[Freeipa-devel] [PATCH] 0002 Improve password validity check

David Kupka dkupka at redhat.com
Thu Jul 24 12:02:53 UTC 2014 

On 07/22/2014 08:55 AM, Martin Kosek wrote:
> On 07/21/2014 04:08 PM, David Kupka wrote:
>> On 07/18/2014 12:52 PM, Martin Kosek wrote:
>>> On 07/18/2014 12:33 PM, David Kupka wrote:
>>>> https://fedorahosted.org/freeipa/ticket/2796
>>>
>>> 1) Would it be easier/more convenient to just implement following simple check
>>> instead of bad_prefix/bad_suffix?
>>>
>>> if password.strip() != password:
>>>      raise ValueError('Password must not start or end with whitespace')
>>>
>>
>> Yes it would. Edited patch attached.
>>
>>>
>>> 2) The main goal of the ticket 2796 was not fixed yet. It sometimes happen that
>>> when installation crashes somewhere right after pkicreate, it does not record
>>> and and does not uninstall the PKI component during "ipa-server-install
>>> --uninstall".
>>>
>>> You may artificially invoke some crash in cainstance.py after pkicreate to test
>>> it. When fixing it, check how is_configured() in Service object works an how
>>> self.backup_state is called in other service modules (like dsinstance.py) where
>>> the detection works correctly.
>>
>> You're completely right, Martin. I was unable to reproduce the bug (to force
>> pkicreate/pkispawn to fail) so I thought that it was fixed by the password
>> restriction.
>> Then I discovered that most of the banned characters for password are no longer
>> causing troubles a focused on this. But it's yet another issue.
>
> 1) Whitespace error:
>
> $ git am /tmp/freeipa-dkupka-0002-2-Improve-password-validity-check.patch
> Applying: Improve password validity check.
> /home/mkosek/freeipa/.git/rebase-apply/patch:25: trailing whitespace.
>      # Disallow leading/trailing whaitespaces
> warning: 1 line adds whitespace errors.

Git is highlighting these errors I was probably temporary blind.
>
> 2) The new admin validator is not applied to "-a" command line option and you
> can pass any garbage to it. You need to replace this section:
>
>      if options.admin_password is not None and len(options.admin_password) < 8:
>          parser.error("Admin user password must be at least 8 characters long")
>
> ... with the new validator just like we validate DM password.
Added.

>
> Martin
>

-- 
David Kupka
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-dkupka-0002-3-Improve-password-validity-check.patch
Type: text/x-patch
Size: 3350 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140724/680ce957/attachment.bin>

More information about the Freeipa-devel mailing list