diff --git a/brmdoor_adduser.py b/brmdoor_adduser.py new file mode 100755 index 0000000..6b29458 --- /dev/null +++ b/brmdoor_adduser.py @@ -0,0 +1,87 @@ +#!/usr/bin/env python + +""" +Adds user into database of authorized users. +""" + +import sys +import sqlite3 + +from optparse import OptionParser + +from brmdoor_nfc_daemon import BrmdoorConfig + +def addUidAuth(cursor, uid_hex, nick): + """ + Add user authenticated by UID. UID should be in hex, 4, 7 or 10 bytes long. + """ + try: + uid_hex.decode("hex") + sql = """INSERT INTO authorized_uids + (uid_hex, nick) + values (?, ?) + """ + sql_data = (uid_hex, nick) + cursor.execute(sql, sql_data) + except TypeError: + print >> sys.stderr, "UID must be in proper hex encoding" + sys.exit(1) + + +def addHmacAuth(cursor, uid_hex, nick, key_hex): + """ + Add user authenticated by Yubikey HMAC-SHA1. UID should be in hex, 4, 7 + or 10 bytes long. HMAC key in key_hex must be exactly 20 bytes in hex. + """ + try: + uid_hex.decode("hex") + if len(key_hex.decode("hex")) != 20: + print >> sys.stderr, "Key must be exactly 20 bytes long!" + sys.exit(1) + sql = """INSERT INTO authorized_hmac_keys + (uid_hex, nick, key_hex) + VALUES (?, ?, ?) + """ + sql_data = (uid_hex, nick, key_hex) + cursor.execute(sql, sql_data) + except TypeError: + print >> sys.stderr, "UID and key must be in proper hex encoding" + sys.exit(1) + +if __name__ == "__main__": + parser = OptionParser() + parser.add_option("-c", "--config", action="store", type="string", dest="config", + help="Configuration file") + parser.add_option("-a", "--authtype", action="store", type="string", dest="authtype", + help="Authenthication type - uid or hmac") + (opts, args) = parser.parse_args() + + if opts.config is None: + print >> sys.stderr, "You must specify config file via the -c option!" + sys.exit(1) + + if opts.authtype not in ["uid", "hmac"]: + print >> sys.stderr, "You must specify authentication type via -a option!" + print >> sys.stderr, "Acceptable choices: uid, hmac" + sys.exit(1) + + config = BrmdoorConfig(opts.config) + conn = sqlite3.connect(config.authDbFilename) + cursor = conn.cursor() + + if opts.authtype == "uid": + if len(args) < 2: + print >> sys.stderr, "You must two additional arguments, hex UID and nick" + print >> sys.stderr, "Example:" + print >> sys.stderr, "brmdoor_adduser.py -c brmdoor.config -a uid 34795FCC SomeUserName" + sys.exit(1) + addUidAuth(cursor, args[0], args[1]) + elif opts.authtype == "hmac": + if len(args) < 3: + print >> sys.stderr, "You must three additional arguments, hex UID and nick and hex key" + print >> sys.stderr, "brmdoor_adduser.py -c brmdoor.config -a hmac 40795FCCAB0701 SomeUserName 000102030405060708090a0b0c0d0e0f31323334" + sys.exit(1) + addHmacAuth(cursor, args[0], args[1], args[2]) + + conn.commit() + conn.close()