more password disclosure avoidance
This commit is contained in:
18
action.sh
18
action.sh
@@ -54,8 +54,8 @@ function checkuser {
|
|||||||
}
|
}
|
||||||
|
|
||||||
function checkpass {
|
function checkpass {
|
||||||
REGEX="[ 'x\\]" # Not allowed symbols
|
REGEX="[ '\\]" # Not allowed symbols
|
||||||
if [[ ! "$1" =~ $REGEX ]]; then
|
if [[ $(grep -E "$REGEX" $1 ; echo $?) == 1 ]]; then
|
||||||
echo "true"
|
echo "true"
|
||||||
else
|
else
|
||||||
echo "false"
|
echo "false"
|
||||||
@@ -139,7 +139,7 @@ $ATTACHMENT
|
|||||||
rm $MAILTMP;
|
rm $MAILTMP;
|
||||||
}
|
}
|
||||||
|
|
||||||
function notesdelete { # $1=$USER
|
function notesdelete {
|
||||||
USER="$1"
|
USER="$1"
|
||||||
# Extract Mail part | exclude LEAD and TAIL | delete user
|
# Extract Mail part | exclude LEAD and TAIL | delete user
|
||||||
sed -n "/$LEAD/,/$TAIL/ p" $NOTES | grep -v "$LEAD\|$TAIL" | sed "/User:[ \t]*$USER$/,+2d" > $NOTESTMP
|
sed -n "/$LEAD/,/$TAIL/ p" $NOTES | grep -v "$LEAD\|$TAIL" | sed "/User:[ \t]*$USER$/,+2d" > $NOTESTMP
|
||||||
@@ -192,8 +192,8 @@ if [ "$ACTION" == "adduser" ]; then
|
|||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if ! $(checkpass "$PASS"); then
|
if ! $(checkpass "$PASSFILE"); then
|
||||||
echo "Password \"$PASS\" invalid"
|
echo "Password \""$(cat $PASSFILE)"\" invalid"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@@ -203,7 +203,7 @@ if [ "$ACTION" == "adduser" ]; then
|
|||||||
# Send infomail
|
# Send infomail
|
||||||
$MAILTYPE "New Email account created" \
|
$MAILTYPE "New Email account created" \
|
||||||
"A new Email account has been created." \
|
"A new Email account has been created." \
|
||||||
"User: $USER | Password: $PASS"
|
"User: $USER"
|
||||||
|
|
||||||
LEAD='## > EMAIL'
|
LEAD='## > EMAIL'
|
||||||
TAIL='## < EMAIL'
|
TAIL='## < EMAIL'
|
||||||
@@ -224,8 +224,8 @@ if [ "$ACTION" == "changepw" ]; then
|
|||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if ! $(checkpass "$PASS"); then
|
if ! $(checkpass "$PASSFILE"); then
|
||||||
echo "Password \"$PASS\" invalid"
|
echo "Password \""$(cat $PASSFILE)"\" invalid"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@@ -235,7 +235,7 @@ if [ "$ACTION" == "changepw" ]; then
|
|||||||
# Send infomail
|
# Send infomail
|
||||||
$MAILTYPE "Email password changed" \
|
$MAILTYPE "Email password changed" \
|
||||||
"An Email account password has been changed." \
|
"An Email account password has been changed." \
|
||||||
"User: $USER | New Password: $PASS"
|
"User: $USER"
|
||||||
|
|
||||||
# Update datasheet (delete entry in Email section and add a new one with the new password)
|
# Update datasheet (delete entry in Email section and add a new one with the new password)
|
||||||
# In fact a combination of deluser and adduser
|
# In fact a combination of deluser and adduser
|
||||||
|
|||||||
Reference in New Issue
Block a user