void AddUserDlg::slotCheckPwd()
{
ui.infoLabel->setText("");
if (ui.canLoginCheckBox->isChecked()) {
if (!checkPwd()) {
return;
}
}
if (true) {
char pwdStr[512] ="";
char userName[128]="";
if( ui.userNameEdit->text().trimmed().length() < 1 ) {
ui.infoLabel->setText(i18n("Please input user name."));
ui.userNameEdit->selectAll();
return;
}
pwdStr[0] = '\0';
userName[0] = '\0';
snprintf(pwdStr,sizeof(pwdStr),"%s",qPrintable(ui.PwdEdit->text()) );
snprintf(userName,sizeof(userName),"%s",qPrintable(ui.userNameEdit->text().trimmed() ) );
void *auxerror;
int pwdErrValue = 0;
int pwdValue = pwquality_check (get_pwq (),
pwdStr, NULL, userName,&auxerror);
if( pwdValue < 0 ) {
pwdErrValue = 0;
QString setStr = pwdErrorStr(pwdValue,&pwdErrValue);
if( pwdErrValue > 0 ) {
int i = ui.PwdEdit->text().length();
if( i < 0 ) {
i = 1;
}
pwdErrValue = 2*i;
if( pwdErrValue >100 ) {
pwdErrValue = 100;
}
ui.pwdProgressBar->setValue(pwdErrValue);
}
else {
ui.infoLabel->setText(setStr);
ui.PwdEdit->selectAll();
ui.pwdProgressBar->setValue(0);
return;
}
}
else {
ui.pwdProgressBar->setValue(pwdValue);
}
}
if( ui.verifyPwdEdit->text() != ui.PwdEdit->text() ){
ui.infoLabel->setText(i18n("Passwords do not match."));
return;
}
}
int keystrength::quality( QString key )
{
#if BUILD_PWQUALITY
void * auxerror ;
QByteArray keyArray = key.toAscii() ;
int st = pwquality_check( m_handle,keyArray.constData(),NULL,NULL,&auxerror);
pwquality_strerror( NULL,0,st,auxerror);
return st ;
#else
key = QString( "silence compiler warning" ) ;
return NOT_USED ;
#endif
}
gdouble
pw_strength (const gchar *password,
const gchar *old_password,
const gchar *username,
const gchar **hint,
gint *strength_level)
{
gint rv, level, length = 0;
gdouble strength = 0.0;
void *auxerror;
rv = pwquality_check (get_pwq (),
password, old_password, username,
&auxerror);
if (password != NULL)
length = strlen (password);
strength = CLAMP (0.01 * rv, 0.0, 1.0);
if (rv < 0) {
level = (length > 0) ? 1 : 0;
}
else if (strength < 0.50) {
level = 2;
} else if (strength < 0.75) {
level = 3;
} else if (strength < 0.90) {
level = 4;
} else {
level = 5;
}
if (length && length < pw_min_length())
*hint = pw_error_hint (PWQ_ERROR_MIN_LENGTH);
else
*hint = pw_error_hint (rv);
if (strength_level)
*strength_level = level;
return strength;
}
gdouble
pw_strength (const gchar *password,
const gchar *old_password,
const gchar *username,
const gchar **hint,
const gchar **long_hint,
gint *strength_level)
{
gint rv, level = 0;
gdouble strength = 0.0;
void *auxerror;
rv = pwquality_check (get_pwq (),
password, old_password, username,
&auxerror);
strength = CLAMP (0.01 * rv, 0.0, 1.0);
if (rv < 0) {
*hint = C_("Password strength", "Strength: Weak");
}
else if (strength < 0.50) {
level = 1;
*hint = C_("Password strength", "Strength: Low");
} else if (strength < 0.75) {
level = 2;
*hint = C_("Password strength", "Strength: Medium");
} else if (strength < 0.90) {
level = 3;
*hint = C_("Password strength", "Strength: Good");
} else {
level = 4;
*hint = C_("Password strength", "Strength: High");
}
*long_hint = pw_error_hint (rv);
if (strength_level)
*strength_level = level;
return strength;
}
int keystrength::quality( const QString& key )
{
auto h = reinterpret_cast< pwquality_settings_t * >( m_handle ) ;
return pwquality_check( h,key.toLatin1().constData(),nullptr,nullptr,nullptr ) ;
}
PAM_EXTERN int
pam_sm_chauthtok(pam_handle_t *pamh, int flags,
int argc, const char **argv)
{
int ctrl;
struct module_options options;
memset(&options, 0, sizeof(options));
options.retry_times = CO_RETRY_TIMES;
ctrl = _pam_parse(pamh, &options, argc, argv);
if (ctrl < 0)
return PAM_BUF_ERR;
if (flags & PAM_PRELIM_CHECK) {
/* Check for passwd dictionary
* We cannot do that, since the original path is compiled
* into the cracklib library and we don't know it.
*/
return PAM_SUCCESS;
} else if (flags & PAM_UPDATE_AUTHTOK) {
int retval;
const void *oldtoken;
const char *user;
int tries;
retval = pam_get_user(pamh, &user, NULL);
if (retval != PAM_SUCCESS || user == NULL) {
if (ctrl & PAM_DEBUG_ARG)
pam_syslog(pamh, LOG_ERR, "Can not get username");
return PAM_AUTHTOK_ERR;
}
retval = pam_get_item(pamh, PAM_OLDAUTHTOK, &oldtoken);
if (retval != PAM_SUCCESS) {
if (ctrl & PAM_DEBUG_ARG)
pam_syslog(pamh, LOG_ERR, "Can not get old passwd");
oldtoken = NULL;
}
tries = 0;
while (tries < options.retry_times) {
void *auxerror;
const char *newtoken = NULL;
tries++;
/* Planned modus operandi:
* Get a passwd.
* Verify it against libpwquality.
* If okay get it a second time.
* Check to be the same with the first one.
* set PAM_AUTHTOK and return
*/
retval = pam_get_authtok_noverify(pamh, &newtoken, NULL);
if (retval != PAM_SUCCESS) {
pam_syslog(pamh, LOG_ERR, "pam_get_authtok_noverify returned error: %s",
pam_strerror(pamh, retval));
continue;
} else if (newtoken == NULL) { /* user aborted password change, quit */
return PAM_AUTHTOK_ERR;
}
/* now test this passwd against libpwquality */
retval = pwquality_check(options.pwq, newtoken, oldtoken, user, &auxerror);
if (retval < 0) {
const char *msg;
char buf[PWQ_MAX_ERROR_MESSAGE_LEN];
msg = pwquality_strerror(buf, sizeof(buf), retval, auxerror);
if (ctrl & PAM_DEBUG_ARG)
pam_syslog(pamh, LOG_DEBUG, "bad password: %s", msg);
pam_error(pamh, _("BAD PASSWORD: %s"), msg);
if (getuid() || options.enforce_for_root ||
(flags & PAM_CHANGE_EXPIRED_AUTHTOK)) {
pam_set_item(pamh, PAM_AUTHTOK, NULL);
retval = PAM_AUTHTOK_ERR;
continue;
}
} else {
if (ctrl & PAM_DEBUG_ARG)
pam_syslog(pamh, LOG_DEBUG, "password score: %d", retval);
}
retval = pam_get_authtok_verify(pamh, &newtoken, NULL);
if (retval != PAM_SUCCESS) {
pam_syslog(pamh, LOG_ERR, "pam_get_authtok_verify returned error: %s",
pam_strerror(pamh, retval));
pam_set_item(pamh, PAM_AUTHTOK, NULL);
continue;
} else if (newtoken == NULL) { /* user aborted password change, quit */
return PAM_AUTHTOK_ERR;
}
return PAM_SUCCESS;
}
pam_set_item (pamh, PAM_AUTHTOK, NULL);
/* if we have only one try, we can use the real reason,
* else say that there were too many tries. */
if (options.retry_times > 1)
return PAM_MAXTRIES;
else
return retval;
} else {
if (ctrl & PAM_DEBUG_ARG)
pam_syslog(pamh, LOG_NOTICE, "UNKNOWN flags setting %02X",flags);
}
return PAM_SERVICE_ERR;
}
