firstboot: hook up with libpwquality

diff --git a/src/firstboot/firstboot.c b/src/firstboot/firstboot.c
index e4c7a2d3744c597420f3f7e092b173b8d2a713da..cf1ec28dd54d23ee0453e499ccf5b031dcfe05c8 100644 (file)
--- a/src/firstboot/firstboot.c
+++ b/src/firstboot/firstboot.c
@@ -28,6 +28,7 @@
 #include "path-util.h"
 #include "pretty-print.h"
 #include "proc-cmdline.h"
+#include "pwquality-util.h"
 #include "random-util.h"
 #include "string-util.h"
 #include "strv.h"
@@ -568,8 +569,11 @@ static int prompt_root_password(void) {
         msg1 = strjoina(special_glyph(SPECIAL_GLYPH_TRIANGULAR_BULLET), " Please enter a new root password (empty to skip):");
         msg2 = strjoina(special_glyph(SPECIAL_GLYPH_TRIANGULAR_BULLET), " Please enter new root password again:");
 
+        suggest_passwords();
+
         for (;;) {
                 _cleanup_strv_free_erase_ char **a = NULL, **b = NULL;
+                _cleanup_free_ char *error = NULL;
 
                 r = ask_password_tty(-1, msg1, NULL, 0, 0, NULL, &a);
                 if (r < 0)
@@ -583,6 +587,12 @@ static int prompt_root_password(void) {
                         break;
                 }
 
+                r = quality_check_password(*a, "root", &error);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to check quality of password: %m");
+                if (r == 0)
+                        log_warning("Password is weak, accepting anyway: %s", error);
+
                 r = ask_password_tty(-1, msg2, NULL, 0, 0, NULL, &b);
                 if (r < 0)
                         return log_error_errno(r, "Failed to query root password: %m");

diff --git a/src/shared/pwquality-util.c b/src/shared/pwquality-util.c
index 799c39f32b5e1c7bfe23324cd0989907f61d97d4..67332833a5fa34ec5ba9de934b2df5855042a2c7 100644 (file)
--- a/src/shared/pwquality-util.c
+++ b/src/shared/pwquality-util.c
@@ -155,4 +155,37 @@ int suggest_passwords(void) {
         return 1;
 }
 
+int quality_check_password(const char *password, const char *username, char **ret_error) {
+        _cleanup_(sym_pwquality_free_settingsp) pwquality_settings_t *pwq = NULL;
+        char buf[PWQ_MAX_ERROR_MESSAGE_LEN];
+        void *auxerror;
+        int r;
+
+        assert(password);
+
+        r = pwq_allocate_context(&pwq);
+        if (ERRNO_IS_NOT_SUPPORTED(r))
+                return 0;
+        if (r < 0)
+                return log_debug_errno(r, "Failed to allocate libpwquality context: %m");
+
+        r = sym_pwquality_check(pwq, password, NULL, username, &auxerror);
+        if (r < 0) {
+
+                if (ret_error) {
+                        _cleanup_free_ char *e = NULL;
+
+                        e = strdup(sym_pwquality_strerror(buf, sizeof(buf), r, auxerror));
+                        if (!e)
+                                return -ENOMEM;
+
+                        *ret_error = TAKE_PTR(e);
+                }
+
+                return 0; /* all bad */
+        }
+
+        return 1; /* all good */
+}
+
 #endif

diff --git a/src/shared/pwquality-util.h b/src/shared/pwquality-util.h
index 2ef34dabee621264b05fb8568c6dab4a407055d6..a49de07990741ebdc23bdd3c2ab5daa0133b123f 100644 (file)
--- a/src/shared/pwquality-util.h
+++ b/src/shared/pwquality-util.h
@@ -24,6 +24,7 @@ DEFINE_TRIVIAL_CLEANUP_FUNC(pwquality_settings_t*, sym_pwquality_free_settings);
 void pwq_maybe_disable_dictionary(pwquality_settings_t *pwq);
 int pwq_allocate_context(pwquality_settings_t **ret);
 int suggest_passwords(void);
+int quality_check_password(const char *password, const char *username, char **ret_error);
 
 #else
 
@@ -31,4 +32,10 @@ static inline int suggest_passwords(void) {
         return 0;
 }
 
+static inline int quality_check_password(const char *password, const char *username, char **ret_error) {
+        if (ret_error)
+                *ret_error = NULL;
+        return 1; /* all good */
+}
+
 #endif