APG v2.3.0b

CHANGES

@@ -1,8 +1,6 @@
-apg-2.2.3
+apg-2.3.0b
-    Fixed version info (-v).
+    Added support for cracklib
-
+    Improved Makefile structure
-apg-2.2.2
-    Fixed permissions for source distribution.
 
 apg-2.2.1
     Changed manpages of apg and apgd.

Makefile

@@ -1,3 +1,62 @@
+##################################################################
+# Directories
+# Install dirs
+INSTALL_PREFIX = /usr/local
+
+# Full default path is /usr/local/bin
+APG_BIN_DIR = /bin
+
+# Full default path is /usr/local/man/man1
+APG_MAN_DIR = /man/man1
+
+# Full default path is /usr/local/sbin
+APGD_BIN_DIR = /sbin
+
+# Full default path is /usr/local/man/man8
+APGD_MAN_DIR = /man/man8
+
+# You should not edit 2 lines below
+APGBFM_CLIBS = -lm
+APG_CLIBS = -lm
+
+##################################################################
+# Support for crypted passwords
+# If you do not want to use crypted passwords output then you must
+# comment the folowing 2 line.
+#
+# NOTE#1: You should comment the line 'APG_CLIBS += -lcrypt' for QNX
+#         RTP 6.1.0, OpenBSD 2.8 and for WIN32.
+#
+# NOTE#2: If ld (linker) could not find `crypt' library try to
+#         replace line
+#           'APG_CLIBS += -lcrypt'
+#         with line
+#           'APG_CLIBS += -lcrypto'
+#         This works on MacOS X
+#
+STANDALONE_OPTIONS += -DAPG_USE_CRYPT
+APG_CLIBS += -lcrypt
+
+##################################################################
+# Support for cracklib
+# NOTE: Cracklib can be found at
+#       http://www.crypticide.org/users/alecm/
+# If you want to use cracklib for password quality check then you
+# must uncomment the folowing 4 lines (you must not do this for WIN32)
+#
+#CRACKLIB_DICTPATH = "/usr/local/lib/pw_dict"
+#STANDALONE_OPTIONS += -DAPG_USE_CRACKLIB '-DCRACKLIB_DICTPATH=${CRACKLIB_DICTPATH}' -I/usr/local/include -L/usr/local/lib
+#CLISERV_OPTIONS += -DAPG_USE_CRACKLIB '-DCRACKLIB_DICTPATH=${CRACKLIB_DICTPATH}' -I/usr/local/include -L/usr/local/lib
+#APG_CLIBS += -lcrack
+
+##################################################################
+# Support for ANSI X9.17/SHA1 PRNG
+# If you want to use SHA1 for random number genetation then you
+# must uncomment the folowing 2 lines
+#
+#STANDALONE_OPTIONS += -DAPG_USE_SHA
+#CLISERV_OPTIONS += -DAPG_USE_SHA
+
 ##################################################################
 # You can modify CC variable if you have compiler other than GCC
 # But the code was designed and tested with GCC
@@ -6,44 +65,7 @@ CC = gcc
 ##################################################################
 # Compilation flags
 # You should comment the line below for AIX+native cc
-FLAGS = -Wall
+CFLAGS = -Wall
-
-##################################################################
-# Libraries
-#
-# You should comment the line below ('LIBS= -lcrypt')for QNX RTP
-# 6.1.0, OpenBSD 2.8 and above, WIN32 (+MinGW)
-LIBS = -lcrypt
-LIBM = -lm
-# Use lines below for cygwin
-# LIBS = 
-# LIBM =
-
-##################################################################
-# Support for crypted passwords
-#
-# DO NOT EDIT THE LINE BELOW !!!
-CRYPTED_PASS = APG_DONOTUSE_CRYPT
-# Coment this if you do not want to use crypted passwords output
-# or trying to build programm for win32
-CRYPTED_PASS = APG_USE_CRYPT
-
-##################################################################
-# Support for ANSI X9.17/SHA1 PRNG
-#
-# DO NOT EDIT THE LINE BELOW !!!
-USE_SHA = APG_USE_SHA
-# Coment this if you want to use PRNG X9.17 with SHA-1
-USE_SHA = APG_DONOTUSE_SHA
-
-##################################################################
-# Directories
-# Install dirs
-INSTALL_PREFIX = /usr/local
-APG_BIN_DIR = /bin
-APG_MAN_DIR = /man/man1
-APGD_BIN_DIR = /sbin
-APGD_MAN_DIR = /man/man8
 
 ####################################################################
 # If you plan to install APG daemon you should look at lines below #
@@ -59,21 +81,32 @@ APGD_MAN_DIR = /man/man8
 # Linux
 #
 # Uncoment line below for LINUX
-#CS_LIBS = -lnsl
+#APG_CS_CLIBS += -lnsl
 
 ####################################################################
 # Solaris
 #
 # Uncoment line below for Solaris
-#CS_LIBS = -lnsl -lsocket
+#APG_CS_CLIBS += -lnsl -lsocket
 
 ####################################################################
 # QNX RTP 6.1.0
 #
 # Uncoment line below for QNX RTP 6.1.0
-#CS_LIBS = -lsocket
+#APG_CS_CLIBS += -lsocket
+
+####################################################################
+####################################################################
+# THE FOLOWING IS USED BY DEVELOPER AND YOU PROBABLY DO NOT NEED TO
+# MODIFY THIS LINE
+# STANDALONE_OPTIONS += -DAPG_DEBUG
+
+####################################################################
+# ======= YOU DO NOT NEED TO MODIFY ANYTHING BELOW THIS LINE =======
+####################################################################
+
+APG_CS_CLIBS += ${APG_CLIBS}
 
-# ====== YOU DO NOT NEED TO MODIFY ANYTHING BELOW THIS LINE ======
 # Find group ID for user root
 FIND_GROUP = `grep '^root:' /etc/passwd | awk -F: '{ print $$4 }'`
 
@@ -89,20 +122,20 @@ OBJECTS = rnd.o ./cast/cast.o pronpass.o randpass.o restrict.o apg.o errors.o
 
 standalone: apg apgbfm
 
-all: cliserv standalone
+all: standalone cliserv
 
 cliserv: apgd apgbfm 
 
 cygwin: standalone
 
 apg:
-	${CC} ${FLAGS} -D${CRYPTED_PASS} -D${USE_SHA} -o ${PROGNAME} ${SOURCES} ${LIBS} ${LIBM}
+	${CC} ${CFLAGS} ${STANDALONE_OPTIONS} -o ${PROGNAME} ${SOURCES} ${APG_CLIBS}
 
 apgd:
-	${CC} ${FLAGS} -DCLISERV -D${USE_SHA} -o ${CS_PROGNAME} ${SOURCES} ${CS_LIBS} ${LIBM}
+	${CC} ${CFLAGS} -DCLISERV ${CLISERV_OPTIONS} -o ${CS_PROGNAME} ${SOURCES} ${APG_CS_CLIBS}
 
 apgbfm:
-	${CC} ${FLAGS} -DAPGBFM -o ${BFM_PROGNAME} ${BFM_SOURCES} ${LIBM}
+	${CC} ${FLAGS} -DAPGBFM -o ${BFM_PROGNAME} ${BFM_SOURCES} ${APGBFM_CLIBS}
 
 strip:
 	strip ${PROGNAME}

README

@@ -1,14 +1,30 @@
-APG v2.2.0 was tested and found working on:
+APG v2.1.0 was tested and found working on:
 
-   i386 FreeBSD 5.0-RELEASE
+   i386 FreeBSD 4.6-RELEASE
    Intel Solaris 8 gcc-2.95.2
-   QNX PRP 6.0
+   SPARC Solaris 8 gcc-2.95.2
    RedHat Linux 7.2
-   Mandrake Linux 9.1
+
-   Win 2000 Pro
+APG v1.2.13 was tested and found working on:
+
+   i386 FreeBSD 4.0-RELEASE
+   NetBSD (reported by Tomasz Luchowski <zuntum@eik.pl>)
+   OpenBSD (reported by Rick VanNorman <rick@neverslow.com>)
+   i386 Linux-Mandrake 6.0
+   i386 Linux-Redhat 7.0
+   i386 Linux-Mandrake 7.2 (reported by Andrew J. Caird <acaird@advance-inc.com>)
+   Intel Solaris 8 gcc-2.95.2
+   SPARC Solaris 8 gcc-2.95.2
+   Intel Windows 2000+CYGWIN v1.1.4
+   HP-UX 10.20 HP ANSI C Compilier (reported by Alexander J Pierce <apierce@boi.hp.com>)
+   HP-UX 11.00 HP ANSI C Compilier (reported by Alexander J Pierce <apierce@boi.hp.com>)
+   HP-UX 11.00 gcc-2.95.2 (reported by Andrew J. Caird <acaird@advance-inc.com>)
+   IRIX 6.5.8 gcc-2.95.2 (reported by Andrew J. Caird <acaird@advance-inc.com>)
+   AIX 4.3.3+native cc (reported by Philip Le Riche <pleriche@uk03.bull.co.uk>) 
+   AIX 4.3.3+gcc (reported by Philip Le Riche <pleriche@uk03.bull.co.uk>) 
 
 NOTE:
-This release (APG v2.2.0) is NOT compatible with TkAPG (Tcl/Tk frontend for APG)
+This release (APG v2.1.0b1) is NOT yet compatible with TkAPG (Tcl/Tk frontend for APG)
 
 Any compatibility reports are welcome 
 

THANKS

@@ -28,3 +28,4 @@ Bartosz Sobolewski - Worthy <worthy@data.pl>
 James Mancini <jmancini@netreo.net>
 Arno Wilhelm <a.wilhelm@phion.com>
 Michael Matthews <mjmatt@qsun.mt.att.com>
+K.-M. Hansche <klaus-martin.hansche@kvberlin.de>

TODO

@@ -5,9 +5,6 @@ Priority Hi:
 
 * Fix some code style or other errors if any.
 
-* Make some kind of configuration file to avoid command
-  line parameter typing.
-
 Priority Medium:
 
 * Include support for some other random number generation

apg.c

@@ -39,9 +39,9 @@
 #include <time.h>
 
 #ifndef APG_USE_SHA
-#define APG_VERSION "2.2.3 (PRNG: X9.17/CAST)"
+#define APG_VERSION "2.3.0b (PRNG: X9.17/CAST)"
 #else /* APG_USE_SHA */
-#define APG_VERSION "2.2.3 (PRNG: X9.17/SHA-1)"
+#define APG_VERSION "2.3.0b (PRNG: X9.17/SHA-1)"
 #endif /* APG_USE_SHA */
 
 #ifdef __NetBSD__
@@ -87,6 +87,24 @@
 #include "getopt.h"
 #include "convert.h"
 
+#if !defined(CLISERV)
+#if !defined(APG_USE_CRYPT) && !defined(APG_USE_CRACKLIB)
+#define APG_PROGRAMM_OPTIONS "M:E:a:r:b:p:sdc:n:m:x:htvlq"
+#elif defined(APG_USE_CRYPT) && !defined(APG_USE_CRACKLIB)
+#define APG_PROGRAMM_OPTIONS "M:E:a:r:b:p:sdc:n:m:x:htvylq"
+#elif !defined(APG_USE_CRYPT) && defined(APG_USE_CRACKLIB)
+#define APG_PROGRAMM_OPTIONS "M:E:a:r:b:p:sdc:n:m:x:htvklq"
+#elif defined(APG_USE_CRYPT) && defined(APG_USE_CRACKLIB)
+#define APG_PROGRAMM_OPTIONS "M:E:a:r:b:p:sdc:n:m:x:htvyklq"
+#endif /* CRYPT,CRACKLIB */
+#else /* CLISERV */
+#if defined(APG_USE_CRACKLIB)
+#define APG_PROGRAMM_OPTIONS "M:E:a:r:b:p:n:m:x:vkt"
+#else /* CRACKLIB */
+#define APG_PROGRAMM_OPTIONS "M:E:a:r:b:p:n:m:x:vt"
+#endif /* CRACKLIB */
+#endif /* CLUSERV */
+
  struct pass_m {
         unsigned int pass;	         /* password generation mode        */
         unsigned int filter;	         /* password generation mode        */
@@ -139,6 +157,9 @@ main (int argc, char *argv[])
  UINT32 user_defined_seed = 0L;          /* user defined random seed        */
  int user_defined_seed_present = FALSE;  /* user defined random seed flag   */
  char *str_mode;                         /* string mode pointer             */
+#ifdef APG_USE_CRACKLIB
+ unsigned int cracklib_restrict_present = FALSE;
+#endif /* APG_USE_CRACKLIB*/
 #ifndef CLISERV
  char *com_line_seq;
  char *spell_pass_string;
@@ -148,6 +169,7 @@ main (int argc, char *argv[])
  char *crypt_string;
  unsigned int show_crypt_text = FALSE;   /* display crypt(3)'d text flag    */
 #endif /* APG_USE_CRYPT */
+
 #endif /* CLISERV */
 #ifdef CLISERV
 #if defined(sgi) || defined(__APPLE__) || defined(__QNX__) /* Thanks to Andrew J. Caird */
@@ -175,18 +197,14 @@ main (int argc, char *argv[])
  syslog (LOG_INFO, "password generation request from %s.%d\n", peer_ip, htons(cliaddr->sin_port));
 #endif /* CLISERV */
 
+#if defined(APG_DEBUG)
+ fprintf (stdout,"APG_PROGRAMM_OPTIONS--> %s\n\n", APG_PROGRAMM_OPTIONS);
+ fflush (stdout);
+#endif
  /*
  ** Analize options
  */
-#ifndef CLISERV
+ while ((option = apg_getopt (argc, argv, APG_PROGRAMM_OPTIONS)) != -1)
-#ifdef APG_USE_CRYPT
- while ((option = apg_getopt (argc, argv, "M:E:a:r:b:p:sdc:n:m:x:htvylq")) != -1)
-#else /* APG_USE_CRYPT */
- while ((option = apg_getopt (argc, argv, "M:E:a:r:b:p:sdc:n:m:x:htvlq")) != -1)
-#endif /* APG_USE_CRYPT */
-#else /* CLISERV */
- while ((option = apg_getopt (argc, argv, "M:E:a:r:b:p:n:m:x:vt")) != -1)
-#endif /* CLISERV */
   {
    switch (option)
     {
@@ -225,6 +243,14 @@ main (int argc, char *argv[])
       min_substr_len = atoi (apg_optarg);
       paranoid_bloom_restrict_present = TRUE;
       break;
+#if !defined(WIN32) && !defined(_WIN32) && !defined(__WIN32) && !defined(__WIN32__)
+#if defined(APG_USE_CRACKLIB)
+     case 'k': /* cracklib password check */
+      restrictions_present = TRUE;
+      cracklib_restrict_present = TRUE;
+      break;
+#endif /* CRACKLIB */
+#endif /* WIN32 */
 #ifndef CLISERV
      case 'l':
       spell_present = TRUE;
@@ -353,6 +379,14 @@ main (int argc, char *argv[])
 	      restrict_res = paranoid_bloom_check_pass(pass_string, restrictions_file, min_substr_len);
 	   }
 	 }
+#if !defined(WIN32) && !defined(_WIN32) && !defined(__WIN32) && !defined(__WIN32__)
+#if defined(APG_USE_CRACKLIB)
+        /* Cracklib check */
+	if (restrict_res == 0)
+	 if(cracklib_restrict_present == TRUE)
+	  restrict_res = cracklib_check_pass (pass_string, CRACKLIB_DICTPATH);
+#endif /* APG_USE_CRACKLIB */
+#endif /* WIN32 */
 	 /* Dictionary check */
 	if (restrict_res == 0)
 	 if (plain_restrictions_present == TRUE)
@@ -464,6 +498,14 @@ main (int argc, char *argv[])
 	      restrict_res = paranoid_bloom_check_pass(pass_string, restrictions_file, min_substr_len);
 	   }
 	 }
+#if !defined(WIN32) && !defined(_WIN32) && !defined(__WIN32) && !defined(__WIN32__)
+#if defined(APG_USE_CRACKLIB)
+        /* Cracklib check */
+	if (restrict_res == 0)
+	 if(cracklib_restrict_present == TRUE)
+	  restrict_res = cracklib_check_pass (pass_string, CRACKLIB_DICTPATH);
+#endif /* APG_USE_CRACKLIB */
+#endif /* WIN32 */
 	 /* Dictionary check */
 	if (restrict_res == 0)
 	 if (plain_restrictions_present == TRUE)
@@ -627,6 +669,11 @@ print_help (void)
  printf ("-b filter_file  apply bloom filter check against filter_file\n");
  printf ("                (filter_file should be created with apgbfm(1) utility)\n");
  printf ("-p substr_len   paranoid modifier for bloom filter check\n");
+#if !defined(WIN32) && !defined(_WIN32) && !defined(__WIN32) && !defined(__WIN32__)
+#ifdef APG_USE_CRACKLIB
+ printf ("-k              apply cracklib ckeck\n");
+#endif /* APG_USE_CRYPT */
+#endif /* WIN32 */
  printf ("-a algorithm    choose algorithm\n");
  printf ("                 1 - random password generation according to\n");
  printf ("                     password modes\n");

apgbfm.c

@@ -35,7 +35,7 @@
 #include "getopt.h"
 
 
-#define VERSION    "2.2.3"
+#define VERSION    "2.3.0b"
 
 
 #define FOUND "FOUND"

bloom.h

@@ -40,7 +40,7 @@
 #include <string.h>
 #if !defined(WIN32) && !defined(_WIN32) && !defined(__WIN32) && !defined(__WIN32__)
 #include <strings.h>
-#endif
+#endif /* WIN32 */
 #include <math.h>
 
 #include "sha/sha.h"

convert.c

@@ -31,7 +31,8 @@
 #include <string.h>
 #if !defined(WIN32) && !defined(_WIN32) && !defined(__WIN32) && !defined(__WIN32__)
 #include <strings.h>
-#endif
+#endif /* WIN32 */
+
 #ifndef APGBFM
 # include "errs.h"
 # include "randpass.h"

doc/man/apg.1

@@ -13,7 +13,7 @@ apg
 [\fB-n num_of_pass\fP] [\fB-m min_pass_len\fP] [\fB-x max_pass_len\fP]
 [\fB-r\fP \fIdictfile\fP] [\fB-b\fP \fIfilter_file\fP] [\fB-p min_substr_len\fP]
 [\fB-s\fP] [\fB-c cl_seed\fP] [\fB-d\fP] [\fB-y\fP] [\fB-l\fP] [\fB-t\fP]
-[\fB-q\fP] [\fB-h\fP] [\fB-v\fP]
+[\fB-k\fP] [\fB-q\fP] [\fB-h\fP] [\fB-v\fP]
 .PP
 .SH DESCRIPTION
 .B apg
@@ -189,6 +189,10 @@ that will look like this
 .RE
 .SS "Password quality control options"
 .TP
+.B -k
+check every generated password using \fBcracklib\fP. To use this ability you must
+enable cracklib support during programm building.
+.TP
 .B -r \fIdictfile\fP
 check generated passwords for their appearance in 
 .I dictfile

doc/man/apgd.8

@@ -11,7 +11,7 @@ apgd
 .B apgd
 [\fB-a algorithm\fP] [\fB-M mode\fP] [\fB-E char_string\fP]
 [\fB-n num_of_pass\fP] [\fB-m min_pass_len\fP] [\fB-x max_pass_len\fP]
-[\fB-r\fP \fIdictfile\fP] [\fB-b\fP \fIfilter_file\fP] [\fB-p min_substr_len\fP]
+[\fB-r\fP \fIdictfile\fP] [\fB-b\fP \fIfilter_file\fP] [\fB-p min_substr_len\fP] [\fB-k\fP]
 [\fB-t\fP] [\fB-l\fP]
 .PP
 .SH DESCRIPTION
@@ -225,6 +225,10 @@ that will look like this
 .RE
 .SS "Password quality control options"
 .TP
+.B -k
+check every generated password using \fBcracklib\fP. To use this ability you must
+enable cracklib support during programm building.
+.TP
 .B -r \fIdictfile\fP
 check generated passwords for their appearance in 
 .B dictfile

doc/man/wapg.txt

@@ -1,19 +1,19 @@
-WAPG(1)                           User Manual                          WAPG(1)
+WAPG                              User Manual                             WAPG
 
 
 
 NAME
-       WAPG - generates several random passwords
+       apg - generates several random passwords
 
 
 SYNOPSIS
-       WAPG  [-a  algorithm]  [-M  mode]  [-E char_string] [-n num_of_pass] [-m
+       apg  [-a  algorithm]  [-M  mode]  [-E char_string] [-n num_of_pass] [-m
        min_pass_len] [-x max_pass_len]  [-r  dictfile]  [-b  filter_file]  [-p
        min_substr_len] [-c  cl_seed] [-d] [-l] [-t] [-q] [-h] [-v]
 
 
 DESCRIPTION
-       WAPG generates several random passwords. It uses several password gener-
+       apg generates several random passwords. It uses several password gener-
        ation  algorithms  (currently  two) and a built-in pseudo random number
        generator.
 
@@ -36,23 +36,39 @@ DESCRIPTION
        with precision of microseconds (see  gettimeofday(2))  and  /dev/random
        (if available) to produce initial random seed.
 
-       WAPG also have the ability to check  generated  password  quality  using
+       apg  also  have  the  ability to check generated password quality using
        dictionary. You can  use  this  ability  if  you  specify  command-line
        options  -r  dictfile or -b filtername where dictfile is the dictionary
        file name and filtername is the name of Bloom filter file. In that dic-
        tionary  you  may  place words (one per line) that should not appear as
        generated passwords. For example: user names, common  words,  etc.  You
        even can use one of the dictionaries that come with dictionary password
-       crackers.   Bloom  filter file should be created with WAPGbfm(1) utility
+       crackers.  Bloom filter file should be created with  apgbfm(1)  utility
-       included in WAPG distribution. These  checks  are  case  sensitive.  For
+       included  in  apg  distribution. In future releases I plan to implement
-       example,  if you want to reject word 'root', you should insert in dict-
+       some other techniques to check passwords (like pattern check)  just  to
-       file words: root, Root, RoOt, ... , ROOT. It is not the easiest way  to
+       make life easier.
-       check  password  quality,  but  it  is the most powerful way. In future
-       releases I plan to implement some other techniques to  check  passwords
-       (like pattern check) just to make life easier.
 
 
 OPTIONS
+   Password generation modes options
+       -a algorithm
+              use algorithm for password generation.
+              0 - (default) pronounceable password generation
+              1 - random character password generation
+
+       -n num_of_pass
+              generate num_of_pass number of passwords. Default is 6.
+
+       -m min_pass_len
+              generate   password   with   minimum  length  min_pass_len.   If
+              min_pass_len > max_pass_len then  max_pass_len  =  min_pass_len.
+              Default minimum password length is 8.
+
+       -x max_pass_len
+              generate   password   with   maximum  length  max_pass_len.   If
+              min_pass_len > max_pass_len then  max_pass_len  =  min_pass_len.
+              Default maximum password length is 10.
+
        -M mode
               Use  symbolsets  specified  with  mode  for password generation.
               mode is a text string consisting of characters S, s, N, n, C, c,
@@ -93,11 +109,6 @@ OPTIONS
               Examples:
               -M sncl or -M SNCL or -M Cn
 
-       -a algorithm
-              use algorithm for password generation.
-              0 - (default) pronounceable password generation
-              1 - random character password generation
-
        -E char_string
               exclude characters in char_string from password generation  pro-
               cess  (in  pronounceable  password  generation  mode you can not
@@ -107,53 +118,43 @@ OPTIONS
 
               Examples:
 
-              Command WAPG -a 1 -M n -n 3 -m 8 -e 23456789 will generate a  set
+              Command apg -a 1 -M n -n 3 -m 8 -E 23456789 will generate a  set
               of passwords that will look like this
               10100110
               01111000
               11011101
 
-              Command  WAPG  -a 1 -M nc -n 3 -m 26 -e GHIJKLMNOPQRSTUVWXYZ will
+              Command  apg  -a 1 -M nc -n 3 -m 26 -E GHIJKLMNOPQRSTUVWXYZ will
               generate a set of passwords that will look like this
               16A1653CD4DE5E7BD9584A3476
               C8F78E06944AFD57FB9CB882BC
               8C8DF37CD792D36D056BBD5002
 
+   Password quality control options
        -r dictfile
               check generated passwords for their appearance in dictfile
 
        -b filter_file
               check  generated  passwords for their appearance in filter_file.
-              filter_file should be created with WAPGBFM utility.
+              filter_file should be created with apgbfm(1) utility.
 
        -p min_substr_len
-              this  option tells WAPG  to  check every substring of the gener-
+              this option tells apg(1) to check every substring of the  gener-
               ated password for appearance in filter_file. If any of such sub-
-              strings  would  be  found  in  the  filter_file  then  generated
+              strings would be found in the filter_file then  generated  pass-
-              password would be rejected and WAPG  will  generate another one.
+              word  would  be  rejected  and apg(1) will generate another one.
               min_substr_len specifies  minimum  substring  length  to  check.
               This option is active only if -b option is defined.
 
+   Pseudo random number generator options
        -c cl_seed
               use  cl_seed  as a random seed for password generation. I use it
               when i have to generate passwords in a shell script.
 
+   Password output options
        -d     do NOT use any delimiters between generated passwords. I use  it
               when i have to generate passwords in a shell script.
 
-       -n num_of_pass
-              generate num_of_pass number of passwords. Default is 6.
-
-       -m min_pass_len
-              generate  password  with  minimum   length   min_pass_len.    If
-              min_pass_len  >  max_pass_len  then max_pass_len = min_pass_len.
-              Default minimum password length is 8.
-
-       -x max_pass_len
-              generate  password  with  maximum   length   max_pass_len.    If
-              min_pass_len  >  max_pass_len  then max_pass_len = min_pass_len.
-              Default maximum password length is 10.
-
        -q     quiet mode (do not print warnings)
 
        -l     spell genetated passwords. Useful when you want to  read  gener-
@@ -167,10 +168,13 @@ OPTIONS
        -v     print version information and exit
 
 DEFAULT OPTIONS
-       WAPG -a 0 -M sncl -n 6 -x 10 -m 8 (new style)
+       apg -a 0 -M sncl -n 6 -x 10 -m 8 (new style)
+
+       If  you want to generate really secure passwords, you should use option
+       -s.
 
 EXIT CODE
-       On successful completion of its task, WAPG will complete with exit  code
+       On  successful completion of its task, apg will complete with exit code
        0.  An exit code of -1 indicates an error occurred.  Textual errors are
        written to the standard error stream.
 
@@ -181,12 +185,12 @@ BUGS
        None.   If you've found one, please send bug description to the author.
 
 SEE ALSO
-       WAPGBFM.TXT
+       wapgbfm.txt
 
 AUTHOR
        Adel I. Mirzazhanov, <a-del@iname.com>
-       Project home page: http://www.adel.nursat.kz/WAPG/
+       Project home page: http://www.adel.nursat.kz/apg/
 
 
 
-Automated Password Generator      2003 Jun 19                           WAPG(1)
+Automated Password Generator      2003 Aug 04                             WAPG

doc/man/wapgbfm.txt

@@ -1,25 +1,25 @@
-WAPGBFM                           User Manual                          WAPGBFM
+APGBFM(1)                         User Manual                        APGBFM(1)
 
 
 
 NAME
-       WAPGBFM - APG Bloom filter management program
+       apgbfm - APG Bloom filter management program
 
 
 SYNOPSIS
-       WAPGBFM -f filter -n numofwords [-q] [-s]
+       apgbfm -f filter -n numofwords [-q] [-s]
-       WAPGBFM -f filter -d dictfile [-q] [-s]
+       apgbfm -f filter -d dictfile [-q] [-s]
-       WAPGBFM -f filter -a word [-q]
+       apgbfm -f filter -a word [-q]
-       WAPGBFM -f filter -A dictfile [-q]
+       apgbfm -f filter -A dictfile [-q]
-       WAPGBFM -f filter -c word [-q]
+       apgbfm -f filter -c word [-q]
-       WAPGBFM -f filter -C dictfile [-q]
+       apgbfm -f filter -C dictfile [-q]
-       WAPGBFM -i filter
+       apgbfm -i filter
-       WAPGBFM [-v] [-h]
+       apgbfm [-v] [-h]
 
 
 DESCRIPTION
-       WAPGBFM is used to manage Bloom filter that is used to restrict password
+       apgbfm is used to manage Bloom filter that is used to restrict password
-       generation in WAPG pasword generation software. Usage of the Bloom  fil-
+       generation in APG pasword generation software. Usage of the Bloom  fil-
        ter  allows  to  speed up password check for large dictionaries and has
        some other benefits.
 
@@ -32,13 +32,13 @@ DESCRIPTION
        It has very nice description of Bloom filter and  it's  advantages  for
        password checking systems.
 
-       In simple words, WAPGBFM generates n hash values for every word and sets
+       In simple words, apgbfm generates n hash values for every word and sets
-       corresponding bits in filter file to 1. To check the word WAPGBFM gener-
+       corresponding bits in filter file to 1. To check the word apgbfm gener-
        ates  the  same hash functions for that word and if all n corresponding
        bits in filter file are set to 1 then it suppose that  word  exists  in
-       dicionary.  WAPGBFM uses SHA-1 as a hash function.
+       dicionary.  apgbfm uses SHA-1 as a hash function.
 
-       WAPGBFM can be used as standalone utility, not only with apg, or apgd.
+       apgbfm can be used as standalone utility, not only with apg, or apgd.
 
 
        WARNING !!!
@@ -46,7 +46,7 @@ DESCRIPTION
               make file formats compatible but i can not guaranty this.
 
        WARNING !!!
-              WAPGBFM may slow down your computer during filter creation.
+              apgbfm may slow down your computer during filter creation.
 
 OPTIONS
        -f filter
@@ -68,7 +68,7 @@ OPTIONS
               password crackers.  This check is case sensitive.  For  example,
               if you want to reject word 'root', you should insert in dictfile
               words: root, Root, RoOt, ... , ROOT.  To indicate  that  program
-              is  working  WAPGBFM prints dot for every 100 words added in dic-
+              is  working  apgbfm prints dot for every 100 words added in dic-
               tionary.
 
        -a word
@@ -76,7 +76,7 @@ OPTIONS
 
        -A dictfile
               add all words from dictfile to the filter. To indicate that pro-
-              gram  is  working WAPGBFM prints dot for every 100 words added in
+              gram  is  working apgbfm prints dot for every 100 words added in
               dictionary.
 
        -c word
@@ -94,7 +94,7 @@ OPTIONS
        -h     print help information.
 
 EXIT CODE
-       On successful completion of its task, WAPGBFM will  complete  with  exit
+       On successful completion of its task, apgbfm will  complete  with  exit
        code  0.   An  exit  code  of  -1 indicates an error occurred.  Textual
        errors are written to the standard error stream.
 
@@ -104,8 +104,10 @@ FILES
 BUGS
        None.  If you've found one, please send bug description to the  author.
 
+       This man page is Alpha too.
+
 SEE ALSO
-       WAPG.TXT
+       apgd(8), apg(1)
 
 AUTHOR
        Adel I. Mirzazhanov, <a-del@iname.com>
@@ -113,4 +115,4 @@ AUTHOR
 
 
 
-Automated Password Generator      2003 Jun 19                          WAPGBFM
+Automated Password Generator      2003 Jun 19                        APGBFM(1)

pronpass.c

@@ -39,7 +39,7 @@
 #include <string.h>
 #if !defined(WIN32) && !defined(_WIN32) && !defined(__WIN32) && !defined(__WIN32__)
 #include <strings.h> 
-#endif
+#endif /* WIN32 */
 #include <time.h>
 #include <sys/types.h>
 #include "pronpass.h"

randpass.c

@@ -36,7 +36,7 @@
 #include <time.h>
 #if !defined(WIN32) && !defined(_WIN32) && !defined(__WIN32) && !defined(__WIN32__)
 #include <pwd.h>
-#endif
+#endif /* WIN32 */
 #include <unistd.h>
 #include "randpass.h"
 

restrict.c

@@ -184,6 +184,38 @@ paranoid_bloom_check_pass (char * password, char *filter, USHORT s_len)
  return(0);
 }
 
+
+#if defined(APG_USE_CRACKLIB)
+/*
+** cracklib_check_pass() - check password against cracklib.
+** INPUT:
+**   char * - password to check.
+**   char * - cracklib dict.
+** OUTPUT:
+**   int
+**    -1 - error 
+**     1 - password does not pass this check
+**     0 - password does pass this check
+** NOTES:
+**   none.
+*/
+int
+cracklib_check_pass(char *pw, char *dictpath)
+{
+ char * msg;
+ msg = FascistCheck(pw,dictpath);
+ if (msg == NULL) return (0);
+ else
+  {
+#ifdef APG_DEBUG
+   fprintf(stdout,"cracklib_check_pass: password --> %s rejected (%s)\n", pw, msg);
+   fflush(stdout);
+#endif
+   return (1);
+  }
+}
+#endif
+
 /*
 ** filter_check_pass() - routine that checks password against filter string
 **

restrict.h

@@ -33,13 +33,21 @@
 #ifndef APG_RESTRICT_H
 #define APG_RESTRICT_H	1
 
+#if defined(APG_USE_CRACKLIB)
+#include <packer.h>
+#endif
+
 #include "bloom.h"
 #include "randpass.h"
+
 #define MAX_DICT_STRING_SIZE	255
 int check_pass(char * pass, char *dict);
 int bloom_check_pass (char *word, char *filter);
 int paranoid_bloom_check_pass (char * password, char *filter, USHORT s_len);
 int filter_check_pass(const char * word, unsigned int cond);
 int set_exclude_list(const char * char_string);
+#if defined(APG_USE_CRACKLIB)
+int cracklib_check_pass(char *pw, char *dictpath);
+#endif
 
 #endif /* APG_RESTRICT_H */

rnd.c

@@ -31,7 +31,7 @@
 #include <stdlib.h>
 #if !defined(WIN32) && !defined(_WIN32) && !defined(__WIN32) && !defined(__WIN32__)
 #include <strings.h>
-#endif
+#endif /* WIN32 */
 #include <string.h>
 #include <unistd.h>
 #include <sys/types.h>
@@ -130,7 +130,11 @@ u8 ro_key[16] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
 UINT32
 x917sha1_rnd (void)
 {
+#if !defined(WIN32) && !defined(_WIN32) && !defined(__WIN32) && !defined(__WIN32__)
  struct timeval local_time;
+#else
+ clock_t local_time[2]; /* clock ticks for win32 */
+#endif
  UINT32 I[2] = {0L,0L};
  UINT32 I_plus_s[2] = {0L,0L};
  UINT32 Xi[2] = {0L,0L};
@@ -139,7 +143,12 @@ x917sha1_rnd (void)
  BYTE hash [SHA_DIGESTSIZE];
  apg_SHA_INFO shaInfo;
 
+#if !defined(WIN32) && !defined(_WIN32) && !defined(__WIN32) && !defined(__WIN32__)
  (void) gettimeofday (&local_time, 0);
+#else
+ local_time[0] = clock();
+ local_time[1] = clock();
+#endif
  apg_shaInit ( &shaInfo );
  apg_shaUpdate ( &shaInfo, (BYTE *)&local_time, 8);
  apg_shaFinal ( &shaInfo, hash );