Bug 40711 - activate_groupmembers should not use special characters in password
activate_groupmembers should not use special characters in password
Status: CLOSED FIXED
Product: UCS@school
Classification: Unclassified
Component: Import scripts
UCS@school 4.1
Other Linux
: P5 normal (vote)
: UCS@school 4.1 R2 vXXX
Assigned To: Daniel Tröder
Sönke Schwardt-Krummrich
: interim-3
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-02-17 13:42 CET by Michael Grandjean
Modified: 2016-10-04 13:24 CEST (History)
2 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional): Forked for project
Max CVSS v3 score:


Attachments
patch proposal (804 bytes, patch)
2016-02-17 13:54 CET, Michael Grandjean
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Grandjean univentionstaff 2016-02-17 13:42:05 CET
Currently, /usr/share/ucs-school-import/scripts/activate_groupmembers generates an 8 character long password and uses special characters.

Those special characters tend to be hard to type for some end users and easily cause problems when importing the CSV file in a spreadsheet software (e.g. leading '=' or '"').

For a better usability we should exclude special characters in these passwords. Maybe the character limit should then be raised to e.g. 12?
Comment 1 Michael Grandjean univentionstaff 2016-02-17 13:54:56 CET
Created attachment 7486 [details]
patch proposal
Comment 2 Daniel Tröder univentionstaff 2016-07-05 12:43:06 CEST
* Unified password generation code from ucs-school-lib and ucs-school-import.
* The length is taken from a password policy, if one exists, or is the default 8.
* New passwords are now guaranteed to be created from different character classes (lowercase, uppercase, digits, special chars).
* New passwords for activated group members now use a subset of special characters that are less difficult to type: -+.,;

ucs-school-lib: r70826
ucs-school-import: r70827
Advisory: r70828
Comment 3 Sönke Schwardt-Krummrich univentionstaff 2016-08-16 17:31:52 CEST
(In reply to Daniel Tröder from comment #2)
> * Unified password generation code from ucs-school-lib and ucs-school-import.

→ OK

> * The length is taken from a password policy, if one exists, or is the
> default 8.

→ Hmmm... see Bug 42012: the policy code was broken before, so I created a new bug

> * New passwords are now guaranteed to be created from different character
> classes (lowercase, uppercase, digits, special chars).

...if the password length is at least 4 characters.

> * New passwords for activated group members now use a subset of special
> characters that are less difficult to type: -+.,;

Yes. I don't think that "," is easily distinguishable from "." but I think this is ok for now.
 
> ucs-school-lib: r70826
> ucs-school-import: r70827
> Advisory: r70828

I removed "\" from special characters.

ucs-school-lib (9.0.21-2):
r71648 | Bug #40711: removed "\" from list of create_passwd's special characters

ucs-school-lib.yaml:
r71658 | Bug #40711: updated advisory
Comment 4 Sönke Schwardt-Krummrich univentionstaff 2016-10-04 13:24:52 CEST
UCS@school 4.1 R2 v5 has been released.

http://docs.software-univention.de/changelog-ucsschool-4.1R2v5-de.html

If this error occurs again, please clone this bug.