Skip to content

Commit

Permalink
Add support to decrypt token
Browse files Browse the repository at this point in the history
Plus move manpage into the right section
  • Loading branch information
mricon committed Sep 20, 2013
1 parent 9ab1c0f commit dcfd274
Show file tree
Hide file tree
Showing 4 changed files with 79 additions and 26 deletions.
40 changes: 35 additions & 5 deletions contrib/totpprov.5 → contrib/totpprov.1
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.\" Man page generated from reStructeredText.
.\" Man page generated from reStructuredText.
.
.TH TOTPPROV "2012-05-25" "0.5.0" ""
.TH TOTPPROV 1 "2013-09-20" "0.5.5" ""
.SH NAME
totpprov \- Simple provisioning script for totpcgi
.
Expand Down Expand Up @@ -49,10 +49,10 @@ provisioning.conf to operate on user records.
.B \-\-version
show program\(aqs version number and exit
.TP
.B \-h, \-\-help
.B \-h\fP,\fB \-\-help
show this help message and exit
.TP
.BI \-c \ CONFIG_FILE, \ \-\-config\fB= CONFIG_FILE
.BI \-c \ CONFIG_FILE\fP,\fB \ \-\-config\fB= CONFIG_FILE
Path to provisioning.conf
(Default: /etc/totpcgi/provisioning.conf)
.UNINDENT
Expand All @@ -79,6 +79,9 @@ sets pincode for user
.B encrypt\-user\-token
encrypts existing token with the user\(aqs pincode
.TP
.B decrypt\-user\-token
decrypts existing encrypted token with the user\(aqs pincode
.TP
.B generate\-user\-token
generates a new token for user
.TP
Expand All @@ -88,42 +91,69 @@ provisions a new user
.SH EXAMPLES
.sp
To provision a user:
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
totpprov provision\-user bobafett
.ft P
.fi
.UNINDENT
.UNINDENT
.sp
To delete a user:
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
totpprov delete\-user bobafett
.ft P
.fi
.UNINDENT
.UNINDENT
.sp
To delete a token:
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
totpprov delete\-user\-token bobafett
.ft P
.fi
.UNINDENT
.UNINDENT
.sp
To set/change user pincode:
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
totpprov set\-user\-pincode bobafett
.ft P
.fi
.UNINDENT
.UNINDENT
.sp
To generate a new google\-authenticator token for user:
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
totpprov generate\-user\-token bobafett
.ft P
.fi
.UNINDENT
.UNINDENT
.SH AUTHOR
konstantin@linuxfoundation.org

License: GPLv2+
.SH COPYRIGHT
Linux Foundation and contributors
.\" Generated by docutils manpage writer.
.\"
.
34 changes: 25 additions & 9 deletions contrib/totpprov.py
Original file line number Diff line number Diff line change
Expand Up @@ -134,6 +134,23 @@ def encrypt_user_token(backends, config, args):
backends.secret_backend.save_user_secret(user, gaus, pincode)
print 'Successfully encrypted user secret'

def decrypt_user_token(backends, config, args):
user = args[1]
pincode = getpass.getpass('Pincode for user %s: ' % user)

# Try getting the user secret
try:
gaus = backends.secret_backend.get_user_secret(user, pincode)
except totpcgi.UserNotFound, ex:
print 'Error: No existing tokens found for user %s' % user
sys.exit(1)
except totpcgi.UserSecretError, ex:
print 'Error: Could not decrypt the secret for user %s' % user
sys.exit(1)

backends.secret_backend.save_user_secret(user, gaus, None)
print 'Successfully decrypted user secret'

def generate_user_token(backends, config, args, pincode=None):
user = args[1]

Expand Down Expand Up @@ -228,49 +245,48 @@ def provision_user(backends, config, args):
if command == 'delete-user':
print 'Deleting user %s' % args[1]
ays()

delete_user(backends, config, args)

elif command == 'delete-user-state':
print 'Deleting state data for user %s' % args[1]
ays()

delete_user_state(backends, config, args)

elif command == 'delete-user-pincode':
print 'Deleting pincode for user %s' % args[1]
ays()

delete_user_pincode(backends, config, args)

elif command == 'delete-user-token':
print 'Deleting token data for user %s' % args[1]
ays()

delete_user_secret(backends, config, args)

elif command == 'set-user-pincode':
print 'Setting pincode for user %s' % args[1]
ays()

set_user_pincode(backends, config, args)

elif command == 'encrypt-user-token':
print 'Encrypting user token for %s' % args[1]
ays()

encrypt_user_token(backends, config, args)

elif command == 'decrypt-user-token':
print 'Decrypting user token for %s' % args[1]
ays()
decrypt_user_token(backends, config, args)

elif command == 'generate-user-token':
print 'Generating new token for user %s' % args[1]
ays()

generate_user_token(backends, config, args)

elif command == 'provision-user':
print 'Provisioning new TOTP user %s' % args[1]
ays()

provision_user(backends, config, args)


else:
parser.error('Unknown command: %s' % command)

27 changes: 17 additions & 10 deletions contrib/totpprov.rst
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,11 @@ Simple provisioning script for totpcgi
--------------------------------------

:Author: konstantin@linuxfoundation.org
:Date: 2012-05-25
:Date: 2013-09-20
:Copyright: Linux Foundation and contributors
:License: GPLv2+
:Version: 0.5.0
:Version: 0.5.5
:Manual section: 1

SYNOPSIS
--------
Expand All @@ -31,22 +32,24 @@ OPTIONS

COMMANDS
--------
delete-user
delete-user
deletes user record
delete-user-state
delete-user-state
deletes any existing state information for user
delete-user-pincode
delete-user-pincode
deletes pincode entry for user
delete-user-token
delete-user-token
deletes the token issued to user

set-user-pincode
set-user-pincode
sets pincode for user
encrypt-user-token
encrypt-user-token
encrypts existing token with the user's pincode
generate-user-token
decrypt-user-token
decrypts existing encrypted token with the user's pincode
generate-user-token
generates a new token for user
provision-user
provision-user
provisions a new user

EXAMPLES
Expand All @@ -59,6 +62,10 @@ To delete a user::

totpprov delete-user bobafett

To delete a token::

totpprov delete-user-token bobafett

To set/change user pincode::

totpprov set-user-pincode bobafett
Expand Down
4 changes: 2 additions & 2 deletions totpcgi.spec
Original file line number Diff line number Diff line change
Expand Up @@ -114,8 +114,8 @@ install -m 0644 contrib/vhost-totpcgi-provisioning.conf \
# Install totpprov script and manpage
mkdir -p -m 0755 %{buildroot}%{_bindir}
install -m 0755 contrib/totpprov.py %{buildroot}%{_bindir}/totpprov
mkdir -p -m 0755 %{buildroot}%{_mandir}/man5
install -m 0644 contrib/totpprov.5 %{buildroot}%{_mandir}/man5/
mkdir -p -m 0755 %{buildroot}%{_mandir}/man1
install -m 0644 contrib/totpprov.1 %{buildroot}%{_mandir}/man1/

# Install SELinux files
for selinuxvariant in %{selinux_variants}
Expand Down

0 comments on commit dcfd274

Please sign in to comment.