From fd910e721e6d277f9792524c015f3d4b7f8c2473 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Fri, 4 Sep 2009 09:45:25 -0700 Subject: Enforce syntax checking on password Enforce syntax checks on encrypted password field to prevent user errors. But can't check salt field because it is optional and default config.boot doesn't use one! Bug: 4077 --- .../user/node.tag/authentication/encrypted-password/node.def | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/templates/system/login/user/node.tag/authentication/encrypted-password/node.def b/templates/system/login/user/node.tag/authentication/encrypted-password/node.def index 3c12bdc3..49b7fd04 100644 --- a/templates/system/login/user/node.tag/authentication/encrypted-password/node.def +++ b/templates/system/login/user/node.tag/authentication/encrypted-password/node.def @@ -1,2 +1,11 @@ type: txt help: Set encrypted password +# Allow * or ! to disable account +# DES format password (13 characters) +# MD5 format ($1) and SHA format passwords +syntax:expression: ($VAR(@) == "*" || $VAR(*) == "!" \ + || ( pattern $VAR(@) "^[a-zA-Z0-9\.\/]{13}$" ) \ + || ( pattern $VAR(@) "^\\$1\\$[a-zA-Z0-9\./]*\\$[a-zA-Z0-9\./]{22}$" ) \ + || ( pattern $VAR(@) "^\\$5\\$[a-zA-Z0-9\./]*\\$[a-zA-Z0-9\./]{43}$" ) \ + || ( pattern $VAR(@) "^\\$6\\$[a-zA-Z0-9\./]*\\$[a-zA-Z0-9\./]{86}$" )) \ + ; "Not a valid encrypted password for user $VAR(../../@)" -- cgit v1.2.3