summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2023-11-28 09:52:17 +0100
committerYu Watanabe <watanabe.yu+github@gmail.com>2024-01-04 15:26:49 +0100
commitcc943ab86ef117ecd2499ea654cee552fb84d316 (patch)
tree68e500024186a4570599ba7dcf4b5c3d9d1b0fe8 /src
parenthomed: tone down log message about bad passwords a bit (diff)
downloadsystemd-cc943ab86ef117ecd2499ea654cee552fb84d316.tar.xz
systemd-cc943ab86ef117ecd2499ea654cee552fb84d316.zip
homed: fix home_count_bad_authentication() counting
We want to cover not only regular bad password entries, but also bad recovery key entries. Hence let's move the list of errors into the function, and add more.
Diffstat (limited to 'src')
-rw-r--r--src/home/homed-home.c23
1 files changed, 12 insertions, 11 deletions
diff --git a/src/home/homed-home.c b/src/home/homed-home.c
index 951f5aba43..787dc773ac 100644
--- a/src/home/homed-home.c
+++ b/src/home/homed-home.c
@@ -650,11 +650,17 @@ static int convert_worker_errno(Home *h, int e, sd_bus_error *error) {
return 0;
}
-static void home_count_bad_authentication(Home *h, bool save) {
+static void home_count_bad_authentication(Home *h, int error, bool save) {
int r;
assert(h);
+ if (!IN_SET(error,
+ -ENOKEY, /* Password incorrect */
+ -EBADSLT, /* Password incorrect and no token */
+ -EREMOTEIO)) /* Recovery key incorrect */
+ return;
+
r = user_record_bad_authentication(h->record);
if (r < 0) {
log_warning_errno(r, "Failed to increase bad authentication counter, ignoring: %m");
@@ -680,8 +686,7 @@ static void home_fixate_finish(Home *h, int ret, UserRecord *hr) {
secret = TAKE_PTR(h->secret); /* Take possession */
if (ret < 0) {
- if (ret == -ENOKEY)
- (void) home_count_bad_authentication(h, false);
+ (void) home_count_bad_authentication(h, ret, /* save= */ false);
(void) convert_worker_errno(h, ret, &error);
r = log_error_errno(ret, "Fixation failed: %m");
@@ -772,8 +777,7 @@ static void home_activate_finish(Home *h, int ret, UserRecord *hr) {
assert(IN_SET(h->state, HOME_ACTIVATING, HOME_ACTIVATING_FOR_ACQUIRE));
if (ret < 0) {
- if (ret == -ENOKEY)
- home_count_bad_authentication(h, true);
+ (void) home_count_bad_authentication(h, ret, /* save= */ true);
(void) convert_worker_errno(h, ret, &error);
r = log_full_errno(error_is_bad_password(ret) ? LOG_NOTICE : LOG_ERR,
@@ -934,8 +938,7 @@ static void home_change_finish(Home *h, int ret, UserRecord *hr) {
assert(h);
if (ret < 0) {
- if (ret == -ENOKEY)
- (void) home_count_bad_authentication(h, true);
+ (void) home_count_bad_authentication(h, ret, /* save= */ true);
(void) convert_worker_errno(h, ret, &error);
r = log_full_errno(error_is_bad_password(ret) ? LOG_NOTICE : LOG_ERR,
@@ -1005,8 +1008,7 @@ static void home_unlocking_finish(Home *h, int ret, UserRecord *hr) {
assert(IN_SET(h->state, HOME_UNLOCKING, HOME_UNLOCKING_FOR_ACQUIRE));
if (ret < 0) {
- if (ret == -ENOKEY)
- (void) home_count_bad_authentication(h, true);
+ (void) home_count_bad_authentication(h, ret, /* save= */ true);
(void) convert_worker_errno(h, ret, &error);
r = log_full_errno(error_is_bad_password(ret) ? LOG_NOTICE : LOG_ERR,
@@ -1042,8 +1044,7 @@ static void home_authenticating_finish(Home *h, int ret, UserRecord *hr) {
assert(IN_SET(h->state, HOME_AUTHENTICATING, HOME_AUTHENTICATING_WHILE_ACTIVE, HOME_AUTHENTICATING_FOR_ACQUIRE));
if (ret < 0) {
- if (ret == -ENOKEY)
- (void) home_count_bad_authentication(h, true);
+ (void) home_count_bad_authentication(h, ret, /* save= */ true);
(void) convert_worker_errno(h, ret, &error);
r = log_full_errno(error_is_bad_password(ret) ? LOG_NOTICE : LOG_ERR,