Finish a part of the job, seems to be working
This commit is contained in:
parent
e86e861ba5
commit
21007353b6
3 changed files with 44 additions and 27 deletions
26
Core.py
26
Core.py
|
@ -1,19 +1,15 @@
|
||||||
import shelve, subprocess
|
import shelve, subprocess
|
||||||
from os.path import isfile
|
from os.path import isfile
|
||||||
|
|
||||||
class Main:
|
|
||||||
def __init__(self):
|
|
||||||
if not isfile("Settings.conf"):
|
|
||||||
subprocess.check_call(["sudo", "yhsm-generate-keys", "-D", "/etc/yubico/yhsm/keys.json", "--key-handle", "1", "--start-public-id", "interncccccc", "-c", "10"])
|
|
||||||
out = str(subprocess.check_output(["sudo", "ykval-gen-clients", "--urandom", "10"]))
|
|
||||||
out = out[2:-1].split("\\n")
|
|
||||||
keys = dict()
|
|
||||||
for i in out:
|
|
||||||
id = i.find(",")
|
|
||||||
keys[i[:id]] = i[id:] #Risque d'y avoir un \n ?
|
|
||||||
with shelve.open("Settings.conf") as settings:
|
|
||||||
settings["keys"] = keys
|
|
||||||
settings["register"] = list()
|
|
||||||
|
|
||||||
else:
|
if not isfile("Settings.conf"):
|
||||||
pass
|
subprocess.check_call(["sudo", "yhsm-generate-keys", "-D", "/etc/yubico/yhsm/keys.json", "--key-handle", "1", "--start-public-id", "interncccccc", "-c", "10"])
|
||||||
|
out = str(subprocess.check_output(["sudo", "ykval-gen-clients", "--urandom", "10"]))
|
||||||
|
out = out[2:-1].split("\\n")
|
||||||
|
keys = dict()
|
||||||
|
for i in out:
|
||||||
|
id = i.find(",")
|
||||||
|
keys[i[:id]] = i[id:] #Risque d'y avoir un \n ?
|
||||||
|
with shelve.open("Settings.conf") as settings:
|
||||||
|
settings["keys"] = keys
|
||||||
|
settings["register"] = list()
|
||||||
|
|
36
Setup.py
36
Setup.py
|
@ -42,7 +42,9 @@ def web_setup():
|
||||||
|
|
||||||
@app.route("/addyubi")
|
@app.route("/addyubi")
|
||||||
def add_yubi():
|
def add_yubi():
|
||||||
out = subprocess.check_output(["sudo", "yhsm-decrypt-aead", "--aes-key", "000102030405060708090a0b0c0d0e0f", "--key-handle", "1", "--format", "yubikey-csv", "/var/cache/yubikey-ksm/aeads/"])
|
if str(subprocess.check_output(["sudo ykpersonalize; exit 0"], stderr=subprocess.STDOUT, shell=True)) == "b'Yubikey core error: no yubikey present\\n'":
|
||||||
|
return "No yubikey"
|
||||||
|
out = str(subprocess.check_output(["sudo", "yhsm-decrypt-aead", "--aes-key", "000102030405060708090a0b0c0d0e0f", "--key-handle", "1", "--format", "yubikey-csv", "/var/cache/yubikey-ksm/aeads/"]))
|
||||||
out = out[2:][:-1].split("\\n")
|
out = out[2:][:-1].split("\\n")
|
||||||
del out[-1]
|
del out[-1]
|
||||||
dico = dict()
|
dico = dict()
|
||||||
|
@ -51,17 +53,35 @@ def add_yubi():
|
||||||
publicid = i.find(",", id+1)
|
publicid = i.find(",", id+1)
|
||||||
privateid = i.find(",", publicid+1)
|
privateid = i.find(",", publicid+1)
|
||||||
secretkey = i.find(",", privateid+1)
|
secretkey = i.find(",", privateid+1)
|
||||||
dico[i[:id]] = {"publicid": i[id+1:publicid], "privateid": i[publicid+1:privateid], "secretkey": i[privateid+1:secretkey]}
|
dico[int(i[:id])] = {"publicid": i[id+1:publicid], "privateid": i[publicid+1:privateid], "secretkey": i[privateid+1:secretkey]}
|
||||||
|
|
||||||
with shelve.open("Settings.conf") as settings:
|
out = str(subprocess.check_output(["sudo", "ykval-export-clients"]))
|
||||||
id = settings["register"][-1] + 1
|
out = out[2:][:-1].split("\\n")
|
||||||
|
del out[-1]
|
||||||
|
reg = dict()
|
||||||
|
for i in out:
|
||||||
|
id = i.find(",")
|
||||||
|
storage = i.find(",", id)
|
||||||
|
wriedid = i.find(",", storage)
|
||||||
|
secret = i.find(",", wriedid)
|
||||||
|
reg[int(i[:id])] = i[wriedid+1:secret]
|
||||||
|
|
||||||
if id > dico.keys()[-1]:
|
with shelve.open("Settings.conf", writeback = True) as settings:
|
||||||
return "Error, too many yubikeys"
|
if len(settings["register"]) != 0:
|
||||||
|
id = settings["register"][-1] + 1
|
||||||
|
else:
|
||||||
|
id = 1
|
||||||
|
|
||||||
#Verifier si une yubikey est connecter !
|
settings["register"].append(id)
|
||||||
|
|
||||||
subprocess.check_call(["ykpersonalize", "-1", f"-ofixed={dico[id]["publicid"]}", f"-ouid={dico[id]["privateid"]}", f"-a{dico[id]["secretkey"]}"])
|
settings["keys"][id] = reg[id]
|
||||||
|
|
||||||
|
|
||||||
|
if id > list(dico.keys())[-1]:
|
||||||
|
return "Error, too many yubikeys"
|
||||||
|
|
||||||
|
subprocess.check_call(["ykpersonalize", "-1", f"-ofixed={dico[id]['publicid']}", f"-ouid={dico[id]['privateid']}", f"-a{dico[id]['secretkey']}", "-y"])
|
||||||
|
print(dico[id]["publicid"])
|
||||||
|
|
||||||
return "Ok"
|
return "Ok"
|
||||||
|
|
||||||
|
|
|
@ -5,11 +5,12 @@ ids = {"interncccccc": 1, "interncccccd": 2}
|
||||||
|
|
||||||
while True:
|
while True:
|
||||||
try:
|
try:
|
||||||
id = ids[input(">")[:12]]
|
inp = input(">")
|
||||||
|
id = ids[inp[:12]]
|
||||||
with shelve.open("Settings.conf") as settings:
|
with shelve.open("Settings.conf") as settings:
|
||||||
#client = Yubico(id, settings["keys"][id], api_urls=('http://localhost/wsapi/2.0/verify',))
|
client = Yubico(id, settings["keys"][id], api_urls=('http://localhost/wsapi/2.0/verify',))
|
||||||
client = Yubico(1, "QMho+Y4mtsY+KbCYu1gRKtDtwAM=", api_urls=('http://localhost/wsapi/2.0/verify',))
|
#client = Yubico(1, "QMho+Y4mtsY+KbCYu1gRKtDtwAM=", api_urls=('http://localhost/wsapi/2.0/verify',))
|
||||||
client.verify(input())
|
client.verify(inp)
|
||||||
except:
|
except:
|
||||||
pass
|
pass
|
||||||
else:
|
else:
|
||||||
|
|
Reference in a new issue