Merge branch 'master' of https://github.com/prownd/tigervnc

4 files changed, 68 insertions, 0 deletions

diff --git a/BUILDING.txt b/BUILDING.txt
index 9b727a6e..8067bd90 100644
--- a/BUILDING.txt
+++ b/BUILDING.txt
@@ -55,6 +55,9 @@ Build Requirements (Unix)
    * You might have to enable additional repositories for this. E.g.,
      on RHEL, EPEL and RPMFusion (free + nonfree) need to be enabled.
 
+-- If building vncpasswd with password quality check support:
+   * libpwquality
+
 ============================
 Build Requirements (Windows)
 ============================
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 07a859ca..b57b5e61 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -336,6 +336,20 @@ if(UNIX AND NOT APPLE)
   endif()
 endif()
 
+# check for password pwquality check support
+option(ENABLE_PWQUALITY "Enable password pwquality check" ON)
+if(ENABLE_PWQUALITY)
+  if(UNIX)
+    find_package(PkgConfig)
+    if(PKG_CONFIG_FOUND)
+      pkg_check_modules(PWQUALITY pwquality)
+      if(PWQUALITY_FOUND)
+        add_definitions(-DHAVE_PWQUALITY)
+      endif()
+    endif()
+  endif()
+endif()
+
 # Generate config.h and make sure the source finds it
 configure_file(config.h.in config.h)
 add_definitions(-DHAVE_CONFIG_H)
diff --git a/unix/vncpasswd/CMakeLists.txt b/unix/vncpasswd/CMakeLists.txt
index 9b672041..f490a933 100644
--- a/unix/vncpasswd/CMakeLists.txt
+++ b/unix/vncpasswd/CMakeLists.txt
@@ -4,5 +4,9 @@ add_executable(vncpasswd
 target_include_directories(vncpasswd PUBLIC ${CMAKE_SOURCE_DIR}/common)
 target_link_libraries(vncpasswd tx rfb os)
 
+if(PWQUALITY_FOUND)
+  target_link_libraries(vncpasswd pwquality)
+endif()
+
 install(TARGETS vncpasswd DESTINATION ${CMAKE_INSTALL_FULL_BINDIR})
 install(FILES vncpasswd.man DESTINATION ${CMAKE_INSTALL_FULL_MANDIR}/man1 RENAME vncpasswd.1)
diff --git a/unix/vncpasswd/vncpasswd.cxx b/unix/vncpasswd/vncpasswd.cxx
index 877ebcbd..b17e73dd 100644
--- a/unix/vncpasswd/vncpasswd.cxx
+++ b/unix/vncpasswd/vncpasswd.cxx
@@ -37,6 +37,9 @@
 
 #include <termios.h>
 
+#ifdef HAVE_PWQUALITY
+#include <pwquality.h>
+#endif
 
 using namespace rfb;
 
@@ -99,6 +102,36 @@ static int encrypt_pipe() {
   return 0;
 }
 
+#ifdef HAVE_PWQUALITY
+static int check_passwd_pwquality(const char *password)
+{
+	int r;
+	void *auxerror;
+	pwquality_settings_t *pwq;
+	pwq = pwquality_default_settings();
+	if (!pwq)
+		return -EINVAL;
+	r = pwquality_read_config(pwq, NULL, &auxerror);
+	if (r) {
+		printf("Cannot check password quality: %s \n",
+			pwquality_strerror(NULL, 0, r, auxerror));
+		pwquality_free_settings(pwq);
+		return -EINVAL;
+	}
+
+	r = pwquality_check(pwq, password, NULL, NULL, &auxerror);
+	if (r < 0) {
+		printf("Password quality check failed:\n %s \n",
+			pwquality_strerror(NULL, 0, r, auxerror));
+		r = -EPERM;
+	}
+	pwquality_free_settings(pwq);
+
+	//return the score of password quality
+	return r;
+}
+#endif
+
 static std::vector<uint8_t> readpassword() {
   while (true) {
     const char *passwd = getpassword("Password:");
@@ -116,6 +149,20 @@ static std::vector<uint8_t> readpassword() {
       continue;
     }
 
+    if (first.size() > 8) {
+      fprintf(stderr,"Password should not be greater than 8 characters\nBecause only 8 valid characters are used - try again\n");
+      continue;
+    }
+
+#ifdef HAVE_PWQUALITY
+    //the function return score of password quality
+    int r = check_passwd_pwquality(passwd);
+    if (r < 0){
+      printf("Password quality check failed, please set it correctly.\n");
+      continue;
+    }
+#endif
+
     passwd = getpassword("Verify:");
     if (passwd == nullptr) {
       perror("getpass error");