Bug#364526: debian-installer: Please implement a password-checking module

[Masami Ichikawa <masami256@gmail.com>]

Hello.

on 06/18/07 03:02, Christian Perrier wrote:
>> +Template: passwd/chkpasswdstrength
>> +Type: boolean
>> +Default: true
>> +_Description: : Reject weak passwords?
> 
> Should be:
> 
> _Description: Reject weak passwords?
> 
> 
>> + Please choose whether you want the entered passwords strength to be
>> + checked and passwords found as 'weak' to be rejected. 
>> +
> 
>> +Template: user-setup/chkpasswdstrength-bad
>> +Type: error
>> +_Description: Weak password
>> + choose another password that does contain numbers, upper and lower 
>> + case characters.
>> +
> 
> s/choose/Please choose
> 
> I suggest removing 'another':
> 
>  Please choose a password that....
> 
>>  Template: passwd/shadow
>>  Type: boolean
>>  Default: true
>> Index: user-setup-ask
>> ===================================================================
>> --- user-setup-ask	(revision 47268)
>> +++ user-setup-ask	(working copy)
>> @@ -37,6 +37,8 @@
> 

I fixed messages in user-setup-udeb.templates.
maybe this patch is final version. also, joey's suggestion is interesting to me.
so, I'd try to implement his suggestion.

Cheers,
-- 
/*
 * Masami Ichikawa
 * mailto: hangar-18@mub.biglobe.ne.jp
 *       : masami256@gmail.com
 */

Index: functions.sh
===================================================================
--- functions.sh	(revision 47541)
+++ functions.sh	(working copy)
@@ -39,3 +39,53 @@
 
 	return 1
 }
+
+# Return a true value if password seems to be strong enough.
+chkpasswdstrength ()
+{
+	user=$1
+	passwd=$2
+
+	user_len=`echo $user | wc -c`
+	passwd_len=`echo $passwd | wc -c`
+
+	# password length should be bigger than four.
+	if test $passwd_len -lt 5; then
+		return 0
+	fi
+
+	# password shouldn't be a login account.
+	if test "$user" = "$passwd"; then
+		return 0
+	fi
+
+	# password shouldn't contain login account.
+	ret=`echo $passwd | grep -ci $user`
+	if test $ret = 1; then
+		if test $passwd_len -ge $user_len; then 
+			return 0
+		fi
+	fi
+
+	# The password should be this structure.
+	# 1) contain lower char and upper char
+	# 2) contain lower char and digit
+	# 3) contain upper char and digit
+	# 4) contain lower char and upper char and digit
+
+	ret=`echo $passwd | grep -c [a-z]`
+	num=$ret
+
+	ret=`echo $passwd | grep -c [A-Z]`
+	num=$(($num+$ret))
+
+	ret=`echo $passwd | grep -c [0-9]`
+	num=$(($num+$ret))
+
+	if test $num -lt 2; then
+		return 0
+	fi
+
+	return 1
+
+}
Index: debian/user-setup-udeb.templates
===================================================================
--- debian/user-setup-udeb.templates	(revision 47541)
+++ debian/user-setup-udeb.templates	(working copy)
@@ -43,6 +43,13 @@
  Please enter the same root password again to verify that you have typed it
  correctly.
 
+Template: passwd/chkpasswdstrength
+Type: boolean
+Default: true
+_Description: Reject weak passwords?
+ Please choose whether you want the entered passwords strength to be
+ checked and passwords found as 'weak' to be rejected. 
+
 Template: passwd/make-user
 Type: boolean
 Default: true
@@ -110,6 +117,12 @@
  You entered an empty password, which is not allowed.
  Please choose a non-empty password.
 
+Template: user-setup/chkpasswdstrength-bad
+Type: error
+_Description: Weak password
+ Please choose a password that does contain numbers, upper and lower 
+ case characters.
+
 Template: passwd/shadow
 Type: boolean
 Default: true
Index: user-setup-ask
===================================================================
--- user-setup-ask	(revision 47541)
+++ user-setup-ask	(working copy)
@@ -37,6 +37,8 @@
 		db_input low passwd/shadow || true
 		# Ask if root should be allowed to login.
 		db_input medium passwd/root-login || true
+		# Ask if user wants to check a password
+		db_input low passwd/chkpasswdstrength || true
 	;;
 	1)
 		db_get passwd/root-login
@@ -63,6 +65,9 @@
 			# root password will be locked
 			db_set passwd/root-password-again ""
 		elif ! root_password; then
+		        db_get passwd/chkpasswdstrength || true
+			PW_CHK="$RET"
+
 			# First check whether the root password was preseeded crypted
 			db_get passwd/root-password-crypted || true
 			if ! test "$RET" ; then
@@ -78,6 +83,16 @@
 					STATE=0
 					continue
 				fi
+				if [ "$PW_CHK" = true ]; then
+					if `chkpasswdstrength "root" "$ROOT_PW"`; then
+						db_fset user-setup/chkpasswdstrength-bad seen false
+						db_input critical user-setup/chkpasswdstrength-bad
+						db_fset passwd/root-password seen false
+						db_fset passwd/root-password-again seen false
+						STATE=0
+						continue
+					fi		
+				fi
 				db_get passwd/root-password-again
 				if [ "$ROOT_PW" != "$RET" ]; then
 					db_fset user-setup/password-mismatch seen false
@@ -192,6 +207,19 @@
 					STATE=6
 					continue
 				fi
+				if [ "$PW_CHK" = true ]; then
+					if `chkpasswdstrength "$USER" "$USER_PW"`; then
+						db_set passwd/user-password ""
+						db_set passwd/user-password-again ""
+						db_fset user-setup/chkpasswdstrength-bad seen false
+						db_input critical user-setup/chkpasswdstrength-bad
+						db_fset passwd/user-password seen false
+						db_fset passwd/user-password-again seen false
+						STATE=6
+						continue
+					fi		
+				fi
+
 			fi
 		fi
 	;;