Option to clear stored passwords

src/freedombone-pass

@@ -125,6 +125,20 @@ function run_tests {
     echo "Tests passed"
 }
 
+function clear_passwords {
+    # remove all passwords except for the root one, which is needed
+    # for automatic database backups
+    for d in /root/.passwords/*/ ; do
+        USERNAME=$(echo "$d" | awk -F '/' '{print $4}')
+        if [[ "$USERNAME" != 'root' ]]; then
+            shred -zu /root/.passwords/$USERNAME/*
+            rm -rf /root/.passwords/$USERNAME
+        fi
+    done
+    echo $'Passwords cleared'
+    exit 0
+}
+
 while [[ $# > 1 ]]
 do
     key="$1"
@@ -137,6 +151,9 @@ do
             shift
             TESTS=1
             ;;
+        -c|--clear|--erase)
+            clear_passwords
+            ;;
         -u|--user|--username)
             shift
             CURR_USERNAME="${1}"

src/freedombone-sec

@@ -685,22 +685,38 @@ function remove_pinning {
     esac
 }
 
+function clear_passwords {
+    dialog --title $"Clear Passwords" \
+           --backtitle $"Freedombone Security Configuration" \
+           --defaultno \
+           --yesno $"\nThis will remove all user passwords from the system. Are you sure that you want to do this?" 8 60
+    sel=$?
+    case $sel in
+        1) return;;
+        255) return;;
+    esac
+    ${PROJECT_NAME}-pass --clear yes
+    dialog --title $"Passwords were removed" \
+           --msgbox $"\nFor the best security you should now manually change passwords via web interfaces so that there is no possibility of them being recovered from the disk" 9 60
+}
+
 function menu_security_settings {
     data=$(tempfile 2>/dev/null)
     trap "rm -f $data" 0 1 2 5 15
     dialog --backtitle $"Freedombone Control Panel" \
            --title $"Security Settings" \
-           --radiolist $"Choose an operation:" 17 76 17 \
+           --radiolist $"Choose an operation:" 18 76 18 \
            1 $"Show ssh host public key" off \
-           2 $"Regenerate ssh host keys" off \
+           2 $"Clear password store" off \
-           3 $"Regenerate Diffie-Hellman keys" off \
+           3 $"Regenerate ssh host keys" off \
-           4 $"Update cipersuite" off \
+           4 $"Regenerate Diffie-Hellman keys" off \
-           5 $"Create a new Let's Encrypt certificate" off \
+           5 $"Update cipersuite" off \
-           6 $"Renew Let's Encrypt certificate" off \
+           6 $"Create a new Let's Encrypt certificate" off \
-           7 $"Enable GPG based authentication (monkeysphere)" off \
+           7 $"Renew Let's Encrypt certificate" off \
-           8 $"Register a website with monkeysphere" off \
+           8 $"Enable GPG based authentication (monkeysphere)" off \
-           9 $"Allow ssh login with passwords" off \
+           9 $"Register a website with monkeysphere" off \
-           10 $"Go Back/Exit" on 2> $data
+           10 $"Allow ssh login with passwords" off \
+           11 $"Go Back/Exit" on 2> $data
     sel=$?
     case $sel in
         1) exit 1;;
@@ -728,33 +744,36 @@ function menu_security_settings {
             exit 0
             ;;
         2)
-            regenerate_ssh_host_keys
+            clear_passwords
             ;;
         3)
-            regenerate_dh_keys
+            regenerate_ssh_host_keys
             ;;
         4)
+            regenerate_dh_keys
+            ;;
+        5)
             interactive_setup
             update_ciphersuite
             ;;
-        5)
+        6)
             create_letsencrypt
             ;;
-        6)
+        7)
             renew_letsencrypt
             ;;
-        7)
+        8)
             enable_monkeysphere
             ;;
-        8)
+        9)
             register_website
             ;;
-        9)
+        10)
             allow_ssh_passwords
             change_ssh_settings
             exit 0
             ;;
-        10)
+        11)
             exit 0
             ;;
     esac