1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
# Returns a true value if there seems to be a system user account.
# OVERRIDE_SYSTEM_USER overrides this to assume that no system user account
# exists.
is_system_user () {
if [ "$OVERRIDE_SYSTEM_USER" ]; then
return 1
fi
if ! [ -e $ROOT/etc/passwd ]; then
return 1
fi
# Assume NIS, or any uid from 1000 to 29999, means there is a user.
if grep -q '^+:' $ROOT/etc/passwd || \
grep -q '^[^:]*:[^:]*:[1-9][0-9][0-9][0-9]:' $ROOT/etc/passwd || \
grep -q '^[^:]*:[^:]*:[12][0-9][0-9][0-9][0-9]:' $ROOT/etc/passwd; then
return 0
else
return 1
fi
}
# Returns a true value if root already has a password.
root_password () {
if ! [ -e $ROOT/etc/passwd ]; then
return 1
fi
# Assume there is a root password if NIS is being used.
if grep -q '^+:' $ROOT/etc/passwd; then
return 0
fi
# Be more careful than usual about test arguments in the following,
# just in case (for example) the encrypted password string is "!".
if [ -e $ROOT/etc/shadow ] && \
[ -n "`grep ^root: $ROOT/etc/shadow | cut -d : -f 2`" ] && \
[ "x`grep ^root: $ROOT/etc/shadow | cut -d : -f 2`" != 'x*' ] && \
[ "x`grep ^root: $ROOT/etc/shadow | cut -d : -f 2`" != 'x!' ]; then
return 0
fi
if [ -e $ROOT/etc/passwd ] && \
[ -n "`grep ^root: $ROOT/etc/passwd | cut -d : -f 2`" ] && \
[ "x`grep ^root: $ROOT/etc/passwd | cut -d : -f 2`" != 'xx' ]; then
return 0
fi
return 1
}
password_is_empty () {
db_get user-setup/allow-password-empty
if [ "$RET" = true ]; then
return 1 # don't consider this as empty if explicitly allowed
fi
[ -z "$1" ]
}
password_is_weak () {
db_get user-setup/allow-password-weak
if [ "$RET" = true ]; then
return 1 # don't consider this as weak if explicitly allowed
fi
[ "$(printf %s "$1" | wc -c)" -lt 8 ]
}
|