mirror of
https://github.com/iiab/iiab.git
synced 2025-03-09 15:40:17 +00:00
sshpwd-profile-iiab.sh.j2: sudo to verify /etc/shadow
This commit is contained in:
parent
799f47b950
commit
8ed159b5c2
1 changed files with 3 additions and 2 deletions
|
@ -16,7 +16,8 @@
|
|||
check_user_pwd() {
|
||||
#[ $(id -un) = "root" ] || return 2
|
||||
#[ $(id -un) = "root" ] || [ $(id -un) = "iiab-admin" ] || return 2
|
||||
[ -r /etc/shadow ] || return 2 # FORCE ERROR if /etc/shadow not readable
|
||||
|
||||
#[ -r /etc/shadow ] || return 2 # FORCE ERROR if /etc/shadow not readable
|
||||
# *BUT* overall bash script still returns exit code 0 ("success").
|
||||
|
||||
#id -u $1 > /dev/null 2>&1 || return 2 # Not needed if return 1 is good
|
||||
|
@ -25,7 +26,7 @@ check_user_pwd() {
|
|||
|
||||
# 2021-08-28: New OS's use 'yescrypt' so use Perl instead of Python (#2949)
|
||||
# This also helps avoid parsing the (NEW) 4th sub-field in $y$j9T$SALT$HASH
|
||||
field2=$(grep "^$1:" /etc/shadow | cut -d: -f2)
|
||||
field2=$(sudo grep "^$1:" /etc/shadow | cut -d: -f2) || return 2 # TRY TO FORCE ERROR if /etc/shadow not readable even with sudo
|
||||
[[ $(perl -e "print crypt('$2', '$field2')") == $field2 ]]
|
||||
|
||||
# # $meth (hashing method) is typically '6' which implies 5000 rounds
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue