packages/kiran-cc-daemon
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!41 修复图形和命令密码策略不一致问题

Browse Source 
From: @tangjie02 
Reviewed-by: @liubuguiii 
Signed-off-by: @liubuguiii
This commit is contained in:
openeuler-ci-bot 2022-11-16 01:20:37 +00:00 committed by Gitee
commit ef76fa0a20
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 115 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

110
0001-fix-passwd-Fix-password-policy-inconsistencies.patch Normal file
View File

@ -0,0 +1,110 @@
From 90310b4ca83d1b91a91e98f505d1b2c918f78297 Mon Sep 17 00:00:00 2001
From: tangjie02 <tangjie02@kylinsec.com.cn>
Date: Mon, 14 Nov 2022 19:47:05 +0800
Subject: [PATCH] fix(passwd): Fix password policy inconsistencies.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
- 修复密码策略不一致问题
Closes #I60Q7P
Signed-off-by: tangjie02 <tangjie02@kylinsec.com.cn>
---
plugins/accounts/passwd-wrapper.cpp | 34 +++++++++++++++++++++--------
plugins/accounts/user.cpp | 2 ++
2 files changed, 27 insertions(+), 9 deletions(-)
diff --git a/plugins/accounts/passwd-wrapper.cpp b/plugins/accounts/passwd-wrapper.cpp
index 860fa7a..8ce454d 100644
--- a/plugins/accounts/passwd-wrapper.cpp
+++ b/plugins/accounts/passwd-wrapper.cpp
@@ -141,8 +141,9 @@ void PasswdWrapper::on_child_setup(uint32_t caller_uid)
// 如果是设置当前用户密码,则需要进行降权
if (caller_uid == user->uid_get())
{
- if (setuid(user->uid_get()) != 0 ||
- setgid(user->gid_get()) != 0)
+ // 必须先设置gid然后再设置uid否则在设置uid后已经不是特权用户无法设置gid
+ if (setgid(user->gid_get()) != 0 ||
+ setuid(user->uid_get()) != 0)
{
exit(1);
}
@@ -196,8 +197,8 @@ bool PasswdWrapper::on_passwd_output(Glib::IOCondition io_condition, Glib::RefPt
auto retval = this->process_passwd_output_line(handled_passwd_tips);
- // 处理出错,直接退出
- if (!this->additional_error_message_.empty())
+ // 处理出错且后面不再有数据则退出
+ if (!this->additional_error_message_.empty() && this->unhandled_passwd_tips_.empty())
{
this->end_passwd(false);
break;
@@ -277,7 +278,8 @@ bool PasswdWrapper::process_passwd_output_line(const std::string &line)
this->in_io_channel_->write(this->new_password_ + "\n");
retval = true;
}
- // 如果是整行信息,说明出现了错误
+ /* 如果是整行信息,说明是错误或者告警信息。因为这里没法区分是错误或者告警信息,所以只能继续往下处理到数据结束,
+ 如果最后一条是提示信息,说明当前属于告警信息,否则是错误信息。*/
else if (line.find_first_of('\n') != std::string::npos)
{
this->state_ = PASSWD_STATE_ERROR;
@@ -304,6 +306,17 @@ bool PasswdWrapper::process_passwd_output_line(const std::string &line)
retval = true;
}
break;
+ case PASSWD_STATE_ERROR:
+ {
+ // 这里说明上一条信息是告警消息而非错误消息,因此清空错误消息并继续往下走
+ if (StrUtils::endswith(lowercase_passwd_tips, "retype new password: "))
+ {
+ this->state_ = PASSWD_STATE_RETYPE;
+ this->in_io_channel_->write(this->new_password_ + "\n");
+ this->additional_error_message_.clear();
+ retval = true;
+ }
+ }
default:
retval = true;
break;
@@ -314,13 +327,16 @@ bool PasswdWrapper::process_passwd_output_line(const std::string &line)
void PasswdWrapper::on_child_watch(GPid pid, int child_status)
{
- KLOG_DEBUG("Process passwd(%d) exit.", (int32_t)pid);
+ KLOG_DEBUG("Process passwd(%d) exit, exit status: %d.", (int32_t)pid, child_status);
- if (WIFEXITED(child_status))
+ g_autoptr(GError) g_error = NULL;
+ auto result = g_spawn_check_exit_status(child_status, &g_error);
+ if (!result)
{
- if (WEXITSTATUS(child_status) >= 255)
+ KLOG_WARNING("%s.", g_error->message);
+ if (this->error_message_.empty())
{
- KLOG_WARNING("Child exited unexpectedly");
+ this->error_message_ = CC_ERROR2STR(CCErrorCode::ERROR_FAILED);
}
}
diff --git a/plugins/accounts/user.cpp b/plugins/accounts/user.cpp
index 7835bb4..c8abf37 100644
--- a/plugins/accounts/user.cpp
+++ b/plugins/accounts/user.cpp
@@ -749,6 +749,8 @@ void User::change_password_by_passwd_authorized_cb(MethodInvocation invocation,
auto current_password = CryptoHelper::rsa_decrypt(AccountsManager::get_instance()->get_rsa_private_key(), encrypted_current_password);
auto new_password = CryptoHelper::rsa_decrypt(AccountsManager::get_instance()->get_rsa_private_key(), encrypted_new_password);
+ // KLOG_DEBUG("The currentPassword: %s, newPassword: %s.", current_password.c_str(), new_password.c_str());
+
if (this->passwd_wrapper_ && this->passwd_wrapper_->get_state() != PasswdState::PASSWD_STATE_NONE)
{
DBUS_ERROR_REPLY_AND_RET(CCErrorCode::ERROR_ACCOUNTS_USER_MODIFYING_PASSWORD);
--
2.33.0

6
kiran-cc-daemon.spec
View File

@ -1,12 +1,13 @@
Name: kiran-cc-daemon Name: kiran-cc-daemon
Version: 2.4.0 Version: 2.4.0
Release: 2 Release: 3
Summary: DBus daemon for Kiran Desktop Summary: DBus daemon for Kiran Desktop
License: MulanPSL-2.0 License: MulanPSL-2.0
Source0: %{name}-%{version}.tar.gz Source0: %{name}-%{version}.tar.gz
Patch0001: 0001-feature-timedate-Delete-timedate_i.h-file.patch Patch0001: 0001-feature-timedate-Delete-timedate_i.h-file.patch
Patch0002: 0001-fix-passwd-Fix-password-policy-inconsistencies.patch
BuildRequires: cmake >= 3.2 BuildRequires: cmake >= 3.2
@ -152,6 +153,9 @@ glib-compile-schemas /usr/share/glib-2.0/schemas &> /dev/nulls || :
%{_libdir}/pkgconfig/kiran-cc-daemon.pc %{_libdir}/pkgconfig/kiran-cc-daemon.pc
%changelog %changelog
* Tue Nov 15 2022 tangjie02 <tangjie02@kylinsec.com.cn> - 2.3.0-12
- KYOS-B: Fix password policy inconsistencies.(I60Q7P)
* Fri Oct 28 2022 tangjie02 <tangjie02@kylinsec.com.cn> - 2.4.0-2 * Fri Oct 28 2022 tangjie02 <tangjie02@kylinsec.com.cn> - 2.4.0-2
- KYOS-F: Delete timedate_i.h file. - KYOS-F: Delete timedate_i.h file.