compat: support pwquality options

pwquality configuration is written to /etc/security/pwquality.cond.d/10-authconfig-pwquality.conf Resolves: https://github.com/pbrezina/authselect/issues/63
pbrezina · Jul 13, 2018 · 14c4653 · 14c4653
1 parent 7fa4fbd
commit 14c4653
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 9 deletions.
diff --git a/src/compat/authcompat.py.in.in b/src/compat/authcompat.py.in.in
@@ -98,6 +98,7 @@ class Path:
         'sssd.conf'      : '@sysconfdir@/sssd/conf.d/authconfig-sssd.conf',
         'authconfig'     : '@sysconfdir@/sysconfig/authconfig',
         'network'        : '@sysconfdir@/sysconfig/network',
+        'pwquality.conf' : '@sysconfdir@/security/pwquality.conf.d/10-authconfig-pwquality.conf',
         'cmd-systemctl'  : '@bindir@/systemctl',
         'cmd-authselect' : '@bindir@/authselect',
         'cmd-realm'      : '@sbindir@/realm'
@@ -144,6 +145,13 @@ class Configuration:
 
         def getBool(self, name):
             return self.options.getBool(name)
+
+        def getBoolAsValue(self, name, if_true, if_false):
+            value = self.getBool(name)
+            if value:
+                return if_true
+
+            return if_false
 
         def removeFile(self, filename):
             print(_("Removing file: %s") % filename)
@@ -300,6 +308,26 @@ class Configuration:
                 eprint(_("%s was not found. Please, install realmd.")
                        % Path.System('cmd-realm'))
 
+    class PWQuality(Base):
+        def __init__(self, options):
+            super(Configuration.PWQuality, self).__init__(options)
+
+        def mustGenerate(self):
+            return True
+
+        def write(self):
+            config = EnvironmentFile(Path.System('pwquality.conf'))
+
+            config.set("minlen", self.get("passminlen"))
+            config.set("minclass", self.get("passminclass"))
+            config.set("maxrepeat", self.get("passmaxrepeat"))
+            config.set("maxclassrepeat", self.get("passmaxclassrepeat"))
+            config.set("lcredit", self.getBoolAsValue("reqlower", -1, 0))
+            config.set("ucredit", self.getBoolAsValue("requpper", -1, 0))
+            config.set("dcredit", self.getBoolAsValue("reqdigit", -1, 0))
+            config.set("ocredit", self.getBoolAsValue("reqother", -1, 0))
+            config.write()
+
 
 class AuthCompat:
     def __init__(self):
@@ -426,7 +454,8 @@ class AuthCompat:
             Configuration.Network(self.options),
             Configuration.Kerberos(self.options),
             Configuration.SSSD(self.options),
-            Configuration.Winbind(self.options)
+            Configuration.Winbind(self.options),
+            Configuration.PWQuality(self.options)
         ]
 
         for config in configs:

diff --git a/src/compat/authcompat_Options.py b/src/compat/authcompat_Options.py
@@ -108,6 +108,14 @@ class Options:
         Option.Feature("pamaccess",       _("check of access.conf during account authorization")),
         Option.Feature("mkhomedir",       _("creation of home directories for users on their first login")),
         Option.Feature("faillock",        _("account locking in case of too many consecutive authentication failures")),
+        Option.Valued ("passminlen",      _("<number>"), _("minimum length of a password")),
+        Option.Valued ("passminclass",    _("<number>"), _("minimum number of character classes in a password")),
+        Option.Valued ("passmaxrepeat",   _("<number>"), _("maximum number of same consecutive characters in a password")),
+        Option.Valued ("passmaxclassrepeat", _("<number>"), _("maximum number of consecutive characters of same class in a password")),
+        Option.Feature("reqlower",        _("require at least one lowercase character in a password")),
+        Option.Feature("requpper",        _("require at least one uppercase character in a password")),
+        Option.Feature("reqdigit",        _("require at least one digit in a password")),
+        Option.Feature("reqother",        _("require at least one other character in a password")),
 
         # Program options
         Option.Switch ("nostart",         _("do not start/stop services")),
@@ -155,14 +163,6 @@ class Options:
         Option.UnsupportedFeature("forcelegacy"),
         Option.UnsupportedFeature("locauthorize"),
         Option.UnsupportedFeature("sysnetauth"),
-        Option.UnsupportedValued ("passminlen", _("<number>")),
-        Option.UnsupportedValued ("passminclass", _("<number>")),
-        Option.UnsupportedValued ("passmaxrepeat", _("<number>")),
-        Option.UnsupportedValued ("passmaxclassrepeat", _("<number>")),
-        Option.UnsupportedFeature("reqlower"),
-        Option.UnsupportedFeature("requpper"),
-        Option.UnsupportedFeature("reqdigit"),
-        Option.UnsupportedFeature("reqother"),
         Option.UnsupportedValued ("faillockargs", _("<options>")),
     ]