1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
3 #include "bus-common-errors.h"
4 #include "errno-util.h"
6 #include "libcrypt-util.h"
7 #include "pwquality-util.h"
9 #include "user-record-pwquality.h"
10 #include "user-record-util.h"
14 int user_record_quality_check_password(
17 sd_bus_error
*error
) {
19 _cleanup_free_
char *auxerror
= NULL
;
25 /* This is a bit more complex than one might think at first. quality_check_password() would like to know the
26 * old password to make security checks. We support arbitrary numbers of passwords however, hence we
27 * call the function once for each combination of old and new password. */
29 /* Iterate through all new passwords */
30 STRV_FOREACH(pp
, secret
->password
) {
33 r
= test_password_many(hr
->hashed_password
, *pp
);
36 if (r
== 0) /* This is an old password as it isn't listed in the hashedPassword field, skip it */
39 /* Check this password against all old passwords */
40 STRV_FOREACH(old
, secret
->password
) {
45 r
= test_password_many(hr
->hashed_password
, *old
);
48 if (r
> 0) /* This is a new password, not suitable as old password */
51 r
= quality_check_password(*pp
, *old
, hr
->user_name
, &auxerror
);
61 /* If there are no old passwords, let's call quality_check_password() without any. */
62 r
= quality_check_password(*pp
, /* old */ NULL
, hr
->user_name
, &auxerror
);
71 return sd_bus_error_setf(error
, BUS_ERROR_LOW_PASSWORD_QUALITY
,
72 "Password too weak: %s", auxerror
);
73 if (ERRNO_IS_NOT_SUPPORTED(r
))
75 return log_debug_errno(r
, "Failed to check password quality: %m");
80 int user_record_quality_check_password(
83 sd_bus_error
*error
) {