search

larrabee / freeipa-password-reset

Self-service password reset app for FreeIPA
GNU General Public License v3.0
88 stars 30 forks source link

problem with never expire accounts #36

Closed istenik closed 4 years ago

istenik commented 4 years ago

Hi

Looks like the code not counting with "krbmaxpwdlife=0" (never expire) and then setting "krbPasswordExpiration" to curent date (now+0) which makes password expired.

Please see FreeIPA source code: https://github.com/freeipa/freeipa/blob/master/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c row 625:

  if (data->expireTime == 0) {
    if (pol.max_pwd_life > 0) {
      /* max_pwd_life = 0 => never expire
      * set expire time only when max_pwd_life > 0 */
      data->expireTime = data->timeNow + pol.max_pwd_life;
    }
  }

Regards

larrabee commented 4 years ago

Hello. Thank you for report. Fix committed to master.

istenik commented 4 years ago

Syntax error (double if):

Mar 20 10:18:44 ipa python: File "/opt/IPAPasswordReset/PasswordReset/app/pwdmanager.py", line 70
Mar 20 10:18:44 ipa python: if if 'krbloginfailedcount' in user['result'] and int(user['result']['krbloginfailedcount'][0]) > 0:
Mar 20 10:18:44 ipa python: ^
Mar 20 10:18:44 ipa python: SyntaxError: invalid syntax
larrabee commented 4 years ago

Thanks, fixed;)

istenik commented 4 years ago

Working. Thanks!