passwordcheck: Log cracklib diagnostics

When calling cracklib to check the password, the diagnostic from cracklib was thrown away. This would hide essential information such as no dictionary being installed. Change this to show the cracklib error message using errdetail_log(). Reviewed-by: Daniel Gustafsson <[email protected]> Reviewed-by: Laurenz Albe <[email protected]> Discussion: https://www.postgresql.org/message-id/flat/f7266133-618a-0adc-52ef-f43c78806b0e%402ndquadrant.com
author: Peter Eisentraut 2020-08-28 06:16:32 +0000
committer: Peter Eisentraut 2020-08-28 06:18:24 +0000
commit: 924123a87f40c12063a2bb2500805447cddc02a3 (patch)
tree: 88897bffa1a67a38ed44f05ea81c861623a949c3
parent: 10564ee02ca380f8d614eabc4e80c5d39ea4edad (diff)
1 files changed, 6 insertions, 2 deletions
diff --git a/contrib/passwordcheck/passwordcheck.c b/contrib/passwordcheck/passwordcheck.c
index d5f9d14b01..70f056232f 100644
--- a/contrib/passwordcheck/passwordcheck.c
+++ b/contrib/passwordcheck/passwordcheck.c
@@ -91,6 +91,9 @@ check_password(const char *username,
 		int			i;
 		bool		pwd_has_letter,
 					pwd_has_nonletter;
+#ifdef USE_CRACKLIB
+		const char *reason;
+#endif
 
 		/* enforce minimum length */
 		if (pwdlen < MIN_PWD_LENGTH)
@@ -125,10 +128,11 @@ check_password(const char *username,
 
 #ifdef USE_CRACKLIB
 		/* call cracklib to check password */
-		if (FascistCheck(password, CRACKLIB_DICTPATH))
+		if ((reason = FascistCheck(password, CRACKLIB_DICTPATH)))
 			ereport(ERROR,
 					(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
-					 errmsg("password is easily cracked")));
+					 errmsg("password is easily cracked"),
+					 errdetail_log("cracklib diagnostic: %s", reason)));
 #endif
 	}
author	Peter Eisentraut	2020-08-28 06:16:32 +0000
committer	Peter Eisentraut	2020-08-28 06:18:24 +0000
commit	924123a87f40c12063a2bb2500805447cddc02a3 (patch)
tree	88897bffa1a67a38ed44f05ea81c861623a949c3
parent	10564ee02ca380f8d614eabc4e80c5d39ea4edad (diff)