shared: add password quality check abstraction layer to support both pwquality and...

Co-authored-by: Dmitry V. Levin <ldv@altlinux.org>

diff --git a/src/cryptenroll/cryptenroll-password.c b/src/cryptenroll/cryptenroll-password.c
index 44e6f0b227b6f1715836d843d3fb3f3a61d668a5..499dbbc627a775c4d12f636c87e5031736bc5ec9 100644 (file)
--- a/src/cryptenroll/cryptenroll-password.c
+++ b/src/cryptenroll/cryptenroll-password.c
@@ -6,7 +6,7 @@
 #include "errno-util.h"
 #include "escape.h"
 #include "memory-util.h"
-#include "pwquality-util.h"
+#include "password-quality-util.h"
 #include "strv.h"
 
 int load_volume_key_password(
@@ -156,7 +156,7 @@ int enroll_password(
                 }
         }
 
-        r = quality_check_password(new_password, /* old */ NULL, /* user */ NULL, &error);
+        r = check_password_quality(new_password, /* old */ NULL, /* user */ NULL, &error);
         if (r < 0) {
                 if (ERRNO_IS_NOT_SUPPORTED(r))
                         log_warning("Password quality check is not supported, proceeding anyway.");

diff --git a/src/firstboot/firstboot.c b/src/firstboot/firstboot.c
index 501f074c94f0776d1ee68e9cc0664280a0b7ad63..b993739083fa0b84f56ea28ef594882c34e70fc9 100644 (file)
--- a/src/firstboot/firstboot.c
+++ b/src/firstboot/firstboot.c
@@ -36,10 +36,10 @@
 #include "os-util.h"
 #include "parse-argument.h"
 #include "parse-util.h"
+#include "password-quality-util.h"
 #include "path-util.h"
 #include "pretty-print.h"
 #include "proc-cmdline.h"
-#include "pwquality-util.h"
 #include "random-util.h"
 #include "smack-util.h"
 #include "string-util.h"
@@ -790,7 +790,7 @@ static int prompt_root_password(int rfd) {
                         break;
                 }
 
-                r = quality_check_password(*a, /* old */ NULL, "root", &error);
+                r = check_password_quality(*a, /* old */ NULL, "root", &error);
                 if (r < 0) {
                         if (ERRNO_IS_NOT_SUPPORTED(r))
                                 log_warning("Password quality check is not supported, proceeding anyway.");

diff --git a/src/home/homectl.c b/src/home/homectl.c
index d6e6bd0855cd3ee4941561547287121e362aea43..55323b44e10c121eff61b355c9ca0784d734c35a 100644 (file)
--- a/src/home/homectl.c
+++ b/src/home/homectl.c
@@ -30,18 +30,18 @@
 #include "pager.h"
 #include "parse-argument.h"
 #include "parse-util.h"
+#include "password-quality-util.h"
 #include "path-util.h"
 #include "percent-util.h"
 #include "pkcs11-util.h"
 #include "pretty-print.h"
 #include "process-util.h"
-#include "pwquality-util.h"
 #include "rlimit-util.h"
 #include "spawn-polkit-agent.h"
 #include "terminal-util.h"
 #include "uid-alloc-range.h"
 #include "user-record.h"
-#include "user-record-pwquality.h"
+#include "user-record-password-quality.h"
 #include "user-record-show.h"
 #include "user-record-util.h"
 #include "user-util.h"
@@ -1323,7 +1323,7 @@ static int create_home(int argc, char *argv[], void *userdata) {
 
                 /* If password quality enforcement is disabled, let's at least warn client side */
 
-                r = user_record_quality_check_password(hr, hr, &error);
+                r = user_record_check_password_quality(hr, hr, &error);
                 if (r < 0)
                         log_warning_errno(r, "Specified password does not pass quality checks (%s), proceeding anyway.", bus_error_message(&error, r));
         }

diff --git a/src/home/homed-home.c b/src/home/homed-home.c
index a79a719383852a01b2cc5cd8dceb7a42028ba392..46d6fb589c16ddecd8a5dac207a0fd1cac0f9682 100644 (file)
--- a/src/home/homed-home.c
+++ b/src/home/homed-home.c
@@ -31,7 +31,6 @@
 #include "mkdir.h"
 #include "path-util.h"
 #include "process-util.h"
-#include "pwquality-util.h"
 #include "quota-util.h"
 #include "resize-fs.h"
 #include "set.h"
@@ -40,7 +39,7 @@
 #include "string-table.h"
 #include "strv.h"
 #include "uid-alloc-range.h"
-#include "user-record-pwquality.h"
+#include "user-record-password-quality.h"
 #include "user-record-sign.h"
 #include "user-record-util.h"
 #include "user-record.h"
@@ -1513,7 +1512,7 @@ int home_create(Home *h, UserRecord *secret, sd_bus_error *error) {
         if (h->record->enforce_password_policy == false)
                 log_debug("Password quality check turned off for account, skipping.");
         else {
-                r = user_record_quality_check_password(h->record, secret, error);
+                r = user_record_check_password_quality(h->record, secret, error);
                 if (r < 0)
                         return r;
         }
@@ -1888,7 +1887,7 @@ int home_passwd(Home *h,
         if (c->enforce_password_policy == false)
                 log_debug("Password quality check turned off for account, skipping.");
         else {
-                r = user_record_quality_check_password(c, merged_secret, error);
+                r = user_record_check_password_quality(c, merged_secret, error);
                 if (r < 0)
                         return r;
         }

diff --git a/src/home/meson.build b/src/home/meson.build
index 475faaefea9257acd315c5afef7bff64cf26e924..ff3cf411fedcb2cafd9bece1037c60911f1cbccf 100644 (file)
--- a/src/home/meson.build
+++ b/src/home/meson.build
@@ -33,7 +33,7 @@ systemd_homed_sources = files(
         'homed-operation.c',
         'homed-varlink.c',
         'homed.c',
-        'user-record-pwquality.c',
+        'user-record-password-quality.c',
         'user-record-sign.c',
         'user-record-util.c',
 )
@@ -52,7 +52,7 @@ homectl_sources = files(
         'homectl-pkcs11.c',
         'homectl-recovery-key.c',
         'homectl.c',
-        'user-record-pwquality.c',
+        'user-record-password-quality.c',
         'user-record-util.c',
 )
 

diff --git a/src/home/user-record-pwquality.c b/src/home/user-record-password-quality.c
similarity index 84%
rename from src/home/user-record-pwquality.c
rename to src/home/user-record-password-quality.c
index 7e18773232c567eaa66239a8882ee71d097f5872..5c2909688d20786e202fa8d4250d9943b99290ac 100644 (file)
--- a/src/home/user-record-pwquality.c
+++ b/src/home/user-record-password-quality.c
@@ -4,14 +4,14 @@
 #include "errno-util.h"
 #include "home-util.h"
 #include "libcrypt-util.h"
-#include "pwquality-util.h"
+#include "password-quality-util.h"
 #include "strv.h"
-#include "user-record-pwquality.h"
+#include "user-record-password-quality.h"
 #include "user-record-util.h"
 
 #if HAVE_PWQUALITY
 
-int user_record_quality_check_password(
+int user_record_check_password_quality(
                 UserRecord *hr,
                 UserRecord *secret,
                 sd_bus_error *error) {
@@ -22,7 +22,7 @@ int user_record_quality_check_password(
         assert(hr);
         assert(secret);
 
-        /* This is a bit more complex than one might think at first. quality_check_password() would like to know the
+        /* This is a bit more complex than one might think at first. check_password_quality() would like to know the
          * old password to make security checks. We support arbitrary numbers of passwords however, hence we
          * call the function once for each combination of old and new password. */
 
@@ -48,7 +48,7 @@ int user_record_quality_check_password(
                         if (r > 0) /* This is a new password, not suitable as old password */
                                 continue;
 
-                        r = quality_check_password(*pp, *old, hr->user_name, &auxerror);
+                        r = check_password_quality(*pp, *old, hr->user_name, &auxerror);
                         if (r <= 0)
                                 goto error;
 
@@ -58,12 +58,11 @@ int user_record_quality_check_password(
                 if (called)
                         continue;
 
-                /* If there are no old passwords, let's call quality_check_password() without any. */
-                r = quality_check_password(*pp, /* old */ NULL, hr->user_name, &auxerror);
+                /* If there are no old passwords, let's call check_password_quality() without any. */
+                r = check_password_quality(*pp, /* old */ NULL, hr->user_name, &auxerror);
                 if (r <= 0)
                         goto error;
         }
-
         return 1;
 
 error:
@@ -77,7 +76,7 @@ error:
 
 #else
 
-int user_record_quality_check_password(
+int user_record_check_password_quality(
                 UserRecord *hr,
                 UserRecord *secret,
                 sd_bus_error *error) {

diff --git a/src/home/user-record-pwquality.h b/src/home/user-record-password-quality.h
similarity index 68%
rename from src/home/user-record-pwquality.h
rename to src/home/user-record-password-quality.h
index b3b2690f7e3f1c879b01cafb9b34cfe1e7df1740..c7d6ec60462dd5322bb827914e0fb42b7fcd9208 100644 (file)
--- a/src/home/user-record-pwquality.h
+++ b/src/home/user-record-password-quality.h
@@ -4,4 +4,4 @@
 #include "sd-bus.h"
 #include "user-record.h"
 
-int user_record_quality_check_password(UserRecord *hr, UserRecord *secret, sd_bus_error *error);
+int user_record_check_password_quality(UserRecord *hr, UserRecord *secret, sd_bus_error *error);

diff --git a/src/shared/meson.build b/src/shared/meson.build
index d643b2bd09358a651e468a88ab3b51d5ce1709aa..fe88731c32f01c622d9cfecc4c2e898899db9aac 100644 (file)
--- a/src/shared/meson.build
+++ b/src/shared/meson.build
@@ -128,11 +128,11 @@ shared_sources = files(
         'pager.c',
         'parse-argument.c',
         'parse-helpers.c',
+        'password-quality-util-pwquality.c',
         'pcre2-util.c',
         'pkcs11-util.c',
         'pretty-print.c',
         'ptyfwd.c',
-        'pwquality-util.c',
         'qrcode-util.c',
         'quota-util.c',
         'reboot-util.c',

diff --git a/src/shared/pwquality-util.c b/src/shared/password-quality-util-pwquality.c
similarity index 95%
rename from src/shared/pwquality-util.c
rename to src/shared/password-quality-util-pwquality.c
index 450208319d8142650b5a5f7f1edbbd4939c9fca5..80f7d58e5d31d07cdecfd2545f36b1e2abf9a8b5 100644 (file)
--- a/src/shared/pwquality-util.c
+++ b/src/shared/password-quality-util-pwquality.c
@@ -7,7 +7,7 @@
 #include "log.h"
 #include "macro.h"
 #include "memory-util.h"
-#include "pwquality-util.h"
+#include "password-quality-util.h"
 #include "strv.h"
 
 #if HAVE_PWQUALITY
@@ -36,7 +36,7 @@ int dlopen_pwquality(void) {
                         DLSYM_ARG(pwquality_strerror));
 }
 
-void pwq_maybe_disable_dictionary(pwquality_settings_t *pwq) {
+static void pwq_maybe_disable_dictionary(pwquality_settings_t *pwq) {
         char buf[PWQ_MAX_ERROR_MESSAGE_LEN];
         const char *path;
         int r;
@@ -69,7 +69,7 @@ void pwq_maybe_disable_dictionary(pwquality_settings_t *pwq) {
                           sym_pwquality_strerror(buf, sizeof(buf), r, NULL));
 }
 
-int pwq_allocate_context(pwquality_settings_t **ret) {
+static int pwq_allocate_context(pwquality_settings_t **ret) {
         _cleanup_(sym_pwquality_free_settingsp) pwquality_settings_t *pwq = NULL;
         char buf[PWQ_MAX_ERROR_MESSAGE_LEN];
         void *auxerror;
@@ -96,8 +96,6 @@ int pwq_allocate_context(pwquality_settings_t **ret) {
         return 0;
 }
 
-#define N_SUGGESTIONS 6
-
 int suggest_passwords(void) {
         _cleanup_(sym_pwquality_free_settingsp) pwquality_settings_t *pwq = NULL;
         _cleanup_strv_free_erase_ char **suggestions = NULL;
@@ -132,7 +130,7 @@ int suggest_passwords(void) {
         return 1;
 }
 
-int quality_check_password(const char *password, const char *old, const char *username, char **ret_error) {
+int check_password_quality(const char *password, const char *old, const char *username, char **ret_error) {
         _cleanup_(sym_pwquality_free_settingsp) pwquality_settings_t *pwq = NULL;
         char buf[PWQ_MAX_ERROR_MESSAGE_LEN];
         void *auxerror;
@@ -146,7 +144,6 @@ int quality_check_password(const char *password, const char *old, const char *us
 
         r = sym_pwquality_check(pwq, password, old, username, &auxerror);
         if (r < 0) {
-
                 if (ret_error) {
                         _cleanup_free_ char *e = NULL;
 

diff --git a/src/shared/pwquality-util.h b/src/shared/password-quality-util-pwquality.h
similarity index 72%
rename from src/shared/pwquality-util.h
rename to src/shared/password-quality-util-pwquality.h
index 4e18f39f784f66272696f7986f17465d4263a0c2..a420b0df2c66d4ac98f7b29359ae308dcc36586b 100644 (file)
--- a/src/shared/pwquality-util.h
+++ b/src/shared/password-quality-util-pwquality.h
@@ -21,21 +21,7 @@ int dlopen_pwquality(void);
 
 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(pwquality_settings_t*, sym_pwquality_free_settings, NULL);
 
-void pwq_maybe_disable_dictionary(pwquality_settings_t *pwq);
-int pwq_allocate_context(pwquality_settings_t **ret);
 int suggest_passwords(void);
-int quality_check_password(const char *password, const char *old, const char *username, char **ret_error);
-
-#else
-
-static inline int suggest_passwords(void) {
-        return 0;
-}
-
-static inline int quality_check_password(const char *password, const char *old, const char *username, char **ret_error) {
-        if (ret_error)
-                *ret_error = NULL;
-        return 1; /* all good */
-}
+int check_password_quality(const char *password, const char *old, const char *username, char **ret_error);
 
 #endif

diff --git a/src/shared/password-quality-util.h b/src/shared/password-quality-util.h
new file mode 100644 (file)
index 0000000..a55727d
--- /dev/null
+++ b/src/shared/password-quality-util.h
@@ -0,0 +1,26 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+#pragma once
+
+#define N_SUGGESTIONS 6
+
+#if HAVE_PWQUALITY
+
+#include "password-quality-util-pwquality.h"
+
+#else
+
+static inline int suggest_passwords(void) {
+        return 0;
+}
+
+static inline int check_password_quality(
+                const char *password,
+                const char *old,
+                const char *username,
+                char **ret_error) {
+        if (ret_error)
+                *ret_error = NULL;
+        return 1; /* all good */
+}
+
+#endif

diff --git a/src/test/test-dlopen-so.c b/src/test/test-dlopen-so.c
index 55728c27c522444bd268362ec8673bc383a8629e..2d3b7744f68916ed22e588bf0d3d95da241aec0f 100644 (file)
--- a/src/test/test-dlopen-so.c
+++ b/src/test/test-dlopen-so.c
@@ -10,9 +10,9 @@
 #include "libfido2-util.h"
 #include "macro.h"
 #include "main-func.h"
+#include "password-quality-util-pwquality.h"
 #include "pcre2-util.h"
 #include "pkcs11-util.h"
-#include "pwquality-util.h"
 #include "qrcode-util.h"
 #include "tests.h"
 #include "tpm2-util.h"