I am using CentOS 7. I have certain password quality requirements set up in pwquality.conf
(related to the libpwquality
package). In addition to these complexity constraints being applied to user logins, I'd like them to be applied to a Password Keyring's master passwords, as accessed e.g. via seahorse
and the gnome-keyring-daemon
, so that users cannot use weak passwords to protect their keyrings. I'm not concerned about the passwords inside the keyrings, just the passwords for the keyrings themselves.
I have figured out how to make a call to the libpwquality
API, particularly pwquality_check
is the function I want. However, I am having difficulty retrieving the password in plaintext in the code, in order to pass it to pwquality_check
. For example, in the code near gkd-secret-create.c
line 211, if I try to capture the password that should be returned by gcr_prompt_password_finish
, I only get a NULL
.
gchar *password;
password = gcr_prompt_password_finish (GCR_PROMPT (source), result, &error);
// password is NULL
I've stepped through all the code I can find in a debugger and am coming up empty: the password seems to be obscured away very well, or already hashed and discarded by this point. How can I get the password from this prompt and send it to libpwquality
? Or is there a better way to enforce password complexity on GNOME's password manager/keyring?