feat: added set/set password-policy actions

NethServer · Oct 30, 2023 · 4f21485 · 4f21485
1 parent 472c8eb
commit 4f21485
Show file tree

Hide file tree

Showing 4 changed files with 184 additions and 0 deletions.
diff --git a/imageroot/actions/get-password-policy/50get_password_policy b/imageroot/actions/get-password-policy/50get_password_policy
@@ -0,0 +1,26 @@
+#!/usr/bin/env python3
+
+#
+# Copyright (C) 2023 Nethesis S.r.l.
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+
+import json
+import re
+import subprocess
+import sys
+
+result = subprocess.run(['podman', 'exec', 'samba-dc', 'samba-tool', 'domain', 'passwordsettings', 'show'],
+                        check=True, capture_output=True, text=True)
+
+json.dump({
+    'expiration': {
+        'max_age': int(re.search(r'Maximum password age \(days\): (\d.*)\n', result.stdout).group(1)),
+        'min_age': int(re.search(r'Minimum password age \(days\): (\d.*)\n', result.stdout).group(1))
+    },
+    'strength': {
+        'history_length': int(re.search(r'Password history length: (\d.*)\n', result.stdout).group(1)),
+        'password_min_length': int(re.search(r'Minimum password length: (\d.*)\n', result.stdout).group(1)),
+        'complexity_check': re.search(r'Password complexity: (.*)\n', result.stdout).group(1) == 'on'
+    }
+}, fp=sys.stdout)
diff --git a/imageroot/actions/get-password-policy/validate-output.json b/imageroot/actions/get-password-policy/validate-output.json
@@ -0,0 +1,63 @@
+{
+    "$schema": "http://json-schema.org/draft-07/schema#",
+    "title": "get-password-policy output",
+    "$id": "http://schema.nethserver.org/openldap/get-password-policy-output.json",
+    "description": "Get the domain password policy",
+    "examples": [
+        {
+            "expiration": {
+                "max_age": 0,
+                "min_age": 0
+            },
+            "strength": {
+                "history_length": 24,
+                "password_min_length": 5,
+                "complexity_check": true
+            }
+        }
+    ],
+    "type": "object",
+    "required": [
+        "expiration",
+        "strength"
+    ],
+    "properties": {
+        "expiration": {
+            "type": "object",
+            "required": [
+                "enforced",
+                "max_age",
+                "min_age"
+            ],
+            "properties": {
+                "max_age": {
+                    "type": "integer"
+                },
+                "min_age": {
+                    "type": "integer"
+                }
+            }
+        },
+        "strength": {
+            "type": "object",
+            "required": [
+                "enforced",
+                "history_length",
+                "password_min_length",
+                "complexity_check"
+            ],
+            "properties": {
+                "history_length": {
+                    "type": "integer"
+                },
+                "password_min_length": {
+                    "type": "integer"
+                },
+                "complexity_check": {
+                    "type": "boolean"
+                }
+            }
+        }
+    },
+    "$defs": {}
+}
diff --git a/imageroot/actions/set-password-policy/50set_password_policy b/imageroot/actions/set-password-policy/50set_password_policy
@@ -0,0 +1,34 @@
+#!/usr/bin/env python3
+
+#
+# Copyright (C) 2023 Nethesis S.r.l.
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+
+import json
+import subprocess
+import sys
+
+request = json.load(sys.stdin)
+
+result = subprocess.run(
+    [
+        'podman',
+        'exec',
+        'samba-dc',
+        'samba-tool',
+        'domain',
+        'passwordsettings',
+        'set',
+        f'--min-pwd-age={request["expiration"]["min_age"]}',
+        f'--max-pwd-age={request["expiration"]["max_age"]}',
+        f'--history-length={request["strength"]["history_length"]}',
+        f'--min-pwd-length={request["strength"]["password_min_length"]}',
+        f'--complexity={"on" if request["strength"]["complexity_check"] else "off"}'
+    ],
+    check=True, capture_output=True, text=True)
+
+# print all changes without last two lines (success message and empty line)
+json.dump({
+    'changes': result.stdout.split('\n')[:-2]
+}, fp=sys.stdout)
diff --git a/imageroot/actions/set-password-policy/validate-input.json b/imageroot/actions/set-password-policy/validate-input.json
@@ -0,0 +1,61 @@
+{
+    "$schema": "http://json-schema.org/draft-07/schema#",
+    "title": "set-password-policy input",
+    "$id": "http://schema.nethserver.org/openldap/set-password-policy-input.json",
+    "description": "Set the domain password policy",
+    "examples": [
+        {
+            "expiration": {
+                "max_age": 0,
+                "min_age": 0
+            },
+            "strength": {
+                "history_length": 24,
+                "password_min_length": 5,
+                "complexity_check": true
+            }
+        }
+    ],
+    "type": "object",
+    "required": [
+        "expiration",
+        "strength"
+    ],
+    "properties": {
+        "expiration": {
+            "type": "object",
+            "required": [
+                "max_age",
+                "min_age"
+            ],
+            "properties": {
+                "max_age": {
+                    "type": "integer"
+                },
+                "min_age": {
+                    "type": "integer"
+                }
+            }
+        },
+        "strength": {
+            "type": "object",
+            "required": [
+                "history_length",
+                "password_min_length",
+                "complexity_check"
+            ],
+            "properties": {
+                "history_length": {
+                    "type": "integer"
+                },
+                "password_min_length": {
+                    "type": "integer"
+                },
+                "complexity_check": {
+                    "type": "boolean"
+                }
+            }
+        }
+    },
+    "$defs": {}
+}