Fincer
/
pam_usb
mirror of https://github.com/Fincer/pam_usb

#!/usr/bin/env python## Copyright (c) 2003-2007 Andrea Luzzardi <scox@sig11.org>## This file is part of the pam_usb project. pam_usb is free software;# you can redistribute it and/or modify it under the terms of the GNU General# Public License version 2, as published by the Free Software Foundation.## pam_usb is distributed in the hope that it will be useful, but WITHOUT ANY# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS# FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more# details.## You should have received a copy of the GNU General Public License along with# this program; if not, write to the Free Software Foundation, Inc., 51 Franklin# Street, Fifth Floor, Boston, MA 02110-1301 USA.
import sysimport osimport gi
gi.require_version('UDisks', '2.0')
from gi.repository import UDisksfrom xml.dom import minidom
class Device:	def __init__(self, udi):		self.__udi = udi		deviceObj = udisksObjectManager.get_object(udi)		driveObj = deviceObj.get_drive()		if not driveObj.get_property('removable'):                        # Workaround for removable devices with fixed media (such as SD cards)                        if not "mmcblk" in udi:                                raise Exception('Not a removable device')		self.vendor = driveObj.get_property('vendor')		self.product = driveObj.get_property('model')		self.serialNumber = driveObj.get_property('serial')		if len(self.volumes()) < 1:			raise Exception('Device does not contain any volume')
	def volumes(self):		vols = []		for udi in [o.get_object_path() for o in udisksObjectManager.get_objects() if o.get_block()]:			obj = udisks.get_object(udi)			blockObj = obj.get_block()			if blockObj.get_property('drive') != self.__udi:				continue			if not obj.get_filesystem():				continue			vols.append({'uuid' : blockObj.get_property('id-uuid'),				'device' : blockObj.get_property('device')})		return vols
	def __repr__(self):		if self.product is not None:			return "%s %s (%s)" % (self.vendor, self.product, self.serialNumber)		return self.serialNumber
def listOptions(question, options, autodetect = True):	if autodetect == True and len(options) == 1:		print(question)		print("* Using \"%s\" (only option)" % options[0])		print()		return 0
	while True:		try:			print(question)			for i in range(len(options)):				print( "%d) %s" % (i, options[i]))			print()			sys.stdout.write('[%s-%s]: ' % (0, len(options) - 1))			optionId = int(sys.stdin.readline())			print			if optionId not in range(len(options)):				raise Exception			return optionId		except KeyboardInterrupt: sys.exit()		except Exception: pass		else: break
def writeConf(options, doc):	try:		f = open(options['configFile'], 'w')		doc.writexml(f)		f.close()	except Exception as err:		print('Unable to save %s: %s' % (options['configFile'], err))		sys.exit(1)	else:		print('Done.')
def shouldSave(options, items):	print("\n".join(["%s\t\t: %s" % item for item in items]))	print()	print('Save to %s ?' % options['configFile'])	sys.stdout.write('[Y/n] ')	response = sys.stdin.readline().strip()	if len(response) > 0 and response.lower() != 'y':		sys.exit(1)
def prettifyElement(element):	tmp = minidom.parseString(element.toprettyxml())	return tmp.lastChild
def addUser(options):	try:		doc = minidom.parse(options['configFile'])	except Exception as err:		print('Unable to read %s: %s' % (options['configFile'], err))		sys.exit(1)	devSection = doc.getElementsByTagName('devices')	if len(devSection) == 0:		print('Malformed configuration file: No <devices> section found.')		sys.exit(1)	devicesObj = devSection[0].getElementsByTagName('device')	if len(devicesObj) == 0:		print('No devices found.')		print('You must add a device (--add-device) before adding users')		sys.exit(1)
	devices = []	for device in devicesObj:		devices.append(device.getAttribute('id'))	device = devices[listOptions("Which device would you like to use for authentication ?",		devices)]
	shouldSave(options, [		('User', options['userName']),		('Device', device)		])
	users = doc.getElementsByTagName('users')	user = doc.createElement('user')	user.attributes['id'] = options['userName']	e = doc.createElement('device')	t = doc.createTextNode(device)	e.appendChild(t)	user.appendChild(e)	users[0].appendChild(prettifyElement(user))	writeConf(options, doc)
def addDevice(options):	devices = []
	for udi in [o.get_object_path() for o in udisksObjectManager.get_objects() if o.get_drive()]:		try:			if options['verbose']:				print('Inspecting %s' % udi)			devices.append(Device(udi))		except Exception as ex:			if options['verbose']:				print("\tInvalid: %s" % ex)			pass		else:			if options['verbose']:				print("\tValid")
	if len(devices) == 0:		print('No devices detected. Try running in verbose (-v) mode to see what\'s going on.')		sys.exit()	device = devices[listOptions("Please select the device you wish to add.", devices)]
	volumes = device.volumes()	volume = volumes[listOptions("Which volume would you like to use for " \			"storing data ?",			["%s (UUID: %s)" % (volume['device'],				volume['uuid'] or "<UNDEFINED>")				for volume in volumes]			)]
	if volume['uuid'] == '':		print('WARNING: No UUID detected for device %s. One time pads will be disabled.' % volume['device'])
	shouldSave(options,[		('Name', options['deviceName']),		('Vendor', device.vendor or "Unknown"),		('Model', device.product or "Unknown"),		('Serial', device.serialNumber),		('UUID', volume['uuid'] or "Unknown")		])
	try:		doc = minidom.parse(options['configFile'])	except Exception as err:		print('Unable to read %s: %s' % (options['configFile'], err))		sys.exit(1)
	devs = doc.getElementsByTagName('devices')
	# Check that the id of the device to add is not already present in the configFile	for devices in devs:		for device in devices.getElementsByTagName("device"):			if device.getAttribute("id") == options['deviceName']:				msg =  [ '\nWARNING: A device node already exits for new device \'%s\'.',						 '\nTo proceed re-run --add-device using a different name or remove the existing entry in %s.' ]				print('\n'.join(msg) % (options['deviceName'], options['configFile']))				sys.exit(2)
	dev = doc.createElement('device')	dev.attributes['id'] = options['deviceName']
	for name, value in (('vendor', device.vendor),			('model', device.product),			('serial', device.serialNumber),			('volume_uuid', volume['uuid'])):		if value is None or value == '':			continue		e = doc.createElement(name)		t = doc.createTextNode(value)		e.appendChild(t)		dev.appendChild(e)
	# Disable one time pads if there's no device UUID	if volume['uuid'] == '':		e = doc.createElement('option')		e.setAttribute('name', 'one_time_pad')		e.appendChild(doc.createTextNode('false'))		dev.appendChild(e)
	devs[0].appendChild(prettifyElement(dev))	writeConf(options, doc)
def usage():	print('Usage: %s [--help] [--verbose] [--config=path] [--add-user=name | --add-device=name]' % os.path.basename(__file__))	sys.exit(1)
import getopt
try:	opts, args = getopt.getopt(sys.argv[1:], "hvd:nu:c:",			["help", "verbose", "add-device=", "add-user=", "config="])except getopt.GetoptError:	usage()
if len(args) != 0:	usage()
options = { 'deviceName' : None, 'userName' : None,		'configFile' : '/etc/security/pam_usb.conf', 'verbose' : False }
for o, a in opts:	if o in ("-h", "--help"):		usage()	if o in ("-v", "--verbose"):		options['verbose'] = True	if o in ("-d", "--add-device"):		options['deviceName'] = a	if o in ("-u", "--add-user"):		options['userName'] = a	if o in ("-c", "--config"):		options['configFile'] = a
if options['deviceName'] is not None and options['userName'] is not None:	print('You cannot use both --add-user and --add-device')	usage()
if options['deviceName'] is None and options['userName'] is None:	usage()
if options['deviceName'] is not None:	udisks = UDisks.Client.new_sync()	udisksObjectManager = udisks.get_object_manager()	try:		addDevice(options)	except KeyboardInterrupt:		sys.exit(1)
if options['userName'] is not None:	try:		addUser(options)	except KeyboardInterrupt:		sys.exit(1)