
scripts/passwd_expect, this works on my solaris server(s).

well, i didn't bother localizing the messages, as we're running a pure
english installation...

i would love to see these changes in passwd-h4  (resp., in Horde_Auth,  
the code
seems to have moved there).

btw.,  for my horde4 test installation, i grabbed passwd from
git://github.com/horde/horde on july 20, and could apply the above
patch, and it works, using backends.local.php to disable hordesql,
enable sudo_expect, and set the 'password policy' parameters.




hsk at imb-jena.de (2011-10-05 14:24) uploaded: patch

http://bugs.horde.org/h/services/download/?module=whups&actionID=download_file&file=patch&ticket=10611&fn=%2Fpatch

More information about the bugs mailing list