iomarmochtar/check_weak_passwd.php

## check_weak_passwd.php
#!/usr/clearos/sandbox/usr/bin/php

<?php

/**
 * Scan user weak password based on lists for ClearOS 6 and using OpenLDAP as directory server
 * @author Imam Omar Mochtar <iomarmochtar@gmail.com>
**/

//error_reporting(-1);


$bootstrap = getenv('CLEAROS_BOOTSTRAP') ? getenv('CLEAROS_BOOTSTRAP') : '/usr/clearos/framework/shared';
require_once $bootstrap . '/bootstrap.php';

use \clearos\apps\openldap_directory\OpenLDAP as OpenLDAP;
use \clearos\apps\openldap_directory\Utilities as Utilities;
use \clearos\apps\openldap_directory\User_Driver as User_Driver;

use \clearos\apps\ldap\LDAP_Utilities as LDAP_Utilities;


clearos_load_library('openldap_directory/Utilities');
clearos_load_library('openldap_directory/User_Driver');
clearos_load_library('openldap_directory/OpenLDAP');
clearos_load_library('ldap/LDAP_Utilities');


// CUSTOMIZE HERE
$sleep_time = 0.5;
$result_file = '/tmp/list_weak_passwd.txt';
$weak_passwd_list = '/usr/clearos/apps/users/libraries/custom_weak_passwd_list.php';

$base_dn = OpenLDAP::get_users_container();
$ldaph = Utilities::get_ldap_handle();

$result = $ldaph->search('uid=*', $base_dn);
$entry = $ldaph->get_first_entry($result);
$passwds = require_once($weak_passwd_list);
$weak_list = array();


echo "Total password to check ".count($passwds)."\n";
while ($entry){
	$attrs = $ldaph->get_attributes($entry);
	$uid = $attrs['uid'][0];
	$entry = $ldaph->next_entry($entry);
	$user = new User_Driver($uid);

	if (!isset($attrs['userPassword'][0]))
		continue;

	$sha_pwd = $attrs['userPassword'][0];

  foreach($passwds as $passwd){
		$passwd = '{sha}'.LDAP_Utilities::calculate_sha_password($passwd);

		//echo "$sha_pwd -- $passwd\n";
		if ($sha_pwd != $passwd)
			continue;

		echo "$uid is using weak password\n";
		$weak_list[] = $uid;
    break;
  }
  sleep($sleep_time);
}

file_put_contents($result_file, implode("\n", $weak_list));
echo "List of user using weak password stored in $result_file \n";
	#!/usr/clearos/sandbox/usr/bin/php

	<?php

	/**
	* Scan user weak password based on lists for ClearOS 6 and using OpenLDAP as directory server
	* @author Imam Omar Mochtar <iomarmochtar@gmail.com>
	**/

	//error_reporting(-1);


	$bootstrap = getenv('CLEAROS_BOOTSTRAP') ? getenv('CLEAROS_BOOTSTRAP') : '/usr/clearos/framework/shared';
	require_once $bootstrap . '/bootstrap.php';

	use \clearos\apps\openldap_directory\OpenLDAP as OpenLDAP;
	use \clearos\apps\openldap_directory\Utilities as Utilities;
	use \clearos\apps\openldap_directory\User_Driver as User_Driver;

	use \clearos\apps\ldap\LDAP_Utilities as LDAP_Utilities;


	clearos_load_library('openldap_directory/Utilities');
	clearos_load_library('openldap_directory/User_Driver');
	clearos_load_library('openldap_directory/OpenLDAP');
	clearos_load_library('ldap/LDAP_Utilities');


	// CUSTOMIZE HERE
	$sleep_time = 0.5;
	$result_file = '/tmp/list_weak_passwd.txt';
	$weak_passwd_list = '/usr/clearos/apps/users/libraries/custom_weak_passwd_list.php';

	$base_dn = OpenLDAP::get_users_container();
	$ldaph = Utilities::get_ldap_handle();

	$result = $ldaph->search('uid=*', $base_dn);
	$entry = $ldaph->get_first_entry($result);
	$passwds = require_once($weak_passwd_list);
	$weak_list = array();


	echo "Total password to check ".count($passwds)."\n";
	while ($entry){
	$attrs = $ldaph->get_attributes($entry);
	$uid = $attrs['uid'][0];
	$entry = $ldaph->next_entry($entry);
	$user = new User_Driver($uid);

	if (!isset($attrs['userPassword'][0]))
	continue;

	$sha_pwd = $attrs['userPassword'][0];

	foreach($passwds as $passwd){
	$passwd = '{sha}'.LDAP_Utilities::calculate_sha_password($passwd);

	//echo "$sha_pwd -- $passwd\n";
	if ($sha_pwd != $passwd)
	continue;

	echo "$uid is using weak password\n";
	$weak_list[] = $uid;
	break;
	}
	sleep($sleep_time);
	}

	file_put_contents($result_file, implode("\n", $weak_list));
	echo "List of user using weak password stored in $result_file \n";