From ae19eb551eb6733ea7a4cf7a4e526371971f1663 Mon Sep 17 00:00:00 2001
From: Vratislav Podzimek <vpodzime@redhat.com>
Date: Wed, 16 Sep 2015 14:36:23 +0200
Subject: [PATCH] Do not remove the root password behind user's back (#1263254)
If the chosen profile requires a longer password than what was set in kickstart,
consider it a misconfiguration like any other such issue instead of silently
removing the password and going on. Removing password brings two problems:
1) in text mode it causes a system with no (empty) root password to be installed
2) in graphical mode it causes the installation with a complete kickstart to
hang waiting for a new root password
Signed-off-by: Vratislav Podzimek <vpodzime@redhat.com>
---
org_fedora_oscap/rule_handling.py | 29 ++++++-----------------------
1 file changed, 6 insertions(+), 23 deletions(-)
diff --git a/org_fedora_oscap/rule_handling.py b/org_fedora_oscap/rule_handling.py
index a969b16..6a67e8a 100644
--- a/org_fedora_oscap/rule_handling.py
+++ b/org_fedora_oscap/rule_handling.py
@@ -392,7 +392,6 @@ class PasswdRules(RuleHandler):
"""Constructor initializing attributes."""
self._minlen = 0
- self._removed_password = None
def __str__(self):
"""Standard method useful for debugging and testing."""
@@ -415,7 +414,7 @@ class PasswdRules(RuleHandler):
# no password restrictions, nothing to be done here
return []
- if not ksdata.rootpw.password and self._removed_password is None:
+ if not ksdata.rootpw.password:
# root password was not set
# password length enforcement is not suported in the Anaconda yet
@@ -427,30 +426,14 @@ class PasswdRules(RuleHandler):
if ksdata.rootpw.isCrypted:
msg = _("cannot check root password length (password is crypted)")
return [RuleMessage(common.MESSAGE_TYPE_WARNING, msg)]
- elif len(ksdata.rootpw.password) < self._minlen or \
- self._removed_password is not None:
- # too short or already removed
- msg = _("root password was too short, a longer one with at "
- "least %d characters will be required" % self._minlen)
- if not report_only and self._removed_password is None:
- # remove the password and reset the seen flag no to confuse Anaconda
- self._removed_password = ksdata.rootpw.password
- ksdata.rootpw.password = ""
- ksdata.rootpw.seen = False
- return [RuleMessage(common.MESSAGE_TYPE_WARNING, msg)]
+ elif len(ksdata.rootpw.password) < self._minlen:
+ # too short
+ msg = _("root password is too short, a longer one with at "
+ "least %d characters is required" % self._minlen)
+ return [RuleMessage(common.MESSAGE_TYPE_FATAL, msg)]
else:
return []
- def revert_changes(self, ksdata, storage):
- """:see: RuleHandler.revert_changes"""
-
- # set the old password back
- if self._removed_password is not None:
- ksdata.rootpw.password = self._removed_password
- ksdata.rootpw.seen = True
-
- self._removed_password = None
-
class PackageRules(RuleHandler):
"""Simple class holding data from the rules affecting installed packages."""
--
2.1.0