addline

#!/bin/bash -e

SECRET=/etc/2fa/secret
OATH_FILE=/home/2fa/users.oath
OATH_LOCK=/home/2fa/users.lock
export PATH="/opt/openssl/bin:$PATH"
export LD_LIBRARY_PATH="/opt/openssl/lib"

mkdir -m 100 -p /tmp/incomming
tmpfile=$(mktemp /tmp/incomming/oath-XXXXXXXXXXXX)
cat > $tmpfile
mac=$(cat $SECRET $tmpfile | head --lines=-1 | openssl sha3-256 -binary | base64)
if [ ! "$mac" = "$(tail -1 $tmpfile)" ];
  then echo Error: MAC not valid >&2
  exit 1
fi
user=$(head --lines=-1 $tmpfile | tail -1)
OATH_SEED_BASE16=$(head --lines=-2 $tmpfile | gpg2 -d 2>/dev/null )
echo -e "Got new 2FA seed:\nMac: $mac" >&2
exec 134> $OATH_LOCK
flock -w 100 134
cp -a $OATH_FILE $OATH_FILE-
grep -v -P "[[:space:]]${user}[[:space:]]" $OATH_FILE > $OATH_FILE- || true
mv $OATH_FILE- $OATH_FILE
builtin echo -e "HOTP/T30/6\t${user}\t-\t$OATH_SEED_BASE16" >> $OATH_FILE
flock -u 134
builtin echo -e "HOTP/T30/6\t${user}\t-\t$OATH_SEED_BASE16" >&2
rm $tmpfile