source: calamares/trunk/fuentes/src/modules/users/CheckPWQuality.cpp @ 7538

Last change on this file since 7538 was 7538, checked in by kbut, 17 months ago

sync with github

File size: 12.8 KB
Line 
1/* === This file is part of Calamares - <https://github.com/calamares> ===
2 *
3 *   Copyright 2018, Adriaan de Groot <groot@kde.org>
4 *
5 *   Calamares is free software: you can redistribute it and/or modify
6 *   it under the terms of the GNU General Public License as published by
7 *   the Free Software Foundation, either version 3 of the License, or
8 *   (at your option) any later version.
9 *
10 *   Calamares is distributed in the hope that it will be useful,
11 *   but WITHOUT ANY WARRANTY; without even the implied warranty of
12 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 *   GNU General Public License for more details.
14 *
15 *   You should have received a copy of the GNU General Public License
16 *   along with Calamares. If not, see <http://www.gnu.org/licenses/>.
17 */
18
19#include "CheckPWQuality.h"
20
21#include "utils/Logger.h"
22
23#include <QCoreApplication>
24#include <QString>
25#include <QWidget>
26
27#ifdef HAVE_LIBPWQUALITY
28#include <pwquality.h>
29#endif
30
31#include <memory>
32
33PasswordCheck::PasswordCheck()
34    : m_message()
35    , m_accept( []( const QString& ){ return true; } )
36{
37}
38
39PasswordCheck::PasswordCheck( const QString& m, AcceptFunc a )
40    : m_message( [m](){ return m; } )
41    , m_accept( a )
42{
43}
44
45PasswordCheck::PasswordCheck( MessageFunc m, AcceptFunc a )
46    : m_message( m )
47    , m_accept( a )
48{
49}
50
51DEFINE_CHECK_FUNC( minLength )
52{
53    int minLength = -1;
54    if ( value.canConvert( QVariant::Int ) )
55        minLength = value.toInt();
56    if ( minLength > 0 )
57    {
58        cDebug() << " .. minLength set to" << minLength;
59        checks.push_back(
60            PasswordCheck(
61                []()
62                {
63                    return QCoreApplication::translate( "PWQ", "Password is too short" );
64                },
65                [minLength]( const QString& s )
66                {
67                    return s.length() >= minLength;
68                }
69            ) );
70    }
71}
72
73DEFINE_CHECK_FUNC( maxLength )
74{
75    int maxLength = -1;
76    if ( value.canConvert( QVariant::Int ) )
77        maxLength = value.toInt();
78    if ( maxLength > 0 )
79    {
80        cDebug() << " .. maxLength set to" << maxLength;
81        checks.push_back(
82            PasswordCheck(
83                []()
84                {
85                    return QCoreApplication::translate("PWQ", "Password is too long" );
86                },
87                [maxLength]( const QString& s )
88                {
89                    return s.length() <= maxLength;
90                }
91            ) );
92    }
93}
94
95#ifdef HAVE_LIBPWQUALITY
96/**
97 * Class that acts as a RAII placeholder for pwquality_settings_t pointers.
98 * Gets a new pointer and ensures it is deleted only once; provides
99 * convenience functions for setting options and checking passwords.
100 */
101class PWSettingsHolder
102{
103public:
104    static constexpr int arbitrary_minimum_strength = 40;
105
106    PWSettingsHolder()
107        : m_settings( pwquality_default_settings() )
108        , m_auxerror( nullptr )
109    {
110    }
111
112    ~PWSettingsHolder()
113    {
114        cDebug() << "Freeing PWQ@" << ( void* )m_settings;
115        pwquality_free_settings( m_settings );
116    }
117
118    /// Sets an option via the configuration string @p v, <key>=<value> style.
119    int set( const QString& v )
120    {
121        return pwquality_set_option( m_settings, v.toUtf8().constData() );
122    }
123
124    /// Checks the given password @p pwd against the current configuration
125    int check( const QString& pwd )
126    {
127        void* auxerror = nullptr;
128        int r = pwquality_check( m_settings, pwd.toUtf8().constData(), nullptr, nullptr, &auxerror );
129        m_rv = r;
130        return r;
131    }
132
133    bool hasExplanation() const
134    {
135        return m_rv < 0;
136    }
137
138    /* This is roughly the same as the function pwquality_strerror,
139     * only with QStrings instead, and using the Qt translation scheme.
140     * It is used under the terms of the GNU GPL v3 or later, as
141     * allowed by the libpwquality license (LICENSES/GPLv2+-libpwquality)
142     */
143    QString explanation()
144    {
145        void* auxerror = m_auxerror;
146        m_auxerror = nullptr;
147
148        if ( m_rv >= arbitrary_minimum_strength )
149            return QString();
150        if ( m_rv >= 0 )
151            return QCoreApplication::translate( "PWQ",  "Password is too weak" );
152
153        switch ( m_rv )
154        {
155        case PWQ_ERROR_MEM_ALLOC:
156            if ( auxerror )
157            {
158                QString s = QCoreApplication::translate( "PWQ", "Memory allocation error when setting '%1'" ).arg( ( const char* )auxerror );
159                free( auxerror );
160                return s;
161            }
162            return QCoreApplication::translate( "PWQ", "Memory allocation error" );
163        case PWQ_ERROR_SAME_PASSWORD:
164            return QCoreApplication::translate( "PWQ", "The password is the same as the old one" );
165        case PWQ_ERROR_PALINDROME:
166            return QCoreApplication::translate( "PWQ", "The password is a palindrome" );
167        case PWQ_ERROR_CASE_CHANGES_ONLY:
168            return QCoreApplication::translate( "PWQ", "The password differs with case changes only" );
169        case PWQ_ERROR_TOO_SIMILAR:
170            return QCoreApplication::translate( "PWQ", "The password is too similar to the old one" );
171        case PWQ_ERROR_USER_CHECK:
172            return QCoreApplication::translate( "PWQ", "The password contains the user name in some form" );
173        case PWQ_ERROR_GECOS_CHECK:
174            return QCoreApplication::translate( "PWQ", "The password contains words from the real name of the user in some form" );
175        case PWQ_ERROR_BAD_WORDS:
176            return QCoreApplication::translate( "PWQ", "The password contains forbidden words in some form" );
177        case PWQ_ERROR_MIN_DIGITS:
178            if ( auxerror )
179                return QCoreApplication::translate( "PWQ", "The password contains less than %1 digits" ).arg( ( long )auxerror );
180            return QCoreApplication::translate( "PWQ", "The password contains too few digits" );
181        case PWQ_ERROR_MIN_UPPERS:
182            if ( auxerror )
183                return QCoreApplication::translate( "PWQ", "The password contains less than %1 uppercase letters" ).arg( ( long )auxerror );
184            return QCoreApplication::translate( "PWQ", "The password contains too few uppercase letters" );
185        case PWQ_ERROR_MIN_LOWERS:
186            if ( auxerror )
187                return QCoreApplication::translate( "PWQ", "The password contains less than %1 lowercase letters" ).arg( ( long )auxerror );
188            return QCoreApplication::translate( "PWQ", "The password contains too few lowercase letters" );
189        case PWQ_ERROR_MIN_OTHERS:
190            if ( auxerror )
191                return QCoreApplication::translate( "PWQ", "The password contains less than %1 non-alphanumeric characters" ).arg( ( long )auxerror );
192            return QCoreApplication::translate( "PWQ", "The password contains too few non-alphanumeric characters" );
193        case PWQ_ERROR_MIN_LENGTH:
194            if ( auxerror )
195                return QCoreApplication::translate( "PWQ", "The password is shorter than %1 characters" ).arg( ( long )auxerror );
196            return QCoreApplication::translate( "PWQ", "The password is too short" );
197        case PWQ_ERROR_ROTATED:
198            return QCoreApplication::translate( "PWQ", "The password is just rotated old one" );
199        case PWQ_ERROR_MIN_CLASSES:
200            if ( auxerror )
201                return QCoreApplication::translate( "PWQ", "The password contains less than %1 character classes" ).arg( ( long )auxerror );
202            return QCoreApplication::translate( "PWQ", "The password does not contain enough character classes" );
203        case PWQ_ERROR_MAX_CONSECUTIVE:
204            if ( auxerror )
205                return QCoreApplication::translate( "PWQ", "The password contains more than %1 same characters consecutively" ).arg( ( long )auxerror );
206            return QCoreApplication::translate( "PWQ", "The password contains too many same characters consecutively" );
207        case PWQ_ERROR_MAX_CLASS_REPEAT:
208            if ( auxerror )
209                return QCoreApplication::translate( "PWQ", "The password contains more than %1 characters of the same class consecutively" ).arg( ( long )auxerror );
210            return QCoreApplication::translate( "PWQ", "The password contains too many characters of the same class consecutively" );
211        case PWQ_ERROR_MAX_SEQUENCE:
212            if ( auxerror )
213                return QCoreApplication::translate( "PWQ", "The password contains monotonic sequence longer than %1 characters" ).arg( ( long )auxerror );
214            return QCoreApplication::translate( "PWQ", "The password contains too long of a monotonic character sequence" );
215        case PWQ_ERROR_EMPTY_PASSWORD:
216            return QCoreApplication::translate( "PWQ", "No password supplied" );
217        case PWQ_ERROR_RNG:
218            return QCoreApplication::translate( "PWQ", "Cannot obtain random numbers from the RNG device" );
219        case PWQ_ERROR_GENERATION_FAILED:
220            return QCoreApplication::translate( "PWQ", "Password generation failed - required entropy too low for settings" );
221        case PWQ_ERROR_CRACKLIB_CHECK:
222            if ( auxerror )
223            {
224                /* Here the string comes from cracklib, don't free? */
225                return QCoreApplication::translate( "PWQ", "The password fails the dictionary check - %1" ).arg( ( const char* )auxerror );
226            }
227            return QCoreApplication::translate( "PWQ", "The password fails the dictionary check" );
228        case PWQ_ERROR_UNKNOWN_SETTING:
229            if ( auxerror )
230            {
231                QString s = QCoreApplication::translate( "PWQ", "Unknown setting - %1" ).arg( ( const char* )auxerror );
232                free( auxerror );
233                return s;
234            }
235            return QCoreApplication::translate( "PWQ", "Unknown setting" );
236        case PWQ_ERROR_INTEGER:
237            if ( auxerror )
238            {
239                QString s = QCoreApplication::translate( "PWQ", "Bad integer value of setting - %1" ).arg( ( const char* )auxerror );
240                free( auxerror );
241                return s;
242            }
243            return QCoreApplication::translate( "PWQ", "Bad integer value" );
244        case PWQ_ERROR_NON_INT_SETTING:
245            if ( auxerror )
246            {
247                QString s = QCoreApplication::translate( "PWQ", "Setting %1 is not of integer type" ).arg( ( const char* )auxerror );
248                free( auxerror );
249                return s;
250            }
251            return QCoreApplication::translate( "PWQ", "Setting is not of integer type" );
252        case PWQ_ERROR_NON_STR_SETTING:
253            if ( auxerror )
254            {
255                QString s = QCoreApplication::translate( "PWQ", "Setting %1 is not of string type" ).arg( ( const char* )auxerror );
256                free( auxerror );
257                return s;
258            }
259            return QCoreApplication::translate( "PWQ", "Setting is not of string type" );
260        case PWQ_ERROR_CFGFILE_OPEN:
261            return QCoreApplication::translate( "PWQ", "Opening the configuration file failed" );
262        case PWQ_ERROR_CFGFILE_MALFORMED:
263            return QCoreApplication::translate( "PWQ", "The configuration file is malformed" );
264        case PWQ_ERROR_FATAL_FAILURE:
265            return QCoreApplication::translate( "PWQ", "Fatal failure" );
266        default:
267            return QCoreApplication::translate( "PWQ", "Unknown error" );
268        }
269    }
270
271private:
272    pwquality_settings_t* m_settings;
273    int m_rv;
274    void* m_auxerror;
275} ;
276
277DEFINE_CHECK_FUNC( libpwquality )
278{
279    if ( !value.canConvert( QVariant::List ) )
280    {
281        cWarning() << "libpwquality settings is not a list";
282        return;
283    }
284
285    QVariantList l = value.toList();
286    unsigned int requirement_count = 0;
287    auto settings = std::make_shared<PWSettingsHolder>();
288    for ( const auto& v : l )
289    {
290        if ( v.type() == QVariant::String )
291        {
292            QString option = v.toString();
293            int r = settings->set( option );
294            if ( r )
295                cWarning() << "unrecognized libpwquality setting" << option;
296            else
297            {
298                cDebug() << " .. libpwquality setting" << option;
299                ++requirement_count;
300            }
301        }
302        else
303            cWarning() << "unrecognized libpwquality setting" << v;
304    }
305
306    /* Something actually added? */
307    if ( requirement_count )
308    {
309        checks.push_back(
310            PasswordCheck(
311                [settings]()
312                {
313                    return settings->explanation();
314                },
315                [settings]( const QString& s )
316                {
317                    int r = settings->check( s );
318                    if ( r < 0 )
319                        cWarning() << "libpwquality error" << r;
320                    else if ( r < settings->arbitrary_minimum_strength )
321                        cDebug() << "Password strength" << r << "too low";
322                    return r >= settings->arbitrary_minimum_strength;
323                }
324            ) );
325    }
326}
327#endif
Note: See TracBrowser for help on using the repository browser.