8b59e0c8bc
This change added ppolicy-check-password package from https://github.com/cedric-dufour/ppolicy-check-password This package contains check_password.so that is used by ldap to enforce password complexity for ldap users. Test Plan for Debian: PASS: package build, image build PASS: system bootstrap, controller unlock PASS: after controller unlock, login by "admin" user on console, and su to "admin" on ssh session. PASS: failure path with incompliant passwords for ldap user password change (eg, change password when first login) Story: 2009101 Task: 44864 Signed-off-by: Andy Ning <andy.ning@windriver.com> Change-Id: If5a1e5c6784c7354c0a4903e1d1c4abb21d8a01f
120 lines
4.5 KiB
Diff
120 lines
4.5 KiB
Diff
From d1891425d25aaa0a6aeb31e74be95dc8d2c3f90a Mon Sep 17 00:00:00 2001
|
|
From: Andy Ning <andy.ning@windriver.com>
|
|
Date: Thu, 17 Mar 2022 15:22:48 -0400
|
|
Subject: [PATCH] Support building ppolicy-check-password library
|
|
|
|
The patch added support to build ppolicy-check-password library
|
|
from:
|
|
https://github.com/cedric-dufour/ppolicy-check-password/tree/debian-stretch
|
|
commit: 02b9deeece428cbdae7970dfc5258a34e143cc28
|
|
|
|
Signed-off-by: Andy Ning <andy.ning@windriver.com>
|
|
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
|
|
---
|
|
debian/control | 16 +++++++++++++++-
|
|
debian/rules | 11 +++++++++--
|
|
debian/slapd-ppolicy-check-password.dirs | 2 ++
|
|
debian/slapd-ppolicy-check-password.install | 2 ++
|
|
4 files changed, 28 insertions(+), 3 deletions(-)
|
|
create mode 100644 debian/slapd-ppolicy-check-password.dirs
|
|
create mode 100644 debian/slapd-ppolicy-check-password.install
|
|
|
|
diff --git a/debian/control b/debian/control
|
|
index 7cad4d4..580f1a9 100644
|
|
--- a/debian/control
|
|
+++ b/debian/control
|
|
@@ -10,6 +10,7 @@ Build-Depends: debhelper (>= 10),
|
|
groff-base,
|
|
heimdal-multidev (>= 7.4.0.dfsg.1-1~) <!pkg.openldap.noslapd>,
|
|
libargon2-dev <!pkg.openldap.noslapd>,
|
|
+ libcrack2-dev <!pkg.openldap.noslapd>,
|
|
libdb5.3-dev <!pkg.openldap.noslapd>,
|
|
libgnutls28-dev,
|
|
libltdl-dev <!pkg.openldap.noslapd>,
|
|
@@ -19,7 +20,8 @@ Build-Depends: debhelper (>= 10),
|
|
nettle-dev <!pkg.openldap.noslapd>,
|
|
perl:any,
|
|
po-debconf,
|
|
- unixodbc-dev <!pkg.openldap.noslapd>
|
|
+ unixodbc-dev <!pkg.openldap.noslapd>,
|
|
+ unzip
|
|
Build-Conflicts: libbind-dev, bind-dev, autoconf2.13
|
|
Standards-Version: 4.5.0
|
|
Homepage: https://www.openldap.org/
|
|
@@ -67,6 +69,18 @@ Description: transitional package for slapd-contrib
|
|
This is a transitional package from slapd-smbk5pwd to slapd-contrib. It can be
|
|
safely removed.
|
|
|
|
+Package: slapd-ppolicy-check-password
|
|
+Section: net
|
|
+Priority: extra
|
|
+Architecture: any
|
|
+Build-Profiles: <!pkg.openldap.noslapd>
|
|
+Depends: slapd, ${shlibs:Depends}, ${misc:Depends}
|
|
+Suggests: cracklib-runtime
|
|
+Description: PPolicy password (strength) checker module
|
|
+ Extends the PPolicy module with password strength checks. Enable with:
|
|
+ pwdCheckModule: check_password.so
|
|
+ pwdCheckQuality: 2
|
|
+
|
|
Package: ldap-utils
|
|
Architecture: any
|
|
Depends: ${shlibs:Depends}, libldap-2.4-2 (= ${binary:Version}), ${misc:Depends}
|
|
diff --git a/debian/rules b/debian/rules
|
|
index 5b8b75f..ef38c2f 100755
|
|
--- a/debian/rules
|
|
+++ b/debian/rules
|
|
@@ -119,9 +119,14 @@ override_dh_auto_configure:
|
|
dh_auto_configure -- $(CONFIG)
|
|
|
|
override_dh_auto_build:
|
|
+ unzip ppolicy-check-password-debian-stretch.zip
|
|
+ sed -i 's#check_password: clean check_password.o#check_password: check_password.o#g' ppolicy-check-password-debian-stretch/Makefile
|
|
+ mv ppolicy-check-password-debian-stretch contrib/slapd-modules/ppolicy-check-password
|
|
+ cp -f check_password.conf contrib/slapd-modules/ppolicy-check-password
|
|
+
|
|
dh_auto_build -- $(MAKEVARS)
|
|
ifeq ($(filter pkg.openldap.noslapd,$(DEB_BUILD_PROFILES)),)
|
|
- for mod in $(CONTRIB_MODULES); do \
|
|
+ for mod in $(CONTRIB_MODULES) ppolicy-check-password; do \
|
|
dh_auto_build -Dcontrib/slapd-modules/$$mod -Bcontrib/slapd-modules/$$mod -- $(CONTRIB_MAKEVARS) || exit $$?; \
|
|
done
|
|
endif
|
|
@@ -136,7 +141,7 @@ endif
|
|
override_dh_auto_install:
|
|
dh_auto_install -- $(MAKEVARS)
|
|
ifeq ($(filter pkg.openldap.noslapd,$(DEB_BUILD_PROFILES)),)
|
|
- for mod in $(CONTRIB_MODULES); do \
|
|
+ for mod in $(CONTRIB_MODULES) ppolicy-check-password; do \
|
|
dh_auto_install -Dcontrib/slapd-modules/$$mod -Bcontrib/slapd-modules/$$mod -- $(CONTRIB_MAKEVARS) || exit $$?; \
|
|
done
|
|
|
|
@@ -165,6 +170,8 @@ endif
|
|
find $(installdir)/usr/share/man -name \*.8 \
|
|
| xargs perl -pi -e 's#(\.TH \w+ 8)C#$$1#'
|
|
|
|
+ cp -f check_password.conf $(installdir)/etc/ldap
|
|
+
|
|
override_dh_installinit:
|
|
dh_installinit -- "defaults 19 80"
|
|
|
|
diff --git a/debian/slapd-ppolicy-check-password.dirs b/debian/slapd-ppolicy-check-password.dirs
|
|
new file mode 100644
|
|
index 0000000..3d793ea
|
|
--- /dev/null
|
|
+++ b/debian/slapd-ppolicy-check-password.dirs
|
|
@@ -0,0 +1,2 @@
|
|
+etc/ldap
|
|
+usr/lib/ldap
|
|
diff --git a/debian/slapd-ppolicy-check-password.install b/debian/slapd-ppolicy-check-password.install
|
|
new file mode 100644
|
|
index 0000000..3e6278a
|
|
--- /dev/null
|
|
+++ b/debian/slapd-ppolicy-check-password.install
|
|
@@ -0,0 +1,2 @@
|
|
+contrib/slapd-modules/ppolicy-check-password/check_password.conf etc/ldap
|
|
+usr/lib/ldap/check_password.so*
|
|
--
|
|
2.25.1
|
|
|