More strict input checks in ipa-pwpolicy and return non-zero when unsuccessful. Fixes: 461213, 461325, 461332, 461543

2025-02-25 18:55:28 -06:00 · 2008-09-10 00:46:09 +02:00
parent 885103c321
commit 7206a6d43c
1 changed files with 7 additions and 7 deletions
--- a/ipa-admintools/ipa-pwpolicy
+++ b/ipa-admintools/ipa-pwpolicy
@@ -101,14 +101,16 @@ def update_policy(client, options):
        if options.minlength:
            validate.is_integer(options.minlength, min=0)
            new.setValue('krbpwdminlength', options.minlength)
-    except validate.VdtTypeError, e:
-        print "%s" % str(e)
+    except (validate.VdtTypeError, validate.VdtValueTooSmallError), e:
+        print e
        return 1
-    except validate.VdtValueTooSmallError, e:
-        print "%s" % str(e)
+
+    if int(new.getValue('krbminpwdlife')) > int(new.getValue('krbmaxpwdlife')):
+        print "Maximal length of password life must be greater then the minimal"
        return 1

    client.update_password_policy(new)
+    return 0

 def main():
    options, args = parse_options()
@@ -119,9 +121,7 @@ def main():
        show_policy(client)
        return 0

-    update_policy(client, options)
-
-    return 0
+    return update_policy(client, options)

 try:
    if __name__ == "__main__":