Re: Bug#364526: debian-installer: Please implement a password-checking module

To: 364526@bugs.debian.org
Cc: debian-boot@lists.debian.org
Subject: Re: Bug#364526: debian-installer: Please implement a password-checking module
From: Masami Ichikawa <masami256@gmail.com>
Date: Sun, 17 Jun 2007 21:21:49 +0900
Message-id: <[🔎] 4675275D.3060301@gmail.com>
In-reply-to: <[🔎] 20070616141021.GY19093@kheops.homeunix.org>
References: <[🔎] 4673DA74.50109@gmail.com> <[🔎] 20070616141021.GY19093@kheops.homeunix.org>

Hello.

Thanks for people who gave me comments:-)
I wrote a new patch which changed these.

* s/chkpasswd/checkpasswdstrength/
* fix indent.
* rewrote messages in user-setup-udeb.templates.
* default answer is true.
  The user has to choose a strong password now in default.

Cheers,
-- 
/*
 * Masami Ichikawa
 * mailto: hangar-18@mub.biglobe.ne.jp
 *       : masami256@gmail.com
 */

Index: functions.sh
===================================================================
--- functions.sh	(revision 47268)
+++ functions.sh	(working copy)
@@ -39,3 +39,53 @@
 
 	return 1
 }
+
+# Return a true value if password seems to be strong enough.
+chkpasswdstrength ()
+{
+	user=$1
+	passwd=$2
+
+	user_len=`echo $user | wc -c`
+	passwd_len=`echo $passwd | wc -c`
+
+	# password length should be bigger than four.
+	if test $passwd_len -lt 5; then
+		return 0
+	fi
+
+	# password shouldn't be a login account.
+	if test "$user" = "$passwd"; then
+		return 0
+	fi
+
+	# password shouldn't contain login account.
+	ret=`echo $passwd | grep -ci $user`
+	if test $ret = 1; then
+		if test $passwd_len -ge $user_len; then 
+			return 0
+		fi
+	fi
+
+	# The password should be this structure.
+	# 1) contain lower char and upper char
+	# 2) contain lower char and digit
+	# 3) contain upper char and digit
+	# 4) contain lower char and upper char and digit
+
+	ret=`echo $passwd | grep -c [a-z]`
+	num=$ret
+
+	ret=`echo $passwd | grep -c [A-Z]`
+	num=$(($num+$ret))
+
+	ret=`echo $passwd | grep -c [0-9]`
+	num=$(($num+$ret))
+
+	if test $num -lt 2; then
+		return 0
+	fi
+
+	return 1
+
+}
Index: debian/user-setup-udeb.templates
===================================================================
--- debian/user-setup-udeb.templates	(revision 47268)
+++ debian/user-setup-udeb.templates	(working copy)
@@ -43,6 +43,13 @@
  Please enter the same root password again to verify that you have typed it
  correctly.
 
+Template: passwd/chkpasswdstrength
+Type: boolean
+Default: true
+_Description: : Reject weak passwords?
+ Please choose whether you want the entered passwords strength to be
+ checked and passwords found as 'weak' to be rejected. 
+
 Template: passwd/make-user
 Type: boolean
 Default: true
@@ -110,6 +117,12 @@
  You entered an empty password, which is not allowed.
  Please choose a non-empty password.
 
+Template: user-setup/chkpasswdstrength-bad
+Type: error
+_Description: Weak password
+ choose another password that does contain numbers, upper and lower 
+ case characters.
+
 Template: passwd/shadow
 Type: boolean
 Default: true
Index: user-setup-ask
===================================================================
--- user-setup-ask	(revision 47268)
+++ user-setup-ask	(working copy)
@@ -37,6 +37,8 @@
 		db_input low passwd/shadow || true
 		# Ask if root should be allowed to login.
 		db_input medium passwd/root-login || true
+		# Ask if user wants to check a password
+		db_input low passwd/chkpasswdstrength || true
 	;;
 	1)
 		db_get passwd/root-login
@@ -63,6 +65,9 @@
 			# root password will be locked
 			db_set passwd/root-password-again ""
 		elif ! root_password; then
+		        db_get passwd/chkpasswdstrength || true
+			PW_CHK="$RET"
+
 			# First check whether the root password was preseeded crypted
 			db_get passwd/root-password-crypted || true
 			if ! test "$RET" ; then
@@ -78,6 +83,16 @@
 					STATE=0
 					continue
 				fi
+				if [ "$PW_CHK" = true ]; then
+					if `chkpasswdstrength "root" "$ROOT_PW"`; then
+						db_fset user-setup/chkpasswdstrength-bad seen false
+						db_input critical user-setup/chkpasswdstrength-bad
+						db_fset passwd/root-password seen false
+						db_fset passwd/root-password-again seen false
+						STATE=0
+						continue
+					fi		
+				fi
 				db_get passwd/root-password-again
 				if [ "$ROOT_PW" != "$RET" ]; then
 					db_fset user-setup/password-mismatch seen false
@@ -192,6 +207,19 @@
 					STATE=6
 					continue
 				fi
+				if [ "$PW_CHK" = true ]; then
+					if `chkpasswdstrength "$USER" "$USER_PW"`; then
+						db_set passwd/user-password ""
+						db_set passwd/user-password-again ""
+						db_fset user-setup/chkpasswdstrength-bad seen false
+						db_input critical user-setup/chkpasswdstrength-bad
+						db_fset passwd/user-password seen false
+						db_fset passwd/user-password-again seen false
+						STATE=6
+						continue
+					fi		
+				fi
+
 			fi
 		fi
 	;;

Reply to:

Follow-Ups:
- Bug#364526: debian-installer: Please implement a password-checking module
  - From: stappers@stappers.nl (Geert Stappers)
- Bug#364526: debian-installer: Please implement a password-checking module
  - From: Christian Perrier <bubulle@debian.org>
- Re: Bug#364526: debian-installer: Please implement a password-checking module
  - From: Joey Hess <joeyh@debian.org>

References:
- Bug#364526: debian-installer: Please implement a password-checking module
  - From: Masami Ichikawa <masami256@gmail.com>
- Bug#364526: debian-installer: Please implement a password-checking module
  - From: Christian Perrier <bubulle@debian.org>

Prev by Date: Processed: Re: Bug#429295: Hebrew bidi output is incorrect in partitioning screens
Next by Date: Processed: Re: Bug#429351: Hebrew problem in task selection during install
Previous by thread: Re: Bug#364526: debian-installer: Please implement a password-checking module
Next by thread: Bug#364526: debian-installer: Please implement a password-checking module
Index(es):
- Date
- Thread