Bug#364526: debian-installer: Please implement a password-checking module

To: 364526@bugs.debian.org
Subject: Bug#364526: debian-installer: Please implement a password-checking module
From: Masami Ichikawa <masami256@gmail.com>
Date: Sat, 16 Jun 2007 21:41:24 +0900
Message-id: <[🔎] 4673DA74.50109@gmail.com>
Reply-to: Masami Ichikawa <masami256@gmail.com>, 364526@bugs.debian.org

Hello.

I wrote a password checking feature implement by shell script in function.sh.
I attached a patch which name is passwd_check.patch.

This logic checks these.
1. The password length should be more than four.
2. The password shouldn't equal login account.
3. The password shouldn't contain login account.
 e.g. root's password doesn't allow these password.
      "root123"
      "123Root"
      "1ROOT23"
4. The password should contain lower cases, upper cases, numbers.

I'm not sure that people wants to use it.
so, I set a debconf priority low.

Cheers,
-- 
/*
 * Masami Ichikawa
 * mailto: hangar-18@mub.biglobe.ne.jp
 *       : masami256@gmail.com
 */

Index: functions.sh
===================================================================
--- functions.sh	(revision 47257)
+++ functions.sh	(working copy)
@@ -39,3 +39,53 @@
 
 	return 1
 }
+
+# Returns a true value if password seems to be a safety.
+chkpasswd ()
+{
+    user=$1
+    passwd=$2
+
+    user_len=`echo $user | wc -c`
+    passwd_len=`echo $passwd | wc -c`
+
+    # password length should be bigger than four.
+    if test $passwd_len -lt 5; then
+	return 0
+    fi
+
+    # password shouldn't be a login account.
+    if test "$user" = "$passwd"; then
+	return 0
+    fi
+
+    # password shouldn't contain login account.
+    ret=`echo $passwd | grep -ci $user`
+    if test $ret = 1; then
+	if test $passwd_len -ge $user_len; then 
+	    return 0
+	fi
+    fi
+
+    # The password should be this structure.
+    # 1) contain lower char and upper char
+    # 2) contain lower char and digit
+    # 3) contain upper char and digit
+    # 4) contain lower char and upper char and digit
+
+    ret=`echo $passwd | grep -c [a-z]`
+    num=$ret
+
+    ret=`echo $passwd | grep -c [A-Z]`
+    num=$(($num+$ret))
+
+    ret=`echo $passwd | grep -c [0-9]`
+    num=$(($num+$ret))
+
+    if test $num -lt 2; then
+	return 0
+    fi
+
+    return 1
+
+}
Index: debian/user-setup-udeb.templates
===================================================================
--- debian/user-setup-udeb.templates	(revision 47257)
+++ debian/user-setup-udeb.templates	(working copy)
@@ -43,6 +43,12 @@
  Please enter the same root password again to verify that you have typed it
  correctly.
 
+Template: passwd/chkpasswd
+Type: boolean
+Default: false
+_Description: : Check a password?
+ Safety password will make secure system.
+
 Template: passwd/make-user
 Type: boolean
 Default: true
@@ -110,6 +116,12 @@
  You entered an empty password, which is not allowed.
  Please choose a non-empty password.
 
+Template: user-setup/chkpasswd-bad
+Type: error
+_Description: The password does not seem safety.
+ The password you entered is not look safety. 
+ Please mix the capital letter, the small letter, and numbers with the password. 
+
 Template: passwd/shadow
 Type: boolean
 Default: true
Index: user-setup-ask
===================================================================
--- user-setup-ask	(revision 47257)
+++ user-setup-ask	(working copy)
@@ -37,6 +37,8 @@
 		db_input low passwd/shadow || true
 		# Ask if root should be allowed to login.
 		db_input medium passwd/root-login || true
+		# Ask if user wants to check a password
+		db_input low passwd/chkpasswd || true
 	;;
 	1)
 		db_get passwd/root-login
@@ -63,6 +65,9 @@
 			# root password will be locked
 			db_set passwd/root-password-again ""
 		elif ! root_password; then
+		        db_get passwd/chkpasswd || true
+			PW_CHK="$RET"
+
 			# First check whether the root password was preseeded crypted
 			db_get passwd/root-password-crypted || true
 			if ! test "$RET" ; then
@@ -78,6 +83,16 @@
 					STATE=0
 					continue
 				fi
+				if [ "$PW_CHK" = true ]; then
+				        if `chkpasswd "root" "$ROOT_PW"`; then
+					    db_fset user-setup/chkpasswd-bad seen false
+					    db_input critical user-setup/chkpasswd-bad
+					    db_fset passwd/root-password seen false
+					    db_fset passwd/root-password-again seen false
+					    STATE=0
+					    continue
+					fi		
+				fi
 				db_get passwd/root-password-again
 				if [ "$ROOT_PW" != "$RET" ]; then
 					db_fset user-setup/password-mismatch seen false
@@ -192,6 +207,19 @@
 					STATE=6
 					continue
 				fi
+				if [ "$PW_CHK" = true ]; then
+				        if `chkpasswd "$USER" "$USER_PW"`; then
+					    db_set passwd/user-password ""
+					    db_set passwd/user-password-again ""
+					    db_fset user-setup/chkpasswd-bad seen false
+					    db_input critical user-setup/chkpasswd-bad
+					    db_fset passwd/user-password seen false
+					    db_fset passwd/user-password-again seen false
+					    STATE=6
+					    continue
+					fi		
+				fi
+
 			fi
 		fi
 	;;

Reply to:

Follow-Ups:
- Bug#364526: debian-installer: Please implement a password-checking module
  - From: Otavio Salvador <otavio@debian.org>
- Bug#364526: debian-installer: Please implement a password-checking module
  - From: stappers@stappers.nl (Geert Stappers)
- Bug#364526: debian-installer: Please implement a password-checking module
  - From: Christian Perrier <bubulle@debian.org>

Prev by Date: Bug#428906: instalation-report: Won't allow me to create root partition as jfs
Next by Date: Bug#364526: debian-installer: Please implement a password-checking module
Previous by thread: FAUMachine for testing LTSP and d-i
Next by thread: Bug#364526: debian-installer: Please implement a password-checking module
Index(es):
- Date
- Thread