diff options
| author | Viacheslav Hletenko <seversss265@gmail.com> | 2025-03-23 19:06:08 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-03-23 19:06:08 +0200 |
| commit | c12bef0a9631f66d66aad67c05f324816d8b4b05 (patch) | |
| tree | dbd389ff9464c69fa1e471e3e85264e6e97332d5 /python | |
| parent | 3fee8ec30dce8f3987fe468d29109ed4e1bc492a (diff) | |
| download | vyos-1x-revert-4390-feature/T6353-add-password-complexity-validation.tar.gz vyos-1x-revert-4390-feature/T6353-add-password-complexity-validation.zip | |
Revert "T6353: Add password complexity validation for system login user"revert-4390-feature/T6353-add-password-complexity-validation
Diffstat (limited to 'python')
| -rw-r--r-- | python/vyos/utils/auth.py | 64 |
1 files changed, 0 insertions, 64 deletions
diff --git a/python/vyos/utils/auth.py b/python/vyos/utils/auth.py index a27d8a28a..a0b3e1cae 100644 --- a/python/vyos/utils/auth.py +++ b/python/vyos/utils/auth.py @@ -13,74 +13,10 @@ # You should have received a copy of the GNU Lesser General Public License along with this library; # if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -import cracklib -import math import re -import string -from enum import StrEnum -from decimal import Decimal from vyos.utils.process import cmd - -DEFAULT_PASSWORD = 'vyos' -LOW_ENTROPY_MSG = 'should be at least 8 characters long;' -WEAK_PASSWORD_MSG= 'The password complexity is too low - @MSG@' - - -class EPasswdStrength(StrEnum): - WEAK = 'Weak' - DECENT = 'Decent' - STRONG = 'Strong' - - -def calculate_entropy(charset: str, passwd: str) -> float: - """ - Calculate the entropy of a password based on the set of characters used - Uses E = log2(R**L) formula, where - - R is the range (length) of the character set - - L is the length of password - """ - return math.log(math.pow(len(charset), len(passwd)), 2) - -def evaluate_strength(passwd: str) -> dict[str, str]: - """ Evaluates password strength and returns a check result dict """ - charset = (cracklib.ASCII_UPPERCASE + cracklib.ASCII_LOWERCASE + - string.punctuation + string.digits) - - result = { - 'strength': '', - 'error': '', - } - - try: - cracklib.FascistCheck(passwd) - except ValueError as e: - # The password is vulnerable to dictionary attack no matter the entropy - if 'is' in str(e): - msg = str(e).replace('is', 'should not be') - else: - msg = f'should not be {e}' - result.update(strength=EPasswdStrength.WEAK) - result.update(error=WEAK_PASSWORD_MSG.replace('@MSG@', msg)) - else: - # Now check the password's entropy - # Cast to Decimal for more precise rounding - entropy = Decimal.from_float(calculate_entropy(charset, passwd)) - - match round(entropy): - case e if e in range(0, 59): - result.update(strength=EPasswdStrength.WEAK) - result.update( - error=WEAK_PASSWORD_MSG.replace('@MSG@', LOW_ENTROPY_MSG) - ) - case e if e in range(60, 119): - result.update(strength=EPasswdStrength.DECENT) - case e if e >= 120: - result.update(strength=EPasswdStrength.STRONG) - - return result - def make_password_hash(password): """ Makes a password hash for /etc/shadow using mkpasswd """ |