Allow setting MinPasswordLength in AccountService
The MinPasswordLength property is writable according to the Redfish
schema and phosphor-user-manager allows setting it, so implement the
corresponding call.
Tested:
$ curl -k 'https://root:0penBmc@[fe80::5054:ff:fe12:3402%tap0]/redfish/v1/AccountService' -X PATCH -d '{"MinPasswordLength": 12}'
{
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_1_1.Message",
"Message": "Successfully Completed Request",
"MessageArgs": [],
"MessageId": "Base.1.8.1.Success",
"MessageSeverity": "OK",
"Resolution": "None"
}
]
}
$ curl -s -k 'https://root:0penBmc@[fe80::5054:ff:fe12:3402%tap0]/redfish/v1/AccountService' | jq .MinPasswordLength
12
root@qemuarm:~# grep cracklib /etc/pam.d/common-password
password [success=ok default=die] pam_cracklib.so debug enforce_for_root reject_username minlen=12 difok=0 lcredit=0 ocredit=0 dcredit=0 ucredit=0
$ curl -k 'https://root:0penBmc@[fe80::5054:ff:fe12:3402%tap0]/redfish/v1/AccountService' -X PATCH -d '{"MinPasswordLength": 8}'
{
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_1_1.Message",
"Message": "Successfully Completed Request",
"MessageArgs": [],
"MessageId": "Base.1.8.1.Success",
"MessageSeverity": "OK",
"Resolution": "None"
}
]
}
$ curl -s -k 'https://root:0penBmc@[fe80::5054:ff:fe12:3402%tap0]/redfish/v1/AccountService' | jq .MinPasswordLength
8
root@qemuarm:~# grep cracklib /etc/pam.d/common-password
password [success=ok default=die] pam_cracklib.so debug enforce_for_root reject_username minlen=8 difok=0 lcredit=0 ocredit=0 dcredit=0 ucredit=0
With https://gerrit.openbmc-project.xyz/c/openbmc/phosphor-user-manager/+/50589
applied this doesn't silently ignore the value that is less than the lower
limit and produces an error, the old value is preserved:
$ curl -k 'https://root:0penBmc@[fe80::5054:ff:fe12:3402%tap0]/redfish/v1/AccountService' -X PATCH -d '{"MinPasswordLength": 7}'
{
"error": {
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_1_1.Message",
"Message": "The request failed due to an internal service error. The service is still operational.",
"MessageArgs": [],
"MessageId": "Base.1.8.1.InternalError",
"MessageSeverity": "Critical",
"Resolution": "Resubmit the request. If the problem persists, consider resetting the service."
}
],
"code": "Base.1.8.1.InternalError",
"message": "The request failed due to an internal service error. The service is still operational."
}
$ curl -s -k 'https://root:0penBmc@[fe80::5054:ff:fe12:3402%tap0]/redfish/v1/AccountService' | jq .MinPasswordLength
8
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Change-Id: I17e5aa6ca7825fcffbec3939d572bc7ccc01405b
diff --git a/redfish-core/lib/account_service.hpp b/redfish-core/lib/account_service.hpp
index d89710b..ecc2e9c 100644
--- a/redfish-core/lib/account_service.hpp
+++ b/redfish-core/lib/account_service.hpp
@@ -1387,7 +1387,7 @@
const std::shared_ptr<bmcweb::AsyncResp>& asyncResp) -> void {
std::optional<uint32_t> unlockTimeout;
std::optional<uint16_t> lockoutThreshold;
- std::optional<uint16_t> minPasswordLength;
+ std::optional<uint8_t> minPasswordLength;
std::optional<uint16_t> maxPasswordLength;
std::optional<nlohmann::json> ldapObject;
std::optional<nlohmann::json> activeDirectoryObject;
@@ -1407,8 +1407,21 @@
if (minPasswordLength)
{
- messages::propertyNotWritable(asyncResp->res,
- "MinPasswordLength");
+ crow::connections::systemBus->async_method_call(
+ [asyncResp](const boost::system::error_code ec) {
+ if (ec)
+ {
+ messages::internalError(asyncResp->res);
+ return;
+ }
+ messages::success(asyncResp->res);
+ },
+ "xyz.openbmc_project.User.Manager",
+ "/xyz/openbmc_project/user",
+ "org.freedesktop.DBus.Properties", "Set",
+ "xyz.openbmc_project.User.AccountPolicy",
+ "MinPasswordLength",
+ dbus::utility::DbusVariantType(*minPasswordLength));
}
if (maxPasswordLength)