summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStephen Hemminger <stephen.hemminger@vyatta.com>2009-09-04 09:45:25 -0700
committerStephen Hemminger <stephen.hemminger@vyatta.com>2009-09-04 09:45:25 -0700
commitfd910e721e6d277f9792524c015f3d4b7f8c2473 (patch)
tree0a061ea116e59333b391c97661bc84fbdec0618b
parent02e98dc0125dfcc42ab32afff296e91b991666f1 (diff)
downloadvyatta-cfg-system-fd910e721e6d277f9792524c015f3d4b7f8c2473.tar.gz
vyatta-cfg-system-fd910e721e6d277f9792524c015f3d4b7f8c2473.zip
Enforce syntax checking on password
Enforce syntax checks on encrypted password field to prevent user errors. But can't check salt field because it is optional and default config.boot doesn't use one! Bug: 4077
-rw-r--r--templates/system/login/user/node.tag/authentication/encrypted-password/node.def9
1 files changed, 9 insertions, 0 deletions
diff --git a/templates/system/login/user/node.tag/authentication/encrypted-password/node.def b/templates/system/login/user/node.tag/authentication/encrypted-password/node.def
index 3c12bdc3..49b7fd04 100644
--- a/templates/system/login/user/node.tag/authentication/encrypted-password/node.def
+++ b/templates/system/login/user/node.tag/authentication/encrypted-password/node.def
@@ -1,2 +1,11 @@
type: txt
help: Set encrypted password
+# Allow * or ! to disable account
+# DES format password (13 characters)
+# MD5 format ($1) and SHA format passwords
+syntax:expression: ($VAR(@) == "*" || $VAR(*) == "!" \
+ || ( pattern $VAR(@) "^[a-zA-Z0-9\.\/]{13}$" ) \
+ || ( pattern $VAR(@) "^\\$1\\$[a-zA-Z0-9\./]*\\$[a-zA-Z0-9\./]{22}$" ) \
+ || ( pattern $VAR(@) "^\\$5\\$[a-zA-Z0-9\./]*\\$[a-zA-Z0-9\./]{43}$" ) \
+ || ( pattern $VAR(@) "^\\$6\\$[a-zA-Z0-9\./]*\\$[a-zA-Z0-9\./]{86}$" )) \
+ ; "Not a valid encrypted password for user $VAR(../../@)"