Sfoglia il codice sorgente

Option to clear stored passwords

Bob Mottram 9 anni fa
parent
commit
075909f522
2 ha cambiato i file con 54 aggiunte e 18 eliminazioni
  1. 17
    0
      src/freedombone-pass
  2. 37
    18
      src/freedombone-sec

+ 17
- 0
src/freedombone-pass Vedi File

@@ -125,6 +125,20 @@ function run_tests {
125 125
     echo "Tests passed"
126 126
 }
127 127
 
128
+function clear_passwords {
129
+    # remove all passwords except for the root one, which is needed
130
+    # for automatic database backups
131
+    for d in /root/.passwords/*/ ; do
132
+        USERNAME=$(echo "$d" | awk -F '/' '{print $4}')
133
+        if [[ "$USERNAME" != 'root' ]]; then
134
+            shred -zu /root/.passwords/$USERNAME/*
135
+            rm -rf /root/.passwords/$USERNAME
136
+        fi
137
+    done
138
+    echo $'Passwords cleared'
139
+    exit 0
140
+}
141
+
128 142
 while [[ $# > 1 ]]
129 143
 do
130 144
     key="$1"
@@ -137,6 +151,9 @@ do
137 151
             shift
138 152
             TESTS=1
139 153
             ;;
154
+        -c|--clear|--erase)
155
+            clear_passwords
156
+            ;;
140 157
         -u|--user|--username)
141 158
             shift
142 159
             CURR_USERNAME="${1}"

+ 37
- 18
src/freedombone-sec Vedi File

@@ -685,22 +685,38 @@ function remove_pinning {
685 685
     esac
686 686
 }
687 687
 
688
+function clear_passwords {
689
+    dialog --title $"Clear Passwords" \
690
+           --backtitle $"Freedombone Security Configuration" \
691
+           --defaultno \
692
+           --yesno $"\nThis will remove all user passwords from the system. Are you sure that you want to do this?" 8 60
693
+    sel=$?
694
+    case $sel in
695
+        1) return;;
696
+        255) return;;
697
+    esac
698
+    ${PROJECT_NAME}-pass --clear yes
699
+    dialog --title $"Passwords were removed" \
700
+           --msgbox $"\nFor the best security you should now manually change passwords via web interfaces so that there is no possibility of them being recovered from the disk" 9 60
701
+}
702
+
688 703
 function menu_security_settings {
689 704
     data=$(tempfile 2>/dev/null)
690 705
     trap "rm -f $data" 0 1 2 5 15
691 706
     dialog --backtitle $"Freedombone Control Panel" \
692 707
            --title $"Security Settings" \
693
-           --radiolist $"Choose an operation:" 17 76 17 \
708
+           --radiolist $"Choose an operation:" 18 76 18 \
694 709
            1 $"Show ssh host public key" off \
695
-           2 $"Regenerate ssh host keys" off \
696
-           3 $"Regenerate Diffie-Hellman keys" off \
697
-           4 $"Update cipersuite" off \
698
-           5 $"Create a new Let's Encrypt certificate" off \
699
-           6 $"Renew Let's Encrypt certificate" off \
700
-           7 $"Enable GPG based authentication (monkeysphere)" off \
701
-           8 $"Register a website with monkeysphere" off \
702
-           9 $"Allow ssh login with passwords" off \
703
-           10 $"Go Back/Exit" on 2> $data
710
+           2 $"Clear password store" off \
711
+           3 $"Regenerate ssh host keys" off \
712
+           4 $"Regenerate Diffie-Hellman keys" off \
713
+           5 $"Update cipersuite" off \
714
+           6 $"Create a new Let's Encrypt certificate" off \
715
+           7 $"Renew Let's Encrypt certificate" off \
716
+           8 $"Enable GPG based authentication (monkeysphere)" off \
717
+           9 $"Register a website with monkeysphere" off \
718
+           10 $"Allow ssh login with passwords" off \
719
+           11 $"Go Back/Exit" on 2> $data
704 720
     sel=$?
705 721
     case $sel in
706 722
         1) exit 1;;
@@ -728,33 +744,36 @@ function menu_security_settings {
728 744
             exit 0
729 745
             ;;
730 746
         2)
731
-            regenerate_ssh_host_keys
747
+            clear_passwords
732 748
             ;;
733 749
         3)
734
-            regenerate_dh_keys
750
+            regenerate_ssh_host_keys
735 751
             ;;
736 752
         4)
753
+            regenerate_dh_keys
754
+            ;;
755
+        5)
737 756
             interactive_setup
738 757
             update_ciphersuite
739 758
             ;;
740
-        5)
759
+        6)
741 760
             create_letsencrypt
742 761
             ;;
743
-        6)
762
+        7)
744 763
             renew_letsencrypt
745 764
             ;;
746
-        7)
765
+        8)
747 766
             enable_monkeysphere
748 767
             ;;
749
-        8)
768
+        9)
750 769
             register_website
751 770
             ;;
752
-        9)
771
+        10)
753 772
             allow_ssh_passwords
754 773
             change_ssh_settings
755 774
             exit 0
756 775
             ;;
757
-        10)
776
+        11)
758 777
             exit 0
759 778
             ;;
760 779
     esac