diff options
author | Lennart Poettering <lennart@poettering.net> | 2023-11-28 09:52:17 +0100 |
---|---|---|
committer | Yu Watanabe <watanabe.yu+github@gmail.com> | 2024-01-04 15:26:49 +0100 |
commit | cc943ab86ef117ecd2499ea654cee552fb84d316 (patch) | |
tree | 68e500024186a4570599ba7dcf4b5c3d9d1b0fe8 /src | |
parent | homed: tone down log message about bad passwords a bit (diff) | |
download | systemd-cc943ab86ef117ecd2499ea654cee552fb84d316.tar.xz systemd-cc943ab86ef117ecd2499ea654cee552fb84d316.zip |
homed: fix home_count_bad_authentication() counting
We want to cover not only regular bad password entries, but also bad
recovery key entries. Hence let's move the list of errors into the
function, and add more.
Diffstat (limited to 'src')
-rw-r--r-- | src/home/homed-home.c | 23 |
1 files changed, 12 insertions, 11 deletions
diff --git a/src/home/homed-home.c b/src/home/homed-home.c index 951f5aba43..787dc773ac 100644 --- a/src/home/homed-home.c +++ b/src/home/homed-home.c @@ -650,11 +650,17 @@ static int convert_worker_errno(Home *h, int e, sd_bus_error *error) { return 0; } -static void home_count_bad_authentication(Home *h, bool save) { +static void home_count_bad_authentication(Home *h, int error, bool save) { int r; assert(h); + if (!IN_SET(error, + -ENOKEY, /* Password incorrect */ + -EBADSLT, /* Password incorrect and no token */ + -EREMOTEIO)) /* Recovery key incorrect */ + return; + r = user_record_bad_authentication(h->record); if (r < 0) { log_warning_errno(r, "Failed to increase bad authentication counter, ignoring: %m"); @@ -680,8 +686,7 @@ static void home_fixate_finish(Home *h, int ret, UserRecord *hr) { secret = TAKE_PTR(h->secret); /* Take possession */ if (ret < 0) { - if (ret == -ENOKEY) - (void) home_count_bad_authentication(h, false); + (void) home_count_bad_authentication(h, ret, /* save= */ false); (void) convert_worker_errno(h, ret, &error); r = log_error_errno(ret, "Fixation failed: %m"); @@ -772,8 +777,7 @@ static void home_activate_finish(Home *h, int ret, UserRecord *hr) { assert(IN_SET(h->state, HOME_ACTIVATING, HOME_ACTIVATING_FOR_ACQUIRE)); if (ret < 0) { - if (ret == -ENOKEY) - home_count_bad_authentication(h, true); + (void) home_count_bad_authentication(h, ret, /* save= */ true); (void) convert_worker_errno(h, ret, &error); r = log_full_errno(error_is_bad_password(ret) ? LOG_NOTICE : LOG_ERR, @@ -934,8 +938,7 @@ static void home_change_finish(Home *h, int ret, UserRecord *hr) { assert(h); if (ret < 0) { - if (ret == -ENOKEY) - (void) home_count_bad_authentication(h, true); + (void) home_count_bad_authentication(h, ret, /* save= */ true); (void) convert_worker_errno(h, ret, &error); r = log_full_errno(error_is_bad_password(ret) ? LOG_NOTICE : LOG_ERR, @@ -1005,8 +1008,7 @@ static void home_unlocking_finish(Home *h, int ret, UserRecord *hr) { assert(IN_SET(h->state, HOME_UNLOCKING, HOME_UNLOCKING_FOR_ACQUIRE)); if (ret < 0) { - if (ret == -ENOKEY) - (void) home_count_bad_authentication(h, true); + (void) home_count_bad_authentication(h, ret, /* save= */ true); (void) convert_worker_errno(h, ret, &error); r = log_full_errno(error_is_bad_password(ret) ? LOG_NOTICE : LOG_ERR, @@ -1042,8 +1044,7 @@ static void home_authenticating_finish(Home *h, int ret, UserRecord *hr) { assert(IN_SET(h->state, HOME_AUTHENTICATING, HOME_AUTHENTICATING_WHILE_ACTIVE, HOME_AUTHENTICATING_FOR_ACQUIRE)); if (ret < 0) { - if (ret == -ENOKEY) - (void) home_count_bad_authentication(h, true); + (void) home_count_bad_authentication(h, ret, /* save= */ true); (void) convert_worker_errno(h, ret, &error); r = log_full_errno(error_is_bad_password(ret) ? LOG_NOTICE : LOG_ERR, |