Ability to generate passwords using diceware

sophomorix-samba/config-devel/master/school.conf.master

@@ -58,9 +58,13 @@
         SURNAME_CHARS=6
 	FIRSTNAME_CHARS=2
 	SURNAME_FIRSTNAME_REVERSE=BOOLEAN|FALSE
-	RANDOM_PWD=MULTI|TRUE        # might be TRUE|FALSE|birthdate
+	RANDOM_PWD=MULTI|TRUE        # might be TRUE|FALSE|birthdate|dice
 	PWD_LENGTH=10
-        DEFAULT_NONRANDOM_PWD=
+	DICE_WORDS=3
+	DICE_CAPS=BOOLEAN|FALSE
+	DICE_LANG=de
+	DICE_SEPARATOR=.
+	DEFAULT_NONRANDOM_PWD=
 	TOLERATION_TIME=30
 	DEACTIVATION_TIME=60
 	CLASSNAME_SLASH_TO_HYPHEN=BOOLEAN|FALSE
@@ -73,9 +77,13 @@
         SURNAME_CHARS=0
 	FIRSTNAME_CHARS=0
 	SURNAME_FIRSTNAME_REVERSE=BOOLEAN|FALSE
-	RANDOM_PWD=BOOLEAN|TRUE
+	RANDOM_PWD=MULTI|TRUE        # might be TRUE|FALSE|birthdate|dice
 	PWD_LENGTH=12
-        DEFAULT_NONRANDOM_PWD=
+	DICE_WORDS=4
+	DICE_CAPS=BOOLEAN|FALSE
+	DICE_LANG=de
+	DICE_SEPARATOR=.
+	DEFAULT_NONRANDOM_PWD=
 	TOLERATION_TIME=60
 	DEACTIVATION_TIME=90
 [userfile.extrastudents.csv]
@@ -85,9 +93,13 @@
         SURNAME_CHARS=6
 	FIRSTNAME_CHARS=2
 	SURNAME_FIRSTNAME_REVERSE=BOOLEAN|FALSE
-	RANDOM_PWD=BOOLEAN|TRUE
+	RANDOM_PWD=MULTI|TRUE        # might be TRUE|FALSE|birthdate|dice
 	PWD_LENGTH=10
-        DEFAULT_NONRANDOM_PWD=
+	DICE_WORDS=3
+	DICE_CAPS=BOOLEAN|FALSE
+	DICE_LANG=de
+	DICE_SEPARATOR=.
+	DEFAULT_NONRANDOM_PWD=
 	TOLERATION_TIME=40
 	DEACTIVATION_TIME=80
 	MAILDOMAIN_BY_GROUP=

sophomorix-samba/config-template/school.conf.template.ini

@@ -45,7 +45,11 @@
 	SURNAME_FIRSTNAME_REVERSE=no
 	RANDOM_PWD=yes
 	PWD_LENGTH=10
-        DEFAULT_NONRANDOM_PWD=
+	DICE_WORDS=3
+	DICE_CAPS=no
+	DICE_LANG=de
+	DICE_SEPARATOR=.
+	DEFAULT_NONRANDOM_PWD=
 	TOLERATION_TIME=30
 	DEACTIVATION_TIME=60
 	CLASSNAME_SLASH_TO_HYPHEN=FALSE
@@ -60,7 +64,11 @@
 	SURNAME_FIRSTNAME_REVERSE=no
 	RANDOM_PWD=yes
 	PWD_LENGTH=12
-        DEFAULT_NONRANDOM_PWD=
+	DICE_WORDS=4
+	DICE_CAPS=no
+	DICE_LANG=de
+	DICE_SEPARATOR=.
+	DEFAULT_NONRANDOM_PWD=
 	TOLERATION_TIME=60
 	DEACTIVATION_TIME=90
 [userfile.extrastudents.csv]
@@ -72,7 +80,11 @@
 	SURNAME_FIRSTNAME_REVERSE=no
 	RANDOM_PWD=yes
 	PWD_LENGTH=10
-        DEFAULT_NONRANDOM_PWD=
+	DICE_WORDS=3
+	DICE_CAPS=no
+	DICE_LANG=de
+	DICE_SEPARATOR=.
+	DEFAULT_NONRANDOM_PWD=
 	TOLERATION_TIME=40
 	DEACTIVATION_TIME=80
 	MAILDOMAIN_BY_GROUP=

sophomorix-samba/modules/SophomorixBase.pm

@@ -4399,7 +4399,7 @@ sub check_config_ini {
                     my ($opt_type,$opt_default)=split(/\|/,$ref_school->{$section}{$parameter});
                     #print "$section is of type $opt_type, default is $opt_default\n";
                     if ($opt_type eq "BOOLEAN" or
-			($parameter eq "RANDOM_PWD" and $config{$section}{$parameter} ne "birthdate")
+			($parameter eq "RANDOM_PWD" and $config{$section}{$parameter} !~ m/^birthdate$|^dice$/)
 		       ){
                         # value in master is BOOLEAN|<default>
                         my $opt_given=$config{$section}{$parameter};
@@ -4418,7 +4418,9 @@ sub check_config_ini {
                                 ){
                             $ref_school->{$section}{$parameter}=$ref_sophomorix_config->{'INI'}{'VARS'}{'BOOLEAN_FALSE'};
                         }
-                    }
+		    } elsif ($parameter eq "RANDOM_PWD" and $config{$section}{$parameter} =~ m/^birthdate$|^dice$/) {
+                        $ref_school->{$section}{$parameter}=$config{$section}{$parameter};
+		    }
                 } else {
                     # overwrite  $ref_school
                     $ref_school->{$section}{$parameter}=$config{$section}{$parameter};
@@ -6122,28 +6124,48 @@ sub get_passwd_charlist {
 sub get_plain_password {
     my ($role,$file,$random,$length,$birthdate,$ref_sophomorix_config,@password_chars)=@_;
     my $password="";
-    my $i;
-    if ($role eq "teacher") {
-        # Teacher
-        if ( $random eq $ref_sophomorix_config->{'INI'}{'VARS'}{'BOOLEAN_TRUE'} or $random eq "birthday") {
-	    $password=&create_plain_password($random,$length,$birthdate,@password_chars);
-        } else {
-	    if ($ref_sophomorix_config->{'FILES'}{'USER_FILE'}{$file}{'DEFAULT_NONRANDOM_PWD'} eq ""){
-		$password=$DevelConf::student_password_default;
-	    } else {
-                $password=$ref_sophomorix_config->{'FILES'}{'USER_FILE'}{$file}{'DEFAULT_NONRANDOM_PWD'};
-	    }
-	}
-    } elsif ($role eq "student") {
-        # Student
-        if ($random  eq $ref_sophomorix_config->{'INI'}{'VARS'}{'BOOLEAN_TRUE'} or $random eq "birthday") {
-	    $password=&create_plain_password($random,$length,$birthdate,@password_chars);
-        } else {
-	    if ($ref_sophomorix_config->{'FILES'}{'USER_FILE'}{$file}{'DEFAULT_NONRANDOM_PWD'} eq ""){
+    if ( $random eq $ref_sophomorix_config->{'INI'}{'VARS'}{'BOOLEAN_TRUE'} or $random eq "birthday") {
+        $password=&create_plain_password($random,$length,$birthdate,@password_chars);
+    } elsif ( $random eq "dice") {
+        if ($ref_sophomorix_config->{'samba'}{'domain_passwordsettings'}{'Password_complexity'} ne "off") {
+            die "Error: Samba password complexity not disabled!\n" .
+                "In order to use dice passwords, Samba must be configured to allow non-complex passwords using\n" .
+                "'samba-tool domain passwordsettings set --complexity=off'\n";
+        }
+        if (! -e "/usr/local/bin/diceware") {
+            die "Error: diceware not installed.\nIn order to use dice passwords, diceware must be installed:\n'pip3 install diceware'\n";
+        }
+        my $words = $ref_sophomorix_config->{'FILES'}{'USER_FILE'}{$file}{'DICE_WORDS'};
+        my $lang  = $ref_sophomorix_config->{'FILES'}{'USER_FILE'}{$file}{'DICE_LANG'};
+        if (! -e "/usr/local/lib/python3.10/dist-packages/diceware/wordlists/wordlist_$lang.txt") {
+            die "Error: Wordlist /usr/local/lib/python3.10/dist-packages/diceware/wordlists/wordlist_$lang.txt does not exists.\n";
+        }
+        my $sepopt="";
+        if ($ref_sophomorix_config->{'FILES'}{'USER_FILE'}{$file}{'DICE_SEPARATOR'} ne "") {
+            $sepopt="-d '$ref_sophomorix_config->{'FILES'}{'USER_FILE'}{$file}{'DICE_SEPARATOR'}'";
+        }
+        my $capsopt="";
+        if ($ref_sophomorix_config->{'FILES'}{'USER_FILE'}{$file}{'DICE_CAPS'} eq $ref_sophomorix_config->{'INI'}{'VARS'}{'BOOLEAN_FALSE'}) {
+            $capsopt="--no-caps"
+        }
+        do {
+            $password=`diceware $sepopt $capsopt -n $words -w $lang`;
+            my $rc = $?>>8;
+            if ($rc != 0) {
+                die "Error: diceware terminated with rc $rc\n";
+            }
+            chomp($password);
+            print "Info: diced password too short. Dicing again.\n";
+        } while (length($password) < $ref_sophomorix_config->{'samba'}{'domain_passwordsettings'}{'Minimum_password_length'});
+    } else {
+        if ($ref_sophomorix_config->{'FILES'}{'USER_FILE'}{$file}{'DEFAULT_NONRANDOM_PWD'} eq ""){
+            if ($role eq "teacher") {
                 $password=$DevelConf::teacher_password_default;
-	    } else {
-                $password=$ref_sophomorix_config->{'FILES'}{'USER_FILE'}{$file}{'DEFAULT_NONRANDOM_PWD'};
-	    }
+            } else {
+                $password=$DevelConf::student_password_default;
+            }
+        } else {
+            $password=$ref_sophomorix_config->{'FILES'}{'USER_FILE'}{$file}{'DEFAULT_NONRANDOM_PWD'};
         }
     }
     return $password;

sophomorix-samba/scripts/sophomorix-add

@@ -328,7 +328,7 @@ while(<SOPHOMORIXADD>){
         $sophomorix_first_password=&get_plain_password(
                         $role,
                         $file,
-                        $random_pwd, # TRUE/FALSE/birthday
+                        $random_pwd, # TRUE/FALSE/birthday/dice
                         $pwd_length, # length of random pwd
                         $birthdate,
                         \%sophomorix_config,

sophomorix-samba/scripts/sophomorix-passwd

@@ -714,7 +714,7 @@ if ($userlist_count>0 and ($password ne "" or
                     $password=&get_plain_password(
                         $role_AD,
                         $file_AD,
-                        $sophomorix_config{'FILES'}{'USER_FILE'}{$file_AD}{'RANDOM_PWD'}, # yes|no
+                        $sophomorix_config{'FILES'}{'USER_FILE'}{$file_AD}{'RANDOM_PWD'}, # yes|no|birthdate|dice
                         $sophomorix_config{'FILES'}{'USER_FILE'}{$file_AD}{'PWD_LENGTH'}, # length of random pwd
                         $birthdate_AD,
                         \%sophomorix_config,