commit 6dc7ed95c5bf07e8273d6fad79018f5f19a9b77e
author Paul Fertser <fercerpav@gmail.com> Fri Jan 21 19:36:34 2022 +0000
committer Patrick Williams <patrick@stwcx.xyz> Thu Apr 21 22:24:42 2022 +0000
tree 1ff536692fdabaec02023c03c77b7097fc17a0d2
parent 0e171698dfc4aa71e2b4e47d52777a439bf7cf14

Signal when trying to set minPasswordLength low

Instead of silently ignoring the request when a user tries to set
minPasswordLength to less than 8 characters emit a log message and
return an error to the sender.

Tested:

root@qemuarm:~# busctl set-property xyz.openbmc_project.User.Manager /xyz/openbmc_project/user xyz.openbmc_project.User.AccountPolicy MinPasswordLength y 8

root@qemuarm:~# busctl set-property xyz.openbmc_project.User.Manager /xyz/openbmc_project/user xyz.openbmc_project.User.AccountPolicy MinPasswordLength y 7
Failed to set property MinPasswordLength on interface xyz.openbmc_project.User.AccountPolicy: Invalid argument was given.

Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Change-Id: Ied17a46dbc9746212a7e9a4fbf1eed82fc01c3d1

user_mgr.cpp

diff --git a/user_mgr.cpp b/user_mgr.cpp
index a5a3f7b..a5ecb8f 100644
--- a/user_mgr.cpp
+++ b/user_mgr.cpp
@@ -469,7 +469,13 @@
     }
     if (value < minPasswdLength)
     {
-        return value;
+        log<level::ERR>(("Attempting to set minPasswordLength to less than " +
+                         std::to_string(minPasswdLength))
+                            .c_str(),
+                        entry("SIZE=%d", value));
+        elog<InvalidArgument>(
+            Argument::ARGUMENT_NAME("minPasswordLength"),
+            Argument::ARGUMENT_VALUE(std::to_string(value).c_str()));
     }
     if (setPamModuleArgValue(pamCrackLib, minPasswdLenProp,
                              std::to_string(value)) != success)