source: branches/stable/mindi-busybox/libbb/obscure.c @ 1770

Last change on this file since 1770 was 1770, checked in by Bruno Cornec, 13 years ago
  • Better output for mindi-busybox revision
  • Remove dummy file created on NFS - report from Arnaud Tiger <arnaud.tiger_at_hp.com>
  • strace useful for debug
  • fix new versions for pb (2.0.0 for mindi and 1.7.2 for mindi-busybox)
  • fix build process for mindi-busybox + options used in that version (dd for label-partitions-as-necessary)
  • fix typo in label-partitions-as-necessary which doesn't seem to work
  • Update to busybox 1.7.2
  • perl is now required at restore time to support uuid swap partitions (and will be used for many other thigs

in the future for sure)

  • next mindi version will be 2.0.0 due to all the changes made in it (udev may break working distros)
  • small optimization in mindi on keyboard handling (one single find instead of multiple)
  • better interaction for USB device when launching mindi manually
  • attempt to automatically guess block disk size for ramdisk
  • fix typos in bkphw
  • Fix the remaining problem with UUID support for swap partitions
  • Updates mondoarchive man page for USB support
  • Adds preliminary Hardware support to mindi (Proliant SSSTK)
  • Tries to add udev support also for rhel4
  • Fix UUID support which was still broken.
  • Be conservative in test for the start-nfs script
  • Update config file for mindi-busybox for 1.7.2 migration
  • Try to run around a busybox bug (1.2.2 pb on inexistant links)
  • Add build content for mindi-busybox in pb
  • Remove distributions content for mindi-busybox
  • Fix a warning on inexistant raidtab
  • Solve problem on tmpfs in restore init (Problem of inexistant symlink and busybox)
  • Create MONDO_CACHE and use it everywhere + creation at start
  • Really never try to eject a USB device
  • Fix a issue with &> usage (replaced with 1> and 2>)
  • Adds magic file to depllist in order to have file working + ldd which helps for debugging issues
  • tty modes correct to avoid sh error messages
  • Use ext3 normally and not ext2 instead
  • USB device should be corrected after reading (take 1st part)
  • Adds a mount_USB_here function derived from mount_CDROM_here
  • usb detection place before /dev detection in device name at restore time
  • Fix when restoring from USB: media is asked in interactive mode
  • Adds USB support for mondorestore
  • mount_cdrom => mount_media
  • elilo.efi is now searched throughout /boot/efi and not in a fixed place as there is no standard
  • untar-and-softlink => untar (+ interface change)
  • suppress useless softlinks creation/removal in boot process
  • avoids udevd messages on groups
  • Increase # of disks to 99 as in mindi at restore time (should be a conf file parameter)
  • skip existing big file creation
  • seems to work correctly for USB mindi boot
  • Adds group and tty link to udev conf
  • Always load usb-torage (even 2.6) to initiate USB bus discovery
  • Better printing of messages
  • Attempt to fix a bug in supporting OpenSusE 10.3 kernel for initramfs (mindi may now use multiple regex for kernel initrd detection)
  • Links were not correctly done as non relative for modules in mindi
  • exclusion of modules denied now works
  • Also create modules in their ordinary place, so that classical modprobe works + copy modules.dep
  • Fix bugs for DENY_MODS handling
  • Add device /dev/console for udev
  • ide-generic should now really be excluded
  • Fix a bug in major number for tty
  • If udev then adds modprobe/insmod to rootfs
  • tty0 is also cretaed with udev
  • ide-generic put rather in DENY_MODS
  • udevd remove from deplist s handled in mindi directly
  • better default for mindi when using --usb
  • Handles dynamically linked busybox (in case we want to use it soon ;-)
  • Adds fixed devices to create for udev
  • ide-generic should not be part of the initrd when using libata v2
  • support a dynamically linked udev (case on Ubuntu 7.10 and Mandriva 2008.0 so should be quite generic) This will give incitation to move to dyn. linked binaries in the initrd which will help for other tasks (ia6 4)
  • Improvement in udev support (do not use cl options not available in busybox)
  • Udev in mindi
    • auto creation of the right links at boot time with udev-links.conf(from Mandriva 2008.0)
    • rework startup of udev as current makes kernel crash (from Mandriva 2008.0)
    • add support for 64 bits udev
  • Try to render MyInsmod? silent at boot time
  • Adds udev support (mandatory for newest distributions to avoid remapping of devices in a different way as on the original system)
  • We also need vaft format support for USB boot
  • Adds libusual support (Ubuntu 7.10 needs it for USB)
  • Improve Ubuntu/Debian? keyboard detection and support
  • pbinit adapted to new pb (0.8.10). Filtering of docs done in it
  • Suppress some mondo warnings and errors on USB again
  • Tries to fix lack of files in deb mindi package
  • Verify should now work for USB devices
  • More log/mesages improvement for USB support
  • - Supress g_erase_tmpdir_and_scratchdir
  • Improve some log messages for USB support
  • Try to improve install in mindi to avoid issues with isolinux.cfg not installed vene if in the pkg :-(
  • Improve mindi-busybox build
  • In conformity with pb 0.8.9
  • Add support for Ubuntu 7.10 in build process
  • Add USB Key button to Menu UI (CD streamer removed)
  • Attempt to fix error messages on tmp/scratch files at the end by removing those dir at the latest possible.
  • Fix a bug linked to the size of the -E param which could be used (Arnaud Tiger/René? Ribaud).
  • Integrate ~/.pbrc content into mondorescue.pb (required project-builder >= 0.8.7)
  • Put mondorescue in conformity with new pb filtering rules
  • Add USB support at restore time (no test done yet). New start-usb script PB varibale added where useful
  • Unmounting USB device before removal of temporary scratchdir
  • Stil refining USB copy back to mondo (one command was not executed)
  • No need to have the image subdor in the csratchdir when USB.
  • umount the USB partition before attempting to use it
  • Remove useless copy from mindi to mondo at end of USB handling

(risky merge, we are raising the limits of 2 diverging branches. The status of stable is not completely sure as such. Will need lots of tests, but it's not yet done :-()
(merge -r1692:1769 $SVN_M/branches/2.2.5)

File size: 4.5 KB
Line 
1/* vi: set sw=4 ts=4: */
2/*
3 * Mini weak password checker implementation for busybox
4 *
5 * Copyright (C) 2006 Tito Ragusa <farmatito@tiscali.it>
6 *
7 * Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
8 */
9
10/*  A good password:
11    1)  should contain at least six characters (man passwd);
12    2)  empty passwords are not permitted;
13    3)  should contain a mix of four different types of characters
14        upper case letters,
15        lower case letters,
16        numbers,
17        special characters such as !@#$%^&*,;".
18    This password types should not  be permitted:
19    a)  pure numbers: birthdates, social security number, license plate, phone numbers;
20    b)  words and all letters only passwords (uppercase, lowercase or mixed)
21        as palindromes, consecutive or repetitive letters
22        or adjacent letters on your keyboard;
23    c)  username, real name, company name or (e-mail?) address
24        in any form (as-is, reversed, capitalized, doubled, etc.).
25        (we can check only against username, gecos and hostname)
26    d)  common and obvious letter-number replacements
27        (e.g. replace the letter O with number 0)
28        such as "M1cr0$0ft" or "P@ssw0rd" (CAVEAT: we cannot check for them
29        without the use of a dictionary).
30
31    For each missing type of characters an increase of password length is
32    requested.
33
34    If user is root we warn only.
35
36    CAVEAT: some older versions of crypt() truncates passwords to 8 chars,
37    so that aaaaaaaa1Q$ is equal to aaaaaaaa making it possible to fool
38    some of our checks. We don't test for this special case as newer versions
39    of crypt do not truncate passwords.
40*/
41
42#include "libbb.h"
43
44static int string_checker_helper(const char *p1, const char *p2) __attribute__ ((__pure__));
45
46static int string_checker_helper(const char *p1, const char *p2)
47{
48    /* as-is or capitalized */
49    if (strcasecmp(p1, p2) == 0
50    /* as sub-string */
51    || strcasestr(p2, p1) != NULL
52    /* invert in case haystack is shorter than needle */
53    || strcasestr(p1, p2) != NULL)
54        return 1;
55    return 0;
56}
57
58static int string_checker(const char *p1, const char *p2)
59{
60    int size;
61    /* check string */
62    int ret = string_checker_helper(p1, p2);
63    /* Make our own copy */
64    char *p = xstrdup(p1);
65    /* reverse string */
66    size = strlen(p);
67
68    while (size--) {
69        *p = p1[size];
70        p++;
71    }
72    /* restore pointer */
73    p -= strlen(p1);
74    /* check reversed string */
75    ret |= string_checker_helper(p, p2);
76    /* clean up */
77    memset(p, 0, strlen(p1));
78    free(p);
79    return ret;
80}
81
82#define LOWERCASE          1
83#define UPPERCASE          2
84#define NUMBERS            4
85#define SPECIAL            8
86
87static const char *obscure_msg(const char *old_p, const char *new_p, const struct passwd *pw)
88{
89    int i;
90    int c;
91    int length;
92    int mixed = 0;
93    /* Add 2 for each type of characters to the minlen of password */
94    int size = CONFIG_PASSWORD_MINLEN + 8;
95    const char *p;
96    char hostname[255];
97
98    /* size */
99    if (!new_p || (length = strlen(new_p)) < CONFIG_PASSWORD_MINLEN)
100        return "too short";
101
102    /* no username as-is, as sub-string, reversed, capitalized, doubled */
103    if (string_checker(new_p, pw->pw_name)) {
104        return "similar to username";
105    }
106    /* no gecos as-is, as sub-string, reversed, capitalized, doubled */
107    if (*pw->pw_gecos && string_checker(new_p, pw->pw_gecos)) {
108        return "similar to gecos";
109    }
110    /* hostname as-is, as sub-string, reversed, capitalized, doubled */
111    if (gethostname(hostname, 255) == 0) {
112        hostname[254] = '\0';
113        if (string_checker(new_p, hostname)) {
114            return "similar to hostname";
115        }
116    }
117
118    /* Should / Must contain a mix of: */
119    for (i = 0; i < length; i++) {
120        if (islower(new_p[i])) {        /* a-z */
121            mixed |= LOWERCASE;
122        } else if (isupper(new_p[i])) { /* A-Z */
123            mixed |= UPPERCASE;
124        } else if (isdigit(new_p[i])) { /* 0-9 */
125            mixed |= NUMBERS;
126        } else  {                       /* special characters */
127            mixed |= SPECIAL;
128        }
129        /* More than 50% similar characters ? */
130        c = 0;
131        p = new_p;
132        while (1) {
133            if ((p = strchr(p, new_p[i])) == NULL) {
134                break;
135            }
136            c++;
137            if (!++p) {
138                break; /* move past the matched char if possible */
139            }
140        }
141
142        if (c >= (length / 2)) {
143            return "too many similar characters";
144        }
145    }
146    for (i=0; i<4; i++)
147        if (mixed & (1<<i)) size -= 2;
148    if (length < size)
149        return "too weak";
150
151    if (old_p && old_p[0] != '\0') {
152        /* check vs. old password */
153        if (string_checker(new_p, old_p)) {
154            return "similar to old password";
155        }
156    }
157    return NULL;
158}
159
160int obscure(const char *old, const char *newval, const struct passwd *pw)
161{
162    const char *msg;
163
164    msg = obscure_msg(old, newval, pw);
165    if (msg) {
166        printf("Bad password: %s\n", msg);
167        return 1;
168    }
169    return 0;
170}
Note: See TracBrowser for help on using the repository browser.