mirror of
https://github.com/systemd/systemd
synced 2024-07-22 02:34:54 +00:00
shared: add password quality check abstraction layer to support both pwquality and passwdqc
Co-authored-by: Dmitry V. Levin <ldv@altlinux.org>
This commit is contained in:
parent
6377f57fa7
commit
d34b1823ca
|
@ -6,7 +6,7 @@
|
|||
#include "errno-util.h"
|
||||
#include "escape.h"
|
||||
#include "memory-util.h"
|
||||
#include "pwquality-util.h"
|
||||
#include "password-quality-util.h"
|
||||
#include "strv.h"
|
||||
|
||||
int load_volume_key_password(
|
||||
|
@ -156,7 +156,7 @@ int enroll_password(
|
|||
}
|
||||
}
|
||||
|
||||
r = quality_check_password(new_password, /* old */ NULL, /* user */ NULL, &error);
|
||||
r = check_password_quality(new_password, /* old */ NULL, /* user */ NULL, &error);
|
||||
if (r < 0) {
|
||||
if (ERRNO_IS_NOT_SUPPORTED(r))
|
||||
log_warning("Password quality check is not supported, proceeding anyway.");
|
||||
|
|
|
@ -36,10 +36,10 @@
|
|||
#include "os-util.h"
|
||||
#include "parse-argument.h"
|
||||
#include "parse-util.h"
|
||||
#include "password-quality-util.h"
|
||||
#include "path-util.h"
|
||||
#include "pretty-print.h"
|
||||
#include "proc-cmdline.h"
|
||||
#include "pwquality-util.h"
|
||||
#include "random-util.h"
|
||||
#include "smack-util.h"
|
||||
#include "string-util.h"
|
||||
|
@ -790,7 +790,7 @@ static int prompt_root_password(int rfd) {
|
|||
break;
|
||||
}
|
||||
|
||||
r = quality_check_password(*a, /* old */ NULL, "root", &error);
|
||||
r = check_password_quality(*a, /* old */ NULL, "root", &error);
|
||||
if (r < 0) {
|
||||
if (ERRNO_IS_NOT_SUPPORTED(r))
|
||||
log_warning("Password quality check is not supported, proceeding anyway.");
|
||||
|
|
|
@ -30,18 +30,18 @@
|
|||
#include "pager.h"
|
||||
#include "parse-argument.h"
|
||||
#include "parse-util.h"
|
||||
#include "password-quality-util.h"
|
||||
#include "path-util.h"
|
||||
#include "percent-util.h"
|
||||
#include "pkcs11-util.h"
|
||||
#include "pretty-print.h"
|
||||
#include "process-util.h"
|
||||
#include "pwquality-util.h"
|
||||
#include "rlimit-util.h"
|
||||
#include "spawn-polkit-agent.h"
|
||||
#include "terminal-util.h"
|
||||
#include "uid-alloc-range.h"
|
||||
#include "user-record.h"
|
||||
#include "user-record-pwquality.h"
|
||||
#include "user-record-password-quality.h"
|
||||
#include "user-record-show.h"
|
||||
#include "user-record-util.h"
|
||||
#include "user-util.h"
|
||||
|
@ -1323,7 +1323,7 @@ static int create_home(int argc, char *argv[], void *userdata) {
|
|||
|
||||
/* If password quality enforcement is disabled, let's at least warn client side */
|
||||
|
||||
r = user_record_quality_check_password(hr, hr, &error);
|
||||
r = user_record_check_password_quality(hr, hr, &error);
|
||||
if (r < 0)
|
||||
log_warning_errno(r, "Specified password does not pass quality checks (%s), proceeding anyway.", bus_error_message(&error, r));
|
||||
}
|
||||
|
|
|
@ -31,7 +31,6 @@
|
|||
#include "mkdir.h"
|
||||
#include "path-util.h"
|
||||
#include "process-util.h"
|
||||
#include "pwquality-util.h"
|
||||
#include "quota-util.h"
|
||||
#include "resize-fs.h"
|
||||
#include "set.h"
|
||||
|
@ -40,7 +39,7 @@
|
|||
#include "string-table.h"
|
||||
#include "strv.h"
|
||||
#include "uid-alloc-range.h"
|
||||
#include "user-record-pwquality.h"
|
||||
#include "user-record-password-quality.h"
|
||||
#include "user-record-sign.h"
|
||||
#include "user-record-util.h"
|
||||
#include "user-record.h"
|
||||
|
@ -1513,7 +1512,7 @@ int home_create(Home *h, UserRecord *secret, sd_bus_error *error) {
|
|||
if (h->record->enforce_password_policy == false)
|
||||
log_debug("Password quality check turned off for account, skipping.");
|
||||
else {
|
||||
r = user_record_quality_check_password(h->record, secret, error);
|
||||
r = user_record_check_password_quality(h->record, secret, error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
|
@ -1888,7 +1887,7 @@ int home_passwd(Home *h,
|
|||
if (c->enforce_password_policy == false)
|
||||
log_debug("Password quality check turned off for account, skipping.");
|
||||
else {
|
||||
r = user_record_quality_check_password(c, merged_secret, error);
|
||||
r = user_record_check_password_quality(c, merged_secret, error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
|
|
|
@ -33,7 +33,7 @@ systemd_homed_sources = files(
|
|||
'homed-operation.c',
|
||||
'homed-varlink.c',
|
||||
'homed.c',
|
||||
'user-record-pwquality.c',
|
||||
'user-record-password-quality.c',
|
||||
'user-record-sign.c',
|
||||
'user-record-util.c',
|
||||
)
|
||||
|
@ -52,7 +52,7 @@ homectl_sources = files(
|
|||
'homectl-pkcs11.c',
|
||||
'homectl-recovery-key.c',
|
||||
'homectl.c',
|
||||
'user-record-pwquality.c',
|
||||
'user-record-password-quality.c',
|
||||
'user-record-util.c',
|
||||
)
|
||||
|
||||
|
|
|
@ -4,14 +4,14 @@
|
|||
#include "errno-util.h"
|
||||
#include "home-util.h"
|
||||
#include "libcrypt-util.h"
|
||||
#include "pwquality-util.h"
|
||||
#include "password-quality-util.h"
|
||||
#include "strv.h"
|
||||
#include "user-record-pwquality.h"
|
||||
#include "user-record-password-quality.h"
|
||||
#include "user-record-util.h"
|
||||
|
||||
#if HAVE_PWQUALITY
|
||||
|
||||
int user_record_quality_check_password(
|
||||
int user_record_check_password_quality(
|
||||
UserRecord *hr,
|
||||
UserRecord *secret,
|
||||
sd_bus_error *error) {
|
||||
|
@ -22,7 +22,7 @@ int user_record_quality_check_password(
|
|||
assert(hr);
|
||||
assert(secret);
|
||||
|
||||
/* This is a bit more complex than one might think at first. quality_check_password() would like to know the
|
||||
/* This is a bit more complex than one might think at first. check_password_quality() would like to know the
|
||||
* old password to make security checks. We support arbitrary numbers of passwords however, hence we
|
||||
* call the function once for each combination of old and new password. */
|
||||
|
||||
|
@ -48,7 +48,7 @@ int user_record_quality_check_password(
|
|||
if (r > 0) /* This is a new password, not suitable as old password */
|
||||
continue;
|
||||
|
||||
r = quality_check_password(*pp, *old, hr->user_name, &auxerror);
|
||||
r = check_password_quality(*pp, *old, hr->user_name, &auxerror);
|
||||
if (r <= 0)
|
||||
goto error;
|
||||
|
||||
|
@ -58,12 +58,11 @@ int user_record_quality_check_password(
|
|||
if (called)
|
||||
continue;
|
||||
|
||||
/* If there are no old passwords, let's call quality_check_password() without any. */
|
||||
r = quality_check_password(*pp, /* old */ NULL, hr->user_name, &auxerror);
|
||||
/* If there are no old passwords, let's call check_password_quality() without any. */
|
||||
r = check_password_quality(*pp, /* old */ NULL, hr->user_name, &auxerror);
|
||||
if (r <= 0)
|
||||
goto error;
|
||||
}
|
||||
|
||||
return 1;
|
||||
|
||||
error:
|
||||
|
@ -77,7 +76,7 @@ error:
|
|||
|
||||
#else
|
||||
|
||||
int user_record_quality_check_password(
|
||||
int user_record_check_password_quality(
|
||||
UserRecord *hr,
|
||||
UserRecord *secret,
|
||||
sd_bus_error *error) {
|
|
@ -4,4 +4,4 @@
|
|||
#include "sd-bus.h"
|
||||
#include "user-record.h"
|
||||
|
||||
int user_record_quality_check_password(UserRecord *hr, UserRecord *secret, sd_bus_error *error);
|
||||
int user_record_check_password_quality(UserRecord *hr, UserRecord *secret, sd_bus_error *error);
|
|
@ -128,11 +128,11 @@ shared_sources = files(
|
|||
'pager.c',
|
||||
'parse-argument.c',
|
||||
'parse-helpers.c',
|
||||
'password-quality-util-pwquality.c',
|
||||
'pcre2-util.c',
|
||||
'pkcs11-util.c',
|
||||
'pretty-print.c',
|
||||
'ptyfwd.c',
|
||||
'pwquality-util.c',
|
||||
'qrcode-util.c',
|
||||
'quota-util.c',
|
||||
'reboot-util.c',
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
#include "log.h"
|
||||
#include "macro.h"
|
||||
#include "memory-util.h"
|
||||
#include "pwquality-util.h"
|
||||
#include "password-quality-util.h"
|
||||
#include "strv.h"
|
||||
|
||||
#if HAVE_PWQUALITY
|
||||
|
@ -36,7 +36,7 @@ int dlopen_pwquality(void) {
|
|||
DLSYM_ARG(pwquality_strerror));
|
||||
}
|
||||
|
||||
void pwq_maybe_disable_dictionary(pwquality_settings_t *pwq) {
|
||||
static void pwq_maybe_disable_dictionary(pwquality_settings_t *pwq) {
|
||||
char buf[PWQ_MAX_ERROR_MESSAGE_LEN];
|
||||
const char *path;
|
||||
int r;
|
||||
|
@ -69,7 +69,7 @@ void pwq_maybe_disable_dictionary(pwquality_settings_t *pwq) {
|
|||
sym_pwquality_strerror(buf, sizeof(buf), r, NULL));
|
||||
}
|
||||
|
||||
int pwq_allocate_context(pwquality_settings_t **ret) {
|
||||
static int pwq_allocate_context(pwquality_settings_t **ret) {
|
||||
_cleanup_(sym_pwquality_free_settingsp) pwquality_settings_t *pwq = NULL;
|
||||
char buf[PWQ_MAX_ERROR_MESSAGE_LEN];
|
||||
void *auxerror;
|
||||
|
@ -96,8 +96,6 @@ int pwq_allocate_context(pwquality_settings_t **ret) {
|
|||
return 0;
|
||||
}
|
||||
|
||||
#define N_SUGGESTIONS 6
|
||||
|
||||
int suggest_passwords(void) {
|
||||
_cleanup_(sym_pwquality_free_settingsp) pwquality_settings_t *pwq = NULL;
|
||||
_cleanup_strv_free_erase_ char **suggestions = NULL;
|
||||
|
@ -132,7 +130,7 @@ int suggest_passwords(void) {
|
|||
return 1;
|
||||
}
|
||||
|
||||
int quality_check_password(const char *password, const char *old, const char *username, char **ret_error) {
|
||||
int check_password_quality(const char *password, const char *old, const char *username, char **ret_error) {
|
||||
_cleanup_(sym_pwquality_free_settingsp) pwquality_settings_t *pwq = NULL;
|
||||
char buf[PWQ_MAX_ERROR_MESSAGE_LEN];
|
||||
void *auxerror;
|
||||
|
@ -146,7 +144,6 @@ int quality_check_password(const char *password, const char *old, const char *us
|
|||
|
||||
r = sym_pwquality_check(pwq, password, old, username, &auxerror);
|
||||
if (r < 0) {
|
||||
|
||||
if (ret_error) {
|
||||
_cleanup_free_ char *e = NULL;
|
||||
|
|
@ -21,21 +21,7 @@ int dlopen_pwquality(void);
|
|||
|
||||
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(pwquality_settings_t*, sym_pwquality_free_settings, NULL);
|
||||
|
||||
void pwq_maybe_disable_dictionary(pwquality_settings_t *pwq);
|
||||
int pwq_allocate_context(pwquality_settings_t **ret);
|
||||
int suggest_passwords(void);
|
||||
int quality_check_password(const char *password, const char *old, const char *username, char **ret_error);
|
||||
|
||||
#else
|
||||
|
||||
static inline int suggest_passwords(void) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
static inline int quality_check_password(const char *password, const char *old, const char *username, char **ret_error) {
|
||||
if (ret_error)
|
||||
*ret_error = NULL;
|
||||
return 1; /* all good */
|
||||
}
|
||||
int check_password_quality(const char *password, const char *old, const char *username, char **ret_error);
|
||||
|
||||
#endif
|
26
src/shared/password-quality-util.h
Normal file
26
src/shared/password-quality-util.h
Normal file
|
@ -0,0 +1,26 @@
|
|||
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
||||
#pragma once
|
||||
|
||||
#define N_SUGGESTIONS 6
|
||||
|
||||
#if HAVE_PWQUALITY
|
||||
|
||||
#include "password-quality-util-pwquality.h"
|
||||
|
||||
#else
|
||||
|
||||
static inline int suggest_passwords(void) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
static inline int check_password_quality(
|
||||
const char *password,
|
||||
const char *old,
|
||||
const char *username,
|
||||
char **ret_error) {
|
||||
if (ret_error)
|
||||
*ret_error = NULL;
|
||||
return 1; /* all good */
|
||||
}
|
||||
|
||||
#endif
|
|
@ -10,9 +10,9 @@
|
|||
#include "libfido2-util.h"
|
||||
#include "macro.h"
|
||||
#include "main-func.h"
|
||||
#include "password-quality-util-pwquality.h"
|
||||
#include "pcre2-util.h"
|
||||
#include "pkcs11-util.h"
|
||||
#include "pwquality-util.h"
|
||||
#include "qrcode-util.h"
|
||||
#include "tests.h"
|
||||
#include "tpm2-util.h"
|
||||
|
|
Loading…
Reference in a new issue