Backport PR #78 to fix broken pwquality config (RHBZ #1618865)

2018-08-30 15:43:41 -07:00 · 2018-08-30 15:43:41 -07:00 · d9613bbf4b
commit d9613bbf4b
parent 6cc7543c3f
2 changed files with 57 additions and 1 deletions
--- a/0001-Don-t-write-options-without-value-to-pwquality-conf-.patch
+++ b/0001-Don-t-write-options-without-value-to-pwquality-conf-.patch
@ -0,0 +1,49 @@
+From 9e17c60b267f4c0a5e5f2fb33c409cd50c96ad10 Mon Sep 17 00:00:00 2001
+From: Adam Williamson <awilliam@redhat.com>
+Date: Tue, 28 Aug 2018 11:49:35 -0700
+Subject: [PATCH] Don't write options without value to pwquality conf
+ (#1618865)
+
+Per https://bugzilla.redhat.com/show_bug.cgi?id=1618865 , it is
+incorrect to write lines like this in a pwquality config file:
+
+minlen=
+minclass=
+maxrepeat=
+maxclassrepeat=
+
+There should either be an actual integer value, or the line
+should be omitted entirely. Including the option with no value
+is wrong and breaks pwquality. This should fix the problem by
+only writing the lines if the option is actually set.
+
+Signed-off-by: Adam Williamson <awilliam@redhat.com>
+---
+ src/compat/authcompat.py.in.in | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/src/compat/authcompat.py.in.in b/src/compat/authcompat.py.in.in
+index abe1e58..1b4f531 100755
+--- a/src/compat/authcompat.py.in.in
+++ b/src/compat/authcompat.py.in.in
+@@ -319,10 +319,13 @@ class Configuration:
+         def write(self):
+             config = EnvironmentFile(Path.System('pwquality.conf'))
+ 
+-            config.set("minlen", self.get("passminlen"))
+-            config.set("minclass", self.get("passminclass"))
+-            config.set("maxrepeat", self.get("passmaxrepeat"))
+-            config.set("maxclassrepeat", self.get("passmaxclassrepeat"))
+            # for each if these options, we want to write a line to the config
+            # *only if* it is set to an actual value, see
+            # https://bugzilla.redhat.com/show_bug.cgi?id=1618865
+            for pwval in ["minlen", "minclass", "maxrepeat", "maxclassrepeat"]:
+                if self.isset("pass{0}".format(pwval)):
+                    config.set(pwval, self.get("pass{0}".format(pwval)))
+
+             config.set("lcredit", self.getBoolAsValue("reqlower", -1, 0))
+             config.set("ucredit", self.getBoolAsValue("requpper", -1, 0))
+             config.set("dcredit", self.getBoolAsValue("reqdigit", -1, 0))
+-- 
+2.17.1
+
--- a/authselect.spec
+++ b/authselect.spec
@ -1,11 +1,14 @@
 Name:           authselect
 Version:        1.0
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        Configures authentication and identity sources from supported profiles
 URL:            https://github.com/pbrezina/authselect

 License:        GPLv3+
 Source0:        %{url}/archive/%{version}/%{name}-%{version}.tar.gz
+# Backport https://github.com/pbrezina/authselect/pull/78 to fix
+# https://bugzilla.redhat.com/show_bug.cgi?id=1618865
+Patch0:         0001-Don-t-write-options-without-value-to-pwquality-conf-.patch

 BuildRequires:  autoconf
 BuildRequires:  automake
@ -72,6 +75,7 @@ you develop a front-end for the authselect library.

 %prep
 %setup -q
+%patch0 -p1


 %build
@ -220,6 +224,9 @@ fi
 exit 0

 %changelog
+* Thu Aug 30 2018 Adam Williamson <awilliam@redhat.com> - 1.0-2
+- Backport PR #78 to fix broken pwquality config (RHBZ #1618865)
+
 * Mon Aug 13 2018 Pavel Březina <pbrezina@redhat.com> - 1.0-1
 - Rebase to 1.0