From a3367735042c035535f913ef4a0d674516e01508 Mon Sep 17 00:00:00 2001
From: weizhw <12613490+weizhw@user.noreply.gitee.com>
Date: Thu, 27 Mar 2025 05:46:54 +0000
Subject: [PATCH] =?UTF-8?q?rename=20KSecMain/policy/shell/minlen.sh=20to?=
 =?UTF-8?q?=20KSecMain/policy/shell/ocredit.sh.=20=E6=A3=80=E6=9F=A5?=
 =?UTF-8?q?=E5=AF=86=E7=A0=81=E5=A4=8D=E6=9D=82=E5=BA=A6=E7=AD=96=E7=95=A5?=
 =?UTF-8?q?-=E7=89=B9=E6=AE=8A=E5=AD=97=E7=AC=A6=E6=95=B0=E9=87=8F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: weizhw <12613490+weizhw@user.noreply.gitee.com>
---
 KSecMain/policy/shell/minlen.sh  |  0
 KSecMain/policy/shell/ocredit.sh | 54 ++++++++++++++++++++++++++++++++
 2 files changed, 54 insertions(+)
 delete mode 100644 KSecMain/policy/shell/minlen.sh
 create mode 100644 KSecMain/policy/shell/ocredit.sh

diff --git a/KSecMain/policy/shell/minlen.sh b/KSecMain/policy/shell/minlen.sh
deleted file mode 100644
index e69de29..0000000
diff --git a/KSecMain/policy/shell/ocredit.sh b/KSecMain/policy/shell/ocredit.sh
new file mode 100644
index 0000000..a6db722
--- /dev/null
+++ b/KSecMain/policy/shell/ocredit.sh
@@ -0,0 +1,54 @@
+#!/bin/bash
+
+PassOCredit()
+{
+  AUTH_FILE_PATH=/etc/pam.d/
+
+  [ "${G_MODE}" == 'c' ] && PassOCreditCheckWithEcho
+}
+function PassOCreditCheckWithEcho()
+{
+  PassOCreditCheck
+  EchoCheckResult
+}
+
+function PassOCreditCheck()
+{
+  OCREDIT_SYSTEM=$(grep -oP '^password.*pam_pwquality.so.*\bocredit=\K-?\d+' $AUTH_FILE_PATH/system-auth)
+  OCREDIT_PWQUALITY=$(grep -oP '^\s*ocredit\s*=\s*\K-?\d+' /etc/security/pwquality.conf)
+  if [[ (-z "$OCREDIT_SYSTEM" || "$OCREDIT_SYSTEM" -gt $I_OCREDIT) ||  (-z "$OCREDIT_PWQUALITY" || "$OCREDIT_PWQUALITY" -gt $I_OCREDIT ) ]]; then
+    # 需要输出检测结果和实际值
+    if [[ -z "$OCREDIT_SYSTEM" || -z "$OCREDIT_PWQUALITY" ]];then
+      VALUE="未配置"
+    elif [[ "$OCREDIT_SYSTEM" -gt $I_OCREDIT ]];then
+      VALUE=$OCREDIT_SYSTEM
+    else
+      VALUE=$OCREDIT_PWQUALITY
+    fi
+    RESULT="fail"
+  else
+    VALUE=$OCREDIT_SYSTEM
+    RESULT="success"
+  fi
+}
+
+# 用于输出结果的方法
+function EchoCheckResult()
+{
+  [ "${G_MODE}" == 'c' ] && echo "$RESULT@$VALUE@$I_OCREDIT"
+}
+
+if [[ "$#" -eq 3 ]];then
+  I_OCREDIT="$1";
+  if ! [[ "$I_OCREDIT" =~ ^(-[0-9]+|[0-9]+)$ ]];then
+    I_OCREDIT=-1
+  fi
+  G_MODE="$2";
+  VALUE_BAK_FILE="$3"
+  PassOCredit
+else
+  G_MODE='c'
+  I_OCREDIT=-1
+  PassOCredit
+fi
+
-- 
Gitee