[Midnightbsd-cvs] mports: mports/security: add cracklib.

Fri Oct 12 13:05:56 EDT 2007

Log Message:
-----------
add cracklib.  This library allows you to filter out potential passwords using a dictionary file.  By default it uses /usr/share/dict/words as part of it's database when the port is built.

Modified Files:
--------------
    mports/security:
        Makefile (r1.62 -> r1.63)

Added Files:
-----------
    mports/security/cracklib:
        Makefile (r1.1)
        distinfo (r1.1)
        pkg-descr (r1.1)
        pkg-plist (r1.1)
    mports/security/cracklib/files:
        cracklib.3 (r1.1)
        patch-Makefile (r1.1)
        patch-cracklib::Makefile (r1.1)
        patch-util::Makefile (r1.1)

-------------- next part --------------
Index: Makefile
===================================================================
RCS file: /home/cvs/mports/security/Makefile,v
retrieving revision 1.62
retrieving revision 1.63
diff -Lsecurity/Makefile -Lsecurity/Makefile -u -r1.62 -r1.63

--- security/Makefile
+++ security/Makefile
@@ -13,6 +13,7 @@
     SUBDIR += courierpassd
     SUBDIR += courierpasswd
     SUBDIR += courieruserinfo
+    SUBDIR += cracklib
     SUBDIR += cyrus-sasl
     SUBDIR += cyrus-sasl2
     SUBDIR += cyrus-sasl2-ldapdb
--- /dev/null
+++ security/cracklib/pkg-descr
@@ -0,0 +1,20 @@
+CrackLib is a library containing a C function (well, lots of functions
+really, but you only need to use one of them) which may be used in a
+"passwd"-like program.
+
+The idea is simple: try to prevent users from choosing passwords that
+could be guessed by "Crack" by filtering them out, at source.
+
+CrackLib is an offshoot of the version 5 "Crack" software, and
+contains a considerable number of ideas nicked from the new software.
+
+
+NOTE THIS WELL: CrackLib is NOT a replacement "passwd" program.
+CrackLib is a LIBRARY.  CrackLib is what trendy marketdroid types would
+probably call an "enabler".
+
+The idea is that you wire it into your _own_ "passwd" program (if you
+have source); alternatively, you wire it into something like "shadow"
+from off of the net.  You can use it in other things, too.
+
+WWW: http://www.crypticide.com/users/alecm/
--- /dev/null
+++ security/cracklib/pkg-plist
@@ -0,0 +1,15 @@
+ at comment $MidnightBSD: mports/security/cracklib/pkg-plist,v 1.1 2007/10/12 17:05:54 laffer1 Exp $
+bin/mkdict
+bin/packer
+bin/testlib
+bin/testnum
+bin/teststr
+bin/unpacker
+include/packer.h
+lib/libcrack.a
+lib/libcrack.so
+lib/libcrack.so.1
+libdata/cracklib/pw_dict.hwm
+libdata/cracklib/pw_dict.pwd
+libdata/cracklib/pw_dict.pwi
+ at dirrm libdata/cracklib
--- /dev/null
+++ security/cracklib/Makefile
@@ -0,0 +1,35 @@
+# New ports collection makefile for:	cracklib
+# Date created:				12 Oct 2007
+# Whom:					Lucas Holt <luke at midnightbsd.org>
+#
+# $MidnightBSD: mports/security/cracklib/Makefile,v 1.1 2007/10/12 17:05:54 laffer1 Exp $
+#
+
+PORTNAME=	cracklib
+PORTVERSION=	2.7
+CATEGORIES=	security
+MASTER_SITES=	http://www.crypticide.com/users/alecm/security/
+DISTNAME=	${PORTNAME},${PORTVERSION}
+
+MAINTAINER=	ports at MidnightBSD.org
+COMMENT=	Password-checking library
+
+MAN3=		cracklib.3
+MLINKS=		cracklib.3 FascistCheck.3
+USE_LDCONFIG=	yes
+
+pre-su-install:
+	${INSTALL_DATA} ${WRKSRC}/cracklib/libcrack.a ${DESTDIR}${PREFIX}/lib
+	${INSTALL_DATA} ${WRKSRC}/cracklib/libcrack.so.1 ${DESTDIR}${PREFIX}/lib
+	${LN} -sf libcrack.so.1 ${DESTDIR}${PREFIX}/lib/libcrack.so
+	${INSTALL_DATA} ${WRKSRC}/cracklib/packer.h ${DESTDIR}${PREFIX}/include
+	${INSTALL_SCRIPT} ${WRKSRC}/util/mkdict ${DESTDIR}${PREFIX}/bin
+	${INSTALL_PROGRAM} ${WRKSRC}/util/packer ${DESTDIR}${PREFIX}/bin
+	${INSTALL_PROGRAM} ${WRKSRC}/util/testlib ${DESTDIR}${PREFIX}/bin
+	${INSTALL_PROGRAM} ${WRKSRC}/util/testnum ${DESTDIR}${PREFIX}/bin
+	${INSTALL_PROGRAM} ${WRKSRC}/util/teststr ${DESTDIR}${PREFIX}/bin
+	${INSTALL_PROGRAM} ${WRKSRC}/util/unpacker ${DESTDIR}${PREFIX}/bin
+	${INSTALL_MAN} ${FILESDIR}/cracklib.3 ${MAN3PREFIX}/man/man3
+	${MKDIR} ${DESTDIR}${PREFIX}/libdata/cracklib
+
+.include <bsd.port.mk>
--- /dev/null
+++ security/cracklib/distinfo
@@ -0,0 +1,3 @@
+MD5 (cracklib,2.7.tar.gz) = 0c84ad7413d9dd3e5c2eaa5f97d53c4a
+SHA256 (cracklib,2.7.tar.gz) = cbbc5a43acd20658a9addc2997cb012476f130918dd0ffca99313fbd835f21d2
+SIZE (cracklib,2.7.tar.gz) = 21059
--- /dev/null
+++ security/cracklib/files/patch-Makefile
@@ -0,0 +1,26 @@
+--- Makefile.orig	Wed Dec 31 02:33:53 1997
++++ Makefile	Mon Mar 15 04:46:29 2004
+@@ -9,12 +9,12 @@
+ ###
+ # set this to the absolute path (less extn) of compressed dict.
+ 
+-DICTPATH="/usr/local/lib/pw_dict"
++DICTPATH="${DESTDIR}/usr/local/libdata/cracklib/pw_dict"
+ 
+ ###
+ # Set this to the path of one or more files continaing wordlists.
+ 
+-SRCDICTS=/usr/dict/words
++SRCDICTS=/usr/share/dict/words
+ 
+ ###
+ # If you have installed the cracklib-dicts directory, use this
+@@ -24,7 +24,7 @@
+ 	@echo "you evidently don't know what you're doing. go read the README"
+ 
+ all:
+-	( cd cracklib && make && exit $$? )
++	( cd cracklib && make all && exit $$? )
+ 	( cd util && make DICTPATH=$(DICTPATH) && exit $$? )
+ ###	( cd passwd && make DICTPATH=$(DICTPATH) passwd && exit $$? )
+ ###	touch all
--- /dev/null
+++ security/cracklib/files/cracklib.3
@@ -0,0 +1,105 @@
+.TH CRACKLIB 3
+.SH NAME
+FascistCheck \- check a potential password for guessability
+.SH LIBRARY
+Cracklib (libcrack, -lcrack)
+.SH SYNOPSIS
+.nf
+.ft B
+#include <packer.h>
+.ft
+.LP
+.nf
+.ft B
+char *FascistCheck(char *pw, char *dictpath)
+.ft
+.SH DESCRIPTION
+.PP
+.B CrackLib
+is a library containing a C function which may be used in a
+.BR passwd (1)-like
+program.
+.PP
+The idea is simple: try to prevent users from choosing passwords that
+could be guessed by
+.B Crack
+by filtering them out, at source.
+.PP
+.B FascistCheck(\|)
+takes two arguments:
+.TP 10
+.I pw
+a string containing the user's chosen "potential password"
+.TP
+.I dictpath
+the full path name of the
+.B CrackLib
+dictionary, without the suffix
+.PP
+.B CrackLib
+is an offshoot of the the version 5
+.B Crack
+software, and contains a considerable number of ideas nicked from the
+new software.
+.PP
+.B CrackLib
+makes literally hundreds of tests to determine whether you've
+chosen a bad password.
+.RS
+.TP 3n
+\(bu
+It tries to generate words from your username and gecos entry to
+try to match them against what you've chosen.
+.PD 0
+.TP
+\(bu
+It checks for simplistic patterns.
+.TP
+\(bu
+It then tries to reverse-engineer your password into a dictionary
+word, and searches for it in your dictionary.
+.PD
+.RE
+.PP
+After all that, it's
+.I probably
+a safe(-ish) password.
+.SH "RETURN VALUE"
+.B FascistCheck(\|)
+returns the
+.SM NULL
+pointer for a good password or a pointer to a diagnostic string if it
+is a bad password.
+.SH BUGS
+.LP
+It can't catch everything.
+Just most things.
+.LP
+It calls \fCgetpwuid(getuid())\fR to look up the user,
+which
+.I may
+affect poorly written programs.
+.LP
+Using more than one dictionary file, \fIe.g.\fP:
+.ft C
+
+        char *msg;
+
+        if (msg = FascistCheck(pw, "onepath") ||
+            msg = FascistCheck(pw, "anotherpath")) {
+                printf("Bad Password: because %s\\n", msg);
+        }
+.ft
+.LP
+works, but it's a kludge.
+.ft B
+Avoid it if possible.
+.ft
+Using just the one dictionary is more efficient, anyway.
+.LP
+.B PWOpen(\|)
+routines should cope with having more than one dictionary open at a
+time.
+.SH "SEE ALSO"
+.BR passwd (1),
+.BR getpwuid (3),
--- /dev/null
+++ security/cracklib/files/patch-cracklib::Makefile
@@ -0,0 +1,28 @@
+--- cracklib/Makefile.orig	Mon Mar 15 04:45:15 2004
++++ cracklib/Makefile	Mon Mar 15 04:45:21 2004
+@@ -7,12 +7,24 @@
+ ###
+ 
+ LIB=	libcrack.a
++SHLIB=	libcrack.so.1
+ OBJ=	fascist.o packlib.o rules.o stringlib.o
+-CFLAGS= -O -I../cracklib -DIN_CRACKLIB
++SHOBJ=	fascist.So packlib.So rules.So stringlib.So
++CFLAGS+=-I../cracklib -DIN_CRACKLIB
++
++.SUFFIXES: .o .So
++
++.c.So:
++	$(CC) $(CFLAGS) -fPIC -o $*.So -c $?
+ 
+ $(LIB):	$(OBJ)
+ 	ar rv $(LIB) $?
+ 	-ranlib $(LIB)
++
++$(SHLIB): $(SHOBJ)
++	ld -shared -o ${SHLIB} ${SHOBJ}
++
++all:	$(LIB) $(SHLIB)
+ 
+ clean:
+ 	-rm -f $(OBJ) $(LIB) *~
--- /dev/null
+++ security/cracklib/files/patch-util::Makefile
@@ -0,0 +1,11 @@
+--- util/Makefile.orig	Mon Mar 15 04:47:13 2004
++++ util/Makefile	Mon Mar 15 04:47:19 2004
+@@ -14,7 +14,7 @@
+ #SunOS users (and others?) should consider static linking of their passwd binary
+ #CFLAGS= -O -I../cracklib '-DCRACKLIB_DICTPATH="$(DICTPATH)"' -Bstatic
+ 
+-CFLAGS= -O -I../cracklib '-DCRACKLIB_DICTPATH="$(DICTPATH)"'
++CFLAGS+=-I../cracklib '-DCRACKLIB_DICTPATH="$(DICTPATH)"'
+ LIBS=	../cracklib/libcrack.a
+ 
+ all:	packer unpacker testnum teststr testlib
