From 6f0543c0ae1ccc313390c0887970b107b4aa8f46 Mon Sep 17 00:00:00 2001 From: tangjie02 Date: Tue, 15 Nov 2022 09:24:33 +0800 Subject: [PATCH] Fix password policy inconsistencies. Signed-off-by: tangjie02 --- ...-Fix-password-policy-inconsistencies.patch | 110 ++++++++++++++++++ kiran-cc-daemon.spec | 6 +- 2 files changed, 115 insertions(+), 1 deletion(-) create mode 100644 0001-fix-passwd-Fix-password-policy-inconsistencies.patch diff --git a/0001-fix-passwd-Fix-password-policy-inconsistencies.patch b/0001-fix-passwd-Fix-password-policy-inconsistencies.patch new file mode 100644 index 0000000..ec1a54e --- /dev/null +++ b/0001-fix-passwd-Fix-password-policy-inconsistencies.patch @@ -0,0 +1,110 @@ +From 90310b4ca83d1b91a91e98f505d1b2c918f78297 Mon Sep 17 00:00:00 2001 +From: tangjie02 +Date: Mon, 14 Nov 2022 19:47:05 +0800 +Subject: [PATCH] fix(passwd): Fix password policy inconsistencies. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +- 修复密码策略不一致问题 + +Closes #I60Q7P + +Signed-off-by: tangjie02 +--- + plugins/accounts/passwd-wrapper.cpp | 34 +++++++++++++++++++++-------- + plugins/accounts/user.cpp | 2 ++ + 2 files changed, 27 insertions(+), 9 deletions(-) + +diff --git a/plugins/accounts/passwd-wrapper.cpp b/plugins/accounts/passwd-wrapper.cpp +index 860fa7a..8ce454d 100644 +--- a/plugins/accounts/passwd-wrapper.cpp ++++ b/plugins/accounts/passwd-wrapper.cpp +@@ -141,8 +141,9 @@ void PasswdWrapper::on_child_setup(uint32_t caller_uid) + // 如果是设置当前用户密码,则需要进行降权 + if (caller_uid == user->uid_get()) + { +- if (setuid(user->uid_get()) != 0 || +- setgid(user->gid_get()) != 0) ++ // 必须先设置gid然后再设置uid,否则在设置uid后已经不是特权用户,无法设置gid ++ if (setgid(user->gid_get()) != 0 || ++ setuid(user->uid_get()) != 0) + { + exit(1); + } +@@ -196,8 +197,8 @@ bool PasswdWrapper::on_passwd_output(Glib::IOCondition io_condition, Glib::RefPt + + auto retval = this->process_passwd_output_line(handled_passwd_tips); + +- // 处理出错,直接退出 +- if (!this->additional_error_message_.empty()) ++ // 处理出错且后面不再有数据则退出 ++ if (!this->additional_error_message_.empty() && this->unhandled_passwd_tips_.empty()) + { + this->end_passwd(false); + break; +@@ -277,7 +278,8 @@ bool PasswdWrapper::process_passwd_output_line(const std::string &line) + this->in_io_channel_->write(this->new_password_ + "\n"); + retval = true; + } +- // 如果是整行信息,说明出现了错误 ++ /* 如果是整行信息,说明是错误或者告警信息。因为这里没法区分是错误或者告警信息,所以只能继续往下处理到数据结束, ++ 如果最后一条是提示信息,说明当前属于告警信息,否则是错误信息。*/ + else if (line.find_first_of('\n') != std::string::npos) + { + this->state_ = PASSWD_STATE_ERROR; +@@ -304,6 +306,17 @@ bool PasswdWrapper::process_passwd_output_line(const std::string &line) + retval = true; + } + break; ++ case PASSWD_STATE_ERROR: ++ { ++ // 这里说明上一条信息是告警消息而非错误消息,因此清空错误消息并继续往下走 ++ if (StrUtils::endswith(lowercase_passwd_tips, "retype new password: ")) ++ { ++ this->state_ = PASSWD_STATE_RETYPE; ++ this->in_io_channel_->write(this->new_password_ + "\n"); ++ this->additional_error_message_.clear(); ++ retval = true; ++ } ++ } + default: + retval = true; + break; +@@ -314,13 +327,16 @@ bool PasswdWrapper::process_passwd_output_line(const std::string &line) + + void PasswdWrapper::on_child_watch(GPid pid, int child_status) + { +- KLOG_DEBUG("Process passwd(%d) exit.", (int32_t)pid); ++ KLOG_DEBUG("Process passwd(%d) exit, exit status: %d.", (int32_t)pid, child_status); + +- if (WIFEXITED(child_status)) ++ g_autoptr(GError) g_error = NULL; ++ auto result = g_spawn_check_exit_status(child_status, &g_error); ++ if (!result) + { +- if (WEXITSTATUS(child_status) >= 255) ++ KLOG_WARNING("%s.", g_error->message); ++ if (this->error_message_.empty()) + { +- KLOG_WARNING("Child exited unexpectedly"); ++ this->error_message_ = CC_ERROR2STR(CCErrorCode::ERROR_FAILED); + } + } + +diff --git a/plugins/accounts/user.cpp b/plugins/accounts/user.cpp +index 7835bb4..c8abf37 100644 +--- a/plugins/accounts/user.cpp ++++ b/plugins/accounts/user.cpp +@@ -749,6 +749,8 @@ void User::change_password_by_passwd_authorized_cb(MethodInvocation invocation, + auto current_password = CryptoHelper::rsa_decrypt(AccountsManager::get_instance()->get_rsa_private_key(), encrypted_current_password); + auto new_password = CryptoHelper::rsa_decrypt(AccountsManager::get_instance()->get_rsa_private_key(), encrypted_new_password); + ++ // KLOG_DEBUG("The currentPassword: %s, newPassword: %s.", current_password.c_str(), new_password.c_str()); ++ + if (this->passwd_wrapper_ && this->passwd_wrapper_->get_state() != PasswdState::PASSWD_STATE_NONE) + { + DBUS_ERROR_REPLY_AND_RET(CCErrorCode::ERROR_ACCOUNTS_USER_MODIFYING_PASSWORD); +-- +2.33.0 + diff --git a/kiran-cc-daemon.spec b/kiran-cc-daemon.spec index 1bed4e7..24e07ff 100644 --- a/kiran-cc-daemon.spec +++ b/kiran-cc-daemon.spec @@ -1,12 +1,13 @@ Name: kiran-cc-daemon Version: 2.4.0 -Release: 2 +Release: 3 Summary: DBus daemon for Kiran Desktop License: MulanPSL-2.0 Source0: %{name}-%{version}.tar.gz Patch0001: 0001-feature-timedate-Delete-timedate_i.h-file.patch +Patch0002: 0001-fix-passwd-Fix-password-policy-inconsistencies.patch BuildRequires: cmake >= 3.2 @@ -152,6 +153,9 @@ glib-compile-schemas /usr/share/glib-2.0/schemas &> /dev/nulls || : %{_libdir}/pkgconfig/kiran-cc-daemon.pc %changelog +* Tue Nov 15 2022 tangjie02 - 2.3.0-12 +- KYOS-B: Fix password policy inconsistencies.(I60Q7P) + * Fri Oct 28 2022 tangjie02 - 2.4.0-2 - KYOS-F: Delete timedate_i.h file.