From 7906802b427172afa9ab39d685ad977a40a78824 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Sat, 16 May 2020 16:59:02 -0700 Subject: [PATCH] Modernize krb5-strength-wordlist slightly krb5-strength-wordlist now requires Perl 5.010 or later. This allows use of autodie and say, which simplifies the code somewhat. While updating the version requirements, note that this package has not recently been tested with Heimdal versions older than 7.0. --- NEWS | 2 ++ README | 4 ++-- README.md | 4 ++-- docs/metadata/requirements | 4 ++-- tools/krb5-strength-wordlist | 34 ++++++++++++++++------------------ 5 files changed, 24 insertions(+), 24 deletions(-) diff --git a/NEWS b/NEWS index c93ec2c..bb06687 100644 --- a/NEWS +++ b/NEWS @@ -6,6 +6,8 @@ krb5-strength 3.2 (unreleased) --without-cracklib to configure. This makes the code a bit simpler and lighter if you don't intend to ever use the CrackLib support. + krb5-strength-wordlist now requires Perl 5.010 or later. + Use explicit_bzero instead of memset, where available, to overwrite copies of passwords before freeing memory. This reduces the lifetime of passwords in memory. diff --git a/README b/README index 9fadbe2..439c586 100644 --- a/README +++ b/README @@ -82,7 +82,7 @@ REQUIREMENTS For Heimdal, you may use either the external password quality check tool, installed as heimdal-strength, or the plugin as you choose. It has been tested with Heimdal 1.2.1 and later, but has not recently been - tested with versions prior to 1.5. + tested with versions prior to 7.0. For MIT Kerberos, version 1.9 or higher is required for the password quality plugin interface. MIT Kerberos does not support an external @@ -115,7 +115,7 @@ REQUIREMENTS For building a CDB or SQLite dictionary, use the provided krb5-strength-wordlist program. For CDB dictionries, the cdb utility must be on your PATH. For SQLite, the DBI and DBD::SQLite Perl modules - are required. krb5-strength-wordlist requires Perl 5.006 or later. + are required. krb5-strength-wordlist requires Perl 5.010 or later. For a word list to use as source for the dictionary, you can use /usr/share/dict/words if it's available on your system, but it would be diff --git a/README.md b/README.md index b4531cb..cb7d82e 100644 --- a/README.md +++ b/README.md @@ -85,7 +85,7 @@ history implementation. For Heimdal, you may use either the external password quality check tool, installed as heimdal-strength, or the plugin as you choose. It has been tested with Heimdal 1.2.1 and later, but has not recently been tested with -versions prior to 1.5. +versions prior to 7.0. For MIT Kerberos, version 1.9 or higher is required for the password quality plugin interface. MIT Kerberos does not support an external @@ -118,7 +118,7 @@ distribution); the database format is compatible. For building a CDB or SQLite dictionary, use the provided `krb5-strength-wordlist` program. For CDB dictionries, the `cdb` utility must be on your `PATH`. For SQLite, the DBI and DBD::SQLite Perl modules -are required. `krb5-strength-wordlist` requires Perl 5.006 or later. +are required. `krb5-strength-wordlist` requires Perl 5.010 or later. For a word list to use as source for the dictionary, you can use `/usr/share/dict/words` if it's available on your system, but it would be diff --git a/docs/metadata/requirements b/docs/metadata/requirements index 3aec56e..b4e238e 100644 --- a/docs/metadata/requirements +++ b/docs/metadata/requirements @@ -1,7 +1,7 @@ For Heimdal, you may use either the external password quality check tool, installed as heimdal-strength, or the plugin as you choose. It has been tested with Heimdal 1.2.1 and later, but has not recently been tested with -versions prior to 1.5. +versions prior to 7.0. For MIT Kerberos, version 1.9 or higher is required for the password quality plugin interface. MIT Kerberos does not support an external @@ -34,7 +34,7 @@ distribution); the database format is compatible. For building a CDB or SQLite dictionary, use the provided `krb5-strength-wordlist` program. For CDB dictionries, the `cdb` utility must be on your `PATH`. For SQLite, the DBI and DBD::SQLite Perl modules -are required. `krb5-strength-wordlist` requires Perl 5.006 or later. +are required. `krb5-strength-wordlist` requires Perl 5.010 or later. For a word list to use as source for the dictionary, you can use `/usr/share/dict/words` if it's available on your system, but it would be diff --git a/tools/krb5-strength-wordlist b/tools/krb5-strength-wordlist index f8e2a83..81bb4da 100755 --- a/tools/krb5-strength-wordlist +++ b/tools/krb5-strength-wordlist @@ -12,7 +12,8 @@ # Declarations and configuration ############################################################################## -require 5.006; +require 5.010; +use autodie; use strict; use warnings; @@ -42,16 +43,16 @@ my $SQLITE_INSERT = q{ # Utility functions ############################################################################## -# print with error checking and an explicit file handle. +# say with error checking and an explicit file handle. # # $fh - Output file handle # @args - Remaining arguments to print # # Returns: undef # Throws: Text exception on output failure -sub print_fh { +sub say_fh { my ($fh, @args) = @_; - print {$fh} @args or croak('print failed'); + say {$fh} @args or croak("say failed: $!"); return; } @@ -81,8 +82,7 @@ sub write_cdb { if (-f $tmp) { die "$0: temporary output file $tmp already exists\n"; } - open(my $tmp_fh, '>', $tmp) - or die "$0: cannot create output file $tmp: $!\n"; + open(my $tmp_fh, '>', $tmp); # Walk through the input word list and write each word that passes the # filter to the output file handle as CDB data. @@ -90,19 +90,19 @@ sub write_cdb { chomp($word); next if !$filter->($word); my $length = length($word); - print_fh($tmp_fh, "+$length,1:$word->1\n"); + say_fh($tmp_fh, "+$length,1:$word->1"); } # Add a trailing newline, required by the CDB data format, and close. - print_fh($tmp_fh, "\n"); - close($tmp_fh) or die "$0: cannot write to temporary file $tmp: $!\n"; + say_fh($tmp_fh, q{}); + close($tmp_fh); # Run cdb to turn the result into a CDB database. Ignore duplicate keys. system($CDB, '-c', '-u', $output, $tmp) == 0 or die "$0: cdb -c failed\n"; # Remove the temporary file and return. - unlink($tmp) or die "$0: cannot remove temporary file $tmp: $!\n"; + unlink($tmp); return; } @@ -169,19 +169,18 @@ sub write_sqlite { # Throws: Text exception on output failure sub write_wordlist { my ($in_fh, $output, $filter) = @_; - open(my $out_fh, '>', $output) - or die "$0: cannot create output file $output: $!\n"; + open(my $out_fh, '>', $output); # Walk through the input word list and write each word that passes the # filter to the output file handle. while (defined(my $word = <$in_fh>)) { chomp($word); next if !$filter->($word); - print_fh($out_fh, "$word\n"); + say_fh($out_fh, $word); } # All done. - close($out_fh) or die "$0: cannot write to output file $output: $!\n"; + close($out_fh); return; } @@ -254,7 +253,7 @@ my @options = ( Getopt::Long::config('bundling', 'no_ignore_case'); GetOptions(\%config, @options); if ($config{manual}) { - print_fh(\*STDOUT, "Feeding myself to perldoc, please wait...\n"); + say_fh(\*STDOUT, 'Feeding myself to perldoc, please wait...'); exec('perldoc', '-t', $fullpath); } if (@ARGV != 1) { @@ -271,8 +270,7 @@ my $input = $ARGV[0]; my $filter = build_filter(\%config); # Process the input file into either wordlist output or a CDB file. -open(my $in_fh, '<', $input) - or die "$0: cannot open input file $input: $!\n"; +open(my $in_fh, '<', $input); if ($config{output}) { write_wordlist($in_fh, $config{output}, $filter); } elsif ($config{cdb}) { @@ -280,7 +278,7 @@ if ($config{output}) { } elsif ($config{sqlite}) { write_sqlite($in_fh, $config{sqlite}, $filter); } -close($in_fh) or die "$0: cannot read all of input file $input: $!\n"; +close($in_fh); # All done. exit(0); -- 2.39.2