Skip to content

Commit d34b182

Browse files
Blarseldv-alt
Blarse
and
ldv-alt
committed
shared: add password quality check abstraction layer to support both pwquality and passwdqc
Co-authored-by: Dmitry V. Levin <[email protected]>
1 parent 6377f57 commit d34b182

12 files changed

+54
-47
lines changed

src/cryptenroll/cryptenroll-password.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66
#include "errno-util.h"
77
#include "escape.h"
88
#include "memory-util.h"
9-
#include "pwquality-util.h"
9+
#include "password-quality-util.h"
1010
#include "strv.h"
1111

1212
int load_volume_key_password(
@@ -156,7 +156,7 @@ int enroll_password(
156156
}
157157
}
158158

159-
r = quality_check_password(new_password, /* old */ NULL, /* user */ NULL, &error);
159+
r = check_password_quality(new_password, /* old */ NULL, /* user */ NULL, &error);
160160
if (r < 0) {
161161
if (ERRNO_IS_NOT_SUPPORTED(r))
162162
log_warning("Password quality check is not supported, proceeding anyway.");

src/firstboot/firstboot.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -36,10 +36,10 @@
3636
#include "os-util.h"
3737
#include "parse-argument.h"
3838
#include "parse-util.h"
39+
#include "password-quality-util.h"
3940
#include "path-util.h"
4041
#include "pretty-print.h"
4142
#include "proc-cmdline.h"
42-
#include "pwquality-util.h"
4343
#include "random-util.h"
4444
#include "smack-util.h"
4545
#include "string-util.h"
@@ -790,7 +790,7 @@ static int prompt_root_password(int rfd) {
790790
break;
791791
}
792792

793-
r = quality_check_password(*a, /* old */ NULL, "root", &error);
793+
r = check_password_quality(*a, /* old */ NULL, "root", &error);
794794
if (r < 0) {
795795
if (ERRNO_IS_NOT_SUPPORTED(r))
796796
log_warning("Password quality check is not supported, proceeding anyway.");

src/home/homectl.c

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -30,18 +30,18 @@
3030
#include "pager.h"
3131
#include "parse-argument.h"
3232
#include "parse-util.h"
33+
#include "password-quality-util.h"
3334
#include "path-util.h"
3435
#include "percent-util.h"
3536
#include "pkcs11-util.h"
3637
#include "pretty-print.h"
3738
#include "process-util.h"
38-
#include "pwquality-util.h"
3939
#include "rlimit-util.h"
4040
#include "spawn-polkit-agent.h"
4141
#include "terminal-util.h"
4242
#include "uid-alloc-range.h"
4343
#include "user-record.h"
44-
#include "user-record-pwquality.h"
44+
#include "user-record-password-quality.h"
4545
#include "user-record-show.h"
4646
#include "user-record-util.h"
4747
#include "user-util.h"
@@ -1323,7 +1323,7 @@ static int create_home(int argc, char *argv[], void *userdata) {
13231323

13241324
/* If password quality enforcement is disabled, let's at least warn client side */
13251325

1326-
r = user_record_quality_check_password(hr, hr, &error);
1326+
r = user_record_check_password_quality(hr, hr, &error);
13271327
if (r < 0)
13281328
log_warning_errno(r, "Specified password does not pass quality checks (%s), proceeding anyway.", bus_error_message(&error, r));
13291329
}

src/home/homed-home.c

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,6 @@
3131
#include "mkdir.h"
3232
#include "path-util.h"
3333
#include "process-util.h"
34-
#include "pwquality-util.h"
3534
#include "quota-util.h"
3635
#include "resize-fs.h"
3736
#include "set.h"
@@ -40,7 +39,7 @@
4039
#include "string-table.h"
4140
#include "strv.h"
4241
#include "uid-alloc-range.h"
43-
#include "user-record-pwquality.h"
42+
#include "user-record-password-quality.h"
4443
#include "user-record-sign.h"
4544
#include "user-record-util.h"
4645
#include "user-record.h"
@@ -1513,7 +1512,7 @@ int home_create(Home *h, UserRecord *secret, sd_bus_error *error) {
15131512
if (h->record->enforce_password_policy == false)
15141513
log_debug("Password quality check turned off for account, skipping.");
15151514
else {
1516-
r = user_record_quality_check_password(h->record, secret, error);
1515+
r = user_record_check_password_quality(h->record, secret, error);
15171516
if (r < 0)
15181517
return r;
15191518
}
@@ -1888,7 +1887,7 @@ int home_passwd(Home *h,
18881887
if (c->enforce_password_policy == false)
18891888
log_debug("Password quality check turned off for account, skipping.");
18901889
else {
1891-
r = user_record_quality_check_password(c, merged_secret, error);
1890+
r = user_record_check_password_quality(c, merged_secret, error);
18921891
if (r < 0)
18931892
return r;
18941893
}

src/home/meson.build

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@ systemd_homed_sources = files(
3333
'homed-operation.c',
3434
'homed-varlink.c',
3535
'homed.c',
36-
'user-record-pwquality.c',
36+
'user-record-password-quality.c',
3737
'user-record-sign.c',
3838
'user-record-util.c',
3939
)
@@ -52,7 +52,7 @@ homectl_sources = files(
5252
'homectl-pkcs11.c',
5353
'homectl-recovery-key.c',
5454
'homectl.c',
55-
'user-record-pwquality.c',
55+
'user-record-password-quality.c',
5656
'user-record-util.c',
5757
)
5858

src/home/user-record-pwquality.c renamed to src/home/user-record-password-quality.c

Lines changed: 8 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -4,14 +4,14 @@
44
#include "errno-util.h"
55
#include "home-util.h"
66
#include "libcrypt-util.h"
7-
#include "pwquality-util.h"
7+
#include "password-quality-util.h"
88
#include "strv.h"
9-
#include "user-record-pwquality.h"
9+
#include "user-record-password-quality.h"
1010
#include "user-record-util.h"
1111

1212
#if HAVE_PWQUALITY
1313

14-
int user_record_quality_check_password(
14+
int user_record_check_password_quality(
1515
UserRecord *hr,
1616
UserRecord *secret,
1717
sd_bus_error *error) {
@@ -22,7 +22,7 @@ int user_record_quality_check_password(
2222
assert(hr);
2323
assert(secret);
2424

25-
/* This is a bit more complex than one might think at first. quality_check_password() would like to know the
25+
/* This is a bit more complex than one might think at first. check_password_quality() would like to know the
2626
* old password to make security checks. We support arbitrary numbers of passwords however, hence we
2727
* call the function once for each combination of old and new password. */
2828

@@ -48,7 +48,7 @@ int user_record_quality_check_password(
4848
if (r > 0) /* This is a new password, not suitable as old password */
4949
continue;
5050

51-
r = quality_check_password(*pp, *old, hr->user_name, &auxerror);
51+
r = check_password_quality(*pp, *old, hr->user_name, &auxerror);
5252
if (r <= 0)
5353
goto error;
5454

@@ -58,12 +58,11 @@ int user_record_quality_check_password(
5858
if (called)
5959
continue;
6060

61-
/* If there are no old passwords, let's call quality_check_password() without any. */
62-
r = quality_check_password(*pp, /* old */ NULL, hr->user_name, &auxerror);
61+
/* If there are no old passwords, let's call check_password_quality() without any. */
62+
r = check_password_quality(*pp, /* old */ NULL, hr->user_name, &auxerror);
6363
if (r <= 0)
6464
goto error;
6565
}
66-
6766
return 1;
6867

6968
error:
@@ -77,7 +76,7 @@ int user_record_quality_check_password(
7776

7877
#else
7978

80-
int user_record_quality_check_password(
79+
int user_record_check_password_quality(
8180
UserRecord *hr,
8281
UserRecord *secret,
8382
sd_bus_error *error) {

src/home/user-record-pwquality.h renamed to src/home/user-record-password-quality.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,4 +4,4 @@
44
#include "sd-bus.h"
55
#include "user-record.h"
66

7-
int user_record_quality_check_password(UserRecord *hr, UserRecord *secret, sd_bus_error *error);
7+
int user_record_check_password_quality(UserRecord *hr, UserRecord *secret, sd_bus_error *error);

src/shared/meson.build

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -128,11 +128,11 @@ shared_sources = files(
128128
'pager.c',
129129
'parse-argument.c',
130130
'parse-helpers.c',
131+
'password-quality-util-pwquality.c',
131132
'pcre2-util.c',
132133
'pkcs11-util.c',
133134
'pretty-print.c',
134135
'ptyfwd.c',
135-
'pwquality-util.c',
136136
'qrcode-util.c',
137137
'quota-util.c',
138138
'reboot-util.c',

src/shared/pwquality-util.c renamed to src/shared/password-quality-util-pwquality.c

Lines changed: 4 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
#include "log.h"
88
#include "macro.h"
99
#include "memory-util.h"
10-
#include "pwquality-util.h"
10+
#include "password-quality-util.h"
1111
#include "strv.h"
1212

1313
#if HAVE_PWQUALITY
@@ -36,7 +36,7 @@ int dlopen_pwquality(void) {
3636
DLSYM_ARG(pwquality_strerror));
3737
}
3838

39-
void pwq_maybe_disable_dictionary(pwquality_settings_t *pwq) {
39+
static void pwq_maybe_disable_dictionary(pwquality_settings_t *pwq) {
4040
char buf[PWQ_MAX_ERROR_MESSAGE_LEN];
4141
const char *path;
4242
int r;
@@ -69,7 +69,7 @@ void pwq_maybe_disable_dictionary(pwquality_settings_t *pwq) {
6969
sym_pwquality_strerror(buf, sizeof(buf), r, NULL));
7070
}
7171

72-
int pwq_allocate_context(pwquality_settings_t **ret) {
72+
static int pwq_allocate_context(pwquality_settings_t **ret) {
7373
_cleanup_(sym_pwquality_free_settingsp) pwquality_settings_t *pwq = NULL;
7474
char buf[PWQ_MAX_ERROR_MESSAGE_LEN];
7575
void *auxerror;
@@ -96,8 +96,6 @@ int pwq_allocate_context(pwquality_settings_t **ret) {
9696
return 0;
9797
}
9898

99-
#define N_SUGGESTIONS 6
100-
10199
int suggest_passwords(void) {
102100
_cleanup_(sym_pwquality_free_settingsp) pwquality_settings_t *pwq = NULL;
103101
_cleanup_strv_free_erase_ char **suggestions = NULL;
@@ -132,7 +130,7 @@ int suggest_passwords(void) {
132130
return 1;
133131
}
134132

135-
int quality_check_password(const char *password, const char *old, const char *username, char **ret_error) {
133+
int check_password_quality(const char *password, const char *old, const char *username, char **ret_error) {
136134
_cleanup_(sym_pwquality_free_settingsp) pwquality_settings_t *pwq = NULL;
137135
char buf[PWQ_MAX_ERROR_MESSAGE_LEN];
138136
void *auxerror;
@@ -146,7 +144,6 @@ int quality_check_password(const char *password, const char *old, const char *us
146144

147145
r = sym_pwquality_check(pwq, password, old, username, &auxerror);
148146
if (r < 0) {
149-
150147
if (ret_error) {
151148
_cleanup_free_ char *e = NULL;
152149

src/shared/pwquality-util.h renamed to src/shared/password-quality-util-pwquality.h

Lines changed: 1 addition & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -21,21 +21,7 @@ int dlopen_pwquality(void);
2121

2222
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(pwquality_settings_t*, sym_pwquality_free_settings, NULL);
2323

24-
void pwq_maybe_disable_dictionary(pwquality_settings_t *pwq);
25-
int pwq_allocate_context(pwquality_settings_t **ret);
2624
int suggest_passwords(void);
27-
int quality_check_password(const char *password, const char *old, const char *username, char **ret_error);
28-
29-
#else
30-
31-
static inline int suggest_passwords(void) {
32-
return 0;
33-
}
34-
35-
static inline int quality_check_password(const char *password, const char *old, const char *username, char **ret_error) {
36-
if (ret_error)
37-
*ret_error = NULL;
38-
return 1; /* all good */
39-
}
25+
int check_password_quality(const char *password, const char *old, const char *username, char **ret_error);
4026

4127
#endif

0 commit comments

Comments
 (0)