From 96d6f948a9259740e29ed47c6ab30976f182b133 Mon Sep 17 00:00:00 2001 From: Alan Bandeira Date: Wed, 1 Mar 2023 00:16:22 -0300 Subject: [PATCH] Update error message for ldapsetpasswd Using ldapsetpasswd when changing a password may fail due to required password security standards. The current error message is vague and provides no information about the error causing password change to fail. This fix provides a more clear error message which informs the user about the security requirements for a new password. Test Plan: PASS: In a simplex system, create a ldap user named test and then run "sudo ldapsetpasswd test" and provide a password that fails the security requirements, such as "linux99", retype the provided password and the system should present an error message comprising the system's security requirements for user passwords. PASS: Using the same user created in the previous test plan, run the command "sudo ldapsetpasswd test ", changing for a bad password, and the system should present an error message comprising the system's security requirements for user passwords. Closes-Bug: 2008838 Change-Id: Ibe942d87bee402e43c42f33e26276f0e078213cb Signed-off-by: Alan Bandeira --- ...1-Update-ldapsetpasswd-error-message.patch | 55 +++++++++++++++++++ ldap/ldapscripts/debian/patches/series | 1 + 2 files changed, 56 insertions(+) create mode 100644 ldap/ldapscripts/debian/patches/0001-Update-ldapsetpasswd-error-message.patch diff --git a/ldap/ldapscripts/debian/patches/0001-Update-ldapsetpasswd-error-message.patch b/ldap/ldapscripts/debian/patches/0001-Update-ldapsetpasswd-error-message.patch new file mode 100644 index 000000000..f47f92ba4 --- /dev/null +++ b/ldap/ldapscripts/debian/patches/0001-Update-ldapsetpasswd-error-message.patch @@ -0,0 +1,55 @@ +From 45fa2de1f17dd421ac34f3485162b59c981f057c Mon Sep 17 00:00:00 2001 +From: Alan Bandeira +Date: Tue, 28 Mar 2023 12:16:32 -0300 +Subject: [PATCH] Update ldapsetpasswd error message + +Signed-off-by: Alan Bandeira +--- + sbin/ldapsetpasswd | 19 +++++++++++++++++-- + 1 file changed, 17 insertions(+), 2 deletions(-) + +diff --git a/sbin/ldapsetpasswd b/sbin/ldapsetpasswd +index 4cde4d7..452ed0c 100755 +--- a/sbin/ldapsetpasswd ++++ b/sbin/ldapsetpasswd +@@ -19,6 +19,21 @@ + # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + # USA. + ++# Password creation rules message ++_BADPASSWDMESSAGE=$(cat << EOF ++BAD PASSWORD! ++Password must comply with the following rules: ++* The password must be at least 7 characters long ++* You cannot reuse the last password in history ++* Every password must differ from its previous one by at least 3 characters ++* The password must contain: ++ - at least 1 lower-case character ++ - at least 1 upper-case character ++ - at least 1 numeric character ++ - at least 1 special character ++EOF ++) ++ + if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] + then + echo "Usage : $0 [encoded password]" +@@ -41,13 +56,13 @@ then + [ -z "$_PASSWORD" ] && end_die "Invalid password, please try again" + # Change user's password + _changepassword "$_PASSWORD" "$_ENTRY" +- [ $? -eq 0 ] || end_die "Error setting password for user $_ENTRY" ++ [ $? -eq 0 ] || end_die "${_BADPASSWDMESSAGE}" + end_ok "Successfully set password for user $_ENTRY" + else # Have to use the *encoded* password given on the command line + # Use LDIF info to modify the password + _PASSWORD="$2" + _extractldif 2 | _filterldif | _utf8encode | _ldapmodify +- [ $? -eq 0 ] || end_die "Error setting encoded password for user $_ENTRY" ++ [ $? -eq 0 ] || end_die "${_BADPASSWDMESSAGE}" + end_ok "Successfully set encoded password for user $_ENTRY" + fi + +-- +2.25.1 + diff --git a/ldap/ldapscripts/debian/patches/series b/ldap/ldapscripts/debian/patches/series index c76e5119c..cf8f108f6 100644 --- a/ldap/ldapscripts/debian/patches/series +++ b/ldap/ldapscripts/debian/patches/series @@ -6,3 +6,4 @@ allow-anonymous-bind-for-ldap-search.patch ldapscripts-templates.patch install-ldapscripts-files-to-etc.patch 0001-Reset-password-after-user-is-added.patch +0001-Update-ldapsetpasswd-error-message.patch \ No newline at end of file