1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include <unistd.h>
4
5 #include "dlfcn-util.h"
6 #include "errno-util.h"
7 #include "log.h"
8 #include "macro.h"
9 #include "memory-util.h"
10 #include "pwquality-util.h"
11 #include "strv.h"
12
13 #if HAVE_PWQUALITY
14
15 static void *pwquality_dl = NULL;
16
17 int (*sym_pwquality_check)(pwquality_settings_t *pwq, const char *password, const char *oldpassword, const char *user, void **auxerror);
18 pwquality_settings_t *(*sym_pwquality_default_settings)(void);
19 void (*sym_pwquality_free_settings)(pwquality_settings_t *pwq);
20 int (*sym_pwquality_generate)(pwquality_settings_t *pwq, int entropy_bits, char **password);
21 int (*sym_pwquality_get_str_value)(pwquality_settings_t *pwq, int setting, const char **value);
22 int (*sym_pwquality_read_config)(pwquality_settings_t *pwq, const char *cfgfile, void **auxerror);
23 int (*sym_pwquality_set_int_value)(pwquality_settings_t *pwq, int setting, int value);
24 const char* (*sym_pwquality_strerror)(char *buf, size_t len, int errcode, void *auxerror);
25
dlopen_pwquality(void)26 int dlopen_pwquality(void) {
27 return dlopen_many_sym_or_warn(
28 &pwquality_dl, "libpwquality.so.1", LOG_DEBUG,
29 DLSYM_ARG(pwquality_check),
30 DLSYM_ARG(pwquality_default_settings),
31 DLSYM_ARG(pwquality_free_settings),
32 DLSYM_ARG(pwquality_generate),
33 DLSYM_ARG(pwquality_get_str_value),
34 DLSYM_ARG(pwquality_read_config),
35 DLSYM_ARG(pwquality_set_int_value),
36 DLSYM_ARG(pwquality_strerror));
37 }
38
pwq_maybe_disable_dictionary(pwquality_settings_t * pwq)39 void pwq_maybe_disable_dictionary(pwquality_settings_t *pwq) {
40 char buf[PWQ_MAX_ERROR_MESSAGE_LEN];
41 const char *path;
42 int r;
43
44 assert(pwq);
45
46 r = sym_pwquality_get_str_value(pwq, PWQ_SETTING_DICT_PATH, &path);
47 if (r < 0) {
48 log_debug("Failed to read libpwquality dictionary path, ignoring: %s",
49 sym_pwquality_strerror(buf, sizeof(buf), r, NULL));
50 return;
51 }
52
53 // REMOVE THIS AS SOON AS https://github.com/libpwquality/libpwquality/pull/21 IS MERGED AND RELEASED
54 if (isempty(path))
55 path = "/usr/share/cracklib/pw_dict.pwd.gz";
56
57 if (isempty(path)) {
58 log_debug("Weird, no dictionary file configured, ignoring.");
59 return;
60 }
61
62 if (access(path, F_OK) >= 0)
63 return;
64
65 if (errno != ENOENT) {
66 log_debug_errno(errno, "Failed to check if dictionary file %s exists, ignoring: %m", path);
67 return;
68 }
69
70 r = sym_pwquality_set_int_value(pwq, PWQ_SETTING_DICT_CHECK, 0);
71 if (r < 0)
72 log_debug("Failed to disable libpwquality dictionary check, ignoring: %s",
73 sym_pwquality_strerror(buf, sizeof(buf), r, NULL));
74 }
75
pwq_allocate_context(pwquality_settings_t ** ret)76 int pwq_allocate_context(pwquality_settings_t **ret) {
77 _cleanup_(sym_pwquality_free_settingsp) pwquality_settings_t *pwq = NULL;
78 char buf[PWQ_MAX_ERROR_MESSAGE_LEN];
79 void *auxerror;
80 int r;
81
82 assert(ret);
83
84 r = dlopen_pwquality();
85 if (r < 0)
86 return r;
87
88 pwq = sym_pwquality_default_settings();
89 if (!pwq)
90 return -ENOMEM;
91
92 r = sym_pwquality_read_config(pwq, NULL, &auxerror);
93 if (r < 0)
94 log_debug("Failed to read libpwquality configuration, ignoring: %s",
95 sym_pwquality_strerror(buf, sizeof(buf), r, auxerror));
96
97 pwq_maybe_disable_dictionary(pwq);
98
99 *ret = TAKE_PTR(pwq);
100 return 0;
101 }
102
103 #define N_SUGGESTIONS 6
104
suggest_passwords(void)105 int suggest_passwords(void) {
106 _cleanup_(sym_pwquality_free_settingsp) pwquality_settings_t *pwq = NULL;
107 _cleanup_strv_free_erase_ char **suggestions = NULL;
108 _cleanup_(erase_and_freep) char *joined = NULL;
109 char buf[PWQ_MAX_ERROR_MESSAGE_LEN];
110 size_t i;
111 int r;
112
113 r = pwq_allocate_context(&pwq);
114 if (ERRNO_IS_NOT_SUPPORTED(r))
115 return 0;
116 if (r < 0)
117 return log_error_errno(r, "Failed to allocate libpwquality context: %m");
118
119 suggestions = new0(char*, N_SUGGESTIONS+1);
120 if (!suggestions)
121 return log_oom();
122
123 for (i = 0; i < N_SUGGESTIONS; i++) {
124 r = sym_pwquality_generate(pwq, 64, suggestions + i);
125 if (r < 0)
126 return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to generate password, ignoring: %s",
127 sym_pwquality_strerror(buf, sizeof(buf), r, NULL));
128 }
129
130 joined = strv_join(suggestions, " ");
131 if (!joined)
132 return log_oom();
133
134 log_info("Password suggestions: %s", joined);
135 return 1;
136 }
137
quality_check_password(const char * password,const char * username,char ** ret_error)138 int quality_check_password(const char *password, const char *username, char **ret_error) {
139 _cleanup_(sym_pwquality_free_settingsp) pwquality_settings_t *pwq = NULL;
140 char buf[PWQ_MAX_ERROR_MESSAGE_LEN];
141 void *auxerror;
142 int r;
143
144 assert(password);
145
146 r = pwq_allocate_context(&pwq);
147 if (ERRNO_IS_NOT_SUPPORTED(r))
148 return 0;
149 if (r < 0)
150 return log_debug_errno(r, "Failed to allocate libpwquality context: %m");
151
152 r = sym_pwquality_check(pwq, password, NULL, username, &auxerror);
153 if (r < 0) {
154
155 if (ret_error) {
156 _cleanup_free_ char *e = NULL;
157
158 e = strdup(sym_pwquality_strerror(buf, sizeof(buf), r, auxerror));
159 if (!e)
160 return -ENOMEM;
161
162 *ret_error = TAKE_PTR(e);
163 }
164
165 return 0; /* all bad */
166 }
167
168 return 1; /* all good */
169 }
170
171 #endif
172