diff options
-rw-r--r-- | plugin/password.cpp | 63 |
1 files changed, 62 insertions, 1 deletions
diff --git a/plugin/password.cpp b/plugin/password.cpp index 23763c1..5cadfb4 100644 --- a/plugin/password.cpp +++ b/plugin/password.cpp @@ -15,6 +15,7 @@ */ #include <sys/types.h> +#include <sys/inotify.h> #include <unordered_map> @@ -24,6 +25,9 @@ #include <dpm/pil/app-bundle.h> #include <dpm/pil/launchpad.h> +#include <klay/error.h> +#include <klay/exception.h> + #include "password-manager.h" typedef enum { @@ -58,6 +62,9 @@ namespace { const int simplePasswordLength = 4; const int infinite = 32767; +const std::string BootCompleted = "/tmp/.dpm-bootCompleted"; +int bootCompleted = -1; + std::unordered_map<uid_t, int> passwordStatus; inline int inverse(int value) @@ -95,6 +102,9 @@ public: bool apply(const DataType& value, uid_t domain) { + if (bootCompleted < 0) + return true; + try { int auth = DPM_PASSWORD_QUALITY_UNSPECIFIED; @@ -126,6 +136,10 @@ public: bool apply(const DataType& value, uid_t domain) { int v = value; + + if (bootCompleted < 0) + return true; + try { v = v == infinite ? 0 : v; PasswordManager passwordManager(domain); @@ -149,6 +163,10 @@ public: bool apply(const DataType& value, uid_t domain) { int v = value; + + if (bootCompleted < 0) + return true; + try { v = v == infinite ? 0 : v; PasswordManager passwordManager(domain); @@ -171,6 +189,9 @@ public: bool apply(const DataType& value, uid_t domain) { + if (bootCompleted < 0) + return true; + try { PasswordManager passwordManager(domain); passwordManager.setHistory(inverse(value)); @@ -192,6 +213,9 @@ public: bool apply(const DataType& value, uid_t domain) { + if (bootCompleted < 0) + return true; + try { PasswordManager passwordManager(domain); passwordManager.setExpires(value); @@ -213,6 +237,9 @@ public: bool apply(const DataType& value, uid_t domain) { + if (bootCompleted < 0) + return true; + try { PasswordManager passwordManager(domain); passwordManager.setMaximumFailedForWipe(value); @@ -234,6 +261,9 @@ public: bool apply(const DataType& value, uid_t domain) { + if (bootCompleted < 0) + return true; + try { PasswordManager passwordManager(domain); passwordManager.setMinimumComplexCharacters(inverse(value)); @@ -255,6 +285,9 @@ public: bool apply(const DataType& value, uid_t domain) { + if (bootCompleted < 0) + return true; + try { PasswordManager passwordManager(domain); passwordManager.setMinimumLength(inverse(value)); @@ -294,6 +327,32 @@ public: class Password : public AbstractPolicyProvider { public: + Password(PolicyControlContext& context) { + inotifyFd = ::inotify_init1(IN_NONBLOCK); + if (inotifyFd < 0) { + throw runtime::Exception(runtime::GetSystemErrorMessage()); + } + + int wd = ::inotify_add_watch(inotifyFd, BootCompleted.c_str(), IN_MODIFY); + if (wd == -1) { + throw runtime::Exception(runtime::GetSystemErrorMessage()); + } + + auto setBootCompleted = [&context, this](int fd, runtime::Mainloop::Event event) { + bootCompleted = 1; + context.mainloop.removeEventSource(inotifyFd); + ::close(inotifyFd); + inotifyFd = -1; + }; + + context.mainloop.addEventSource(inotifyFd, EPOLLIN | EPOLLHUP | EPOLLRDHUP, setBootCompleted); + } + + ~Password() { + if (inotifyFd != -1) + ::close(inotifyFd); + } + int setQuality(int quality); int getQuality(); int setMinimumLength(int value); @@ -325,6 +384,8 @@ public: int getRecovery(); private: + int inotifyFd; + PasswordQuality quality; PasswordHistory history; PasswordLength length; @@ -583,7 +644,7 @@ extern "C" { AbstractPolicyProvider *PolicyFactory(PolicyControlContext& context) { - Password *policy = new Password(); + Password *policy = new Password(context); context.expose(policy, PRIVILEGE, (int)(Password::setQuality)(int)); context.expose(policy, PRIVILEGE, (int)(Password::setMinimumLength)(int)); |