cracklib
/
fix-problem-of-error-message-about-si...

From e97dc89876ffd790aed93cc18c13c16bd2263f68 Mon Sep 17 00:00:00 2001
From: openEuler Buildteam <buildteam@openeuler.org>
Date: Sat, 18 Jan 2020 14:08:23 +0800
Subject: [PATCH] fix problem of error message about simplistic password

Signed-off-by: openEuler Buildteam <buildteam@openeuler.org>
---
 lib/fascist.c        | 33 ++++++++++++++++++++++++++++-----
 util/cracklib-format | 19 ++++++----
 2 files changed, 34 insertions(+), 18 deletions(-)

diff --git a/lib/fascist.c b/lib/fascist.c
index c5a018c..a1a8564 100644
--- a/lib/fascist.c
+++ b/lib/fascist.c
@@ -55,7 +55,6 @@ static char *r_destructors[] = {

     "/?p@?p",                   /* purging out punctuation/symbols/junk */
     "/?s@?s",
-    "/?X@?X",

     /* attempt reverse engineering of password strings */

@@ -452,6 +451,12 @@ GTry(rawtext, password)
 	    continue;
 	}

+	if (len - strlen(mp) >= 3)
+	{
+	    /* purged too much */
+	    continue;
+	}
+
 #ifdef DEBUG
 	printf("%-16s = %-16s (destruct %s)\n", mp, rawtext, r_destructors[i]);
 #endif
@@ -478,6 +483,12 @@ GTry(rawtext, password)
 	    continue;
 	}

+	if (len - strlen(mp) >= 3)
+	{
+	    /* purged too much */
+	    continue;
+	}
+
 #ifdef DEBUG
 	printf("%-16s = %-16s (construct %s)\n", mp, password, r_constructors[i]);
 #endif
@@ -705,6 +716,7 @@ FascistLookUser(PWDICT *pwp, char *instring,
     char *password;
     char rpassword[STRINGSIZE];
     uint32_t notfound;
+    int len;

     notfound = PW_WORDS(pwp);
     /* already truncated if from FascistCheck() */
@@ -754,6 +766,7 @@ FascistLookUser(PWDICT *pwp, char *instring,
 	return _("it is all whitespace");
     }

+    len = strlen(password);
     i = 0;
     ptr = password;
     while (ptr[0] && ptr[1])
@@ -765,10 +778,7 @@ FascistLookUser(PWDICT *pwp, char *instring,
 	ptr++;
     }

-    /*  Change by Ben Karsin from ITS at University of Hawaii at Manoa.  Static MAXSTEP
-        would generate many false positives for long passwords. */
-    maxrepeat = 3+(0.09*strlen(password));
-    if (i > maxrepeat)
+    if (len - i < MINLEN)
     {
 	return _("it is too simplistic/systematic");
     }
@@ -801,6 +811,12 @@ FascistLookUser(PWDICT *pwp, char *instring,
 	    continue;
 	}

+	if (len - strlen(a) >= 3)
+	{
+	    /* purged too much */
+	    continue;
+	}
+
 #ifdef DEBUG
 	printf("%-16s (dict)\n", a);
 #endif
@@ -821,6 +837,13 @@ FascistLookUser(PWDICT *pwp, char *instring,
 	{
 	    continue;
 	}
+
+	if (len - strlen(a) >= 3)
+	{
+	    /* purged too much */
+	    continue;
+	}
+
 #ifdef DEBUG
 	printf("%-16s (reversed dict)\n", a);
 #endif
diff --git a/util/cracklib-format b/util/cracklib-format
index c133d75..360d109 100755
--- a/util/cracklib-format
+++ b/util/cracklib-format
@@ -3,17 +3,10 @@
 # This preprocesses a set of word lists into a suitable form for input
 # into cracklib-packer
 #
-# Truncates lines longer than 1022 characters long as cracklib-packer
-# does not handle them correctly.
-#
-# The last part of the pipeline uses 'grep -v' to remove any blank
-# lines (possibly introduced by earlier parts of the pipeline) as
-# cracklib-packer will generate "skipping line" warnings otherwise.
-#
+LC_ALL=C
+export LC_ALL
 gzip -cdf "$@" |
-    grep -a -v '^#' |
-    tr '[A-Z]' '[a-z]' |
-    tr -cd '\012[a-z][0-9]' |
-    cut -c 1-1022 |
-    grep -v '^$' |
-    env LC_ALL=C sort -u
+    grep -a -E -v '^.{30,}$' |
+    tr '[:upper:]' '[:lower:]' |
+    sed s/[[:space:]]//g |
+    sort -u
--
1.8.3.1