# HG changeset patch
# User jfp <jf.pieronne@laposte.net>
# Date 1733913631 -3600
# Wed Dec 11 11:40:31 2024 +0100
# Node ID 3b1292db05721c46e62b0c8bf10cfef72c68dd93
# Parent f189a61c23d238d92745463c26a274bf9553d44d
Fix class 05, don't get all_users at import time
diff --git a/secrules/rules05.py b/secrules/rules05.py
--- a/secrules/rules05.py
+++ b/secrules/rules05.py
@@ -2,16 +2,13 @@
__version__ = '1.0'
from .common import level_rule
-import os, os.path
from ovms.rtl import lib
-from ovms import syidef, uaidef, prvdef, dvidef, ossdef
+from ovms import syidef, uaidef
from ovms import user
from ovms import starlet
-from ovms import itemList
-from ovms import crtl
maxsysgroup = lib.getsyi(syidef.SYI__MAXSYSGROUP)[1]
-all_users = user.all_users()
+all_users = None
def cmp(a, b):
@@ -26,11 +23,15 @@
prematurely abort the system login sequence. This may prevent certain
procedures from being executed during login which may be required for this
site."""
+ global all_users
if not fmt:
print('Rule 0501', file=fo)
print('=========', file=fo)
+ if all_users is None:
+ all_users = user.all_users()
+
for u in list(all_users.values()):
if not (u.flags & uaidef.UAI_M_DISCTLY):
if fmt:
@@ -46,6 +47,10 @@
This allows these accounts to change the default Command Language Interpreter
(CLI ) or CLI tables which may have undesirable consequences.
It may also allow these accounts to avert any security monitoring during use."""
+ global all_users
+
+ if all_users is None:
+ all_users = user.all_users()
if not fmt:
print('', file=fo)
@@ -68,6 +73,10 @@
it be assigned a system level UIC. In addition, it is recommended that a
user of a captive account not be allowed to change the password for that
account -- The LOCKPWD flag should be set."""
+ global all_users
+
+ if all_users is None:
+ all_users = user.all_users()
if not fmt:
print('', file=fo)
@@ -93,6 +102,10 @@
it be assigned a system level UIC. In addition, its PRCLM quota should be
set to zero in order to prevent such a user to spawn out of the restricted
environment."""
+ global all_users
+
+ if all_users is None:
+ all_users = user.all_users()
if not fmt:
print('', file=fo)
@@ -118,6 +131,10 @@
these accounts are inactive and, therefore, may be unnecessary. They also
present a potential security risk in that unauthorized users may attempt to
gain access to the system using these accounts."""
+ global all_users
+
+ if all_users is None:
+ all_users = user.all_users()
if not fmt:
print('', file=fo)
@@ -143,6 +160,10 @@
Stale accounts can present opportunities to penetrate the system.
These may be stale accounts which are no longer needed. They may also be
utilized as a means to gain unauthorized access to the system."""
+ global all_users
+
+ if all_users is None:
+ all_users = user.all_users()
if not fmt:
print('', file=fo)
@@ -169,6 +190,10 @@
Improperly defined and maintained user accounts presents opportunities
to penetrate the system, thus giving an unauthorized user access to the system
resources."""
+ global all_users
+
+ if all_users is None:
+ all_users = user.all_users()
if not fmt:
print('', file=fo)
@@ -190,6 +215,10 @@
Improperly defined and maintained user accounts present opportunities
to penetrate the system, thus giving an unauthorized user access to the system
resources."""
+ global all_users
+
+ if all_users is None:
+ all_users = user.all_users()
if not fmt:
print('', file=fo)
@@ -214,6 +243,10 @@
of the site. Improperly defined Login related SYSGEN parameters can result
in the compromise of the operating system environment, and compromise the
confidentiality of customer data."""
+ global all_users
+
+ if all_users is None:
+ all_users = user.all_users()
if not fmt:
print('', file=fo)