Re: Bug#364526: debian-installer: Please implement a password-checking module
Hello.
Thanks for people who gave me comments:-)
I wrote a new patch which changed these.
* s/chkpasswd/checkpasswdstrength/
* fix indent.
* rewrote messages in user-setup-udeb.templates.
* default answer is true.
The user has to choose a strong password now in default.
Cheers,
--
/*
* Masami Ichikawa
* mailto: hangar-18@mub.biglobe.ne.jp
* : masami256@gmail.com
*/
Index: functions.sh
===================================================================
--- functions.sh (revision 47268)
+++ functions.sh (working copy)
@@ -39,3 +39,53 @@
return 1
}
+
+# Return a true value if password seems to be strong enough.
+chkpasswdstrength ()
+{
+ user=$1
+ passwd=$2
+
+ user_len=`echo $user | wc -c`
+ passwd_len=`echo $passwd | wc -c`
+
+ # password length should be bigger than four.
+ if test $passwd_len -lt 5; then
+ return 0
+ fi
+
+ # password shouldn't be a login account.
+ if test "$user" = "$passwd"; then
+ return 0
+ fi
+
+ # password shouldn't contain login account.
+ ret=`echo $passwd | grep -ci $user`
+ if test $ret = 1; then
+ if test $passwd_len -ge $user_len; then
+ return 0
+ fi
+ fi
+
+ # The password should be this structure.
+ # 1) contain lower char and upper char
+ # 2) contain lower char and digit
+ # 3) contain upper char and digit
+ # 4) contain lower char and upper char and digit
+
+ ret=`echo $passwd | grep -c [a-z]`
+ num=$ret
+
+ ret=`echo $passwd | grep -c [A-Z]`
+ num=$(($num+$ret))
+
+ ret=`echo $passwd | grep -c [0-9]`
+ num=$(($num+$ret))
+
+ if test $num -lt 2; then
+ return 0
+ fi
+
+ return 1
+
+}
Index: debian/user-setup-udeb.templates
===================================================================
--- debian/user-setup-udeb.templates (revision 47268)
+++ debian/user-setup-udeb.templates (working copy)
@@ -43,6 +43,13 @@
Please enter the same root password again to verify that you have typed it
correctly.
+Template: passwd/chkpasswdstrength
+Type: boolean
+Default: true
+_Description: : Reject weak passwords?
+ Please choose whether you want the entered passwords strength to be
+ checked and passwords found as 'weak' to be rejected.
+
Template: passwd/make-user
Type: boolean
Default: true
@@ -110,6 +117,12 @@
You entered an empty password, which is not allowed.
Please choose a non-empty password.
+Template: user-setup/chkpasswdstrength-bad
+Type: error
+_Description: Weak password
+ choose another password that does contain numbers, upper and lower
+ case characters.
+
Template: passwd/shadow
Type: boolean
Default: true
Index: user-setup-ask
===================================================================
--- user-setup-ask (revision 47268)
+++ user-setup-ask (working copy)
@@ -37,6 +37,8 @@
db_input low passwd/shadow || true
# Ask if root should be allowed to login.
db_input medium passwd/root-login || true
+ # Ask if user wants to check a password
+ db_input low passwd/chkpasswdstrength || true
;;
1)
db_get passwd/root-login
@@ -63,6 +65,9 @@
# root password will be locked
db_set passwd/root-password-again ""
elif ! root_password; then
+ db_get passwd/chkpasswdstrength || true
+ PW_CHK="$RET"
+
# First check whether the root password was preseeded crypted
db_get passwd/root-password-crypted || true
if ! test "$RET" ; then
@@ -78,6 +83,16 @@
STATE=0
continue
fi
+ if [ "$PW_CHK" = true ]; then
+ if `chkpasswdstrength "root" "$ROOT_PW"`; then
+ db_fset user-setup/chkpasswdstrength-bad seen false
+ db_input critical user-setup/chkpasswdstrength-bad
+ db_fset passwd/root-password seen false
+ db_fset passwd/root-password-again seen false
+ STATE=0
+ continue
+ fi
+ fi
db_get passwd/root-password-again
if [ "$ROOT_PW" != "$RET" ]; then
db_fset user-setup/password-mismatch seen false
@@ -192,6 +207,19 @@
STATE=6
continue
fi
+ if [ "$PW_CHK" = true ]; then
+ if `chkpasswdstrength "$USER" "$USER_PW"`; then
+ db_set passwd/user-password ""
+ db_set passwd/user-password-again ""
+ db_fset user-setup/chkpasswdstrength-bad seen false
+ db_input critical user-setup/chkpasswdstrength-bad
+ db_fset passwd/user-password seen false
+ db_fset passwd/user-password-again seen false
+ STATE=6
+ continue
+ fi
+ fi
+
fi
fi
;;
Reply to: