ovh/the-bastion
1
1
Fork 0
mirror of https://github.com/ovh/the-bastion.git synced 2025-09-11 07:24:14 +08:00
Code Issues Projects Releases Packages Wiki Activity

enh: detect silent password change failures

Browse source
This commit is contained in:
Stéphane Lesimple 2021-12-15 14:22:00 +00:00 committed by Stéphane Lesimple
parent 3507586de6
commit 90dbe04dde
1 changed files with 12 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
bin/helper/osh-selfMFASetupPassword
View file

@ -63,6 +63,18 @@ elsif ($step == 1) {
# set a temporary password # set a temporary password
my $password = sprintf("%04d-%04d-%04d-%04d", rand(10000), rand(10000), rand(10000), rand(10000)); my $password = sprintf("%04d-%04d-%04d-%04d", rand(10000), rand(10000), rand(10000), rand(10000));
$fnret = OVH::Bastion::sys_changepassword(user => $account, password => $password); $fnret = OVH::Bastion::sys_changepassword(user => $account, password => $password);
if (!$fnret) {
if ($fnret->msg) {
warn_syslog("Error when calling sys_changepassword(): " . $fnret->msg);
HEXIT($fnret);
}
# chpasswd can fail if there is a PAM misconfiguration or other
# badly configured subsystem, which can error silently, in which
# case give a hint to the user, as fnret->msg is empty in this case
warn_syslog("Error when calling sys_changepassword(): silent error, misconfigured PAM?");
HEXIT(R('ERR_INTERNAL', msg => "A system error occurred when attempting to change the password, please check with your sysadmin"));
}
$fnret or HEXIT($fnret); $fnret or HEXIT($fnret);
# force password change in 1 day max (it should be done several seconds after anyway) # force password change in 1 day max (it should be done several seconds after anyway)