diff --git a/data/other/password/100000-most-used.hwm b/data/other/password/100000-most-used.hwm deleted file mode 100644 index e78de4a46..000000000 Binary files a/data/other/password/100000-most-used.hwm and /dev/null differ diff --git a/data/other/password/100000-most-used.pwd b/data/other/password/100000-most-used.pwd deleted file mode 100644 index c794b0550..000000000 Binary files a/data/other/password/100000-most-used.pwd and /dev/null differ diff --git a/data/other/password/100000-most-used.pwi b/data/other/password/100000-most-used.pwi deleted file mode 100644 index 6b32139da..000000000 Binary files a/data/other/password/100000-most-used.pwi and /dev/null differ diff --git a/data/other/password/100000-most-used.txt.gz b/data/other/password/100000-most-used.txt.gz new file mode 100644 index 000000000..43887119b Binary files /dev/null and b/data/other/password/100000-most-used.txt.gz differ diff --git a/debian/control b/debian/control index 8739f368f..cf450484e 100644 --- a/debian/control +++ b/debian/control @@ -12,7 +12,7 @@ Architecture: all Depends: ${python:Depends}, ${misc:Depends} , moulinette (>= 2.7.1), ssowat (>= 2.7.1) , python-psutil, python-requests, python-dnspython, python-openssl - , python-apt, python-miniupnpc, python-dbus, python-jinja2, python-cracklib + , python-apt, python-miniupnpc, python-dbus, python-jinja2 , glances , dnsutils, bind9utils, unzip, git, curl, cron, wget , ca-certificates, netcat-openbsd, iproute diff --git a/debian/install b/debian/install index c616db73a..b540ca749 100644 --- a/debian/install +++ b/debian/install @@ -4,7 +4,7 @@ data/bash-completion.d/yunohost /etc/bash_completion.d/ data/actionsmap/* /usr/share/moulinette/actionsmap/ data/hooks/* /usr/share/yunohost/hooks/ data/other/yunoprompt.service /etc/systemd/system/ -data/other/password/* /usr/local/share/dict/cracklib/ +data/other/password/* /usr/share/yunohost/other/password/ data/other/* /usr/share/yunohost/yunohost-config/moulinette/ data/templates/* /usr/share/yunohost/templates/ data/helpers /usr/share/yunohost/ diff --git a/src/yunohost/utils/password.py b/src/yunohost/utils/password.py index 1b9bde6f9..97b397f2c 100644 --- a/src/yunohost/utils/password.py +++ b/src/yunohost/utils/password.py @@ -22,13 +22,13 @@ import sys import os import json -import cracklib import string +import subprocess SMALL_PWD_LIST = ["yunohost", "olinuxino", "olinux", "raspberry", "admin", "root", "test", "rpi"] -MOST_USED_PASSWORDS = '/usr/local/share/dict/cracklib/100000-most-used' +MOST_USED_PASSWORDS = '/usr/share/yunohost/other/password/100000-most-used.txt' # Length, digits, lowers, uppers, others STRENGTH_LEVELS = [ @@ -105,7 +105,7 @@ class PasswordValidator(object): if self.validation_strength < 0: return ("success", "") - listed = password in SMALL_PWD_LIST or self.is_in_cracklib_list(password) + listed = password in SMALL_PWD_LIST or self.is_in_most_used_list(password) strength_level = self.strength_level(password) if listed: return ("error", "password_listed") @@ -166,15 +166,19 @@ class PasswordValidator(object): return strength_level - def is_in_cracklib_list(self, password): - try: - cracklib.VeryFascistCheck(password, None, MOST_USED_PASSWORDS) - except ValueError as e: - # We only want the dictionnary check of cracklib, not the is_simple - # test. - if str(e) not in ["is too simple", "is a palindrome"]: - return True - return False + def is_in_most_used_list(self, password): + + # Decompress file if compressed + if os.path.exists("%s.gz" % MOST_USED_PASSWORDS): + os.system("gzip -fd %s.gz" % MOST_USED_PASSWORDS) + + # Grep the password in the file + # We use '-f -' to feed the pattern (= the password) through + # stdin to avoid it being shown in ps -ef --forest... + command = "grep -q -f - %s" % MOST_USED_PASSWORDS + p = subprocess.Popen(command.split(), stdin=subprocess.PIPE) + p.communicate(input=password) + return not bool(p.returncode) # This file is also meant to be used as an executable by