diff options
Diffstat (limited to 'python/vyos/utils')
| -rw-r--r-- | python/vyos/utils/auth.py | 14 | ||||
| -rw-r--r-- | python/vyos/utils/network.py | 16 |
2 files changed, 26 insertions, 4 deletions
diff --git a/python/vyos/utils/auth.py b/python/vyos/utils/auth.py index a27d8a28a..5d0e3464a 100644 --- a/python/vyos/utils/auth.py +++ b/python/vyos/utils/auth.py @@ -23,15 +23,18 @@ from decimal import Decimal from vyos.utils.process import cmd -DEFAULT_PASSWORD = 'vyos' -LOW_ENTROPY_MSG = 'should be at least 8 characters long;' -WEAK_PASSWORD_MSG= 'The password complexity is too low - @MSG@' - +DEFAULT_PASSWORD: str = 'vyos' +LOW_ENTROPY_MSG: str = 'should be at least 8 characters long;' +WEAK_PASSWORD_MSG: str = 'The password complexity is too low - @MSG@' +CRACKLIB_ERROR_MSG: str = 'A following error occurred: @MSG@\n' \ + 'Possibly the cracklib database is corrupted or is missing. ' \ + 'Try reinstalling the python3-cracklib package.' class EPasswdStrength(StrEnum): WEAK = 'Weak' DECENT = 'Decent' STRONG = 'Strong' + ERROR = 'Cracklib Error' def calculate_entropy(charset: str, passwd: str) -> float: @@ -63,6 +66,9 @@ def evaluate_strength(passwd: str) -> dict[str, str]: msg = f'should not be {e}' result.update(strength=EPasswdStrength.WEAK) result.update(error=WEAK_PASSWORD_MSG.replace('@MSG@', msg)) + except Exception as e: + result.update(strength=EPasswdStrength.ERROR) + result.update(error=CRACKLIB_ERROR_MSG.replace('@MSG@', str(e))) else: # Now check the password's entropy # Cast to Decimal for more precise rounding diff --git a/python/vyos/utils/network.py b/python/vyos/utils/network.py index dc0c0a6d6..2f666f0ee 100644 --- a/python/vyos/utils/network.py +++ b/python/vyos/utils/network.py @@ -599,3 +599,19 @@ def get_nft_vrf_zone_mapping() -> dict: for (vrf_name, vrf_id) in vrf_list: output.append({'interface' : vrf_name, 'vrf_tableid' : vrf_id}) return output + +def is_valid_ipv4_address_or_range(addr: str) -> bool: + """ + Validates if the provided address is a valid IPv4, CIDR or IPv4 range + :param addr: address to test + :return: bool: True if provided address is valid + """ + from ipaddress import ip_network + try: + if '-' in addr: # If we are checking a range, validate both address's individually + split = addr.split('-') + return is_valid_ipv4_address_or_range(split[0]) and is_valid_ipv4_address_or_range(split[1]) + else: + return ip_network(addr).version == 4 + except: + return False |