msw/CISS.debian.installer
SHA256
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

V8.00.000.2025.06.17
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m1s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-09-14 17:26:36 +02:00
parent c2cd6e64d2
commit 21e5a1e5c7
3 changed files with 16 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
func/cdi_4500_user/4520_accounts_setup.sh
View File

@@ -169,7 +169,7 @@ EOF
### 6) Update the 'root' 'totp'-policy and write the '.google_authenticator'-file.
if [[ "${user_root_authentication_2fa_ssh}" == "true" || "${user_root_authentication_2fa_tty}" == "true" ]]; then
write_google_authenticator_file "root"
write_google_authenticator_file "root" "0" "0"
fi
if [[ "${user_root_authentication_2fa_ssh}" == "true" ]]; then
@@ -327,7 +327,7 @@ EOF
### 6) Update the 'root' 'totp'-policy and write the '.google_authenticator'-file.
if [[ "${var_2fa_ssh}" == "true" || "${var_2fa_tty}" == "true" ]]; then
write_google_authenticator_file "${var_username}"
write_google_authenticator_file "${var_username}" "${var_uid}" "${var_gid}"
fi
if [[ "${var_2fa_ssh}" == "true" ]]; then
@@ -804,12 +804,14 @@ read_totp_seed(){
# TARGET
# Arguments:
# 1: Username
# 2: UID
# 3: GID
# Returns:
# 0: on success
#######################################
write_google_authenticator_file() {
### Declare Arrays, HashMaps, and Variables.
declare var_user="${1}" var_secret=""
declare var_user="${1}" var_user_id="${2}" var_group_id="${3}" var_secret=""
case "${1}" in
root) declare var_base="${TARGET}/root" ;;
*) declare var_base="${TARGET}/home/${var_user}" ;;
@@ -824,10 +826,11 @@ write_google_authenticator_file() {
{
declare accept hex val
printf '%s\n' "${var_secret}"
printf 'RATE_LIMIT 3 30 \n'
printf 'WINDOW 10 \n'
printf 'DISALLOW_REUSE \n'
printf 'TOTP_AUTH \n'
printf 'RATE_LIMIT 3 30\n'
printf 'WINDOW_SIZE 10\n'
printf 'TOTP_DIGITS 8\n'
printf 'DISALLOW_REUSE\n'
printf 'TOTP_AUTH\n'
### Emergency Codes (8× unbiased 8-digit, CSPRNG via OpenSSL).
for i in {1..8}; do
### Draw 32 bits; rejection sampling to avoid modulo bias.
@@ -842,7 +845,7 @@ write_google_authenticator_file() {
done
done
} >| "${var_base}/.google_authenticator"
chown "${var_user}:${var_user}" "${var_base}/.google_authenticator"
chown "${var_user_id}:${var_group_id}" "${var_base}/.google_authenticator"
chmod 0600 "${var_base}/.google_authenticator"
{