Move passwords to security settings

src/freedombone-controlpanel

@@ -185,73 +185,6 @@ function get_app_icann_address {
     echo "${DEFAULT_DOMAIN_NAME}"
 }
 
-function passwords_select_user {
-    SELECTED_USERNAME=
-
-    # shellcheck disable=SC2207
-    users_array=($(ls /home))
-
-    delete=(git)
-    # shellcheck disable=SC2068
-    for del in ${delete[@]}
-    do
-        # shellcheck disable=SC2206
-        users_array=(${users_array[@]/$del})
-    done
-
-    i=0
-    W=()
-    name=()
-    # shellcheck disable=SC2068
-    for u in ${users_array[@]}
-    do
-        if [[ $(is_valid_user "$u") == "1" ]]; then
-            i=$((i+1))
-            W+=("$i" "$u")
-            name+=("$u")
-        fi
-    done
-
-    if [ $i -eq 1 ]; then
-        SELECTED_USERNAME="${name[0]}"
-    else
-        # shellcheck disable=SC2068
-        user_index=$(dialog --backtitle $"Freedombone Control Panel" --title $"Select User" --menu $"Select one of the following:" 24 40 17 ${W[@]} 3>&2 2>&1 1>&3)
-
-        # shellcheck disable=SC2181
-        if [ $? -eq 0 ]; then
-            SELECTED_USERNAME="${name[$((user_index-1))]}"
-        fi
-    fi
-}
-
-function passwords_show_apps {
-    SELECTED_APP=
-    i=0
-    W=()
-    name=()
-    # shellcheck disable=SC2068
-    for a in ${APPS_AVAILABLE[@]}
-    do
-        if [[ $(function_exists "change_password_${a}") == "1" ]]; then
-            i=$((i+1))
-            W+=("$i" "$a")
-            name+=("$a")
-        fi
-    done
-    i=$((i+1))
-    W+=("$i" "mariadb")
-    name+=("mariadb")
-
-    # shellcheck disable=SC2068
-    selected_app_index=$(dialog --backtitle $"Freedombone Control Panel" --title $"Select App" --menu $"Select one of the following:" 24 40 17 ${W[@]} 3>&2 2>&1 1>&3)
-
-    # shellcheck disable=SC2181
-    if [ $? -eq 0 ]; then
-        SELECTED_APP="${name[$((selected_app_index-1))]}"
-    fi
-}
-
 function reset_password_tries {
     passwords_select_user
     if [ ! "$SELECTED_USERNAME" ]; then
@@ -262,67 +195,6 @@ function reset_password_tries {
            --msgbox $"Password tries have been reset for $SELECTED_USERNAME" 6 60
 }
 
-function view_or_change_passwords {
-    passwords_select_user
-    if [ ! "$SELECTED_USERNAME" ]; then
-        return
-    fi
-    detect_installed_apps
-    passwords_show_apps
-    if [ ! "$SELECTED_APP" ]; then
-        return
-    fi
-
-    CURR_PASSWORD=$("${PROJECT_NAME}-pass" -u "${SELECTED_USERNAME}" -a "${SELECTED_APP}")
-
-    icann_address=$(get_app_icann_address "${SELECTED_APP}")
-    onion_address=$(get_app_onion_address "${SELECTED_APP}")
-
-    titlestr=$"View or Change Password"
-    if [ ${#onion_address} -gt 0 ]; then
-        viewstr=$"${SELECTED_APP} password for ${SELECTED_USERNAME} on $icann_address or $onion_address\\n\\nCopy or change it if you wish."
-    else
-        viewstr=$"${SELECTED_APP} password for ${SELECTED_USERNAME} on $icann_address\\n\\nCopy or change it if you wish."
-    fi
-
-    if [ -f /root/.nostore ]; then
-        titlestr=$"Change Password"
-        if [ ${#onion_address} -gt 0 ]; then
-            viewstr=$"Change the ${SELECTED_APP} password for ${SELECTED_USERNAME} on $icann_address or $onion_address."
-        else
-            viewstr=$"Change the ${SELECTED_APP} password for ${SELECTED_USERNAME} on $icann_address."
-        fi
-    fi
-
-    if [[ "${SELECTED_APP}" == 'mariadb' ]]; then
-        CURR_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
-        dialog --title $"MariaDB database password" \
-               --msgbox "\\n            ${CURR_PASSWORD}" 7 40
-        return
-    fi
-
-    data=$(mktemp 2>/dev/null)
-    dialog --title "$titlestr" \
-           --backtitle $"Freedombone Control Panel" \
-           --inputbox "$viewstr" 12 75 "$CURR_PASSWORD" 2>"$data"
-    sel=$?
-    case $sel in
-        0)
-            CURR_PASSWORD=$(<"$data")
-            if [ ${#CURR_PASSWORD} -gt 8 ]; then
-                "${PROJECT_NAME}-pass" -u "${SELECTED_USERNAME}" -a "${SELECTED_APP}" -p "${CURR_PASSWORD}"
-                "change_password_${SELECTED_APP}" "${SELECTED_USERNAME}" "${CURR_PASSWORD}"
-                dialog --title $"Change password" \
-                       --msgbox $"The password was changed" 6 40
-            else
-                dialog --title $"Change password" \
-                       --msgbox $"The password given must be at least 8 characters" 6 40
-            fi
-            ;;
-    esac
-    rm -f "$data"
-}
-
 function check_for_updates {
     if [ ! -f "/etc/cron.weekly/$UPGRADE_SCRIPT_NAME" ]; then
         dialog --title $"Check for updates" \
@@ -2227,25 +2099,24 @@ function menu_top_level {
     while true
     do
         W=(1 $"About this system"
-           2 $"Passwords"
-           3 $"Backup and Restore"
-           4 $"Verify Tripwire Code"
-           5 $"Reset Tripwire"
-           6 $"App Settings"
-           7 $"Add/Remove Apps"
-           8 $"Logging on/off"
-           9 $"Ping enable/disable"
-           10 $"Manage Users"
-           11 $"Email Menu"
-           12 $"Domain or User Blocking"
-           13 $"Security Settings"
-           14 $"Change the name of this system"
-           15 $"Set a static local IP address"
-           16 $"Wifi menu"
-           17 $"Add Clacks"
-           18 $"Check for updates"
-           19 $"Power off the system"
-           20 $"Restart the system")
+           2 $"Backup and Restore"
+           3 $"Verify Tripwire Code"
+           4 $"Reset Tripwire"
+           5 $"App Settings"
+           6 $"Add/Remove Apps"
+           7 $"Logging on/off"
+           8 $"Ping enable/disable"
+           9 $"Manage Users"
+           10 $"Email Menu"
+           11 $"Domain or User Blocking"
+           12 $"Security Settings"
+           13 $"Change the name of this system"
+           14 $"Set a static local IP address"
+           15 $"Wifi menu"
+           16 $"Add Clacks"
+           17 $"Check for updates"
+           18 $"Power off the system"
+           19 $"Restart the system")
 
         # shellcheck disable=SC2068
         selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Administrator Control Panel" --menu $"Choose an operation, or ESC to exit:" 27 60 27 "${W[@]}" 3>&2 2>&1 1>&3)
@@ -2258,29 +2129,28 @@ function menu_top_level {
 
         case $selection in
             1) show_about;;
-            2) view_or_change_passwords;;
-            3) menu_backup_restore;;
-            4) show_tripwire_verification_code
+            2) menu_backup_restore;;
+            3) show_tripwire_verification_code
                any_key_verify;;
-            5) reset_tripwire;;
-            6) menu_app_settings;;
-            7) if ! /usr/local/bin/addremove; then
+            4) reset_tripwire;;
+            5) menu_app_settings;;
+            6) if ! /usr/local/bin/addremove; then
                    any_key
                fi
                ;;
-            8) logging_on_off;;
-            9) ping_enable_disable;;
-            10) menu_users;;
-            11) menu_email;;
-            12) domain_blocking;;
-            13) security_settings;;
-            14) change_system_name;;
-            15) set_static_IP;;
-            16) menu_wifi;;
-            17) add_clacks;;
-            18) check_for_updates;;
-            19) shut_down_system;;
-            20) restart_system;;
+            7) logging_on_off;;
+            8) ping_enable_disable;;
+            9) menu_users;;
+            10) menu_email;;
+            11) domain_blocking;;
+            12) security_settings;;
+            13) change_system_name;;
+            14) set_static_IP;;
+            15) menu_wifi;;
+            16) add_clacks;;
+            17) check_for_updates;;
+            18) shut_down_system;;
+            19) restart_system;;
         esac
     done
 }

src/freedombone-sec

@@ -69,6 +69,94 @@ LETSENCRYPT_SERVER='https://acme-v01.api.letsencrypt.org/directory'
 
 MY_USERNAME=
 
+function passwords_show_apps {
+    SELECTED_APP=
+    i=0
+    W=()
+    name=()
+    # shellcheck disable=SC2068
+    for a in ${APPS_AVAILABLE[@]}
+    do
+        if [[ $(function_exists "change_password_${a}") == "1" ]]; then
+            i=$((i+1))
+            W+=("$i" "$a")
+            name+=("$a")
+        fi
+    done
+    i=$((i+1))
+    W+=("$i" "mariadb")
+    name+=("mariadb")
+
+    # shellcheck disable=SC2068
+    selected_app_index=$(dialog --backtitle $"Freedombone Control Panel" --title $"Select App" --menu $"Select one of the following:" 24 40 17 ${W[@]} 3>&2 2>&1 1>&3)
+
+    # shellcheck disable=SC2181
+    if [ $? -eq 0 ]; then
+        SELECTED_APP="${name[$((selected_app_index-1))]}"
+    fi
+}
+
+function view_or_change_passwords {
+    passwords_select_user
+    if [ ! "$SELECTED_USERNAME" ]; then
+        return
+    fi
+    detect_installed_apps
+    passwords_show_apps
+    if [ ! "$SELECTED_APP" ]; then
+        return
+    fi
+
+    CURR_PASSWORD=$("${PROJECT_NAME}-pass" -u "${SELECTED_USERNAME}" -a "${SELECTED_APP}")
+
+    icann_address=$(get_app_icann_address "${SELECTED_APP}")
+    onion_address=$(get_app_onion_address "${SELECTED_APP}")
+
+    titlestr=$"View or Change Password"
+    if [ ${#onion_address} -gt 0 ]; then
+        viewstr=$"${SELECTED_APP} password for ${SELECTED_USERNAME} on $icann_address or $onion_address\\n\\nCopy or change it if you wish."
+    else
+        viewstr=$"${SELECTED_APP} password for ${SELECTED_USERNAME} on $icann_address\\n\\nCopy or change it if you wish."
+    fi
+
+    if [ -f /root/.nostore ]; then
+        titlestr=$"Change Password"
+        if [ ${#onion_address} -gt 0 ]; then
+            viewstr=$"Change the ${SELECTED_APP} password for ${SELECTED_USERNAME} on $icann_address or $onion_address."
+        else
+            viewstr=$"Change the ${SELECTED_APP} password for ${SELECTED_USERNAME} on $icann_address."
+        fi
+    fi
+
+    if [[ "${SELECTED_APP}" == 'mariadb' ]]; then
+        CURR_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
+        dialog --title $"MariaDB database password" \
+               --msgbox "\\n            ${CURR_PASSWORD}" 7 40
+        return
+    fi
+
+    data=$(mktemp 2>/dev/null)
+    dialog --title "$titlestr" \
+           --backtitle $"Freedombone Control Panel" \
+           --inputbox "$viewstr" 12 75 "$CURR_PASSWORD" 2>"$data"
+    sel=$?
+    case $sel in
+        0)
+            CURR_PASSWORD=$(<"$data")
+            if [ ${#CURR_PASSWORD} -gt 8 ]; then
+                "${PROJECT_NAME}-pass" -u "${SELECTED_USERNAME}" -a "${SELECTED_APP}" -p "${CURR_PASSWORD}"
+                "change_password_${SELECTED_APP}" "${SELECTED_USERNAME}" "${CURR_PASSWORD}"
+                dialog --title $"Change password" \
+                       --msgbox $"The password was changed" 6 40
+            else
+                dialog --title $"Change password" \
+                       --msgbox $"The password given must be at least 8 characters" 6 40
+            fi
+            ;;
+    esac
+    rm -f "$data"
+}
+
 function show_firewall {
     W=()
     while read -r line; do
@@ -974,22 +1062,23 @@ function menu_tor_bridges {
 }
 
 function menu_security_settings {
-    W=(1 $"Run STIG tests"
-       2 $"Fix STIG test failures"
-       3 $"Show ssh host public key"
-       4 $"Tor bridges"
-       5 $"Password storage"
-       6 $"Export passwords"
-       7 $"Regenerate ssh host keys"
-       8 $"Regenerate Diffie-Hellman keys"
-       9 $"Update cipersuite"
-       10 $"Create a new Let's Encrypt certificate"
-       11 $"Renew Let's Encrypt certificate"
-       12 $"Delete a Let's Encrypt certificate"
-       13 $"Enable GPG based authentication (monkeysphere)"
-       14 $"Register a website with monkeysphere"
-       15 $"Allow ssh login with passwords"
-       16 $"Show firewall")
+    W=(1 $"Passwords"
+       2 $"Run STIG tests"
+       3 $"Fix STIG test failures"
+       4 $"Show ssh host public key"
+       5 $"Tor bridges"
+       6 $"Password storage"
+       7 $"Export passwords"
+       8 $"Regenerate ssh host keys"
+       9 $"Regenerate Diffie-Hellman keys"
+       10 $"Update cipersuite"
+       11 $"Create a new Let's Encrypt certificate"
+       12 $"Renew Let's Encrypt certificate"
+       13 $"Delete a Let's Encrypt certificate"
+       14 $"Enable GPG based authentication (monkeysphere)"
+       15 $"Register a website with monkeysphere"
+       16 $"Allow ssh login with passwords"
+       17 $"Show firewall")
 
     # shellcheck disable=SC2068
     selection=$(dialog --backtitle $"Freedombone Administrator Control Panel" --title $"Security Settings" --menu $"Choose an operation, or ESC to exit:" 24 76 24 "${W[@]}" 3>&2 2>&1 1>&3)
@@ -1014,13 +1103,17 @@ function menu_security_settings {
 
     case $selection in
         1)
+            view_or_change_passwords
+            exit 0;
+            ;;
+        2)
             clear
             echo $'Running STIG tests...'
             echo ''
             ${PROJECT_NAME}-tests --stig showall
             exit 0
             ;;
-        2)
+        3)
             clear
             echo $'Fixing any STIG failures...'
             echo ''
@@ -1028,54 +1121,54 @@ function menu_security_settings {
             echo $'Fixes applied. You will need to run the STIG tests again to be sure that they were all fixed.'
             exit 0
             ;;
-        3)
+        4)
             dialog --title $"SSH host public keys" \
                    --msgbox "\\n$(get_ssh_server_key)" 12 60
             exit 0
             ;;
-        4)
+        5)
             menu_tor_bridges
             exit 0
             ;;
-        5)
+        6)
             store_passwords
             exit 0
             ;;
-        6)
+        7)
             export_passwords
             exit 0
             ;;
-        7)
+        8)
             regenerate_ssh_host_keys
             ;;
-        8)
+        9)
             regenerate_dh_keys
             ;;
-        9)
+        10)
             interactive_setup
             update_ciphersuite
             ;;
-        10)
+        11)
             create_letsencrypt
             ;;
-        11)
+        12)
             renew_letsencrypt
             ;;
-        12)
+        13)
             delete_letsencrypt
             ;;
-        13)
+        14)
             enable_monkeysphere
             ;;
-        14)
+        15)
             register_website
             ;;
-        15)
+        16)
             allow_ssh_passwords
             change_ssh_settings
             exit 0
             ;;
-        16)
+        17)
             show_firewall
             exit 0
             ;;

src/freedombone-utils-passwords

@@ -39,6 +39,47 @@ MINIMUM_PASSWORD_LENGTH=10
 # The default password length used in images
 DEFAULT_PASSWORD_LENGTH=20
 
+function passwords_select_user {
+    SELECTED_USERNAME=
+
+    # shellcheck disable=SC2207
+    users_array=($(ls /home))
+
+    delete=(git)
+    # shellcheck disable=SC2068
+    for del in ${delete[@]}
+    do
+        # shellcheck disable=SC2206
+        users_array=(${users_array[@]/$del})
+    done
+
+    i=0
+    W=()
+    name=()
+    # shellcheck disable=SC2068
+    for u in ${users_array[@]}
+    do
+        if [[ $(is_valid_user "$u") == "1" ]]; then
+            i=$((i+1))
+            W+=("$i" "$u")
+            name+=("$u")
+        fi
+    done
+
+    if [ $i -eq 1 ]; then
+        SELECTED_USERNAME="${name[0]}"
+    else
+        # shellcheck disable=SC2068
+        user_index=$(dialog --backtitle $"Freedombone Control Panel" --title $"Select User" --menu $"Select one of the following:" 24 40 17 ${W[@]} 3>&2 2>&1 1>&3)
+
+        # shellcheck disable=SC2181
+        if [ $? -eq 0 ]; then
+            # shellcheck disable=SC2034
+            SELECTED_USERNAME="${name[$((user_index-1))]}"
+        fi
+    fi
+}
+
 function enforce_good_passwords {
     # because humans are generally bad at choosing passwords
     if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then