Bookworm uses yescrypt to encrypt passwords in /etc/shadow; password checker does not take this format into account

[WolfgangSn]

Issue information:

Bookworm uses yescrypt to encrypt passwords that are stored in /etc/shadow. yescrypt encrypted passwords consist of 4 parameters separated by $. E.g. $y$j9T$ydzju/dIJLh/6ohtOK5Ud0$ds0UQiwpQmJuq/jyzCP8bbmIM7GXgMqPadMlbFe7.t4

id : y (yescrypt)
param : j9T
salt : ydzju/dIJLh/6ohtOK5Ud0
hash : ds0UQiwpQmJuq/jyzCP8bbmIM7GXgMqPadMlbFe7.t4

For more detailed description e.g. see https://unix.stackexchange.com/questions/690679/what-does-j9t-mean-in-yescrypt-from-etc-shadow

openhabian's checker for default passwords does not take into account that yescrypt uses 4 instead of 3 fields.

  originalPassword="$(grep -w "$defaultUser" /etc/shadow | cut -d: -f2)"
  algo="$(echo "$originalPassword" | cut -d'$' -f2)"
  salt="$(echo "$originalPassword" | cut -d'$' -f3)"
  ...
  generatedPassword="$(perl -le 'print crypt("$ENV{defaultPassword}","\$$ENV{algo}\$$ENV{salt}\$")')"

This means that openhabian will report that no default password is being used although it is.

Debug information:

Please provide all of the output provided by utilizing the debugmode=maximum parameter in the /etc/openhabian.conf file. For more information on how to accomplish this, please see openhabian-DEBUG.md.

place logs here

System information:

Please tell us what OS you are running (Raspberry Pi OS, Debian, Ubuntu), what HW you are running on (Raspberry Pi, amd64). Also include the output of cat /etc/os-release and uname -m.

place output here

[mstormi]

Wolfgang can you provide a PR ?

[WolfgangSn]

Wolfgang can you provide a PR ?

I can have a look at it.

[WolfgangSn]

PR created https://github.com/openhab/openhabian/pull/1851

[mstormi]

thanks for your contrib

Fixed-By: #1851