From 0c038afa29a4d4f7d0a8802e6c0d9678012c54a4 Mon Sep 17 00:00:00 2001 From: Tobias K <6317548+theCalcaholic@users.noreply.github.com> Date: Sun, 15 Dec 2019 15:43:14 +0100 Subject: [PATCH] multi-factor-authentication: Ensure we have permissions to delete google authenticator configuration when resetting it MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Tobias Knöppler --- bin/ncp/SECURITY/multi-factor-authentication.sh | 7 ++++++- etc/ncp-config.d/multi-factor-authentication.cfg | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/bin/ncp/SECURITY/multi-factor-authentication.sh b/bin/ncp/SECURITY/multi-factor-authentication.sh index 650f2cdc9..c15489f91 100755 --- a/bin/ncp/SECURITY/multi-factor-authentication.sh +++ b/bin/ncp/SECURITY/multi-factor-authentication.sh @@ -136,7 +136,12 @@ setup_totp_secret() { [[ "$reset_totp_secret" == "yes" ]] \ && [[ -f "$ssh_user_home/.google_authenticator" ]] \ - && su "$ssh_user" -c "rm '${ssh_user_home}/.google_authenticator'" + && { + echo "Deleting google authenticator configuration" + su "$ssh_user" -c "chmod u+w '${ssh_user_home}/.google_authenticator'" + su "$ssh_user" -c "rm '${ssh_user_home}/.google_authenticator'" + } + if [[ "$enable_totp_and_pw" == "yes" ]] && [[ ! -f "${ssh_user_home}/.google_authenticator" ]] then diff --git a/etc/ncp-config.d/multi-factor-authentication.cfg b/etc/ncp-config.d/multi-factor-authentication.cfg index 17c301637..d20d575a2 100644 --- a/etc/ncp-config.d/multi-factor-authentication.cfg +++ b/etc/ncp-config.d/multi-factor-authentication.cfg @@ -31,7 +31,7 @@ "type": "bool" }, { - "id": "RESET_TOTP SECRET", + "id": "RESET_TOTP_SECRET", "name": "reset-TOTP-secret", "value": "no", "type": "bool"