diff options
| -rw-r--r-- | BUILDING.txt | 3 | ||||
| -rw-r--r-- | CMakeLists.txt | 14 | ||||
| -rw-r--r-- | unix/vncpasswd/CMakeLists.txt | 4 | ||||
| -rw-r--r-- | unix/vncpasswd/vncpasswd.cxx | 47 |
4 files changed, 68 insertions, 0 deletions
diff --git a/BUILDING.txt b/BUILDING.txt index 9b727a6e..8067bd90 100644 --- a/BUILDING.txt +++ b/BUILDING.txt @@ -55,6 +55,9 @@ Build Requirements (Unix) * You might have to enable additional repositories for this. E.g., on RHEL, EPEL and RPMFusion (free + nonfree) need to be enabled. +-- If building vncpasswd with password quality check support: + * libpwquality + ============================ Build Requirements (Windows) ============================ diff --git a/CMakeLists.txt b/CMakeLists.txt index 07a859ca..b57b5e61 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -336,6 +336,20 @@ if(UNIX AND NOT APPLE) endif() endif() +# check for password pwquality check support +option(ENABLE_PWQUALITY "Enable password pwquality check" ON) +if(ENABLE_PWQUALITY) + if(UNIX) + find_package(PkgConfig) + if(PKG_CONFIG_FOUND) + pkg_check_modules(PWQUALITY pwquality) + if(PWQUALITY_FOUND) + add_definitions(-DHAVE_PWQUALITY) + endif() + endif() + endif() +endif() + # Generate config.h and make sure the source finds it configure_file(config.h.in config.h) add_definitions(-DHAVE_CONFIG_H) diff --git a/unix/vncpasswd/CMakeLists.txt b/unix/vncpasswd/CMakeLists.txt index 9b672041..f490a933 100644 --- a/unix/vncpasswd/CMakeLists.txt +++ b/unix/vncpasswd/CMakeLists.txt @@ -4,5 +4,9 @@ add_executable(vncpasswd target_include_directories(vncpasswd PUBLIC ${CMAKE_SOURCE_DIR}/common) target_link_libraries(vncpasswd tx rfb os) +if(PWQUALITY_FOUND) + target_link_libraries(vncpasswd pwquality) +endif() + install(TARGETS vncpasswd DESTINATION ${CMAKE_INSTALL_FULL_BINDIR}) install(FILES vncpasswd.man DESTINATION ${CMAKE_INSTALL_FULL_MANDIR}/man1 RENAME vncpasswd.1) diff --git a/unix/vncpasswd/vncpasswd.cxx b/unix/vncpasswd/vncpasswd.cxx index 877ebcbd..b17e73dd 100644 --- a/unix/vncpasswd/vncpasswd.cxx +++ b/unix/vncpasswd/vncpasswd.cxx @@ -37,6 +37,9 @@ #include <termios.h> +#ifdef HAVE_PWQUALITY +#include <pwquality.h> +#endif using namespace rfb; @@ -99,6 +102,36 @@ static int encrypt_pipe() { return 0; } +#ifdef HAVE_PWQUALITY +static int check_passwd_pwquality(const char *password) +{ + int r; + void *auxerror; + pwquality_settings_t *pwq; + pwq = pwquality_default_settings(); + if (!pwq) + return -EINVAL; + r = pwquality_read_config(pwq, NULL, &auxerror); + if (r) { + printf("Cannot check password quality: %s \n", + pwquality_strerror(NULL, 0, r, auxerror)); + pwquality_free_settings(pwq); + return -EINVAL; + } + + r = pwquality_check(pwq, password, NULL, NULL, &auxerror); + if (r < 0) { + printf("Password quality check failed:\n %s \n", + pwquality_strerror(NULL, 0, r, auxerror)); + r = -EPERM; + } + pwquality_free_settings(pwq); + + //return the score of password quality + return r; +} +#endif + static std::vector<uint8_t> readpassword() { while (true) { const char *passwd = getpassword("Password:"); @@ -116,6 +149,20 @@ static std::vector<uint8_t> readpassword() { continue; } + if (first.size() > 8) { + fprintf(stderr,"Password should not be greater than 8 characters\nBecause only 8 valid characters are used - try again\n"); + continue; + } + +#ifdef HAVE_PWQUALITY + //the function return score of password quality + int r = check_passwd_pwquality(passwd); + if (r < 0){ + printf("Password quality check failed, please set it correctly.\n"); + continue; + } +#endif + passwd = getpassword("Verify:"); if (passwd == nullptr) { perror("getpass error"); |