applications/gnome-control-center
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

users: Use libpwquality for password handling

Browse source 
Using a library for password generation and quality checking
has the obvious benefit that we can have centralized policy
for password quality, and our homegrown code for this was not
a beauty in the first place.

This commit drops the use of /usr/bin/agp for generating
random passwords.

https://bugzilla.gnome.org/show_bug.cgi?id=676396
This commit is contained in:
Matthias Clasen 2012-05-23 10:43:17 -04:00
parent 8947cf8468
commit 810f29b6ce
2 changed files with 44 additions and 90 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
panels/user-accounts/Makefile.am
View file

@ -13,6 +13,7 @@ AM_CPPFLAGS = \
-DLIBLOCALEDIR=\""$(prefix)/lib/locale"\" \ -DLIBLOCALEDIR=\""$(prefix)/lib/locale"\" \
-DGNOMELOCALEDIR=\""$(datadir)/locale"\" \ -DGNOMELOCALEDIR=\""$(datadir)/locale"\" \
-DUM_PIXMAP_DIR=\""$(pkgdatadir)/pixmaps"\" \ -DUM_PIXMAP_DIR=\""$(pkgdatadir)/pixmaps"\" \
-DHAVE_LIBPWQUALITY \
-I$(srcdir)/../common/ \ -I$(srcdir)/../common/ \
-I$(srcdir)/../../shell/ \ -I$(srcdir)/../../shell/ \
$(PANEL_CFLAGS) \ $(PANEL_CFLAGS) \
@ -58,6 +59,7 @@ libuser_accounts_la_LIBADD = \
$(PANEL_LIBS) \ $(PANEL_LIBS) \
$(USER_ACCOUNTS_PANEL_LIBS) \ $(USER_ACCOUNTS_PANEL_LIBS) \
$(top_builddir)/panels/common/liblanguage.la \ $(top_builddir)/panels/common/liblanguage.la \
-lpwquality \
-lcrypt \ -lcrypt \
-lm -lm

132
panels/user-accounts/pw-utils.c
View file

@ -26,124 +26,76 @@
#include <glib.h> #include <glib.h>
#include <glib/gi18n.h> #include <glib/gi18n.h>
#include <sys/types.h> #include <pwquality.h>
#include <sys/wait.h>
#define MIN_PASSWORD_LEN 6 static pwquality_settings_t *
get_pwq (void)
{
static pwquality_settings_t *settings;
if (settings == NULL) {
gchar *err = NULL;
settings = pwquality_default_settings ();
if (pwquality_read_config (settings, NULL, (gpointer)&err) < 0) {
g_error ("failed to read pwquality configuration: %s\n", err);
}
}
return settings;
}
gint gint
pw_min_length (void) pw_min_length (void)
{ {
return MIN_PASSWORD_LEN; gint value = 0;
if (pwquality_get_int_value (get_pwq (), PWQ_SETTING_MIN_LENGTH, &value) < 0) {
g_error ("Failed to read pwquality setting\n" );
}
return value;
} }
gchar * gchar *
pw_generate (void) pw_generate (void)
{ {
static gchar **generated = NULL; gchar *res;
static gint next; gint rv;
gint min_len, max_len; rv = pwquality_generate (get_pwq (), 0, &res);
gchar *output, *err, *cmdline, *p;
gint status;
GError *error;
gchar *ret;
if (generated && generated[next]) { if (rv < 0) {
return g_strdup (generated[next++]); g_error ("Password generation failed: %s\n",
pwquality_strerror (NULL, 0, rv, NULL));
return NULL;
} }
g_strfreev (generated); return res;
generated = NULL;
next = 0;
ret = NULL;
min_len = 6;
max_len = 12;
cmdline = g_strdup_printf ("apg -n 10 -M SNC -m %d -x %d", min_len, max_len);
error = NULL;
output = NULL;
err = NULL;
if (!g_spawn_command_line_sync (cmdline, &output, &err, &status, &error)) {
g_warning ("Failed to run apg: %s", error->message);
g_error_free (error);
} else if (WEXITSTATUS (status) == 0) {
p = output;
if (*p == '\n')
p++;
if (p[strlen(p) - 1] == '\n')
p[strlen(p) - 1] = '\0';
generated = g_strsplit (p, "\n", -1);
next = 0;
ret = g_strdup (generated[next++]);
} else {
g_warning ("agp returned an error: %s", err);
}
g_free (cmdline);
g_free (output);
g_free (err);
return ret;
} }
/* This code is based on the Master Password dialog in Firefox
* (pref-masterpass.js)
* Original code triple-licensed under the MPL, GPL, and LGPL
* so is license-compatible with this file
*/
gdouble gdouble
pw_strength (const gchar *password, pw_strength (const gchar *password,
const gchar **hint) const gchar **hint)
{ {
gint length; gint rv;
gint upper, lower, digit, misc;
gint i;
gdouble strength; gdouble strength;
void *auxerror;
length = strlen (password); rv = pwquality_check (get_pwq (),
upper = 0; password, NULL, NULL,
lower = 0; &auxerror);
digit = 0;
misc = 0;
if (length < MIN_PASSWORD_LEN) { if (rv == PWQ_ERROR_MIN_LENGTH) {
*hint = C_("Password strength", "Too short"); *hint = C_("Password strength", "Too short");
return 0.0; return 0.0;
} }
else if (rv < 0) {
for (i = 0; i < length ; i++) { *hint = C_("Password strength", "Not good enough");
if (g_ascii_isdigit (password[i])) return 0.0;
digit++;
else if (g_ascii_islower (password[i]))
lower++;
else if (g_ascii_isupper (password[i]))
upper++;
else
misc++;
} }
if (length > 5) strength = CLAMP (0.01 * rv, 0.0, 1.0);
length = 5;
if (digit > 3)
digit = 3;
if (upper > 3)
upper = 3;
if (misc > 3)
misc = 3;
strength = ((length * 0.1) - 0.2) +
(digit * 0.1) +
(misc * 0.15) +
(upper * 0.1);
strength = CLAMP (strength, 0.0, 1.0);
if (strength < 0.50) if (strength < 0.50)
*hint = C_("Password strength", "Weak"); *hint = C_("Password strength", "Weak");
@ -154,5 +106,5 @@ pw_strength (const gchar *password,
else else
*hint = C_("Password strength", "Strong"); *hint = C_("Password strength", "Strong");
return strength; return strength;
} }