Bug#364526: debian-installer: Please implement a password-checking module
Hello.
on 06/18/07 03:02, Christian Perrier wrote:
>> +Template: passwd/chkpasswdstrength
>> +Type: boolean
>> +Default: true
>> +_Description: : Reject weak passwords?
>
> Should be:
>
> _Description: Reject weak passwords?
>
>
>> + Please choose whether you want the entered passwords strength to be
>> + checked and passwords found as 'weak' to be rejected.
>> +
>
>> +Template: user-setup/chkpasswdstrength-bad
>> +Type: error
>> +_Description: Weak password
>> + choose another password that does contain numbers, upper and lower
>> + case characters.
>> +
>
> s/choose/Please choose
>
> I suggest removing 'another':
>
> Please choose a password that....
>
>> Template: passwd/shadow
>> Type: boolean
>> Default: true
>> Index: user-setup-ask
>> ===================================================================
>> --- user-setup-ask (revision 47268)
>> +++ user-setup-ask (working copy)
>> @@ -37,6 +37,8 @@
>
I fixed messages in user-setup-udeb.templates.
maybe this patch is final version. also, joey's suggestion is interesting to me.
so, I'd try to implement his suggestion.
Cheers,
--
/*
* Masami Ichikawa
* mailto: hangar-18@mub.biglobe.ne.jp
* : masami256@gmail.com
*/
Index: functions.sh
===================================================================
--- functions.sh (revision 47541)
+++ functions.sh (working copy)
@@ -39,3 +39,53 @@
return 1
}
+
+# Return a true value if password seems to be strong enough.
+chkpasswdstrength ()
+{
+ user=$1
+ passwd=$2
+
+ user_len=`echo $user | wc -c`
+ passwd_len=`echo $passwd | wc -c`
+
+ # password length should be bigger than four.
+ if test $passwd_len -lt 5; then
+ return 0
+ fi
+
+ # password shouldn't be a login account.
+ if test "$user" = "$passwd"; then
+ return 0
+ fi
+
+ # password shouldn't contain login account.
+ ret=`echo $passwd | grep -ci $user`
+ if test $ret = 1; then
+ if test $passwd_len -ge $user_len; then
+ return 0
+ fi
+ fi
+
+ # The password should be this structure.
+ # 1) contain lower char and upper char
+ # 2) contain lower char and digit
+ # 3) contain upper char and digit
+ # 4) contain lower char and upper char and digit
+
+ ret=`echo $passwd | grep -c [a-z]`
+ num=$ret
+
+ ret=`echo $passwd | grep -c [A-Z]`
+ num=$(($num+$ret))
+
+ ret=`echo $passwd | grep -c [0-9]`
+ num=$(($num+$ret))
+
+ if test $num -lt 2; then
+ return 0
+ fi
+
+ return 1
+
+}
Index: debian/user-setup-udeb.templates
===================================================================
--- debian/user-setup-udeb.templates (revision 47541)
+++ debian/user-setup-udeb.templates (working copy)
@@ -43,6 +43,13 @@
Please enter the same root password again to verify that you have typed it
correctly.
+Template: passwd/chkpasswdstrength
+Type: boolean
+Default: true
+_Description: Reject weak passwords?
+ Please choose whether you want the entered passwords strength to be
+ checked and passwords found as 'weak' to be rejected.
+
Template: passwd/make-user
Type: boolean
Default: true
@@ -110,6 +117,12 @@
You entered an empty password, which is not allowed.
Please choose a non-empty password.
+Template: user-setup/chkpasswdstrength-bad
+Type: error
+_Description: Weak password
+ Please choose a password that does contain numbers, upper and lower
+ case characters.
+
Template: passwd/shadow
Type: boolean
Default: true
Index: user-setup-ask
===================================================================
--- user-setup-ask (revision 47541)
+++ user-setup-ask (working copy)
@@ -37,6 +37,8 @@
db_input low passwd/shadow || true
# Ask if root should be allowed to login.
db_input medium passwd/root-login || true
+ # Ask if user wants to check a password
+ db_input low passwd/chkpasswdstrength || true
;;
1)
db_get passwd/root-login
@@ -63,6 +65,9 @@
# root password will be locked
db_set passwd/root-password-again ""
elif ! root_password; then
+ db_get passwd/chkpasswdstrength || true
+ PW_CHK="$RET"
+
# First check whether the root password was preseeded crypted
db_get passwd/root-password-crypted || true
if ! test "$RET" ; then
@@ -78,6 +83,16 @@
STATE=0
continue
fi
+ if [ "$PW_CHK" = true ]; then
+ if `chkpasswdstrength "root" "$ROOT_PW"`; then
+ db_fset user-setup/chkpasswdstrength-bad seen false
+ db_input critical user-setup/chkpasswdstrength-bad
+ db_fset passwd/root-password seen false
+ db_fset passwd/root-password-again seen false
+ STATE=0
+ continue
+ fi
+ fi
db_get passwd/root-password-again
if [ "$ROOT_PW" != "$RET" ]; then
db_fset user-setup/password-mismatch seen false
@@ -192,6 +207,19 @@
STATE=6
continue
fi
+ if [ "$PW_CHK" = true ]; then
+ if `chkpasswdstrength "$USER" "$USER_PW"`; then
+ db_set passwd/user-password ""
+ db_set passwd/user-password-again ""
+ db_fset user-setup/chkpasswdstrength-bad seen false
+ db_input critical user-setup/chkpasswdstrength-bad
+ db_fset passwd/user-password seen false
+ db_fset passwd/user-password-again seen false
+ STATE=6
+ continue
+ fi
+ fi
+
fi
fi
;;
Reply to: