7marcus9/Keymatic
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Compare commits

base: 7marcus9:debug
Branches Tags
7marcus9:master
7marcus9:debug
..
compare: 7marcus9:master
Branches Tags
7marcus9:debug
7marcus9:master

No commits in common. "debug" and "master" have entirely different histories.
debug ... master

4 changed files with 2 additions and 47 deletions
Download patch file Download diff file Expand all files Collapse all files

4
config.py.example
View file

@ -6,7 +6,3 @@ ldap_server = "ldaps://leidap.server.c3h"
ldap_user = "cn=lock,ou=applications,dc=leitstelle511,dc=net"
ldap_pass = ""
ldap_filter = "(&(objectClass=posixaccount)(memberOf=cn=keymatic,ou=groups,dc=leitstelle511,dc=net))"
kandim_server = "https://auth.hannover.ccc.de"
kandim_token = ""
kandim_group = "keymatic"

37
kandim_query.py
View file

@ -1,37 +0,0 @@
#!/usr/bin/env python3
import config
import json
import urllib.request
def doGET(ep):
req = urllib.request.Request(config.kandim_server + ep)
req.add_header('Authorization', 'Bearer ' + config.kandim_token)
res = urllib.request.urlopen(req)
if res.code != 200:
raise Exception("API ERROR " + ep)
j = json.load(res)
return j
def getGroupUsers(grp):
g = doGET("/v1/group/" + grp)
if 'member' not in g['attrs']:
raise Exception("Attribute 'member' not in Group")
return g['attrs']['member']
def getUser(user):
u = doGET("/v1/person/" + user)
return u['attrs']
userlist = getGroupUsers(config.kandim_group)
for user in userlist:
print("#User: " + user)
uo = getUser(user)
if 'ssh_publickey' not in uo:
continue
for keyf in uo['ssh_publickey']:
key = keyf.split(": ", 1)
if len(key) < 2:
print("# Error while processing key")
continue
if 'keymatic' in key[0]:
print(key[1] + key[0])

4
keymatic.py
View file

@ -6,10 +6,6 @@ import os
import config
import sys
import socket
import setproctitle
from datetime import datetime
setproctitle.setproctitle('keymatic.py [' + str(datetime.utcnow()) + '] ' + str(sys.argv))
lsock = socket.socket(family=socket.AF_INET, type=socket.SOCK_DGRAM)
def send_lsock(msg):

4
update_keys.py
View file

@ -5,10 +5,10 @@ import sys
destfile = "authkeyfile/authorized_keys"
p = subprocess.Popen(["./kandim_query.py"], stdout=subprocess.PIPE, stdin=subprocess.PIPE)
p = subprocess.Popen(["./ldap_query.py"], stdout=subprocess.PIPE, stdin=subprocess.PIPE)
(po, pr) = p.communicate()
if(p.returncode != 0):
print("Data from kandim_query.py seems to be invalid. QUIT")
print("Data from ldap_query.py seems to be invalid. QUIT")
sys.exit(1)
newhash = hashlib.md5(po).hexdigest()