From 453618f035b2a722d95afdb0b9c8a347b8ea1483 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 26 Oct 2018 16:56:03 -0400 Subject: [PATCH 1/6] fix #1252 --- roles/iiab-admin/templates/lxde_ssh_warn.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/iiab-admin/templates/lxde_ssh_warn.sh b/roles/iiab-admin/templates/lxde_ssh_warn.sh index 96180e07c..3ee215aab 100755 --- a/roles/iiab-admin/templates/lxde_ssh_warn.sh +++ b/roles/iiab-admin/templates/lxde_ssh_warn.sh @@ -1,6 +1,6 @@ #!/bin/bash -function check_user_pwd() { +check_user_pwd () { # $meth (hashing method) is typically '6' which implies 5000 rounds # of SHA-512 per /etc/login.defs -> /etc/pam.d/common-password meth=$(sudo grep "^$1:" /etc/shadow | cut -d: -f2 | cut -d$ -f2) From c133bbdd0ec7e8f93c6d746caa23931741fc60a6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 26 Oct 2018 16:56:22 -0400 Subject: [PATCH 2/6] fix #1252 --- roles/iiab-admin/templates/profile_ssh_warn.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/iiab-admin/templates/profile_ssh_warn.sh b/roles/iiab-admin/templates/profile_ssh_warn.sh index 9f18e40be..a0cc3e2b4 100755 --- a/roles/iiab-admin/templates/profile_ssh_warn.sh +++ b/roles/iiab-admin/templates/profile_ssh_warn.sh @@ -1,6 +1,6 @@ #!/bin/bash -function check_user_pwd() { +check_user_pwd () { # $meth (hashing method) is typically '6' which implies 5000 rounds # of SHA-512 per /etc/login.defs -> /etc/pam.d/common-password meth=$(sudo grep "^$1:" /etc/shadow | cut -d: -f2 | cut -d$ -f2) From 47243187b4296c123b5e720cc35d4de9cc6746e9 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 26 Oct 2018 16:57:03 -0400 Subject: [PATCH 3/6] Update iiab-install --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index 87dfda526..8f2222d34 100755 --- a/iiab-install +++ b/iiab-install @@ -74,7 +74,7 @@ fi # Subroutine compares software version numbers. Generates rare false positives # like "1.0 > 1" and "2.4.0 > 2.4". Avoid risks by structuring conditionals w/ # a consistent # of decimal points e.g. "if version_gt w.x.y.z a.b.c.d; then" -function version_gt() { [ "$(printf '%s\n' "$@" | sort -V | head -1)" != "$1" ]; } +version_gt () { [ "$(printf '%s\n' "$@" | sort -V | head -1)" != "$1" ]; } # Verify that Raspbian is running a recent enough kernel. As Raspbian # updates on 4.9.41-v7+ broke bridging, WiFi AP & OpenVPN in Oct/Nov 2017. From bbb88a4e3a5c1045ab227c9756fc60704b2d49d0 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 26 Oct 2018 17:16:06 -0400 Subject: [PATCH 4/6] Update iiab-install --- iiab-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iiab-install b/iiab-install index 8f2222d34..221b8e5a6 100755 --- a/iiab-install +++ b/iiab-install @@ -74,7 +74,7 @@ fi # Subroutine compares software version numbers. Generates rare false positives # like "1.0 > 1" and "2.4.0 > 2.4". Avoid risks by structuring conditionals w/ # a consistent # of decimal points e.g. "if version_gt w.x.y.z a.b.c.d; then" -version_gt () { [ "$(printf '%s\n' "$@" | sort -V | head -1)" != "$1" ]; } +version_gt() { [ "$(printf '%s\n' "$@" | sort -V | head -1)" != "$1" ]; } # Verify that Raspbian is running a recent enough kernel. As Raspbian # updates on 4.9.41-v7+ broke bridging, WiFi AP & OpenVPN in Oct/Nov 2017. From cc976fe20de4f8549621e6a3b5b56e132a4c2ade Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 26 Oct 2018 17:17:19 -0400 Subject: [PATCH 5/6] Update lxde_ssh_warn.sh --- roles/iiab-admin/templates/lxde_ssh_warn.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/iiab-admin/templates/lxde_ssh_warn.sh b/roles/iiab-admin/templates/lxde_ssh_warn.sh index 3ee215aab..db073878c 100755 --- a/roles/iiab-admin/templates/lxde_ssh_warn.sh +++ b/roles/iiab-admin/templates/lxde_ssh_warn.sh @@ -1,6 +1,6 @@ #!/bin/bash -check_user_pwd () { +check_user_pwd() { # $meth (hashing method) is typically '6' which implies 5000 rounds # of SHA-512 per /etc/login.defs -> /etc/pam.d/common-password meth=$(sudo grep "^$1:" /etc/shadow | cut -d: -f2 | cut -d$ -f2) @@ -10,7 +10,7 @@ check_user_pwd () { } # credit to the folks at raspberry pi foundatioon -check_hash () { +check_hash() { if ! id -u iiab-admin > /dev/null 2>&1 ; then return 0 ; fi if grep -q "^PasswordAuthentication\s*no" /etc/ssh/sshd_config ; then return 0 ; fi #test -x /usr/bin/mkpasswd || return 0 From 56a8b50d9e1b305332cb69b53eed9d59e000f597 Mon Sep 17 00:00:00 2001 From: A Holt Date: Fri, 26 Oct 2018 17:24:22 -0400 Subject: [PATCH 6/6] Update profile_ssh_warn.sh --- roles/iiab-admin/templates/profile_ssh_warn.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/iiab-admin/templates/profile_ssh_warn.sh b/roles/iiab-admin/templates/profile_ssh_warn.sh index a0cc3e2b4..c6099dbb4 100755 --- a/roles/iiab-admin/templates/profile_ssh_warn.sh +++ b/roles/iiab-admin/templates/profile_ssh_warn.sh @@ -1,6 +1,8 @@ #!/bin/bash -check_user_pwd () { +# bash syntax "function check_user_pwd() {" was removed, as it prevented all +# lightdm/graphical logins (incl autologin) on Raspbian: #1252 -> PR #1253 +check_user_pwd() { # $meth (hashing method) is typically '6' which implies 5000 rounds # of SHA-512 per /etc/login.defs -> /etc/pam.d/common-password meth=$(sudo grep "^$1:" /etc/shadow | cut -d: -f2 | cut -d$ -f2) @@ -10,7 +12,7 @@ check_user_pwd () { } # credit to the folks at raspberry pi foundatioon -check_hash () { +check_hash() { if ! id -u iiab-admin > /dev/null 2>&1 ; then return 0 ; fi if grep -q "^PasswordAuthentication\s*no" /etc/ssh/sshd_config ; then return 0 ; fi #SHADOW="$(sudo -n grep -E '^iiab-admin:' /etc/shadow 2>/dev/null)"