diff options
author | vuko <vuko@hackerspace.pl> | 2020-02-12 21:04:09 +0100 |
---|---|---|
committer | vuko <vuko@hackerspace.pl> | 2020-02-12 21:04:09 +0100 |
commit | 44d194995100e02785ce1dee0e483ad9149b9a33 (patch) | |
tree | f456d202027a227fa90451aae4190a8028adc0a1 | |
parent | dc3227a7cbfcc965f13989e1b2ffbc92663f3f93 (diff) | |
download | doorman-master.tar.gz doorman-master.tar.bz2 doorman-master.zip |
-rwxr-xr-x | admin/doorman_ldap_sync | 101 | ||||
-rw-r--r-- | admin/lib/proto.py | 24 | ||||
-rw-r--r-- | admin/options.py | 4 |
3 files changed, 121 insertions, 8 deletions
diff --git a/admin/doorman_ldap_sync b/admin/doorman_ldap_sync new file mode 100755 index 0000000..9ff3c74 --- /dev/null +++ b/admin/doorman_ldap_sync @@ -0,0 +1,101 @@ +#!/usr/bin/env python2 + +import ldap +import getpass +import pprint +import requests + +from sys import argv + +import options +from lib.actions import revoke_hash, add +from lib.proto import Proto +from lib.storage import get_card +from lib.password import get_token +from lib.command import signed_command + +MEMBER_FILTER = ('(|' + '(memberOf=cn=starving,ou=Group,dc=hackerspace,dc=pl)' + '(memberOf=cn=fatty,ou=Group,dc=hackerspace,dc=pl)' + '(memberOf=cn=potato,ou=Group,dc=hackerspace,dc=pl)' + ')') + + +class shorthash(tuple): + """string which only compares first 12 characters""" + + def __hash__(self): + return hash(str(self[0][:12].lower())) + + def __eq__(self, other): + return hash(self) == hash(other) + + def __repr__(self): + return 'shorthash(%s)' % (tuple.__repr__(self)) + + +def get_current_cards(token, proto): + cards = set() + + proto.send(signed_command(command='P', hash=options.empty_hash, uid=0, token=token)) + + while True: + l = proto.fd.readline().strip() + + if not l.startswith('REC,'): + continue + print(l) + _, i, d, card_hash = l.strip().split(',') + + if i == d: + cards.add(shorthash((card_hash.lower(), None))) + + if i == '8C': + return cards + + +def get_target_cards(c): + cards = set() + for user, attrs in c.search_s('ou=People,dc=hackerspace,dc=pl',ldap.SCOPE_SUBTREE,'(&(mifareIDHash=*)%s)' % MEMBER_FILTER, ['mifareIDHash', 'uid']): + for h in attrs['mifareIDHash']: + cards.add(shorthash((h, user))) + return cards + +if __name__ == "__main__": + url = argv[1] if len(argv) > 1 else options.url + token = get_token() + proto = Proto(url) + + c = ldap.initialize('ldap://ldap.hackerspace.pl') + c.start_tls_s() + c.simple_bind_s('uid=%s,ou=People,dc=hackerspace,dc=pl' % (getpass.getuser(),), getpass.getpass('LDAP password: ')) + target = get_target_cards(c) + cur = get_current_cards(token, proto) + + to_remove = cur - target + to_add = target - cur + print 'current:', len(cur) + print 'target:', len(target) + pprint.pprint(target) + + print 'to add:', len(to_add) + pprint.pprint(to_add) + print 'to remove:', len(to_remove) + pprint.pprint(to_remove) + + max_cards = 140 + + print 'Memory utilization: %d / %d (%.2f%%)' % ( + len(cur), max_cards, 100.0 * len(cur) / max_cards + ) + + print('Press y to confirm removal') + + if raw_input().lower().strip() == 'y': + for h, u in to_remove: + print('Removing %s' % h) + revoke_hash(token, h, proto=proto) + + for h, u in to_add: + print('Adding %s' % u) + add(token, h, proto=proto) diff --git a/admin/lib/proto.py b/admin/lib/proto.py index 16c0ae3..8ceb8d8 100644 --- a/admin/lib/proto.py +++ b/admin/lib/proto.py @@ -2,6 +2,8 @@ from time import sleep from sys import stderr import serial +import socket +import ssl from command import Command import options @@ -14,20 +16,30 @@ class Proto(object): kwa.update(options.serial) kwa.update(kwargs) url = url or options.url - self.fd = serial.serial_for_url(url, **kwa) + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + sock.settimeout(20) + print ('wrapping..') + ctx = ssl.create_default_context() + self.sock = ssl.wrap_socket(sock) + print ('connecting') + self.sock.connect((url, 443)) + self.sock.settimeout(60) + print ('done') + + self.fd = self.sock.makefile() + #self.fd = serial.serial_for_url(url, **kwa) sleep(options.init_sleep) - self.fd.flushInput() - self.fd.flushOutput() + ##self.fd.flushInput() + #self.fd.flushOutput() print >> stderr, 'Serial port ready' def send(self, command): cmd = str(command) + '\n' print cmd for i in cmd: - sleep(0.02) - self.fd.write(i) + self.sock.send(i) def recv(self): line = self.fd.readline() - print line + print (line) if line[0] != '$': return self.recv() cmd = Command.from_str(line) diff --git a/admin/options.py b/admin/options.py index a8dc32a..b8c7025 100644 --- a/admin/options.py +++ b/admin/options.py @@ -1,4 +1,4 @@ -url = '/dev/ttyACM0' +url = '10.8.0.119' serial = dict( baudrate = 19200, timeout = 60, @@ -21,4 +21,4 @@ hash_bytes = 64 mac_bytes = 64 -init_sleep = 3 +init_sleep = 0 |