Skip to content

Commit

Permalink
Improve password checking
Browse files Browse the repository at this point in the history
Signed-off-by: Karthik Prabhu Vinod <[email protected]>
  • Loading branch information
karthikprabhuvinod committed Mar 13, 2020
1 parent 02b30f1 commit 086d3d0
Show file tree
Hide file tree
Showing 14 changed files with 523 additions and 43 deletions.
4 changes: 3 additions & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -35,8 +35,10 @@ LOCAL_GOPATH := ${CURDIR}/.gopath
export GOPATH := ${LOCAL_GOPATH}
export GOFLAGS += -mod=vendor

CLR_INSTALLER_TEST_HTTP_PORT ?= 8181

# Required for tests to work well
export CLR_INSTALLER_LOCALE_DIR := $(top_srcdir)/locale
CLR_INSTALLER_TEST_HTTP_PORT ?= 8181
export TEST_HTTP_PORT = ${CLR_INSTALLER_TEST_HTTP_PORT}


Expand Down
7 changes: 6 additions & 1 deletion clr-installer/main.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2019 Intel Corporation
// Copyright © 2020 Intel Corporation
//
// SPDX-License-Identifier: GPL-3.0-only

Expand Down Expand Up @@ -35,6 +35,7 @@ import (
"github.com/clearlinux/clr-installer/syscheck"
"github.com/clearlinux/clr-installer/telemetry"
"github.com/clearlinux/clr-installer/timezone"
"github.com/clearlinux/clr-installer/user"
"github.com/clearlinux/clr-installer/utils"
)

Expand Down Expand Up @@ -138,6 +139,10 @@ func execute(options args.Args) error {
", built on " + model.BuildDate)

if options.PamSalt != "" {
if status, err := user.IsValidPassword(options.PamSalt); !status {
return fmt.Errorf(err)
}

hashed, errHash := encrypt.Crypt(options.PamSalt)
if errHash != nil {
return errHash
Expand Down
24 changes: 23 additions & 1 deletion cmd/cmd.go
Original file line number Diff line number Diff line change
@@ -1,11 +1,12 @@
// Copyright © 2019 Intel Corporation
// Copyright © 2020 Intel Corporation
//
// SPDX-License-Identifier: GPL-3.0-only

package cmd

import (
"bufio"
"bytes"
"fmt"
"io"
"os"
Expand Down Expand Up @@ -68,6 +69,27 @@ func PipeRunAndLog(in string, args ...string) error {
}, runLogger{}, nil, args...)
}

// PipeRunAndPipeOut is similar to PipeRunAndLog but runs a command by feeding
// a string to stdin of Cmd and output is written to a byte buffer instead of a log
func PipeRunAndPipeOut(in string, out *bytes.Buffer, args ...string) error {
return run(func(cmd *exec.Cmd) error {
stdin, err := cmd.StdinPipe()
if err != nil {
return err
}

go func() {
defer func() {
_ = stdin.Close()
}()

_, _ = io.WriteString(stdin, in)
}()

return nil
}, out, nil, args...)
}

func run(sw func(cmd *exec.Cmd) error, writer io.Writer, env map[string]string, args ...string) error {
var exe string
var cmdArgs []string
Expand Down
47 changes: 47 additions & 0 deletions cmd/cmd_common.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
// Copyright © 2020 Intel Corporation
//
// SPDX-License-Identifier: GPL-3.0-only

package cmd

import (
"bytes"
"strings"

"github.com/clearlinux/clr-installer/log"
"github.com/clearlinux/clr-installer/utils"
)

// Path to the cracklib-check exe
const crackLibPath = "/usr/bin/cracklib-check"

// CracklibCheck runs the cracklib-check executable piping password to stdin of cmd
// and writing stdoutput to byte buffer
// stringtype is used to inform kind of information we are checking: password or passphrase
func CracklibCheck(texttoinpsect string, stringtype string) (bool, string) {

defaultprefix := "Password"
if stringtype != "" {
defaultprefix = stringtype
}

cmdArgs := []string{crackLibPath}
var out bytes.Buffer

if err := PipeRunAndPipeOut(texttoinpsect, &out, cmdArgs...); err != nil {
log.Error("Error running cracklib-check, %q", err)
log.Error("Cracklib-check check will be skipped")
return true, ""
}

stringout := string(out.Bytes())
if index := strings.Index(stringout, ":"); index > -1 {
parsedString := strings.Trim(stringout[index+1:], " \n")
if strings.ToUpper(parsedString) != "OK" {
parsedString = strings.Replace(parsedString, "it", defaultprefix, 1)
return false, utils.Locale.Get(parsedString)
}
}

return true, ""
}
18 changes: 18 additions & 0 deletions cmd/cmd_common_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
// Copyright © 2020 Intel Corporation
//
// SPDX-License-Identifier: GPL-3.0-only

package cmd

import (
"fmt"
"os/exec"
"testing"
)

func TestCracklibCheckExecutable(t *testing.T) {
if _, err := exec.LookPath(crackLibPath); err != nil {
fmt.Println("cracklib-check exe could not be found")
t.Fail()
}
}
30 changes: 28 additions & 2 deletions locale/en_US/LC_MESSAGES/clr-installer.po
Original file line number Diff line number Diff line change
Expand Up @@ -253,8 +253,8 @@ msgstr "Login is required"
msgid "Login maximum length is %d"
msgstr "Login maximum length is %d"

msgid "Login must contain only numbers, letters, -, _ or ."
msgstr "Login must contain only numbers, letters, -, _ or ."
msgid "Login must contain only numbers, letters, -, . or _"
msgstr "Login must contain only numbers, letters, -, . or _"

msgid "Password is required"
msgstr "Password is required"
Expand Down Expand Up @@ -812,3 +812,29 @@ msgstr "Network Required"

msgid "Installation Steps Complete"
msgstr "Installation Steps Complete"

# cracklib password messages
msgid "Password does not contain enough DIFFERENT characters"
msgstr "Password does not contain enough DIFFERENT characters"

msgid "Password is too simplistic/systematic"
msgstr "Password is too simplistic/systematic"

msgid "Password is based on a dictionary word"
msgstr "Password is based on a dictionary word"

msgid "Password is based on a (reversed) dictionary word"
msgstr "Password is based on a (reversed) dictionary word"

# cracklib passphrase messages
msgid "Passphrase does not contain enough DIFFERENT characters"
msgstr "Passphrase does not contain enough DIFFERENT characters"

msgid "Passphrase is too simplistic/systematic"
msgstr "Passphrase is too simplistic/systematic"

msgid "Passphrase is based on a dictionary word"
msgstr "Passphrase is based on a dictionary word"

msgid "Passphrase is based on a (reversed) dictionary word"
msgstr "Passphrase is based on a (reversed) dictionary word"
30 changes: 28 additions & 2 deletions locale/es_MX/LC_MESSAGES/clr-installer.po
Original file line number Diff line number Diff line change
Expand Up @@ -253,8 +253,8 @@ msgstr "Debe iniciar sesión."
msgid "Login maximum length is %d"
msgstr "La extensión máxima del inicio de sesión debe ser de %d."

msgid "Login must contain only numbers, letters, -, _ or ."
msgstr "El inicio de sesión debe contener solo números, letras, -, _ o ."
msgid "Login must contain only numbers, letters, -, . or _"
msgstr "El inicio de sesión debe contener solo números, letras, -, . o _"

msgid "Password is required"
msgstr "Se requiere una contraseña."
Expand Down Expand Up @@ -812,3 +812,29 @@ msgstr "Red requerida"

msgid "Installation Steps Complete"
msgstr "Pasos de instalación completados"

# cracklib password messages
msgid "Password does not contain enough DIFFERENT characters"
msgstr "La contraseña no contiene suficientes caracteres DIFERENTES"

msgid "Password is too simplistic/systematic"
msgstr "La contraseña es muy simple"

msgid "Password is based on a dictionary word"
msgstr "La contraseña se basa en una palabra del diccionario"

msgid "Password is based on a (reversed) dictionary word"
msgstr "La contraseña se basa en una palabra del diccionario invertida"

# cracklib passphrase messages
msgid "Passphrase does not contain enough DIFFERENT characters"
msgstr "La frase de contraseña no contiene suficientes caracteres DIFERENTES"

msgid "Passphrase is too simplistic/systematic"
msgstr "La frase de contraseña es muy simple"

msgid "Passphrase is based on a dictionary word"
msgstr "La frase de contraseña se basa en una palabra del diccionario"

msgid "Passphrase is based on a (reversed) dictionary word"
msgstr "La frase de contraseña se basa en una palabra del diccionario invertida"
28 changes: 27 additions & 1 deletion locale/zh_CN/LC_MESSAGES/clr-installer.po
Original file line number Diff line number Diff line change
Expand Up @@ -253,7 +253,7 @@ msgstr "需要登录"
msgid "Login maximum length is %d"
msgstr "登录名最大长度为 %d"

msgid "Login must contain only numbers, letters, -, _ or ."
msgid "Login must contain only numbers, letters, -, . or _"
msgstr "登录名必须仅包含数字、字母、连字符、下划线或句点。"

msgid "Password is required"
Expand Down Expand Up @@ -812,3 +812,29 @@ msgstr "需要网络"

msgid "Installation Steps Complete"
msgstr "安装步骤完成"

# cracklib password messages
msgid "Password does not contain enough DIFFERENT characters"
msgstr "密码不包含足够的不同字符"

msgid "Password is too simplistic/systematic"
msgstr "密码太简单"

msgid "Password is based on a dictionary word"
msgstr "密码基于词典词"

msgid "Password is based on a (reversed) dictionary word"
msgstr "密码基于反向字典词"

# cracklib passphrase messages
msgid "Passphrase does not contain enough DIFFERENT characters"
msgstr "密码不包含足够的不同字符"

msgid "Passphrase is too simplistic/systematic"
msgstr "密码短语太简单"

msgid "Passphrase is based on a dictionary word"
msgstr "密码短语基于字典中的单词"

msgid "Passphrase is based on a (reversed) dictionary word"
msgstr "密码短语基于反向词典词"
9 changes: 7 additions & 2 deletions storage/encrypt.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2018 Intel Corporation
// Copyright © 2020 Intel Corporation
//
// SPDX-License-Identifier: GPL-3.0-only

Expand All @@ -7,7 +7,6 @@ package storage
import (
"bytes"
"fmt"
"github.com/clearlinux/clr-installer/utils"
"os"
"os/signal"
"path/filepath"
Expand All @@ -16,6 +15,8 @@ import (
"strings"
"syscall"

"github.com/clearlinux/clr-installer/utils"

"golang.org/x/crypto/ssh/terminal"

"github.com/clearlinux/clr-installer/cmd"
Expand Down Expand Up @@ -237,6 +238,10 @@ func IsValidPassphrase(phrase string) (bool, string) {
return false, utils.Locale.Get("Passphrase may be at most %d characters long", MaxPassphraseLength)
}

if status, errstring := cmd.CracklibCheck(phrase, "Passphrase"); !status {
return false, errstring
}

return true, ""
}

Expand Down
9 changes: 5 additions & 4 deletions storage/storage_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -835,11 +835,7 @@ func TestInvalidLabels(t *testing.T) {

func TestValidPassphrase(t *testing.T) {
passphrases := []string{
"password",
"P@ssW0rd",
"1234567890123456789012345678901234567890" +
"1234567890123456789012345678901234567890" +
"12345678901234",
"~!@#$%^&*()_+=][",
}

Expand All @@ -854,6 +850,11 @@ func TestInvalidPassphrase(t *testing.T) {
passphrases := []string{
"",
"@ssW0rd",
"Password",
"drowssap",
"1234567890123456789012345678901234567890" +
"1234567890123456789012345678901234567890" +
"12345678901234",
" ",
"1234567890123456789012345678901234567890" +
"1234567890123456789012345678901234567890" +
Expand Down
2 changes: 1 addition & 1 deletion tui/common.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// Copyright © 2019 Intel Corporation
// Copyright © 2020 Intel Corporation
//
// SPDX-License-Identifier: GPL-3.0-only

Expand Down
Loading

0 comments on commit 086d3d0

Please sign in to comment.