Cracklib is too nazi, use a simple txt list + grep to search for password

debian/control

@@ -12,7 +12,7 @@ Architecture: all
 Depends: ${python:Depends}, ${misc:Depends}
  , moulinette (>= 2.7.1), ssowat (>= 2.7.1)
  , python-psutil, python-requests, python-dnspython, python-openssl
- , python-apt, python-miniupnpc, python-dbus, python-jinja2, python-cracklib
+ , python-apt, python-miniupnpc, python-dbus, python-jinja2
  , glances
  , dnsutils, bind9utils, unzip, git, curl, cron, wget
  , ca-certificates, netcat-openbsd, iproute

debian/install

@@ -4,7 +4,7 @@ data/bash-completion.d/yunohost /etc/bash_completion.d/
 data/actionsmap/* /usr/share/moulinette/actionsmap/
 data/hooks/* /usr/share/yunohost/hooks/
 data/other/yunoprompt.service /etc/systemd/system/
-data/other/password/* /usr/local/share/dict/cracklib/
+data/other/password/* /usr/share/yunohost/other/password/
 data/other/* /usr/share/yunohost/yunohost-config/moulinette/
 data/templates/* /usr/share/yunohost/templates/
 data/helpers /usr/share/yunohost/

src/yunohost/utils/password.py

@@ -22,13 +22,13 @@
 import sys
 import os
 import json
-import cracklib
 import string
+import subprocess
 
 SMALL_PWD_LIST = ["yunohost", "olinuxino", "olinux", "raspberry", "admin",
                   "root", "test", "rpi"]
 
-MOST_USED_PASSWORDS = '/usr/local/share/dict/cracklib/100000-most-used'
+MOST_USED_PASSWORDS = '/usr/share/yunohost/other/password/100000-most-used.txt'
 
 # Length, digits, lowers, uppers, others
 STRENGTH_LEVELS = [
@@ -105,7 +105,7 @@ class PasswordValidator(object):
         if self.validation_strength < 0:
             return ("success", "")
 
-        listed = password in SMALL_PWD_LIST or self.is_in_cracklib_list(password)
+        listed = password in SMALL_PWD_LIST or self.is_in_most_used_list(password)
         strength_level = self.strength_level(password)
         if listed:
             return ("error", "password_listed")
@@ -166,15 +166,19 @@ class PasswordValidator(object):
 
         return strength_level
 
-    def is_in_cracklib_list(self, password):
+    def is_in_most_used_list(self, password):
-        try:
+
-            cracklib.VeryFascistCheck(password, None, MOST_USED_PASSWORDS)
+        # Decompress file if compressed
-        except ValueError as e:
+        if os.path.exists("%s.gz" % MOST_USED_PASSWORDS):
-            # We only want the dictionnary check of cracklib, not the is_simple
+            os.system("gzip -fd %s.gz" % MOST_USED_PASSWORDS)
-            # test.
+
-            if str(e) not in ["is too simple", "is a palindrome"]:
+        # Grep the password in the file
-                return True
+        # We use '-f -' to feed the pattern (= the password) through
-        return False
+        # stdin to avoid it being shown in ps -ef --forest...
+        command = "grep -q -f - %s" % MOST_USED_PASSWORDS
+        p = subprocess.Popen(command.split(), stdin=subprocess.PIPE)
+        p.communicate(input=password)
+        return not bool(p.returncode)
 
 
 # This file is also meant to be used as an executable by