summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--plugin/password.cpp63
1 files changed, 62 insertions, 1 deletions
diff --git a/plugin/password.cpp b/plugin/password.cpp
index 23763c1..5cadfb4 100644
--- a/plugin/password.cpp
+++ b/plugin/password.cpp
@@ -15,6 +15,7 @@
*/
#include <sys/types.h>
+#include <sys/inotify.h>
#include <unordered_map>
@@ -24,6 +25,9 @@
#include <dpm/pil/app-bundle.h>
#include <dpm/pil/launchpad.h>
+#include <klay/error.h>
+#include <klay/exception.h>
+
#include "password-manager.h"
typedef enum {
@@ -58,6 +62,9 @@ namespace {
const int simplePasswordLength = 4;
const int infinite = 32767;
+const std::string BootCompleted = "/tmp/.dpm-bootCompleted";
+int bootCompleted = -1;
+
std::unordered_map<uid_t, int> passwordStatus;
inline int inverse(int value)
@@ -95,6 +102,9 @@ public:
bool apply(const DataType& value, uid_t domain)
{
+ if (bootCompleted < 0)
+ return true;
+
try {
int auth = DPM_PASSWORD_QUALITY_UNSPECIFIED;
@@ -126,6 +136,10 @@ public:
bool apply(const DataType& value, uid_t domain)
{
int v = value;
+
+ if (bootCompleted < 0)
+ return true;
+
try {
v = v == infinite ? 0 : v;
PasswordManager passwordManager(domain);
@@ -149,6 +163,10 @@ public:
bool apply(const DataType& value, uid_t domain)
{
int v = value;
+
+ if (bootCompleted < 0)
+ return true;
+
try {
v = v == infinite ? 0 : v;
PasswordManager passwordManager(domain);
@@ -171,6 +189,9 @@ public:
bool apply(const DataType& value, uid_t domain)
{
+ if (bootCompleted < 0)
+ return true;
+
try {
PasswordManager passwordManager(domain);
passwordManager.setHistory(inverse(value));
@@ -192,6 +213,9 @@ public:
bool apply(const DataType& value, uid_t domain)
{
+ if (bootCompleted < 0)
+ return true;
+
try {
PasswordManager passwordManager(domain);
passwordManager.setExpires(value);
@@ -213,6 +237,9 @@ public:
bool apply(const DataType& value, uid_t domain)
{
+ if (bootCompleted < 0)
+ return true;
+
try {
PasswordManager passwordManager(domain);
passwordManager.setMaximumFailedForWipe(value);
@@ -234,6 +261,9 @@ public:
bool apply(const DataType& value, uid_t domain)
{
+ if (bootCompleted < 0)
+ return true;
+
try {
PasswordManager passwordManager(domain);
passwordManager.setMinimumComplexCharacters(inverse(value));
@@ -255,6 +285,9 @@ public:
bool apply(const DataType& value, uid_t domain)
{
+ if (bootCompleted < 0)
+ return true;
+
try {
PasswordManager passwordManager(domain);
passwordManager.setMinimumLength(inverse(value));
@@ -294,6 +327,32 @@ public:
class Password : public AbstractPolicyProvider {
public:
+ Password(PolicyControlContext& context) {
+ inotifyFd = ::inotify_init1(IN_NONBLOCK);
+ if (inotifyFd < 0) {
+ throw runtime::Exception(runtime::GetSystemErrorMessage());
+ }
+
+ int wd = ::inotify_add_watch(inotifyFd, BootCompleted.c_str(), IN_MODIFY);
+ if (wd == -1) {
+ throw runtime::Exception(runtime::GetSystemErrorMessage());
+ }
+
+ auto setBootCompleted = [&context, this](int fd, runtime::Mainloop::Event event) {
+ bootCompleted = 1;
+ context.mainloop.removeEventSource(inotifyFd);
+ ::close(inotifyFd);
+ inotifyFd = -1;
+ };
+
+ context.mainloop.addEventSource(inotifyFd, EPOLLIN | EPOLLHUP | EPOLLRDHUP, setBootCompleted);
+ }
+
+ ~Password() {
+ if (inotifyFd != -1)
+ ::close(inotifyFd);
+ }
+
int setQuality(int quality);
int getQuality();
int setMinimumLength(int value);
@@ -325,6 +384,8 @@ public:
int getRecovery();
private:
+ int inotifyFd;
+
PasswordQuality quality;
PasswordHistory history;
PasswordLength length;
@@ -583,7 +644,7 @@ extern "C" {
AbstractPolicyProvider *PolicyFactory(PolicyControlContext& context)
{
- Password *policy = new Password();
+ Password *policy = new Password(context);
context.expose(policy, PRIVILEGE, (int)(Password::setQuality)(int));
context.expose(policy, PRIVILEGE, (int)(Password::setMinimumLength)(int));