From: Egor Ignatov Date: Fri, 6 Aug 2021 08:40:34 +0000 (+0300) Subject: shared: add password quality check abstraction layer to support both pwquality and... X-Git-Tag: v254-rc1~7^2~1 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d34b1823cace2b85436fc0ee79c0569d2f085f72;p=thirdparty%2Fsystemd.git shared: add password quality check abstraction layer to support both pwquality and passwdqc Co-authored-by: Dmitry V. Levin --- diff --git a/src/cryptenroll/cryptenroll-password.c b/src/cryptenroll/cryptenroll-password.c index 44e6f0b227b..499dbbc627a 100644 --- a/src/cryptenroll/cryptenroll-password.c +++ b/src/cryptenroll/cryptenroll-password.c @@ -6,7 +6,7 @@ #include "errno-util.h" #include "escape.h" #include "memory-util.h" -#include "pwquality-util.h" +#include "password-quality-util.h" #include "strv.h" int load_volume_key_password( @@ -156,7 +156,7 @@ int enroll_password( } } - r = quality_check_password(new_password, /* old */ NULL, /* user */ NULL, &error); + r = check_password_quality(new_password, /* old */ NULL, /* user */ NULL, &error); if (r < 0) { if (ERRNO_IS_NOT_SUPPORTED(r)) log_warning("Password quality check is not supported, proceeding anyway."); diff --git a/src/firstboot/firstboot.c b/src/firstboot/firstboot.c index 501f074c94f..b993739083f 100644 --- a/src/firstboot/firstboot.c +++ b/src/firstboot/firstboot.c @@ -36,10 +36,10 @@ #include "os-util.h" #include "parse-argument.h" #include "parse-util.h" +#include "password-quality-util.h" #include "path-util.h" #include "pretty-print.h" #include "proc-cmdline.h" -#include "pwquality-util.h" #include "random-util.h" #include "smack-util.h" #include "string-util.h" @@ -790,7 +790,7 @@ static int prompt_root_password(int rfd) { break; } - r = quality_check_password(*a, /* old */ NULL, "root", &error); + r = check_password_quality(*a, /* old */ NULL, "root", &error); if (r < 0) { if (ERRNO_IS_NOT_SUPPORTED(r)) log_warning("Password quality check is not supported, proceeding anyway."); diff --git a/src/home/homectl.c b/src/home/homectl.c index d6e6bd0855c..55323b44e10 100644 --- a/src/home/homectl.c +++ b/src/home/homectl.c @@ -30,18 +30,18 @@ #include "pager.h" #include "parse-argument.h" #include "parse-util.h" +#include "password-quality-util.h" #include "path-util.h" #include "percent-util.h" #include "pkcs11-util.h" #include "pretty-print.h" #include "process-util.h" -#include "pwquality-util.h" #include "rlimit-util.h" #include "spawn-polkit-agent.h" #include "terminal-util.h" #include "uid-alloc-range.h" #include "user-record.h" -#include "user-record-pwquality.h" +#include "user-record-password-quality.h" #include "user-record-show.h" #include "user-record-util.h" #include "user-util.h" @@ -1323,7 +1323,7 @@ static int create_home(int argc, char *argv[], void *userdata) { /* If password quality enforcement is disabled, let's at least warn client side */ - r = user_record_quality_check_password(hr, hr, &error); + r = user_record_check_password_quality(hr, hr, &error); if (r < 0) log_warning_errno(r, "Specified password does not pass quality checks (%s), proceeding anyway.", bus_error_message(&error, r)); } diff --git a/src/home/homed-home.c b/src/home/homed-home.c index a79a7193838..46d6fb589c1 100644 --- a/src/home/homed-home.c +++ b/src/home/homed-home.c @@ -31,7 +31,6 @@ #include "mkdir.h" #include "path-util.h" #include "process-util.h" -#include "pwquality-util.h" #include "quota-util.h" #include "resize-fs.h" #include "set.h" @@ -40,7 +39,7 @@ #include "string-table.h" #include "strv.h" #include "uid-alloc-range.h" -#include "user-record-pwquality.h" +#include "user-record-password-quality.h" #include "user-record-sign.h" #include "user-record-util.h" #include "user-record.h" @@ -1513,7 +1512,7 @@ int home_create(Home *h, UserRecord *secret, sd_bus_error *error) { if (h->record->enforce_password_policy == false) log_debug("Password quality check turned off for account, skipping."); else { - r = user_record_quality_check_password(h->record, secret, error); + r = user_record_check_password_quality(h->record, secret, error); if (r < 0) return r; } @@ -1888,7 +1887,7 @@ int home_passwd(Home *h, if (c->enforce_password_policy == false) log_debug("Password quality check turned off for account, skipping."); else { - r = user_record_quality_check_password(c, merged_secret, error); + r = user_record_check_password_quality(c, merged_secret, error); if (r < 0) return r; } diff --git a/src/home/meson.build b/src/home/meson.build index 475faaefea9..ff3cf411fed 100644 --- a/src/home/meson.build +++ b/src/home/meson.build @@ -33,7 +33,7 @@ systemd_homed_sources = files( 'homed-operation.c', 'homed-varlink.c', 'homed.c', - 'user-record-pwquality.c', + 'user-record-password-quality.c', 'user-record-sign.c', 'user-record-util.c', ) @@ -52,7 +52,7 @@ homectl_sources = files( 'homectl-pkcs11.c', 'homectl-recovery-key.c', 'homectl.c', - 'user-record-pwquality.c', + 'user-record-password-quality.c', 'user-record-util.c', ) diff --git a/src/home/user-record-pwquality.c b/src/home/user-record-password-quality.c similarity index 84% rename from src/home/user-record-pwquality.c rename to src/home/user-record-password-quality.c index 7e18773232c..5c2909688d2 100644 --- a/src/home/user-record-pwquality.c +++ b/src/home/user-record-password-quality.c @@ -4,14 +4,14 @@ #include "errno-util.h" #include "home-util.h" #include "libcrypt-util.h" -#include "pwquality-util.h" +#include "password-quality-util.h" #include "strv.h" -#include "user-record-pwquality.h" +#include "user-record-password-quality.h" #include "user-record-util.h" #if HAVE_PWQUALITY -int user_record_quality_check_password( +int user_record_check_password_quality( UserRecord *hr, UserRecord *secret, sd_bus_error *error) { @@ -22,7 +22,7 @@ int user_record_quality_check_password( assert(hr); assert(secret); - /* This is a bit more complex than one might think at first. quality_check_password() would like to know the + /* This is a bit more complex than one might think at first. check_password_quality() would like to know the * old password to make security checks. We support arbitrary numbers of passwords however, hence we * call the function once for each combination of old and new password. */ @@ -48,7 +48,7 @@ int user_record_quality_check_password( if (r > 0) /* This is a new password, not suitable as old password */ continue; - r = quality_check_password(*pp, *old, hr->user_name, &auxerror); + r = check_password_quality(*pp, *old, hr->user_name, &auxerror); if (r <= 0) goto error; @@ -58,12 +58,11 @@ int user_record_quality_check_password( if (called) continue; - /* If there are no old passwords, let's call quality_check_password() without any. */ - r = quality_check_password(*pp, /* old */ NULL, hr->user_name, &auxerror); + /* If there are no old passwords, let's call check_password_quality() without any. */ + r = check_password_quality(*pp, /* old */ NULL, hr->user_name, &auxerror); if (r <= 0) goto error; } - return 1; error: @@ -77,7 +76,7 @@ error: #else -int user_record_quality_check_password( +int user_record_check_password_quality( UserRecord *hr, UserRecord *secret, sd_bus_error *error) { diff --git a/src/home/user-record-pwquality.h b/src/home/user-record-password-quality.h similarity index 68% rename from src/home/user-record-pwquality.h rename to src/home/user-record-password-quality.h index b3b2690f7e3..c7d6ec60462 100644 --- a/src/home/user-record-pwquality.h +++ b/src/home/user-record-password-quality.h @@ -4,4 +4,4 @@ #include "sd-bus.h" #include "user-record.h" -int user_record_quality_check_password(UserRecord *hr, UserRecord *secret, sd_bus_error *error); +int user_record_check_password_quality(UserRecord *hr, UserRecord *secret, sd_bus_error *error); diff --git a/src/shared/meson.build b/src/shared/meson.build index d643b2bd093..fe88731c32f 100644 --- a/src/shared/meson.build +++ b/src/shared/meson.build @@ -128,11 +128,11 @@ shared_sources = files( 'pager.c', 'parse-argument.c', 'parse-helpers.c', + 'password-quality-util-pwquality.c', 'pcre2-util.c', 'pkcs11-util.c', 'pretty-print.c', 'ptyfwd.c', - 'pwquality-util.c', 'qrcode-util.c', 'quota-util.c', 'reboot-util.c', diff --git a/src/shared/pwquality-util.c b/src/shared/password-quality-util-pwquality.c similarity index 95% rename from src/shared/pwquality-util.c rename to src/shared/password-quality-util-pwquality.c index 450208319d8..80f7d58e5d3 100644 --- a/src/shared/pwquality-util.c +++ b/src/shared/password-quality-util-pwquality.c @@ -7,7 +7,7 @@ #include "log.h" #include "macro.h" #include "memory-util.h" -#include "pwquality-util.h" +#include "password-quality-util.h" #include "strv.h" #if HAVE_PWQUALITY @@ -36,7 +36,7 @@ int dlopen_pwquality(void) { DLSYM_ARG(pwquality_strerror)); } -void pwq_maybe_disable_dictionary(pwquality_settings_t *pwq) { +static void pwq_maybe_disable_dictionary(pwquality_settings_t *pwq) { char buf[PWQ_MAX_ERROR_MESSAGE_LEN]; const char *path; int r; @@ -69,7 +69,7 @@ void pwq_maybe_disable_dictionary(pwquality_settings_t *pwq) { sym_pwquality_strerror(buf, sizeof(buf), r, NULL)); } -int pwq_allocate_context(pwquality_settings_t **ret) { +static int pwq_allocate_context(pwquality_settings_t **ret) { _cleanup_(sym_pwquality_free_settingsp) pwquality_settings_t *pwq = NULL; char buf[PWQ_MAX_ERROR_MESSAGE_LEN]; void *auxerror; @@ -96,8 +96,6 @@ int pwq_allocate_context(pwquality_settings_t **ret) { return 0; } -#define N_SUGGESTIONS 6 - int suggest_passwords(void) { _cleanup_(sym_pwquality_free_settingsp) pwquality_settings_t *pwq = NULL; _cleanup_strv_free_erase_ char **suggestions = NULL; @@ -132,7 +130,7 @@ int suggest_passwords(void) { return 1; } -int quality_check_password(const char *password, const char *old, const char *username, char **ret_error) { +int check_password_quality(const char *password, const char *old, const char *username, char **ret_error) { _cleanup_(sym_pwquality_free_settingsp) pwquality_settings_t *pwq = NULL; char buf[PWQ_MAX_ERROR_MESSAGE_LEN]; void *auxerror; @@ -146,7 +144,6 @@ int quality_check_password(const char *password, const char *old, const char *us r = sym_pwquality_check(pwq, password, old, username, &auxerror); if (r < 0) { - if (ret_error) { _cleanup_free_ char *e = NULL; diff --git a/src/shared/pwquality-util.h b/src/shared/password-quality-util-pwquality.h similarity index 72% rename from src/shared/pwquality-util.h rename to src/shared/password-quality-util-pwquality.h index 4e18f39f784..a420b0df2c6 100644 --- a/src/shared/pwquality-util.h +++ b/src/shared/password-quality-util-pwquality.h @@ -21,21 +21,7 @@ int dlopen_pwquality(void); DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(pwquality_settings_t*, sym_pwquality_free_settings, NULL); -void pwq_maybe_disable_dictionary(pwquality_settings_t *pwq); -int pwq_allocate_context(pwquality_settings_t **ret); int suggest_passwords(void); -int quality_check_password(const char *password, const char *old, const char *username, char **ret_error); - -#else - -static inline int suggest_passwords(void) { - return 0; -} - -static inline int quality_check_password(const char *password, const char *old, const char *username, char **ret_error) { - if (ret_error) - *ret_error = NULL; - return 1; /* all good */ -} +int check_password_quality(const char *password, const char *old, const char *username, char **ret_error); #endif diff --git a/src/shared/password-quality-util.h b/src/shared/password-quality-util.h new file mode 100644 index 00000000000..a55727d1fb5 --- /dev/null +++ b/src/shared/password-quality-util.h @@ -0,0 +1,26 @@ +/* SPDX-License-Identifier: LGPL-2.1-or-later */ +#pragma once + +#define N_SUGGESTIONS 6 + +#if HAVE_PWQUALITY + +#include "password-quality-util-pwquality.h" + +#else + +static inline int suggest_passwords(void) { + return 0; +} + +static inline int check_password_quality( + const char *password, + const char *old, + const char *username, + char **ret_error) { + if (ret_error) + *ret_error = NULL; + return 1; /* all good */ +} + +#endif diff --git a/src/test/test-dlopen-so.c b/src/test/test-dlopen-so.c index 55728c27c52..2d3b7744f68 100644 --- a/src/test/test-dlopen-so.c +++ b/src/test/test-dlopen-so.c @@ -10,9 +10,9 @@ #include "libfido2-util.h" #include "macro.h" #include "main-func.h" +#include "password-quality-util-pwquality.h" #include "pcre2-util.h" #include "pkcs11-util.h" -#include "pwquality-util.h" #include "qrcode-util.h" #include "tests.h" #include "tpm2-util.h"