[users] Use libpwquality for additional password checks

- add cmake module to find libpwquality - move checking functions to their own file - some Transifex hackery - stub out the libpwquality check
2018-01-23 13:02:49 +01:00 · 2018-01-23 13:02:49 +01:00 · 27e1de6548
commit 27e1de6548
parent 9a9c6da6db
6 changed files with 242 additions and 90 deletions
--- a/CMakeModules/FindLibPWQuality.cmake
+++ b/CMakeModules/FindLibPWQuality.cmake
@ -0,0 +1,37 @@
 # Locate libpwquality
 #   https://github.com/libpwquality/libpwquality
 #
 # This module defines
 #  LibPWQuality_FOUND
 #  LibPWQuality_LIBRARIES, where to find the library
 #  LibPWQuality_INCLUDE_DIRS, where to find pwquality.h
 #
 include(FindPkgConfig)
 include(FindPackageHandleStandardArgs)
 pkg_search_module(pc_pwquality QUIET pwquality)
 find_path(LibPWQuality_INCLUDE_DIR
    NAMES pwquality.h
    PATHS ${pc_pwquality_INCLUDE_DIRS}
 )
 find_library(LibPWQuality_LIBRARY
    NAMES pwquality
    PATHS ${pc_pwquality_LIBRARY_DIRS}
 )
 if(pc_pwquality_FOUND)
    set(LibPWQuality_LIBRARIES ${LibPWQuality_LIBRARY})
    set(LibPWQuality_INCLUDE_DIRS ${LibPWQuality_INCLUDE_DIR} ${pc_pwquality_INCLUDE_DIRS})
 endif()
 find_package_handle_standard_args(LibPWQuality DEFAULT_MSG
    LibPWQuality_INCLUDE_DIRS
    LibPWQuality_LIBRARIES
 )
 mark_as_advanced(LibPWQuality_INCLUDE_DIRS LibPWQuality_LIBRARIES)
 set_package_properties(
    LibPWQuality PROPERTIES
    DESCRIPTION "Password quality checking library"
    URL "https://github.com/libpwquality/libpwquality"
 )
--- a/src/modules/users/CMakeLists.txt
+++ b/src/modules/users/CMakeLists.txt
@ -6,6 +6,21 @@ endif()
 find_package( Qt5 COMPONENTS Core Test REQUIRED )
 find_package( Crypt REQUIRED )
 # Add optional libraries here
 set( USER_EXTRA_LIB )
 find_package( LibPWQuality )
 set_package_properties(
    LibPWQuality PROPERTIES
    PURPOSE "Extra checks of password quality"
 )
 if( LibPWQuality_FOUND )
    list( APPEND USER_EXTRA_LIB ${LibPWQuality_LIBRARIES} )
    include_directories( ${LibPWQuality_INCLUDE_DIRS} )
    add_definitions( -DCHECK_PWQUALITY -DHAVE_LIBPWQUALITY )
 endif()
 include_directories( ${PROJECT_BINARY_DIR}/src/libcalamaresui )
 calamares_add_plugin( users
@ -17,6 +32,7 @@ calamares_add_plugin( users
        UsersViewStep.cpp
        UsersPage.cpp
        SetHostNameJob.cpp
        CheckPWQuality.cpp
    UI
        page_usersetup.ui
    RESOURCES
@ -24,6 +40,7 @@ calamares_add_plugin( users
    LINK_PRIVATE_LIBRARIES
        calamaresui
        ${CRYPT_LIBRARIES}
        ${USER_EXTRA_LIB}
    SHARED_LIB
 )
--- a/src/modules/users/CheckPWQuality.cpp
+++ b/src/modules/users/CheckPWQuality.cpp
@ -0,0 +1,94 @@
 /* === This file is part of Calamares - <https://github.com/calamares> ===
 *
 *   Copyright 2018, Adriaan de Groot <groot@kde.org>
 *
 *   Calamares is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation, either version 3 of the License, or
 *   (at your option) any later version.
 *
 *   Calamares is distributed in the hope that it will be useful,
 *   but WITHOUT ANY WARRANTY; without even the implied warranty of
 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 *   GNU General Public License for more details.
 *
 *   You should have received a copy of the GNU General Public License
 *   along with Calamares. If not, see <http://www.gnu.org/licenses/>.
 */
 #include "CheckPWQuality.h"
 #include "utils/Logger.h"
 #include <QWidget>
 PasswordCheck::PasswordCheck()
    : m_message()
    , m_accept( []( const QString& s ){ return true; } )
 {
 }
 PasswordCheck::PasswordCheck( const QString& m, AcceptFunc a )
    : m_message( [m](){ return m; } )
    , m_accept( a )
 {
 }
 PasswordCheck::PasswordCheck( MessageFunc m, AcceptFunc a )
    : m_message( m )
    , m_accept( a )
 {
 }
 // Try to trick Transifex into accepting these strings
 #define tr parent->tr
 DEFINE_CHECK_FUNC(minLength)
 {
    int minLength = -1;
    if ( value.canConvert( QVariant::Int ) )
        minLength = value.toInt();
    if ( minLength > 0 )
    {
        cDebug() << " .. minLength set to" << minLength;
        checks.push_back(
            PasswordCheck(
                [parent]()
                {
                    return tr( "Password is too short" );
                },
                [minLength]( const QString& s )
                {
                    return s.length() >= minLength;
                }
            ) );
    }
 }
 DEFINE_CHECK_FUNC(maxLength)
 {
    int maxLength = -1;
    if ( value.canConvert( QVariant::Int ) )
        maxLength = value.toInt();
    if ( maxLength > 0 )
    {
        cDebug() << " .. maxLength set to" << maxLength;
        checks.push_back(
            PasswordCheck(
                [parent]()
                {
                    return tr( "Password is too long" );
                }, [maxLength]( const QString& s )
                {
                    return s.length() <= maxLength;
                }
            ) );
    }
 }
 #ifdef HAVE_LIBPWQUALITY
 DEFINE_CHECK_FUNC(libpwquality)
 {
 }
 #endif
--- a/src/modules/users/CheckPWQuality.h
+++ b/src/modules/users/CheckPWQuality.h
@ -0,0 +1,83 @@
 /* === This file is part of Calamares - <https://github.com/calamares> ===
 *
 *   Copyright 2018, Adriaan de Groot <groot@kde.org>
 *
 *   Calamares is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation, either version 3 of the License, or
 *   (at your option) any later version.
 *
 *   Calamares is distributed in the hope that it will be useful,
 *   but WITHOUT ANY WARRANTY; without even the implied warranty of
 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 *   GNU General Public License for more details.
 *
 *   You should have received a copy of the GNU General Public License
 *   along with Calamares. If not, see <http://www.gnu.org/licenses/>.
 */
 #ifndef CHECKPWQUALITY_H
 #define CHECKPWQUALITY_H
 #include <QString>
 #include <QVariant>
 #include <QVector>
 #include <functional>
 /**
 * Support for (dynamic) checks on the password's validity.
 * This can be used to implement password requirements like
 * "at least 6 characters". Function addPasswordCheck()
 * instantiates these and adds them to the list of checks.
 */
 class PasswordCheck
 {
 public:
    /** Return true if the string is acceptable. */
    using AcceptFunc = std::function<bool( const QString& )>;
    using MessageFunc = std::function<QString()>;
    /** Generate a @p message if @p filter returns true */
    PasswordCheck( MessageFunc message, AcceptFunc filter );
    /** Yields @p message if @p filter returns true */
    PasswordCheck( const QString& message, AcceptFunc filter );
    /** Null check, always returns empty */
    PasswordCheck();
    /** Applies this check to the given password string @p s
        *  and returns an empty string if the password is ok
        *  according to this filter. Returns a message describing
        *  what is wrong if not.
        */
    QString filter( const QString& s ) const
    {
        return m_accept( s ) ? QString() : m_message();
    }
 private:
    MessageFunc m_message;
    AcceptFunc m_accept;
 } ;
 using PasswordCheckList = QVector<PasswordCheck>;
 /* Each of these functions adds a check (if possible) to the list
 * of checks; they use the configuration value(s) from the
 * variant. If the value doesn't make sense, each function
 * may skip adding a check, and do nothing (it should log
 * an error, though).
 */
 #define _xDEFINE_CHECK_FUNC(x) \
    add_check_##x( QWidget* parent, PasswordCheckList& checks, const QVariant& value )
 #define DEFINE_CHECK_FUNC(x) void _xDEFINE_CHECK_FUNC(x)
 #define DECLARE_CHECK_FUNC(x) void _xDEFINE_CHECK_FUNC(x);
 DECLARE_CHECK_FUNC(minLength)
 DECLARE_CHECK_FUNC(maxLength)
 #ifdef HAVE_LIBPWQUALITY
 DECLARE_CHECK_FUNC(libpwquality)
 #endif
 #endif
--- a/src/modules/users/UsersPage.cpp
+++ b/src/modules/users/UsersPage.cpp
@ -455,68 +455,23 @@ UsersPage::setReusePasswordDefault( bool checked )
    emit checkReady( isReady() );
 }
 UsersPage::PasswordCheck::PasswordCheck()
    : m_message()
    , m_accept( []( const QString& s )
 {
    return true;
 } )
 {
 }
 UsersPage::PasswordCheck::PasswordCheck( const QString& m, AcceptFunc a )
    : m_message( [m](){ return m; } )
    , m_accept( a )
 {
 }
 UsersPage::PasswordCheck::PasswordCheck( MessageFunc m, AcceptFunc a )
    : m_message( m )
    , m_accept( a )
 {
 }
 void
 UsersPage::addPasswordCheck( const QString& key, const QVariant& value )
 {
    if ( key == "minLength" )
    {
-        int minLength = -1;
+        add_check_minLength( this, m_passwordChecks, value );
        if ( value.canConvert( QVariant::Int ) )
            minLength = value.toInt();
        if ( minLength > 0 )
        {
            cDebug() << key << " .. set to" << minLength;
            m_passwordChecks.push_back(
                PasswordCheck(
                    []()
            {
                return tr( "Password is too short" );
            },
            [minLength]( const QString& s )
            {
                return s.length() >= minLength;
            } ) );
        }
    }
    else if ( key == "maxLength" )
    {
-        int maxLength = -1;
+        add_check_maxLength( this, m_passwordChecks, value );
        if ( value.canConvert( QVariant::Int ) )
            maxLength = value.toInt();
        if ( maxLength > 0 )
        {
            cDebug() << key << " .. set to" << maxLength;
            m_passwordChecks.push_back(
                PasswordCheck( []()
            {
                return tr( "Password is too long" );
            }, [maxLength]( const QString& s )
            {
                return s.length() <= maxLength;
            } ) );
        }
    }
 #ifdef CHECK_PWQUALITY
    else if ( key == "libpwquality" )
    {
        add_check_libpwquality( this, m_passwordChecks, value );
    }
 #endif
    else
        cDebug() << "WARNING: Unknown password-check key" << '"' << key << '"';
 }
--- a/src/modules/users/UsersPage.h
+++ b/src/modules/users/UsersPage.h
@ -26,9 +26,9 @@
 #include "Typedefs.h"
-#include <QWidget>
+#include "CheckPWQuality.h"
-#include <functional>
+#include <QWidget>
 namespace Ui
 {
@ -70,41 +70,7 @@ signals:
 private:
    Ui::Page_UserSetup* ui;
-    /**
+    PasswordCheckList m_passwordChecks;
     * Support for (dynamic) checks on the password's validity.
     * This can be used to implement password requirements like
     * "at least 6 characters". Function addPasswordCheck()
     * instantiates these and adds them to the list of checks.
     */
    class PasswordCheck
    {
    public:
        /** Return true if the string is acceptable. */
        using AcceptFunc = std::function<bool( const QString& )>;
        using MessageFunc = std::function<QString()>;
        /** Generate a @p message if @p filter returns true */
        PasswordCheck( MessageFunc message, AcceptFunc filter );
        /** Yields @p message if @p filter returns true */
        PasswordCheck( const QString& message, AcceptFunc filter );
        /** Null check, always returns empty */
        PasswordCheck();
        /** Applies this check to the given password string @p s
         *  and returns an empty string if the password is ok
         *  according to this filter. Returns a message describing
         *  what is wrong if not.
         */
        QString filter( const QString& s ) const
        {
            return m_accept( s ) ? QString() : m_message();
        }
    private:
        MessageFunc m_message;
        AcceptFunc m_accept;
    } ;
    QVector<PasswordCheck> m_passwordChecks;
    const QRegExp USERNAME_RX = QRegExp( "^[a-z_][a-z0-9_-]*[$]?$" );
    const QRegExp HOSTNAME_RX = QRegExp( "^[a-zA-Z0-9][-a-zA-Z0-9_]*$" );