pwquality: fix quality_check_password return value

quality_check_password() used to return the same value 0 in two
different cases: when pwq_allocate_context() failed with a
ERRNO_IS_NOT_SUPPORTED() code, and when pwquality_check() rejected the
password.  As result, users of quality_check_password() used to report
password weakness also in case when the underlying library was not
available.

Fix this by changing quality_check_password() to forward the
ERRNO_IS_NOT_SUPPORTED() code to its callers, and change the callers
to handle this case gracefully.

diff --git a/src/cryptenroll/cryptenroll-password.c b/src/cryptenroll/cryptenroll-password.c
index d636db266ebb691a443eb2cfc94a948318d0426f..de72278394ac781e0067f3122246ba0f297c1165 100644 (file)
--- a/src/cryptenroll/cryptenroll-password.c
+++ b/src/cryptenroll/cryptenroll-password.c
@@ -3,6 +3,7 @@
 #include "ask-password-api.h"
 #include "cryptenroll-password.h"
 #include "env-util.h"
+#include "errno-util.h"
 #include "escape.h"
 #include "memory-util.h"
 #include "pwquality-util.h"
@@ -156,8 +157,12 @@ int enroll_password(
         }
 
         r = quality_check_password(new_password, NULL, &error);
-        if (r < 0)
-                return log_error_errno(r, "Failed to check password for quality: %m");
+        if (r < 0) {
+                if (ERRNO_IS_NOT_SUPPORTED(r))
+                        log_warning("Password quality check is not supported, proceeding anyway.");
+                else
+                        return log_error_errno(r, "Failed to check password quality: %m");
+        }
         if (r == 0)
                 log_warning("Specified password does not pass quality checks (%s), proceeding anyway.", error);
 

diff --git a/src/firstboot/firstboot.c b/src/firstboot/firstboot.c
index 076e06e8215bd1bca81f5c1cc1cf19e3305d6a01..019b7d70afadb1d0532277694617a1ef0f4ad3f4 100644 (file)
--- a/src/firstboot/firstboot.c
+++ b/src/firstboot/firstboot.c
@@ -19,6 +19,7 @@
 #include "creds-util.h"
 #include "dissect-image.h"
 #include "env-file.h"
+#include "errno-util.h"
 #include "fd-util.h"
 #include "fileio.h"
 #include "fs-util.h"
@@ -790,8 +791,12 @@ static int prompt_root_password(int rfd) {
                 }
 
                 r = quality_check_password(*a, "root", &error);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to check quality of password: %m");
+                if (r < 0) {
+                        if (ERRNO_IS_NOT_SUPPORTED(r))
+                                log_warning("Password quality check is not supported, proceeding anyway.");
+                        else
+                                return log_error_errno(r, "Failed to check password quality: %m");
+                }
                 if (r == 0)
                         log_warning("Password is weak, accepting anyway: %s", error);
 

diff --git a/src/shared/pwquality-util.c b/src/shared/pwquality-util.c
index 5deb9324aec301189c58c709388810096662d514..d25104c38f61c45b0190e01ca87415a73525aa62 100644 (file)
--- a/src/shared/pwquality-util.c
+++ b/src/shared/pwquality-util.c
@@ -141,11 +141,8 @@ int quality_check_password(const char *password, const char *username, char **re
         assert(password);
 
         r = pwq_allocate_context(&pwq);
-        if (r < 0) {
-                if (ERRNO_IS_NOT_SUPPORTED(r))
-                        return 0;
+        if (r < 0)
                 return log_debug_errno(r, "Failed to allocate libpwquality context: %m");
-        }
 
         r = sym_pwquality_check(pwq, password, NULL, username, &auxerror);
         if (r < 0) {