Projects
Factory:RISC-V:Base
cracklib
_service:tar_scm:fix-problem-of-error-message-a...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:fix-problem-of-error-message-about-simplistic-passwo.patch of Package cracklib
From e97dc89876ffd790aed93cc18c13c16bd2263f68 Mon Sep 17 00:00:00 2001 From: openEuler Buildteam <buildteam@openeuler.org> Date: Sat, 18 Jan 2020 14:08:23 +0800 Subject: [PATCH] fix problem of error message about simplistic password Signed-off-by: openEuler Buildteam <buildteam@openeuler.org> --- lib/fascist.c | 33 ++++++++++++++++++++++++++++----- util/cracklib-format | 19 ++++++---- 2 files changed, 34 insertions(+), 18 deletions(-) diff --git a/lib/fascist.c b/lib/fascist.c index c5a018c..a1a8564 100644 --- a/lib/fascist.c +++ b/lib/fascist.c @@ -55,7 +55,6 @@ static char *r_destructors[] = { "/?p@?p", /* purging out punctuation/symbols/junk */ "/?s@?s", - "/?X@?X", /* attempt reverse engineering of password strings */ @@ -452,6 +451,12 @@ GTry(rawtext, password) continue; } + if (len - strlen(mp) >= 3) + { + /* purged too much */ + continue; + } + #ifdef DEBUG printf("%-16s = %-16s (destruct %s)\n", mp, rawtext, r_destructors[i]); #endif @@ -478,6 +483,12 @@ GTry(rawtext, password) continue; } + if (len - strlen(mp) >= 3) + { + /* purged too much */ + continue; + } + #ifdef DEBUG printf("%-16s = %-16s (construct %s)\n", mp, password, r_constructors[i]); #endif @@ -705,6 +716,7 @@ FascistLookUser(PWDICT *pwp, char *instring, char *password; char rpassword[STRINGSIZE]; uint32_t notfound; + int len; notfound = PW_WORDS(pwp); /* already truncated if from FascistCheck() */ @@ -754,6 +766,7 @@ FascistLookUser(PWDICT *pwp, char *instring, return _("it is all whitespace"); } + len = strlen(password); i = 0; ptr = password; while (ptr[0] && ptr[1]) @@ -765,10 +778,7 @@ FascistLookUser(PWDICT *pwp, char *instring, ptr++; } - /* Change by Ben Karsin from ITS at University of Hawaii at Manoa. Static MAXSTEP - would generate many false positives for long passwords. */ - maxrepeat = 3+(0.09*strlen(password)); - if (i > maxrepeat) + if (len - i < MINLEN) { return _("it is too simplistic/systematic"); } @@ -801,6 +811,12 @@ FascistLookUser(PWDICT *pwp, char *instring, continue; } + if (len - strlen(a) >= 3) + { + /* purged too much */ + continue; + } + #ifdef DEBUG printf("%-16s (dict)\n", a); #endif @@ -821,6 +837,13 @@ FascistLookUser(PWDICT *pwp, char *instring, { continue; } + + if (len - strlen(a) >= 3) + { + /* purged too much */ + continue; + } + #ifdef DEBUG printf("%-16s (reversed dict)\n", a); #endif diff --git a/util/cracklib-format b/util/cracklib-format index c133d75..360d109 100755 --- a/util/cracklib-format +++ b/util/cracklib-format @@ -3,17 +3,10 @@ # This preprocesses a set of word lists into a suitable form for input # into cracklib-packer # -# Truncates lines longer than 1022 characters long as cracklib-packer -# does not handle them correctly. -# -# The last part of the pipeline uses 'grep -v' to remove any blank -# lines (possibly introduced by earlier parts of the pipeline) as -# cracklib-packer will generate "skipping line" warnings otherwise. -# +LC_ALL=C +export LC_ALL gzip -cdf "$@" | - grep -a -v '^#' | - tr '[A-Z]' '[a-z]' | - tr -cd '\012[a-z][0-9]' | - cut -c 1-1022 | - grep -v '^$' | - env LC_ALL=C sort -u + grep -a -E -v '^.{30,}$' | + tr '[:upper:]' '[:lower:]' | + sed s/[[:space:]]//g | + sort -u -- 1.8.3.1
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2