35 #include <glib/gstdio.h> 44 # define DIM(v) (sizeof(v)/sizeof((v)[0])) 45 # define DIMof(type,member) DIM(((type *)0)->member) 52 #define G_LOG_DOMAIN "base plcy" 115 #define PWPOLICY_FILE_NAME OPENVAS_SYSCONF_DIR "/pwpolicy.conf" 120 static gboolean disable_password_policy;
129 policy_checking_failed (
void)
131 return g_strdup (
"Password policy checking failed (internal error)");
148 is_keyword (
char *
string,
const char *keyword)
150 int n = strlen (keyword);
152 if (!strncmp (
string, keyword, n))
154 if (
string[n] ==
':')
156 if (!
string[n] || g_ascii_isspace (
string[n]))
159 while (g_ascii_isspace (*
string))
181 search_file (
const char *fname,
const char *password)
188 fp = fopen (fname,
"r");
192 while (fgets (line,
DIM(line)-1, fp))
195 if (!len || line[len-1] !=
'\n')
199 while ( (c=getc (fp)) != EOF && c !=
'\n')
204 if (len && line[len-1] ==
'\r')
208 if (!g_ascii_strcasecmp (line, password))
216 int save_errno = errno;
243 parse_pattern_line (
char *line,
const char *fname,
int lineno,
244 char **descp,
const char *password,
const char *username)
251 while (g_ascii_isspace (*line))
258 else if (*line ==
'#' && line[1] ==
'+')
261 if ((p = is_keyword (line,
"desc")))
265 *descp = g_strdup (p);
269 else if ((p = is_keyword (line,
"nodesc")))
274 else if ((p = is_keyword (line,
"search")))
278 sret = search_file (p, password);
281 g_warning (
"error searching '%s' (requested at line %d): %s",
282 p, lineno, g_strerror (errno));
283 ret = policy_checking_failed ();
285 else if (sret && *descp)
286 ret = g_strdup_printf (
"Weak password (%s)", *descp);
288 ret = g_strdup_printf (
"Weak password (found in '%s')", p);
292 else if (is_keyword (line,
"username"))
300 else if (!g_ascii_strcasecmp (password, username))
301 ret = g_strdup_printf (
"Weak password (%s)",
302 "user name matches password");
303 else if (strstr (password, username))
304 ret = g_strdup_printf (
"Weak password (%s)",
305 "user name is part of the password");
306 else if (strstr (username, password))
307 ret = g_strdup_printf (
"Weak password (%s)",
308 "password is part of the user name");
314 g_warning (
"error reading '%s', line %d: %s",
315 fname, lineno,
"unknown processing instruction");
316 ret = policy_checking_failed ();
319 else if (*line ==
'#')
323 else if (*line ==
'/' 324 || (*line ==
'!' && line[1] ==
'/'))
326 int rev = (*line ==
'!');
331 if (n && line[n-1] ==
'/')
333 if (((!g_regex_match_simple (line, password, G_REGEX_CASELESS, 0)) ^ rev))
336 ret = g_strdup_printf (
"Weak password (%s)", *descp);
338 ret = g_strdup_printf (
"Weak password (see '%s' line %d)",
343 if (g_ascii_strcasecmp (line, password))
346 ret = g_strdup_printf (
"Weak password (%s)", *descp);
348 ret = g_strdup_printf (
"Weak password (see '%s' line %d)",
377 if (disable_password_policy)
380 if (!password || !*password)
381 return g_strdup (
"Empty password");
383 fp = fopen (patternfile,
"r");
386 g_warning (
"error opening '%s': %s", patternfile, g_strerror (errno));
387 return policy_checking_failed ();
391 while (fgets (line,
DIM(line)-1, fp))
395 if (!len || line[len-1] !=
'\n')
397 g_warning (
"error reading '%s', line %d: %s",
399 len?
"line too long":
"line without a LF");
400 ret = policy_checking_failed ();
404 if (len && line[len-1] ==
'\r')
406 ret = parse_pattern_line (line, patternfile, lineno, &desc,
424 disable_password_policy = TRUE;
425 g_warning (
"Password policy checking has been disabled.");
#define PWPOLICY_FILE_NAME
The name of the pattern file.
void openvas_disable_password_policy(void)
Disable all password policy checking.
Protos and data structures for pwpolicy checking.
char * openvas_validate_password(const char *password, const char *username)
Validate a password against the pattern file.