Syl*_*eau 5 command-line password
我要求用户密码支持的字符类型(passwd正是命令)
是否允许空格?NULL 字符 (\0)?ASCII 的子集或更多?
如果允许空格,我需要转义它们吗?
基于测试:
\0被视为标记密码的结尾。$ pwgen 10 1
Pohhei8sai
$ passwd
Changing password for muru.
(current) UNIX password:
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
$ printf 'Pohhei8sai\n\0\b\n\0\b' | passwd
Changing password for muru.
(current) UNIX password: Enter new UNIX password: Retype new UNIX password: No password supplied
Enter new UNIX password: Retype new UNIX password: passwd: Authentication token manipulation error
passwd: password unchanged
$ pwgen 10 1
Uuxohv9moo
$ printf 'Pohhei8sai\nUuxohv\09moo\nUuxohv\09moo\n' | passwd
Changing password for muru.
(current) UNIX password: Enter new UNIX password: Retype new UNIX password: Bad: new password is too simple
Enter new UNIX password: Retype new UNIX password: passwd: Authentication token manipulation error
passwd: password unchanged
$ printf 'Pohhei8sai\nUuxohv9moo\nUuxohv9moo\n' | passwd
Changing password for muru.
(current) UNIX password: Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully
$ printf 'Uuxohv9moo\ntesting 1\ntesting 1' | passwd
Changing password for muru.
(current) UNIX password: Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully
根据我对源代码的阅读,该passwd命令使用(过时的)getpass函数,其行为非常类似于read -s(并用 标记密码字符串的结尾\0)。除了对重用和复杂性的一些检查之外,它不限制可用的字符。\0不能使用,因为它被视为 C 字符串中正常的字符串结束标记,但几乎任何其他东西都可以,例如响铃:
$ printf 'testing 1\nUuxohv\a9moo\nUuxohv\a9moo\n' | passwd
Changing password for muru.
(current) UNIX password: Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully