msw/CISS.debian.installer
SHA256
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

V8.00.000.2025.06.17
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 2m13s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-10-21 07:59:51 +01:00
parent 45b4bd7f12
commit 82096f7b7d
3 changed files with 231 additions and 105 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
includes/target/usr/local/libexec/ciss_pam_2fa_gate.sh
View File

@@ -21,7 +21,7 @@ set -Ceuo pipefail
### Declare Arrays, HashMaps, and Variables.
declare -g VAR_MAP_FILE="/etc/ciss/2fa.map"
declare -g VAR_POLICY="${CISS_POLICY:-strict}"
declare -g VAR_BINDING="${CISS_SU_BINDING:-caller}"
declare -g VAR_BINDING="${CISS_SU_BINDING:-target}"
declare -g VAR_U=""
### PAM variables provided by pam_exec:
@@ -55,7 +55,7 @@ identify_subject() {
;;
su|su-l)
### Default: Bind su policy to the caller. Set CISS_SU_BINDING="target" if you want policy bound to the target account.
### Default: Bind su policy to the target. Set CISS_SU_BINDING="caller" if you want policy bound to the caller account.
case "${VAR_BINDING,,}" in
caller) echo "${PAM_RUSER:-${PAM_USER:-}}" ;;
@@ -138,7 +138,7 @@ map_service_to_col() {
sshd) echo 3 ;;
su|su-l) echo 4 ;;
sudo|sudo-i) echo 5 ;;
*) echo 0 ;; # Unknown services => behave as "not enforced".
*) echo 0 ;; # Unknown services => behave as "not enforced".
esac
return 0