shaba/systemd-stable
1
1
Fork 0
mirror of https://github.com/systemd/systemd-stable.git synced 2025-02-02 09:47:03 +03:00
Code

Merge pull request #16771 from poettering/dyn-pwq

Browse Source 
make libpwquality a dlopen() dependency + use it in systemd-firstboot, too
This commit is contained in:
Lennart Poettering 2020-08-19 15:40:41 +02:00 committed by GitHub
commit 1b13600948
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 353 additions and 209 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
TODO
View File

@ -87,8 +87,7 @@ Features:
* make us use dynamically fewer deps for containers in general purpose distros:
o turn into dlopen() deps:
- libpwquality (always) - only relevant for homed, and maybe soon
firstboot
- libidn2 (always)
- elfutils (always)
- p11-kit-trust (always)
- kmod-libs (only when called from PID 1)
@ -365,7 +364,6 @@ Features:
- fingerprint authentication, pattern authentication, …
- make sure "classic" user records can also be managed by homed
- make size of $XDG_RUNTIME_DIR configurable in user record
- reuse pwquality magic in firstboot
- query password from kernel keyring first
- update even if record is "absent"
- add a "access mode" + "fstype" field to the "status" section of json identity records reflecting the actually used access mode and fstype, even on non-luks backends

6
meson.build
View File

@ -2174,8 +2174,7 @@ if conf.get('ENABLE_HOMED') == 1
link_with : [libshared],
dependencies : [threads,
libcrypt,
libopenssl,
libpwquality],
libopenssl],
install_rpath : rootlibexecdir,
install : true,
install_dir : rootlibexecdir)
@ -2189,8 +2188,7 @@ if conf.get('ENABLE_HOMED') == 1
libcrypt,
libopenssl,
libp11kit,
libfido2,
libpwquality],
libfido2],
install_rpath : rootlibexecdir,
install : true,
install_dir : rootbindir)

10
src/firstboot/firstboot.c
View File

@ -28,6 +28,7 @@
#include "path-util.h"
#include "pretty-print.h"
#include "proc-cmdline.h"
#include "pwquality-util.h"
#include "random-util.h"
#include "string-util.h"
#include "strv.h"
@ -568,8 +569,11 @@ static int prompt_root_password(void) {
msg1 = strjoina(special_glyph(SPECIAL_GLYPH_TRIANGULAR_BULLET), " Please enter a new root password (empty to skip):");
msg2 = strjoina(special_glyph(SPECIAL_GLYPH_TRIANGULAR_BULLET), " Please enter new root password again:");
suggest_passwords();
for (;;) {
_cleanup_strv_free_erase_ char **a = NULL, **b = NULL;
_cleanup_free_ char *error = NULL;
r = ask_password_tty(-1, msg1, NULL, 0, 0, NULL, &a);
if (r < 0)
@ -583,6 +587,12 @@ static int prompt_root_password(void) {
break;
}
r = quality_check_password(*a, "root", &error);
if (r < 0)
return log_error_errno(r, "Failed to check quality of password: %m");
if (r == 0)
log_warning("Password is weak, accepting anyway: %s", error);
r = ask_password_tty(-1, msg2, NULL, 0, 0, NULL, &b);
if (r < 0)
return log_error_errno(r, "Failed to query root password: %m");

3
src/home/homectl.c
View File

@ -30,6 +30,7 @@
#include "rlimit-util.h"
#include "spawn-polkit-agent.h"
#include "terminal-util.h"
#include "user-record-pwquality.h"
#include "user-record-show.h"
#include "user-record-util.h"
#include "user-record.h"
@ -1097,7 +1098,7 @@ static int create_home(int argc, char *argv[], void *userdata) {
/* If password quality enforcement is disabled, let's at least warn client side */
r = quality_check_password(hr, hr, &error);
r = user_record_quality_check_password(hr, hr, &error);
if (r < 0)
log_warning_errno(r, "Specified password does not pass quality checks (%s), proceeding anyway.", bus_error_message(&error, r));
}

5
src/home/homed-home.c
View File

@ -33,6 +33,7 @@
#include "strv.h"
#include "user-record-sign.h"
#include "user-record-util.h"
#include "user-record-pwquality.h"
#include "user-record.h"
#include "user-util.h"
@ -1289,7 +1290,7 @@ int home_create(Home *h, UserRecord *secret, sd_bus_error *error) {
if (h->record->enforce_password_policy == false)
log_debug("Password quality check turned off for account, skipping.");
else {
r = quality_check_password(h->record, secret, error);
r = user_record_quality_check_password(h->record, secret, error);
if (r < 0)
return r;
}
@ -1640,7 +1641,7 @@ int home_passwd(Home *h,
if (c->enforce_password_policy == false)
log_debug("Password quality check turned off for account, skipping.");
else {
r = quality_check_password(c, merged_secret, error);
r = user_record_quality_check_password(c, merged_secret, error);
if (r < 0)
return r;
}

8
src/home/meson.build
View File

@ -50,8 +50,8 @@ systemd_homed_sources = files('''
homed-varlink.c
homed-varlink.h
homed.c
pwquality-util.c
pwquality-util.h
user-record-pwquality.c
user-record-pwquality.h
user-record-sign.c
user-record-sign.h
user-record-util.c
@ -74,8 +74,8 @@ homectl_sources = files('''
homectl-pkcs11.c
homectl-pkcs11.h
homectl.c
pwquality-util.c
pwquality-util.h
user-record-pwquality.c
user-record-pwquality.h
user-record-util.c
user-record-util.h
'''.split())

186
src/home/pwquality-util.c
View File

@ -1,186 +0,0 @@
/* SPDX-License-Identifier: LGPL-2.1+ */
#include <unistd.h>
#if HAVE_PWQUALITY
/* pwquality.h uses size_t but doesn't include sys/types.h on its own */
#include <sys/types.h>
#include <pwquality.h>
#endif
#include "bus-common-errors.h"
#include "home-util.h"
#include "memory-util.h"
#include "pwquality-util.h"
#include "strv.h"
#if HAVE_PWQUALITY
DEFINE_TRIVIAL_CLEANUP_FUNC(pwquality_settings_t*, pwquality_free_settings);
static void pwquality_maybe_disable_dictionary(
pwquality_settings_t *pwq) {
char buf[PWQ_MAX_ERROR_MESSAGE_LEN];
const char *path;
int r;
r = pwquality_get_str_value(pwq, PWQ_SETTING_DICT_PATH, &path);
if (r < 0) {
log_warning("Failed to read libpwquality dictionary path, ignoring: %s", pwquality_strerror(buf, sizeof(buf), r, NULL));
return;
}
// REMOVE THIS AS SOON AS https://github.com/libpwquality/libpwquality/pull/21 IS MERGED AND RELEASED
if (isempty(path))
path = "/usr/share/cracklib/pw_dict.pwd.gz";
if (isempty(path)) {
log_warning("Weird, no dictionary file configured, ignoring.");
return;
}
if (access(path, F_OK) >= 0)
return;
if (errno != ENOENT) {
log_warning_errno(errno, "Failed to check if dictionary file %s exists, ignoring: %m", path);
return;
}
r = pwquality_set_int_value(pwq, PWQ_SETTING_DICT_CHECK, 0);
if (r < 0) {
log_warning("Failed to disable libpwquality dictionary check, ignoring: %s", pwquality_strerror(buf, sizeof(buf), r, NULL));
return;
}
}
int quality_check_password(
UserRecord *hr,
UserRecord *secret,
sd_bus_error *error) {
_cleanup_(pwquality_free_settingsp) pwquality_settings_t *pwq = NULL;
char buf[PWQ_MAX_ERROR_MESSAGE_LEN], **pp;
void *auxerror;
int r;
assert(hr);
assert(secret);
pwq = pwquality_default_settings();
if (!pwq)
return log_oom();
r = pwquality_read_config(pwq, NULL, &auxerror);
if (r < 0)
log_warning_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to read libpwquality configuration, ignoring: %s",
pwquality_strerror(buf, sizeof(buf), r, auxerror));
pwquality_maybe_disable_dictionary(pwq);
/* This is a bit more complex than one might think at first. pwquality_check() would like to know the
* old password to make security checks. We support arbitrary numbers of passwords however, hence we
* call the function once for each combination of old and new password. */
/* Iterate through all new passwords */
STRV_FOREACH(pp, secret->password) {
bool called = false;
char **old;
r = test_password_many(hr->hashed_password, *pp);
if (r < 0)
return r;
if (r == 0) /* This is an old password as it isn't listed in the hashedPassword field, skip it */
continue;
/* Check this password against all old passwords */
STRV_FOREACH(old, secret->password) {
if (streq(*pp, *old))
continue;
r = test_password_many(hr->hashed_password, *old);
if (r < 0)
return r;
if (r > 0) /* This is a new password, not suitable as old password */
continue;
r = pwquality_check(pwq, *pp, *old, hr->user_name, &auxerror);
if (r < 0)
return sd_bus_error_setf(error, BUS_ERROR_LOW_PASSWORD_QUALITY, "Password too weak: %s",
pwquality_strerror(buf, sizeof(buf), r, auxerror));
called = true;
}
if (called)
continue;
/* If there are no old passwords, let's call pwquality_check() without any. */
r = pwquality_check(pwq, *pp, NULL, hr->user_name, &auxerror);
if (r < 0)
return sd_bus_error_setf(error, BUS_ERROR_LOW_PASSWORD_QUALITY, "Password too weak: %s",
pwquality_strerror(buf, sizeof(buf), r, auxerror));
}
return 0;
}
#define N_SUGGESTIONS 6
int suggest_passwords(void) {
_cleanup_(pwquality_free_settingsp) pwquality_settings_t *pwq = NULL;
_cleanup_strv_free_erase_ char **suggestions = NULL;
_cleanup_(erase_and_freep) char *joined = NULL;
char buf[PWQ_MAX_ERROR_MESSAGE_LEN];
void *auxerror;
size_t i;
int r;
pwq = pwquality_default_settings();
if (!pwq)
return log_oom();
r = pwquality_read_config(pwq, NULL, &auxerror);
if (r < 0)
log_warning_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to read libpwquality configuration, ignoring: %s",
pwquality_strerror(buf, sizeof(buf), r, auxerror));
pwquality_maybe_disable_dictionary(pwq);
suggestions = new0(char*, N_SUGGESTIONS+1);
if (!suggestions)
return log_oom();
for (i = 0; i < N_SUGGESTIONS; i++) {
r = pwquality_generate(pwq, 64, suggestions + i);
if (r < 0)
return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to generate password, ignoring: %s",
pwquality_strerror(buf, sizeof(buf), r, NULL));
}
joined = strv_join(suggestions, " ");
if (!joined)
return log_oom();
log_info("Password suggestions: %s", joined);
return 0;
}
#else
int quality_check_password(
UserRecord *hr,
UserRecord *secret,
sd_bus_error *error) {
assert(hr);
assert(secret);
return 0;
}
int suggest_passwords(void) {
return 0;
}
#endif

9
src/home/pwquality-util.h
View File

@ -1,9 +0,0 @@
/* SPDX-License-Identifier: LGPL-2.1+ */
#pragma once
#include "sd-bus.h"
#include "user-record.h"
int quality_check_password(UserRecord *hr, UserRecord *secret, sd_bus_error *error);
int suggest_passwords(void);

90
src/home/user-record-pwquality.c Normal file
View File

@ -0,0 +1,90 @@
/* SPDX-License-Identifier: LGPL-2.1+ */
#include "bus-common-errors.h"
#include "errno-util.h"
#include "home-util.h"
#include "pwquality-util.h"
#include "strv.h"
#include "user-record-pwquality.h"
#include "user-record-util.h"
#if HAVE_PWQUALITY
int user_record_quality_check_password(
UserRecord *hr,
UserRecord *secret,
sd_bus_error *error) {
_cleanup_(sym_pwquality_free_settingsp) pwquality_settings_t *pwq = NULL;
char buf[PWQ_MAX_ERROR_MESSAGE_LEN], **pp;
void *auxerror;
int r;
assert(hr);
assert(secret);
r = pwq_allocate_context(&pwq);
if (ERRNO_IS_NOT_SUPPORTED(r))
return 0;
if (r < 0)
return log_debug_errno(r, "Failed to allocate libpwquality context: %m");
/* This is a bit more complex than one might think at first. pwquality_check() would like to know the
* old password to make security checks. We support arbitrary numbers of passwords however, hence we
* call the function once for each combination of old and new password. */
/* Iterate through all new passwords */
STRV_FOREACH(pp, secret->password) {
bool called = false;
char **old;
r = test_password_many(hr->hashed_password, *pp);
if (r < 0)
return r;
if (r == 0) /* This is an old password as it isn't listed in the hashedPassword field, skip it */
continue;
/* Check this password against all old passwords */
STRV_FOREACH(old, secret->password) {
if (streq(*pp, *old))
continue;
r = test_password_many(hr->hashed_password, *old);
if (r < 0)
return r;
if (r > 0) /* This is a new password, not suitable as old password */
continue;
r = sym_pwquality_check(pwq, *pp, *old, hr->user_name, &auxerror);
if (r < 0)
return sd_bus_error_setf(error, BUS_ERROR_LOW_PASSWORD_QUALITY, "Password too weak: %s",
sym_pwquality_strerror(buf, sizeof(buf), r, auxerror));
called = true;
}
if (called)
continue;
/* If there are no old passwords, let's call pwquality_check() without any. */
r = sym_pwquality_check(pwq, *pp, NULL, hr->user_name, &auxerror);
if (r < 0)
return sd_bus_error_setf(error, BUS_ERROR_LOW_PASSWORD_QUALITY, "Password too weak: %s",
sym_pwquality_strerror(buf, sizeof(buf), r, auxerror));
}
return 1;
}
#else
int user_record_quality_check_password(
UserRecord *hr,
UserRecord *secret,
sd_bus_error *error) {
return 0;
}
#endif

7
src/home/user-record-pwquality.h Normal file
View File

@ -0,0 +1,7 @@
/* SPDX-License-Identifier: LGPL-2.1+ */
#pragma once
#include "sd-bus.h"
#include "user-record.h"
int user_record_quality_check_password(UserRecord *hr, UserRecord *secret, sd_bus_error *error);

2
src/shared/meson.build
View File

@ -191,6 +191,8 @@ shared_sources = files('''
pretty-print.h
ptyfwd.c
ptyfwd.h
pwquality-util.c
pwquality-util.h
reboot-util.c
reboot-util.h
resize-fs.c

191
src/shared/pwquality-util.c Normal file
View File

@ -0,0 +1,191 @@
/* SPDX-License-Identifier: LGPL-2.1+ */
#include <unistd.h>
#include "dlfcn-util.h"
#include "errno-util.h"
#include "log.h"
#include "macro.h"
#include "memory-util.h"
#include "pwquality-util.h"
#include "strv.h"
#if HAVE_PWQUALITY
static void *pwquality_dl = NULL;
int (*sym_pwquality_check)(pwquality_settings_t *pwq, const char *password, const char *oldpassword, const char *user, void **auxerror);
pwquality_settings_t *(*sym_pwquality_default_settings)(void);
void (*sym_pwquality_free_settings)(pwquality_settings_t *pwq);
int (*sym_pwquality_generate)(pwquality_settings_t *pwq, int entropy_bits, char **password);
int (*sym_pwquality_get_str_value)(pwquality_settings_t *pwq, int setting, const char **value);
int (*sym_pwquality_read_config)(pwquality_settings_t *pwq, const char *cfgfile, void **auxerror);
int (*sym_pwquality_set_int_value)(pwquality_settings_t *pwq, int setting, int value);
const char* (*sym_pwquality_strerror)(char *buf, size_t len, int errcode, void *auxerror);
int dlopen_pwquality(void) {
_cleanup_(dlclosep) void *dl = NULL;
int r;
if (pwquality_dl)
return 0; /* Already loaded */
dl = dlopen("libpwquality.so.1", RTLD_LAZY);
if (!dl)
return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
"libpwquality support is not installed: %s", dlerror());
r = dlsym_many_and_warn(
dl,
LOG_DEBUG,
&sym_pwquality_check, "pwquality_check",
&sym_pwquality_default_settings, "pwquality_default_settings",
&sym_pwquality_free_settings, "pwquality_free_settings",
&sym_pwquality_generate, "pwquality_generate",
&sym_pwquality_get_str_value, "pwquality_get_str_value",
&sym_pwquality_read_config, "pwquality_read_config",
&sym_pwquality_set_int_value, "pwquality_set_int_value",
&sym_pwquality_strerror, "pwquality_strerror",
NULL);
if (r < 0)
return r;
/* Note that we never release the reference here, because there's no real reason to, after all this
* was traditionally a regular shared library dependency which lives forever too. */
pwquality_dl = TAKE_PTR(dl);
return 1;
}
void pwq_maybe_disable_dictionary(pwquality_settings_t *pwq) {
char buf[PWQ_MAX_ERROR_MESSAGE_LEN];
const char *path;
int r;
assert(pwq);
r = sym_pwquality_get_str_value(pwq, PWQ_SETTING_DICT_PATH, &path);
if (r < 0) {
log_debug("Failed to read libpwquality dictionary path, ignoring: %s",
sym_pwquality_strerror(buf, sizeof(buf), r, NULL));
return;
}
// REMOVE THIS AS SOON AS https://github.com/libpwquality/libpwquality/pull/21 IS MERGED AND RELEASED
if (isempty(path))
path = "/usr/share/cracklib/pw_dict.pwd.gz";
if (isempty(path)) {
log_debug("Weird, no dictionary file configured, ignoring.");
return;
}
if (access(path, F_OK) >= 0)
return;
if (errno != ENOENT) {
log_debug_errno(errno, "Failed to check if dictionary file %s exists, ignoring: %m", path);
return;
}
r = sym_pwquality_set_int_value(pwq, PWQ_SETTING_DICT_CHECK, 0);
if (r < 0)
log_debug("Failed to disable libpwquality dictionary check, ignoring: %s",
sym_pwquality_strerror(buf, sizeof(buf), r, NULL));
}
int pwq_allocate_context(pwquality_settings_t **ret) {
_cleanup_(sym_pwquality_free_settingsp) pwquality_settings_t *pwq = NULL;
char buf[PWQ_MAX_ERROR_MESSAGE_LEN];
void *auxerror;
int r;
assert(ret);
r = dlopen_pwquality();
if (r < 0)
return r;
pwq = sym_pwquality_default_settings();
if (!pwq)
return -ENOMEM;
r = sym_pwquality_read_config(pwq, NULL, &auxerror);
if (r < 0)
log_debug("Failed to read libpwquality configuration, ignoring: %s",
sym_pwquality_strerror(buf, sizeof(buf), r, auxerror));
pwq_maybe_disable_dictionary(pwq);
*ret = TAKE_PTR(pwq);
return 0;
}
#define N_SUGGESTIONS 6
int suggest_passwords(void) {
_cleanup_(sym_pwquality_free_settingsp) pwquality_settings_t *pwq = NULL;
_cleanup_strv_free_erase_ char **suggestions = NULL;
_cleanup_(erase_and_freep) char *joined = NULL;
char buf[PWQ_MAX_ERROR_MESSAGE_LEN];
size_t i;
int r;
r = pwq_allocate_context(&pwq);
if (ERRNO_IS_NOT_SUPPORTED(r))
return 0;
if (r < 0)
return log_error_errno(r, "Failed to allocate libpwquality context: %m");
suggestions = new0(char*, N_SUGGESTIONS+1);
if (!suggestions)
return log_oom();
for (i = 0; i < N_SUGGESTIONS; i++) {
r = sym_pwquality_generate(pwq, 64, suggestions + i);
if (r < 0)
return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to generate password, ignoring: %s",
sym_pwquality_strerror(buf, sizeof(buf), r, NULL));
}
joined = strv_join(suggestions, " ");
if (!joined)
return log_oom();
log_info("Password suggestions: %s", joined);
return 1;
}
int quality_check_password(const char *password, const char *username, char **ret_error) {
_cleanup_(sym_pwquality_free_settingsp) pwquality_settings_t *pwq = NULL;
char buf[PWQ_MAX_ERROR_MESSAGE_LEN];
void *auxerror;
int r;
assert(password);
r = pwq_allocate_context(&pwq);
if (ERRNO_IS_NOT_SUPPORTED(r))
return 0;
if (r < 0)
return log_debug_errno(r, "Failed to allocate libpwquality context: %m");
r = sym_pwquality_check(pwq, password, NULL, username, &auxerror);
if (r < 0) {
if (ret_error) {
_cleanup_free_ char *e = NULL;
e = strdup(sym_pwquality_strerror(buf, sizeof(buf), r, auxerror));
if (!e)
return -ENOMEM;
*ret_error = TAKE_PTR(e);
}
return 0; /* all bad */
}
return 1; /* all good */
}
#endif

41
src/shared/pwquality-util.h Normal file
View File

@ -0,0 +1,41 @@
/* SPDX-License-Identifier: LGPL-2.1+ */
#pragma once
#include "macro.h"
#if HAVE_PWQUALITY
/* pwquality.h uses size_t but doesn't include sys/types.h on its own */
#include <sys/types.h>
#include <pwquality.h>
extern int (*sym_pwquality_check)(pwquality_settings_t *pwq, const char *password, const char *oldpassword, const char *user, void **auxerror);
extern pwquality_settings_t *(*sym_pwquality_default_settings)(void);
extern void (*sym_pwquality_free_settings)(pwquality_settings_t *pwq);
extern int (*sym_pwquality_generate)(pwquality_settings_t *pwq, int entropy_bits, char **password);
extern int (*sym_pwquality_get_str_value)(pwquality_settings_t *pwq, int setting, const char **value);
extern int (*sym_pwquality_read_config)(pwquality_settings_t *pwq, const char *cfgfile, void **auxerror);
extern int (*sym_pwquality_set_int_value)(pwquality_settings_t *pwq, int setting, int value);
extern const char* (*sym_pwquality_strerror)(char *buf, size_t len, int errcode, void *auxerror);
int dlopen_pwquality(void);
DEFINE_TRIVIAL_CLEANUP_FUNC(pwquality_settings_t*, sym_pwquality_free_settings);
void pwq_maybe_disable_dictionary(pwquality_settings_t *pwq);
int pwq_allocate_context(pwquality_settings_t **ret);
int suggest_passwords(void);
int quality_check_password(const char *password, const char *username, char **ret_error);
#else
static inline int suggest_passwords(void) {
return 0;
}
static inline int quality_check_password(const char *password, const char *username, char **ret_error) {
if (ret_error)
*ret_error = NULL;
return 1; /* all good */
}
#endif