LibCore: Make Account::authenticate take a SecretString

To encourage users to use the SecretString API, change the API so that Account::authenticate only accepts a SecretString.
2025-01-23 18:02:05 -05:00 · 2021-09-12 07:02:17 -07:00 · 2021-09-12 07:02:17 -07:00 · df04283d61
commit df04283d61
parent 9e667453c7
5 changed files with 7 additions and 6 deletions
--- a/Userland/Libraries/LibCore/Account.cpp
+++ b/Userland/Libraries/LibCore/Account.cpp
@ -159,7 +159,7 @@ Result<Account, String> Account::from_uid(uid_t uid, Read options)
    return from_passwd(*pwd, *spwd);
 }

-bool Account::authenticate(const char* password) const
+bool Account::authenticate(SecretString const& password) const
 {
    // If there was no shadow entry for this account, authentication always fails.
    if (m_password_hash.is_null())
@ -170,7 +170,7 @@ bool Account::authenticate(const char* password) const
        return true;

    // FIXME: Use crypt_r if it can be built in lagom.
-    char* hash = crypt(password, m_password_hash.characters());
+    char* hash = crypt(password.characters(), m_password_hash.characters());
    return hash != nullptr && strcmp(hash, m_password_hash.characters()) == 0;
 }

--- a/Userland/Libraries/LibCore/Account.h
+++ b/Userland/Libraries/LibCore/Account.h
@ -10,6 +10,7 @@
 #include <AK/String.h>
 #include <AK/Types.h>
 #include <AK/Vector.h>
+#include <LibCore/SecretString.h>
 #include <pwd.h>
 #ifndef AK_OS_BSD_GENERIC
 #    include <shadow.h>
@ -36,7 +37,7 @@ public:
    static Result<Account, String> from_name(const char* username, Read options = Read::All);
    static Result<Account, String> from_uid(uid_t uid, Read options = Read::All);

-    bool authenticate(const char* password) const;
+    bool authenticate(SecretString const& password) const;
    bool login() const;

    String username() const { return m_username; }
--- a/Userland/Utilities/passwd.cpp
+++ b/Userland/Utilities/passwd.cpp
@ -90,7 +90,7 @@ int main(int argc, char** argv)
                return 1;
            }

-            if (!target_account.authenticate(current_password.value().characters())) {
+            if (!target_account.authenticate(current_password.value())) {
                warnln("Incorrect or disabled password.");
                warnln("Password for user {} unchanged.", target_account.username());
                return 1;
--- a/Userland/Utilities/pls.cpp
+++ b/Userland/Utilities/pls.cpp
@ -55,7 +55,7 @@ int main(int argc, char** argv)
            }

            auto const& password = password_or_error.value();
-            if (!account.authenticate(password.characters())) {
+            if (!account.authenticate(password)) {
                warnln("Incorrect or disabled password.");
                return 1;
            }
--- a/Userland/Utilities/su.cpp
+++ b/Userland/Utilities/su.cpp
@ -58,7 +58,7 @@ int main(int argc, char** argv)
            return 1;
        }

-        if (!account.authenticate(password.value().characters())) {
+        if (!account.authenticate(password.value())) {
            warnln("Incorrect or disabled password.");
            return 1;
        }