shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-03-10 16:58:28 +03:00
Code

homed: fix home_count_bad_authentication() counting

Browse Source 
We want to cover not only regular bad password entries, but also bad
recovery key entries. Hence let's move the list of errors into the
function, and add more.
This commit is contained in:
Lennart Poettering 2023-11-28 09:52:17 +01:00 committed by Yu Watanabe
parent 28b42199d0
commit cc943ab86e
1 changed files with 12 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/home/homed-home.c
View File

@ -650,11 +650,17 @@ static int convert_worker_errno(Home *h, int e, sd_bus_error *error) {
return 0;
}
static void home_count_bad_authentication(Home *h, bool save) {
static void home_count_bad_authentication(Home *h, int error, bool save) {
int r;
assert(h);
if (!IN_SET(error,
-ENOKEY, /* Password incorrect */
-EBADSLT, /* Password incorrect and no token */
-EREMOTEIO)) /* Recovery key incorrect */
return;
r = user_record_bad_authentication(h->record);
if (r < 0) {
log_warning_errno(r, "Failed to increase bad authentication counter, ignoring: %m");
@ -680,8 +686,7 @@ static void home_fixate_finish(Home *h, int ret, UserRecord *hr) {
secret = TAKE_PTR(h->secret); /* Take possession */
if (ret < 0) {
if (ret == -ENOKEY)
(void) home_count_bad_authentication(h, false);
(void) home_count_bad_authentication(h, ret, /* save= */ false);
(void) convert_worker_errno(h, ret, &error);
r = log_error_errno(ret, "Fixation failed: %m");
@ -772,8 +777,7 @@ static void home_activate_finish(Home *h, int ret, UserRecord *hr) {
assert(IN_SET(h->state, HOME_ACTIVATING, HOME_ACTIVATING_FOR_ACQUIRE));
if (ret < 0) {
if (ret == -ENOKEY)
home_count_bad_authentication(h, true);
(void) home_count_bad_authentication(h, ret, /* save= */ true);
(void) convert_worker_errno(h, ret, &error);
r = log_full_errno(error_is_bad_password(ret) ? LOG_NOTICE : LOG_ERR,
@ -934,8 +938,7 @@ static void home_change_finish(Home *h, int ret, UserRecord *hr) {
assert(h);
if (ret < 0) {
if (ret == -ENOKEY)
(void) home_count_bad_authentication(h, true);
(void) home_count_bad_authentication(h, ret, /* save= */ true);
(void) convert_worker_errno(h, ret, &error);
r = log_full_errno(error_is_bad_password(ret) ? LOG_NOTICE : LOG_ERR,
@ -1005,8 +1008,7 @@ static void home_unlocking_finish(Home *h, int ret, UserRecord *hr) {
assert(IN_SET(h->state, HOME_UNLOCKING, HOME_UNLOCKING_FOR_ACQUIRE));
if (ret < 0) {
if (ret == -ENOKEY)
(void) home_count_bad_authentication(h, true);
(void) home_count_bad_authentication(h, ret, /* save= */ true);
(void) convert_worker_errno(h, ret, &error);
r = log_full_errno(error_is_bad_password(ret) ? LOG_NOTICE : LOG_ERR,
@ -1042,8 +1044,7 @@ static void home_authenticating_finish(Home *h, int ret, UserRecord *hr) {
assert(IN_SET(h->state, HOME_AUTHENTICATING, HOME_AUTHENTICATING_WHILE_ACTIVE, HOME_AUTHENTICATING_FOR_ACQUIRE));
if (ret < 0) {
if (ret == -ENOKEY)
(void) home_count_bad_authentication(h, true);
(void) home_count_bad_authentication(h, ret, /* save= */ true);
(void) convert_worker_errno(h, ret, &error);
r = log_full_errno(error_is_bad_password(ret) ? LOG_NOTICE : LOG_ERR,