forked from nemo-cluster/2fa
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathoathgen
executable file
·56 lines (47 loc) · 1.63 KB
/
oathgen
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
#!/bin/bash
export LOGINNAME="<login.knoten>"
OATH_HOTL="<[email protected]>"
ISSUER="<issuer>"
IMG_URL="<favicon.url>"
OATH_USER_FILE=/usr/local/etc/oath/$USER
export PUB_KEY_FILE=/etc/public_key.gpg
export OATH_TMP_FILE=${HOME}/.oath.enc
export PUB_KEY="key@subission"
add_user () {
OATH_SEED_BASE16=$( head -c 15 /dev/urandom | xxd -p )
OATH_SEED_BASE32=$( echo $OATH_SEED_BASE16 | xxd -p -r | base32)
gpg --import $PUB_KEY_FILE 2> /dev/null
echo -e "$OATH_SEED_BASE16" | gpg2 -a -e -r "$PUB_KEY" --trust-model always > $OATH_TMP_FILE
echo "Only if you cannot scan the QR Code with your Authenticator APP:"
echo "Base32: $OATH_SEED_BASE32"
echo "Type: TOTP"
echo "Digits: 6"
echo "Iterations: 30"
echo "Algorithm: SHA-1"
qrencode -t UTF8 "otpauth://totp/${1}@${LOGINNAME}?secret=${OATH_SEED_BASE32}&issuer=$ISSUER&image=$IMG_URL"
echo "RUN" | nc ::1 165
}
err() {
echo "$1" >&2
exit 1
}
test -n "$SSH_TTY" || err "Please use a client with a proper console"
if ! [[ -e $OATH_USER_FILE ]]; then
add_user $USER
echo "This QR Code is only shown once, please add it to your Authenticator APP."
echo "Please do not save copies of this code on systems you use to login."
echo
echo "If you close this window or session you are not able to scan the"
echo "QR Code anymore. You will need to contact support."
else
echo "User $USER exists, you already got a QR Code, please contact support:"
echo " $OATH_HOTL"
fi
echo
while true; do
read -p "Exit and close session (y/N) " close
if [ " ${close}" = " y" -o " ${close}" = " Y" ] ; then
exit
fi
done
exit