From: Lennart Poettering Date: Tue, 28 Nov 2023 08:52:17 +0000 (+0100) Subject: homed: fix home_count_bad_authentication() counting X-Git-Tag: v256-rc1~1303 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=cc943ab86ef117ecd2499ea654cee552fb84d316;p=thirdparty%2Fsystemd.git homed: fix home_count_bad_authentication() counting We want to cover not only regular bad password entries, but also bad recovery key entries. Hence let's move the list of errors into the function, and add more. --- diff --git a/src/home/homed-home.c b/src/home/homed-home.c index 951f5aba437..787dc773ac9 100644 --- a/src/home/homed-home.c +++ b/src/home/homed-home.c @@ -650,11 +650,17 @@ static int convert_worker_errno(Home *h, int e, sd_bus_error *error) { return 0; } -static void home_count_bad_authentication(Home *h, bool save) { +static void home_count_bad_authentication(Home *h, int error, bool save) { int r; assert(h); + if (!IN_SET(error, + -ENOKEY, /* Password incorrect */ + -EBADSLT, /* Password incorrect and no token */ + -EREMOTEIO)) /* Recovery key incorrect */ + return; + r = user_record_bad_authentication(h->record); if (r < 0) { log_warning_errno(r, "Failed to increase bad authentication counter, ignoring: %m"); @@ -680,8 +686,7 @@ static void home_fixate_finish(Home *h, int ret, UserRecord *hr) { secret = TAKE_PTR(h->secret); /* Take possession */ if (ret < 0) { - if (ret == -ENOKEY) - (void) home_count_bad_authentication(h, false); + (void) home_count_bad_authentication(h, ret, /* save= */ false); (void) convert_worker_errno(h, ret, &error); r = log_error_errno(ret, "Fixation failed: %m"); @@ -772,8 +777,7 @@ static void home_activate_finish(Home *h, int ret, UserRecord *hr) { assert(IN_SET(h->state, HOME_ACTIVATING, HOME_ACTIVATING_FOR_ACQUIRE)); if (ret < 0) { - if (ret == -ENOKEY) - home_count_bad_authentication(h, true); + (void) home_count_bad_authentication(h, ret, /* save= */ true); (void) convert_worker_errno(h, ret, &error); r = log_full_errno(error_is_bad_password(ret) ? LOG_NOTICE : LOG_ERR, @@ -934,8 +938,7 @@ static void home_change_finish(Home *h, int ret, UserRecord *hr) { assert(h); if (ret < 0) { - if (ret == -ENOKEY) - (void) home_count_bad_authentication(h, true); + (void) home_count_bad_authentication(h, ret, /* save= */ true); (void) convert_worker_errno(h, ret, &error); r = log_full_errno(error_is_bad_password(ret) ? LOG_NOTICE : LOG_ERR, @@ -1005,8 +1008,7 @@ static void home_unlocking_finish(Home *h, int ret, UserRecord *hr) { assert(IN_SET(h->state, HOME_UNLOCKING, HOME_UNLOCKING_FOR_ACQUIRE)); if (ret < 0) { - if (ret == -ENOKEY) - (void) home_count_bad_authentication(h, true); + (void) home_count_bad_authentication(h, ret, /* save= */ true); (void) convert_worker_errno(h, ret, &error); r = log_full_errno(error_is_bad_password(ret) ? LOG_NOTICE : LOG_ERR, @@ -1042,8 +1044,7 @@ static void home_authenticating_finish(Home *h, int ret, UserRecord *hr) { assert(IN_SET(h->state, HOME_AUTHENTICATING, HOME_AUTHENTICATING_WHILE_ACTIVE, HOME_AUTHENTICATING_FOR_ACQUIRE)); if (ret < 0) { - if (ret == -ENOKEY) - (void) home_count_bad_authentication(h, true); + (void) home_count_bad_authentication(h, ret, /* save= */ true); (void) convert_worker_errno(h, ret, &error); r = log_full_errno(error_is_bad_password(ret) ? LOG_NOTICE : LOG_ERR,