|
|
|
@ -32,12 +32,12 @@
|
|
|
|
|
|
|
|
|
|
PasswordCheck::PasswordCheck()
|
|
|
|
|
: m_message()
|
|
|
|
|
, m_accept( []( const QString& ){ return true; } )
|
|
|
|
|
, m_accept( []( const QString& ) { return true; } )
|
|
|
|
|
{
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
PasswordCheck::PasswordCheck( const QString& m, AcceptFunc a )
|
|
|
|
|
: m_message( [m](){ return m; } )
|
|
|
|
|
: m_message( [m]() { return m; } )
|
|
|
|
|
, m_accept( a )
|
|
|
|
|
{
|
|
|
|
|
}
|
|
|
|
@ -52,21 +52,14 @@ DEFINE_CHECK_FUNC( minLength )
|
|
|
|
|
{
|
|
|
|
|
int minLength = -1;
|
|
|
|
|
if ( value.canConvert( QVariant::Int ) )
|
|
|
|
|
{
|
|
|
|
|
minLength = value.toInt();
|
|
|
|
|
}
|
|
|
|
|
if ( minLength > 0 )
|
|
|
|
|
{
|
|
|
|
|
cDebug() << Logger::SubEntry << "minLength set to" << minLength;
|
|
|
|
|
checks.push_back(
|
|
|
|
|
PasswordCheck(
|
|
|
|
|
[]()
|
|
|
|
|
{
|
|
|
|
|
return QCoreApplication::translate( "PWQ", "Password is too short" );
|
|
|
|
|
},
|
|
|
|
|
[minLength]( const QString& s )
|
|
|
|
|
{
|
|
|
|
|
return s.length() >= minLength;
|
|
|
|
|
}
|
|
|
|
|
) );
|
|
|
|
|
checks.push_back( PasswordCheck( []() { return QCoreApplication::translate( "PWQ", "Password is too short" ); },
|
|
|
|
|
[minLength]( const QString& s ) { return s.length() >= minLength; } ) );
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
@ -74,21 +67,14 @@ DEFINE_CHECK_FUNC( maxLength )
|
|
|
|
|
{
|
|
|
|
|
int maxLength = -1;
|
|
|
|
|
if ( value.canConvert( QVariant::Int ) )
|
|
|
|
|
{
|
|
|
|
|
maxLength = value.toInt();
|
|
|
|
|
}
|
|
|
|
|
if ( maxLength > 0 )
|
|
|
|
|
{
|
|
|
|
|
cDebug() << Logger::SubEntry << "maxLength set to" << maxLength;
|
|
|
|
|
checks.push_back(
|
|
|
|
|
PasswordCheck(
|
|
|
|
|
[]()
|
|
|
|
|
{
|
|
|
|
|
return QCoreApplication::translate("PWQ", "Password is too long" );
|
|
|
|
|
},
|
|
|
|
|
[maxLength]( const QString& s )
|
|
|
|
|
{
|
|
|
|
|
return s.length() <= maxLength;
|
|
|
|
|
}
|
|
|
|
|
) );
|
|
|
|
|
checks.push_back( PasswordCheck( []() { return QCoreApplication::translate( "PWQ", "Password is too long" ); },
|
|
|
|
|
[maxLength]( const QString& s ) { return s.length() <= maxLength; } ) );
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
@ -101,15 +87,17 @@ DEFINE_CHECK_FUNC( maxLength )
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
/// @brief Handle libpwquality using void* to represent a long
|
|
|
|
|
static inline long mungeLong( void* p )
|
|
|
|
|
static inline long
|
|
|
|
|
mungeLong( void* p )
|
|
|
|
|
{
|
|
|
|
|
return static_cast<long>( reinterpret_cast<intptr_t>( p ) );
|
|
|
|
|
return static_cast< long >( reinterpret_cast< intptr_t >( p ) );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// @brief Handle libpwquality using void* to represent a char*
|
|
|
|
|
static inline const char* mungeString( void* p )
|
|
|
|
|
static inline const char*
|
|
|
|
|
mungeString( void* p )
|
|
|
|
|
{
|
|
|
|
|
return reinterpret_cast<const char*>( p );
|
|
|
|
|
return reinterpret_cast< const char* >( p );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
@ -128,16 +116,10 @@ public:
|
|
|
|
|
{
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
~PWSettingsHolder()
|
|
|
|
|
{
|
|
|
|
|
pwquality_free_settings( m_settings );
|
|
|
|
|
}
|
|
|
|
|
~PWSettingsHolder() { pwquality_free_settings( m_settings ); }
|
|
|
|
|
|
|
|
|
|
/// Sets an option via the configuration string @p v, <key>=<value> style.
|
|
|
|
|
int set( const QString& v )
|
|
|
|
|
{
|
|
|
|
|
return pwquality_set_option( m_settings, v.toUtf8().constData() );
|
|
|
|
|
}
|
|
|
|
|
int set( const QString& v ) { return pwquality_set_option( m_settings, v.toUtf8().constData() ); }
|
|
|
|
|
|
|
|
|
|
/// Checks the given password @p pwd against the current configuration
|
|
|
|
|
int check( const QString& pwd )
|
|
|
|
@ -148,10 +130,7 @@ public:
|
|
|
|
|
return r;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool hasExplanation() const
|
|
|
|
|
{
|
|
|
|
|
return m_rv < 0;
|
|
|
|
|
}
|
|
|
|
|
bool hasExplanation() const { return m_rv < 0; }
|
|
|
|
|
|
|
|
|
|
/* This is roughly the same as the function pwquality_strerror,
|
|
|
|
|
* only with QStrings instead, and using the Qt translation scheme.
|
|
|
|
@ -164,16 +143,21 @@ public:
|
|
|
|
|
m_auxerror = nullptr;
|
|
|
|
|
|
|
|
|
|
if ( m_rv >= arbitrary_minimum_strength )
|
|
|
|
|
{
|
|
|
|
|
return QString();
|
|
|
|
|
}
|
|
|
|
|
if ( m_rv >= 0 )
|
|
|
|
|
return QCoreApplication::translate( "PWQ", "Password is too weak" );
|
|
|
|
|
{
|
|
|
|
|
return QCoreApplication::translate( "PWQ", "Password is too weak" );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
switch ( m_rv )
|
|
|
|
|
{
|
|
|
|
|
case PWQ_ERROR_MEM_ALLOC:
|
|
|
|
|
if ( auxerror )
|
|
|
|
|
{
|
|
|
|
|
QString s = QCoreApplication::translate( "PWQ", "Memory allocation error when setting '%1'" ).arg( mungeString( auxerror ) );
|
|
|
|
|
QString s = QCoreApplication::translate( "PWQ", "Memory allocation error when setting '%1'" )
|
|
|
|
|
.arg( mungeString( auxerror ) );
|
|
|
|
|
free( auxerror );
|
|
|
|
|
return s;
|
|
|
|
|
}
|
|
|
|
@ -189,58 +173,94 @@ public:
|
|
|
|
|
case PWQ_ERROR_USER_CHECK:
|
|
|
|
|
return QCoreApplication::translate( "PWQ", "The password contains the user name in some form" );
|
|
|
|
|
case PWQ_ERROR_GECOS_CHECK:
|
|
|
|
|
return QCoreApplication::translate( "PWQ", "The password contains words from the real name of the user in some form" );
|
|
|
|
|
return QCoreApplication::translate(
|
|
|
|
|
"PWQ", "The password contains words from the real name of the user in some form" );
|
|
|
|
|
case PWQ_ERROR_BAD_WORDS:
|
|
|
|
|
return QCoreApplication::translate( "PWQ", "The password contains forbidden words in some form" );
|
|
|
|
|
case PWQ_ERROR_MIN_DIGITS:
|
|
|
|
|
if ( auxerror )
|
|
|
|
|
return QCoreApplication::translate( "PWQ", "The password contains less than %1 digits" ).arg( mungeLong( auxerror ) );
|
|
|
|
|
{
|
|
|
|
|
return QCoreApplication::translate( "PWQ", "The password contains less than %1 digits" )
|
|
|
|
|
.arg( mungeLong( auxerror ) );
|
|
|
|
|
}
|
|
|
|
|
return QCoreApplication::translate( "PWQ", "The password contains too few digits" );
|
|
|
|
|
case PWQ_ERROR_MIN_UPPERS:
|
|
|
|
|
if ( auxerror )
|
|
|
|
|
return QCoreApplication::translate( "PWQ", "The password contains less than %1 uppercase letters" ).arg( mungeLong( auxerror ) );
|
|
|
|
|
{
|
|
|
|
|
return QCoreApplication::translate( "PWQ", "The password contains less than %1 uppercase letters" )
|
|
|
|
|
.arg( mungeLong( auxerror ) );
|
|
|
|
|
}
|
|
|
|
|
return QCoreApplication::translate( "PWQ", "The password contains too few uppercase letters" );
|
|
|
|
|
case PWQ_ERROR_MIN_LOWERS:
|
|
|
|
|
if ( auxerror )
|
|
|
|
|
return QCoreApplication::translate( "PWQ", "The password contains less than %1 lowercase letters" ).arg( mungeLong( auxerror ) );
|
|
|
|
|
{
|
|
|
|
|
return QCoreApplication::translate( "PWQ", "The password contains less than %1 lowercase letters" )
|
|
|
|
|
.arg( mungeLong( auxerror ) );
|
|
|
|
|
}
|
|
|
|
|
return QCoreApplication::translate( "PWQ", "The password contains too few lowercase letters" );
|
|
|
|
|
case PWQ_ERROR_MIN_OTHERS:
|
|
|
|
|
if ( auxerror )
|
|
|
|
|
return QCoreApplication::translate( "PWQ", "The password contains less than %1 non-alphanumeric characters" ).arg( mungeLong( auxerror ) );
|
|
|
|
|
{
|
|
|
|
|
return QCoreApplication::translate( "PWQ",
|
|
|
|
|
"The password contains less than %1 non-alphanumeric characters" )
|
|
|
|
|
.arg( mungeLong( auxerror ) );
|
|
|
|
|
}
|
|
|
|
|
return QCoreApplication::translate( "PWQ", "The password contains too few non-alphanumeric characters" );
|
|
|
|
|
case PWQ_ERROR_MIN_LENGTH:
|
|
|
|
|
if ( auxerror )
|
|
|
|
|
return QCoreApplication::translate( "PWQ", "The password is shorter than %1 characters" ).arg( mungeLong( auxerror ) );
|
|
|
|
|
{
|
|
|
|
|
return QCoreApplication::translate( "PWQ", "The password is shorter than %1 characters" )
|
|
|
|
|
.arg( mungeLong( auxerror ) );
|
|
|
|
|
}
|
|
|
|
|
return QCoreApplication::translate( "PWQ", "The password is too short" );
|
|
|
|
|
case PWQ_ERROR_ROTATED:
|
|
|
|
|
return QCoreApplication::translate( "PWQ", "The password is just rotated old one" );
|
|
|
|
|
case PWQ_ERROR_MIN_CLASSES:
|
|
|
|
|
if ( auxerror )
|
|
|
|
|
return QCoreApplication::translate( "PWQ", "The password contains less than %1 character classes" ).arg( mungeLong( auxerror ) );
|
|
|
|
|
{
|
|
|
|
|
return QCoreApplication::translate( "PWQ", "The password contains less than %1 character classes" )
|
|
|
|
|
.arg( mungeLong( auxerror ) );
|
|
|
|
|
}
|
|
|
|
|
return QCoreApplication::translate( "PWQ", "The password does not contain enough character classes" );
|
|
|
|
|
case PWQ_ERROR_MAX_CONSECUTIVE:
|
|
|
|
|
if ( auxerror )
|
|
|
|
|
return QCoreApplication::translate( "PWQ", "The password contains more than %1 same characters consecutively" ).arg( mungeLong( auxerror ) );
|
|
|
|
|
{
|
|
|
|
|
return QCoreApplication::translate( "PWQ",
|
|
|
|
|
"The password contains more than %1 same characters consecutively" )
|
|
|
|
|
.arg( mungeLong( auxerror ) );
|
|
|
|
|
}
|
|
|
|
|
return QCoreApplication::translate( "PWQ", "The password contains too many same characters consecutively" );
|
|
|
|
|
case PWQ_ERROR_MAX_CLASS_REPEAT:
|
|
|
|
|
if ( auxerror )
|
|
|
|
|
return QCoreApplication::translate( "PWQ", "The password contains more than %1 characters of the same class consecutively" ).arg( mungeLong( auxerror ) );
|
|
|
|
|
return QCoreApplication::translate( "PWQ", "The password contains too many characters of the same class consecutively" );
|
|
|
|
|
{
|
|
|
|
|
return QCoreApplication::translate(
|
|
|
|
|
"PWQ", "The password contains more than %1 characters of the same class consecutively" )
|
|
|
|
|
.arg( mungeLong( auxerror ) );
|
|
|
|
|
}
|
|
|
|
|
return QCoreApplication::translate(
|
|
|
|
|
"PWQ", "The password contains too many characters of the same class consecutively" );
|
|
|
|
|
case PWQ_ERROR_MAX_SEQUENCE:
|
|
|
|
|
if ( auxerror )
|
|
|
|
|
return QCoreApplication::translate( "PWQ", "The password contains monotonic sequence longer than %1 characters" ).arg( mungeLong( auxerror ) );
|
|
|
|
|
return QCoreApplication::translate( "PWQ", "The password contains too long of a monotonic character sequence" );
|
|
|
|
|
{
|
|
|
|
|
return QCoreApplication::translate(
|
|
|
|
|
"PWQ", "The password contains monotonic sequence longer than %1 characters" )
|
|
|
|
|
.arg( mungeLong( auxerror ) );
|
|
|
|
|
}
|
|
|
|
|
return QCoreApplication::translate( "PWQ",
|
|
|
|
|
"The password contains too long of a monotonic character sequence" );
|
|
|
|
|
case PWQ_ERROR_EMPTY_PASSWORD:
|
|
|
|
|
return QCoreApplication::translate( "PWQ", "No password supplied" );
|
|
|
|
|
case PWQ_ERROR_RNG:
|
|
|
|
|
return QCoreApplication::translate( "PWQ", "Cannot obtain random numbers from the RNG device" );
|
|
|
|
|
case PWQ_ERROR_GENERATION_FAILED:
|
|
|
|
|
return QCoreApplication::translate( "PWQ", "Password generation failed - required entropy too low for settings" );
|
|
|
|
|
return QCoreApplication::translate( "PWQ",
|
|
|
|
|
"Password generation failed - required entropy too low for settings" );
|
|
|
|
|
case PWQ_ERROR_CRACKLIB_CHECK:
|
|
|
|
|
if ( auxerror )
|
|
|
|
|
{
|
|
|
|
|
/* Here the string comes from cracklib, don't free? */
|
|
|
|
|
return QCoreApplication::translate( "PWQ", "The password fails the dictionary check - %1" ).arg( mungeString( auxerror ) );
|
|
|
|
|
return QCoreApplication::translate( "PWQ", "The password fails the dictionary check - %1" )
|
|
|
|
|
.arg( mungeString( auxerror ) );
|
|
|
|
|
}
|
|
|
|
|
return QCoreApplication::translate( "PWQ", "The password fails the dictionary check" );
|
|
|
|
|
case PWQ_ERROR_UNKNOWN_SETTING:
|
|
|
|
@ -254,7 +274,8 @@ public:
|
|
|
|
|
case PWQ_ERROR_INTEGER:
|
|
|
|
|
if ( auxerror )
|
|
|
|
|
{
|
|
|
|
|
QString s = QCoreApplication::translate( "PWQ", "Bad integer value of setting - %1" ).arg( mungeString( auxerror ) );
|
|
|
|
|
QString s = QCoreApplication::translate( "PWQ", "Bad integer value of setting - %1" )
|
|
|
|
|
.arg( mungeString( auxerror ) );
|
|
|
|
|
free( auxerror );
|
|
|
|
|
return s;
|
|
|
|
|
}
|
|
|
|
@ -262,7 +283,8 @@ public:
|
|
|
|
|
case PWQ_ERROR_NON_INT_SETTING:
|
|
|
|
|
if ( auxerror )
|
|
|
|
|
{
|
|
|
|
|
QString s = QCoreApplication::translate( "PWQ", "Setting %1 is not of integer type" ).arg( mungeString( auxerror ) );
|
|
|
|
|
QString s = QCoreApplication::translate( "PWQ", "Setting %1 is not of integer type" )
|
|
|
|
|
.arg( mungeString( auxerror ) );
|
|
|
|
|
free( auxerror );
|
|
|
|
|
return s;
|
|
|
|
|
}
|
|
|
|
@ -270,7 +292,8 @@ public:
|
|
|
|
|
case PWQ_ERROR_NON_STR_SETTING:
|
|
|
|
|
if ( auxerror )
|
|
|
|
|
{
|
|
|
|
|
QString s = QCoreApplication::translate( "PWQ", "Setting %1 is not of string type" ).arg( mungeString( auxerror ) );
|
|
|
|
|
QString s = QCoreApplication::translate( "PWQ", "Setting %1 is not of string type" )
|
|
|
|
|
.arg( mungeString( auxerror ) );
|
|
|
|
|
free( auxerror );
|
|
|
|
|
return s;
|
|
|
|
|
}
|
|
|
|
@ -290,7 +313,7 @@ private:
|
|
|
|
|
pwquality_settings_t* m_settings;
|
|
|
|
|
int m_rv;
|
|
|
|
|
void* m_auxerror;
|
|
|
|
|
} ;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
DEFINE_CHECK_FUNC( libpwquality )
|
|
|
|
|
{
|
|
|
|
@ -302,7 +325,7 @@ DEFINE_CHECK_FUNC( libpwquality )
|
|
|
|
|
|
|
|
|
|
QVariantList l = value.toList();
|
|
|
|
|
unsigned int requirement_count = 0;
|
|
|
|
|
auto settings = std::make_shared<PWSettingsHolder>();
|
|
|
|
|
auto settings = std::make_shared< PWSettingsHolder >();
|
|
|
|
|
for ( const auto& v : l )
|
|
|
|
|
{
|
|
|
|
|
if ( v.type() == QVariant::String )
|
|
|
|
@ -310,7 +333,9 @@ DEFINE_CHECK_FUNC( libpwquality )
|
|
|
|
|
QString option = v.toString();
|
|
|
|
|
int r = settings->set( option );
|
|
|
|
|
if ( r )
|
|
|
|
|
{
|
|
|
|
|
cWarning() << "unrecognized libpwquality setting" << option;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
cDebug() << Logger::SubEntry << "libpwquality setting" << option;
|
|
|
|
@ -318,28 +343,27 @@ DEFINE_CHECK_FUNC( libpwquality )
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
cWarning() << "unrecognized libpwquality setting" << v;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Something actually added? */
|
|
|
|
|
if ( requirement_count )
|
|
|
|
|
{
|
|
|
|
|
checks.push_back(
|
|
|
|
|
PasswordCheck(
|
|
|
|
|
[settings]()
|
|
|
|
|
{
|
|
|
|
|
return settings->explanation();
|
|
|
|
|
},
|
|
|
|
|
[settings]( const QString& s )
|
|
|
|
|
{
|
|
|
|
|
int r = settings->check( s );
|
|
|
|
|
if ( r < 0 )
|
|
|
|
|
cWarning() << "libpwquality error" << r;
|
|
|
|
|
else if ( r < settings->arbitrary_minimum_strength )
|
|
|
|
|
cDebug() << "Password strength" << r << "too low";
|
|
|
|
|
return r >= settings->arbitrary_minimum_strength;
|
|
|
|
|
}
|
|
|
|
|
) );
|
|
|
|
|
checks.push_back( PasswordCheck( [settings]() { return settings->explanation(); },
|
|
|
|
|
[settings]( const QString& s ) {
|
|
|
|
|
int r = settings->check( s );
|
|
|
|
|
if ( r < 0 )
|
|
|
|
|
{
|
|
|
|
|
cWarning() << "libpwquality error" << r;
|
|
|
|
|
}
|
|
|
|
|
else if ( r < settings->arbitrary_minimum_strength )
|
|
|
|
|
{
|
|
|
|
|
cDebug() << "Password strength" << r << "too low";
|
|
|
|
|
}
|
|
|
|
|
return r >= settings->arbitrary_minimum_strength;
|
|
|
|
|
} ) );
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|