From 0a894231cd96bf5f846cd3341610ddf738ee4a34 Mon Sep 17 00:00:00 2001 From: Luca Ferrari Date: Wed, 9 Feb 2022 03:47:19 -0500 Subject: [PATCH] [#206] Remove is_valid_password function and provide better messages. Close #206. See . The is_valid_password() was checking only the password length and the fact that was made by ASCII chars. The check for the length can be done "inline" directly within a loop. Added a constant with the minimal length of the password, so that it is possible to insert a warning message for the user in the case she inputs a too short password. The system also prompts the user for a password with a message that explicitly tells her the password will not appear on the terminal. See also the initial work on #200. --- src/admin.c | 59 ++++++++++++----------------------------------------- 1 file changed, 13 insertions(+), 46 deletions(-) diff --git a/src/admin.c b/src/admin.c index e7caf5fa..aa6988e9 100644 --- a/src/admin.c +++ b/src/admin.c @@ -45,6 +45,7 @@ #include #define DEFAULT_PASSWORD_LENGTH 64 +#define MIN_PASSWORD_LENGTH 8 #define ACTION_UNKNOWN 0 #define ACTION_MASTER_KEY 1 @@ -60,7 +61,6 @@ static char CHARS[] = {'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L '\'', '\"', ',', '<', '.', '>', '/', '?'}; static int master_key(char* password, bool generate_pwd, int pwd_length); -static bool is_valid_key(char* key); static int add_user(char* users_path, char* username, char* password, bool generate_pwd, int pwd_length); static int update_user(char* users_path, char* username, char* password, bool generate_pwd, int pwd_length); static int remove_user(char* users_path, char* username); @@ -354,18 +354,19 @@ master_key(char* password, bool generate_pwd, int pwd_length) { if (!generate_pwd) { - while (!is_valid_key(password)) - { - if (password != NULL) - { - free(password); - password = NULL; - } + while( password == NULL ) + { + printf("Master key (will not echo): "); + password = pgagroal_get_password(); + printf("\n"); - printf("Master key: "); - password = pgagroal_get_password(); - printf("\n"); - } + if (password != NULL && strlen(password) < MIN_PASSWORD_LENGTH ) + { + printf("Invalid key length, must be at least %d chars.\n", MIN_PASSWORD_LENGTH ); + free(password); + password = NULL; + } + } } else { @@ -376,11 +377,6 @@ master_key(char* password, bool generate_pwd, int pwd_length) else { do_free = false; - - if (!is_valid_key(password)) - { - goto error; - } } pgagroal_base64_encode(password, strlen(password), &encoded); @@ -415,35 +411,6 @@ master_key(char* password, bool generate_pwd, int pwd_length) return 1; } -static bool -is_valid_key(char* key) -{ - char c; - - if (!key) - { - return false; - } - - if (strlen(key) < 8) - { - return false; - } - - for (int i = 0; i < strlen(key); i++) - { - c = *(key + i); - - /* Only support ASCII for now */ - if ((unsigned char)c & 0x80) - { - return false; - } - } - - return true; -} - static int add_user(char* users_path, char* username, char* password, bool generate_pwd, int pwd_length) {