Authentication improvements #83
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
troglobit
force-pushed
the
authentication-improvements
branch
3 times, most recently
from
8a5d68b
to
e795626
Compare
wkz
reviewed
Aug 7, 2023
The existing 'adduser -D' command adds a locked user account, similar to the Debian adduser --disabled-login'. This patch adds support for the 'adduser -d' command, similar to Debian 'adduser --disabled-password', meaning login is possible but using methods other than password, e.g., SSH keys. Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
The login applet did not know about shadow passwords, and could thus not determine if a user accont was locked or passwordless. This caused it to return 'login: bad salt' instead of "Login incorrect", which is the more secure path for handling brute force attempts. Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Employ the new 'adduser -d' feature where users can be created with password login disbled instead of creating them locked by default. This allows us to create remote users that can only access the device using public key SSH login, which until this point was not possible. Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
No point in leaving unused home directories lingering on the system, also a potential security problem. Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Apparently netopeer2-server expects public keys for users to be in the canonical place (~/.ssh/authorized_keys). Infix use a custom location in /var/run, maintained by the ietf-system plugin, which OpenSSH knows but netopeer2-server doesn't. It seems to be possible to add some sort of "pattern" to netopeer2 to indicate where to look for public keys. This is added when building it but Buildroot does not expose this as a setting. So for now, this seem to be the least intrusive way of handling it. The owner is root, so a malicious user cannot change the link or contents without some other form of privilege escalation first. Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
This patch bumps klish-plugin-sysrepo to get EnableNACM support. For this to work as expected for the admin user we also need to change the permission for the model in sysrepo. Note: the srp_rollback() symbol has been renamed to srp_reset() upstram. Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Services have not even started up yet, so system() calls will only unnecessarily delay the boot. Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Needed when searching for unchanged data, e.g., default values when creating new users. Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
- Add /bin/clish (symlink) to /etc/shells, as well as the traditional
/bin/{true,false} for completeness
- Validate shell string, with fallback to /bin/bash and /bin/sh
- Step infix-system revision, keeping old model in tree
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Factor out a new helper function, change_get_user(), to do the bulk of the work for the change callbacks. Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
This commit enables a basic sanity check of usernames in BusyBox that by default is disabled (!). The rules enabled by this are: - the user or group name should consist only of letters, digits, underscores, periods, and dashes¹, and not start with a dash (as defined by IEEE Std 1003.1-2001), or periods² - for compatibility with Samba machine accounts, $ is supported at the end of names - max length of user or group name is 256 chars Changes in this commit also includes a sync with latest BusyBox 1.36, which adds: tree, tsort, SHA hw acceleration, and a separate script for udhcpc6. _____ ¹) The documentation actually mentions "and at-signs" as well, but that has been explicitly removed from the source code. ²) The documentation does not mention that leading periods are not allowed, though this is also explicitly mentioned in the source code. Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
wkz
force-pushed
the
authentication-improvements
branch
from
8cf6c7a
to
139175d
Compare
|
Thank you for taking the time up fix the conflicts! I'll have a look at #95 when I get back from vacation. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
/bin/clish