msw/CISS.debian.installer
SHA256
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

V8.00.000.2025.06.17
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m43s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-10-19 13:14:05 +01:00
parent 7a94c2cf0e
commit eb1c23d628
1 changed files with 12 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
func/cdi_4500_user/4520_accounts_setup.sh
View File

@@ -878,24 +878,33 @@ write_google_authenticator_file() {
umask 0077 umask 0077
{ {
declare accept hex val declare accept="" hex="" val=""
printf '%s\n' "${var_secret}" printf '%s\n' "${var_secret}"
printf '" RATE_LIMIT 3 30\n' printf '" RATE_LIMIT 3 30\n'
printf '" WINDOW_SIZE 10\n' printf '" WINDOW_SIZE 10\n'
printf '" DISALLOW_REUSE\n' printf '" DISALLOW_REUSE\n'
printf '" TOTP_AUTH\n' printf '" TOTP_AUTH\n'
### Emergency Codes (8x unbiased 8-digit, CSPRNG via OpenSSL). ### Emergency Codes (8x unbiased 8-digit, CSPRNG via OpenSSL).
for i in {1..8}; do for i in {1..8}; do
### Draw 32 bits; rejection sampling to avoid modulo bias. ### Draw 32 bits; rejection sampling to avoid modulo bias.
while :; do while :; do
hex="$(openssl rand -hex 4)" || exit 1 hex="$(openssl rand -hex 4)" || exit 1
val=$((16#${hex})) # 0..4294967295 val=$((16#${hex}))
accept=$(( (1<<32) / 100000000 * 100000000 )) # 4_200_000_000 accept=$(( (1<<32) / 100000000 * 100000000 ))
if (( val < accept )); then if (( val < accept )); then
printf '%08d\n' "$(( val % 100000000 ))" printf '%08d\n' "$(( val % 100000000 ))"
break break
fi fi
done done
done done
} >| "${var_base}/.google_authenticator" } >| "${var_base}/.google_authenticator"
chown "${var_user_id}:${var_group_id}" "${var_base}/.google_authenticator" chown "${var_user_id}:${var_group_id}" "${var_base}/.google_authenticator"