From fd910e721e6d277f9792524c015f3d4b7f8c2473 Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen.hemminger@vyatta.com>
Date: Fri, 4 Sep 2009 09:45:25 -0700
Subject: Enforce syntax checking on password

Enforce syntax checks on encrypted password field to prevent user errors.
But can't check salt field because it is optional and default
config.boot doesn't use one!

Bug: 4077
---
 .../user/node.tag/authentication/encrypted-password/node.def     | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'templates')

diff --git a/templates/system/login/user/node.tag/authentication/encrypted-password/node.def b/templates/system/login/user/node.tag/authentication/encrypted-password/node.def
index 3c12bdc3..49b7fd04 100644
--- a/templates/system/login/user/node.tag/authentication/encrypted-password/node.def
+++ b/templates/system/login/user/node.tag/authentication/encrypted-password/node.def
@@ -1,2 +1,11 @@
 type: txt
 help: Set encrypted password
+# Allow * or ! to disable account
+#  DES format password (13 characters)
+#  MD5 format ($1) and SHA format passwords
+syntax:expression: ($VAR(@) == "*" || $VAR(*) == "!" \
+  || ( pattern $VAR(@) "^[a-zA-Z0-9\.\/]{13}$" ) \
+  || ( pattern $VAR(@) "^\\$1\\$[a-zA-Z0-9\./]*\\$[a-zA-Z0-9\./]{22}$" ) \
+  || ( pattern $VAR(@) "^\\$5\\$[a-zA-Z0-9\./]*\\$[a-zA-Z0-9\./]{43}$" ) \
+  || ( pattern $VAR(@) "^\\$6\\$[a-zA-Z0-9\./]*\\$[a-zA-Z0-9\./]{86}$" )) \
+   ; "Not a valid encrypted password for user $VAR(../../@)"
-- 
cgit v1.2.3