Validation of root password with cracklib

Current anaconda validates only length of root password.
but passwd command validates more things for password
like the following...
-------------------------------------------
Changing password for user root.
New UNIX password:
BAD PASSWORD: it is based on a dictionary word
Retype new UNIX password:
-------------------------------------------

so I added the validation of root password to
anaconda using cracklib same as passwd.

3 files changed, 28 insertions, 2 deletions

diff --git a/iw/account_gui.py b/iw/account_gui.py
index 22e4d8a5b..c4eb334f2 100644
--- a/iw/account_gui.py
+++ b/iw/account_gui.py
@@ -24,6 +24,7 @@ import gui
 from iw_gui import *
 from rhpl.translate import _, N_
 from flags import flags
+import cracklib
 
 def handleCapsLockRelease(window, event, label):
     if event.keyval == gtk.keysyms.Caps_Lock and event.state & gtk.gdk.LOCK_MASK:
@@ -70,6 +71,17 @@ class AccountWindow (InstallWindow):
                                       "six characters long."),
                                     custom_icon="error")
             passwordError()
+
+        msg = cracklib.FascistCheck(pw)
+        if msg is not None:
+            ret = self.intf.messageWindow(_("Weak Password"),
+                                          _("Weak password provided: %s"
+                                            "\n\n"
+                                            "Would you like to continue with this "
+                                            "password?" % (msg, )),
+                                          type = "yesno")
+            if ret == 0:
+                passwordError()
         
         allowed = string.digits + string.ascii_letters + string.punctuation + " "
         for letter in pw:
diff --git a/scripts/upd-instroot b/scripts/upd-instroot
index 610fd5efe..fa39ca3de 100755
--- a/scripts/upd-instroot
+++ b/scripts/upd-instroot
@@ -272,7 +272,8 @@ PACKAGES="glibc-common setup python newt slang libselinux
 	 libdhcp libnl libdhcp6client libdhcp4client newt-python
 	 device-mapper device-mapper-libs dmraid keyutils-libs libsemanage-python
 	 python-pyblock mkinitrd libbdevid libbdevid-python nss nspr pcre
-	 cryptsetup-luks libgcrypt libgpg-error udev udev-static dbus dbus-python hal"
+	 cryptsetup-luks libgcrypt libgpg-error udev udev-static dbus dbus-python hal
+	 cracklib-python"
 
 if [ $ARCH = i386 ]; then
     PACKAGES="$PACKAGES glibc.i386 openssl.i386"
@@ -535,6 +536,7 @@ usr/lib/python?.?/site-packages/repomd
 usr/lib/python?.?/site-packages/pirut
 usr/lib/python?.?/site-packages/pykickstart
 usr/lib/python?.?/site-packages/rhpxl
+usr/lib/python?.?/site-packages/cracklibmodule.so
 usr/lib/rpm/macros
 usr/lib/rpm/rpmpopt
 usr/lib/rpm/rpmrc
diff --git a/textw/userauth_text.py b/textw/userauth_text.py
index 6556b0730..a4218f928 100644
--- a/textw/userauth_text.py
+++ b/textw/userauth_text.py
@@ -20,6 +20,7 @@
 from snack import *
 from constants_text import *
 from rhpl.translate import _
+import cracklib
 
 def has_bad_chars(pw):
     allowed = string.digits + string.ascii_letters + string.punctuation + " "
@@ -77,7 +78,18 @@ class RootPasswordWindow:
                          "which are not allowed."),
 		       buttons = [ TEXT_OK_BUTTON ], width = 50)
             else:
-                break
+                msg = cracklib.FascistCheck(entry1.value())
+                if msg is not None:
+                    ret = anaconda.intf.messageWindow(_("Weak Password"),
+                                                  _("Weak password provided: %s"
+                                                    "\n\n"
+                                                    "Would you like to continue with this "
+                                                    "password?" % (msg, )),
+                                                  type = "yesno")
+                    if ret == 1:
+                        break
+                else:
+                    break
 
             entry1.set ("")
             entry2.set ("")