Update error message for ldapsetpasswd

Using ldapsetpasswd when changing a password may
fail due to required password security standards.
The current error message is vague and provides
no information about the error causing password
change to fail. This fix provides a more clear
error message which informs the user about the
security requirements for a new password.

Test Plan:
PASS: In a simplex system, create a ldap user named
      test and then run "sudo ldapsetpasswd test" and
      provide a password that fails the security
      requirements, such as "linux99", retype the
      provided password and the system should present
      an error message comprising the system's security
      requirements for user passwords.

PASS: Using the same user created in the previous test
      plan, run the command "sudo ldapsetpasswd test
      <pwd>", changing <pwd> for a bad password, and
      the system should present an error message
      comprising the system's security requirements
      for user passwords.

Closes-Bug: 2008838
Change-Id: Ibe942d87bee402e43c42f33e26276f0e078213cb
Signed-off-by: Alan Bandeira <Alan.PortelaBandeira@windriver.com>
This commit is contained in:
Alan Bandeira 2023-03-01 00:16:22 -03:00
parent e02268a95d
commit 96d6f948a9
2 changed files with 56 additions and 0 deletions

View File

@ -0,0 +1,55 @@
From 45fa2de1f17dd421ac34f3485162b59c981f057c Mon Sep 17 00:00:00 2001
From: Alan Bandeira <Alan.PortelaBandeira@windriver.com>
Date: Tue, 28 Mar 2023 12:16:32 -0300
Subject: [PATCH] Update ldapsetpasswd error message
Signed-off-by: Alan Bandeira <Alan.PortelaBandeira@windriver.com>
---
sbin/ldapsetpasswd | 19 +++++++++++++++++--
1 file changed, 17 insertions(+), 2 deletions(-)
diff --git a/sbin/ldapsetpasswd b/sbin/ldapsetpasswd
index 4cde4d7..452ed0c 100755
--- a/sbin/ldapsetpasswd
+++ b/sbin/ldapsetpasswd
@@ -19,6 +19,21 @@
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
# USA.
+# Password creation rules message
+_BADPASSWDMESSAGE=$(cat << EOF
+BAD PASSWORD!
+Password must comply with the following rules:
+* The password must be at least 7 characters long
+* You cannot reuse the last password in history
+* Every password must differ from its previous one by at least 3 characters
+* The password must contain:
+ - at least 1 lower-case character
+ - at least 1 upper-case character
+ - at least 1 numeric character
+ - at least 1 special character
+EOF
+)
+
if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]
then
echo "Usage : $0 <username | uid> [encoded password]"
@@ -41,13 +56,13 @@ then
[ -z "$_PASSWORD" ] && end_die "Invalid password, please try again"
# Change user's password
_changepassword "$_PASSWORD" "$_ENTRY"
- [ $? -eq 0 ] || end_die "Error setting password for user $_ENTRY"
+ [ $? -eq 0 ] || end_die "${_BADPASSWDMESSAGE}"
end_ok "Successfully set password for user $_ENTRY"
else # Have to use the *encoded* password given on the command line
# Use LDIF info to modify the password
_PASSWORD="$2"
_extractldif 2 | _filterldif | _utf8encode | _ldapmodify
- [ $? -eq 0 ] || end_die "Error setting encoded password for user $_ENTRY"
+ [ $? -eq 0 ] || end_die "${_BADPASSWDMESSAGE}"
end_ok "Successfully set encoded password for user $_ENTRY"
fi
--
2.25.1

View File

@ -6,3 +6,4 @@ allow-anonymous-bind-for-ldap-search.patch
ldapscripts-templates.patch ldapscripts-templates.patch
install-ldapscripts-files-to-etc.patch install-ldapscripts-files-to-etc.patch
0001-Reset-password-after-user-is-added.patch 0001-Reset-password-after-user-is-added.patch
0001-Update-ldapsetpasswd-error-message.patch