summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorvuko <vuko@hackerspace.pl>2020-02-12 21:04:09 +0100
committervuko <vuko@hackerspace.pl>2020-02-12 21:04:09 +0100
commit44d194995100e02785ce1dee0e483ad9149b9a33 (patch)
treef456d202027a227fa90451aae4190a8028adc0a1
parentdc3227a7cbfcc965f13989e1b2ffbc92663f3f93 (diff)
downloaddoorman-44d194995100e02785ce1dee0e483ad9149b9a33.tar.gz
doorman-44d194995100e02785ce1dee0e483ad9149b9a33.tar.bz2
doorman-44d194995100e02785ce1dee0e483ad9149b9a33.zip
modify admin to connect via TCPHEADmaster
-rwxr-xr-xadmin/doorman_ldap_sync101
-rw-r--r--admin/lib/proto.py24
-rw-r--r--admin/options.py4
3 files changed, 121 insertions, 8 deletions
diff --git a/admin/doorman_ldap_sync b/admin/doorman_ldap_sync
new file mode 100755
index 0000000..9ff3c74
--- /dev/null
+++ b/admin/doorman_ldap_sync
@@ -0,0 +1,101 @@
+#!/usr/bin/env python2
+
+import ldap
+import getpass
+import pprint
+import requests
+
+from sys import argv
+
+import options
+from lib.actions import revoke_hash, add
+from lib.proto import Proto
+from lib.storage import get_card
+from lib.password import get_token
+from lib.command import signed_command
+
+MEMBER_FILTER = ('(|'
+ '(memberOf=cn=starving,ou=Group,dc=hackerspace,dc=pl)'
+ '(memberOf=cn=fatty,ou=Group,dc=hackerspace,dc=pl)'
+ '(memberOf=cn=potato,ou=Group,dc=hackerspace,dc=pl)'
+ ')')
+
+
+class shorthash(tuple):
+ """string which only compares first 12 characters"""
+
+ def __hash__(self):
+ return hash(str(self[0][:12].lower()))
+
+ def __eq__(self, other):
+ return hash(self) == hash(other)
+
+ def __repr__(self):
+ return 'shorthash(%s)' % (tuple.__repr__(self))
+
+
+def get_current_cards(token, proto):
+ cards = set()
+
+ proto.send(signed_command(command='P', hash=options.empty_hash, uid=0, token=token))
+
+ while True:
+ l = proto.fd.readline().strip()
+
+ if not l.startswith('REC,'):
+ continue
+ print(l)
+ _, i, d, card_hash = l.strip().split(',')
+
+ if i == d:
+ cards.add(shorthash((card_hash.lower(), None)))
+
+ if i == '8C':
+ return cards
+
+
+def get_target_cards(c):
+ cards = set()
+ for user, attrs in c.search_s('ou=People,dc=hackerspace,dc=pl',ldap.SCOPE_SUBTREE,'(&(mifareIDHash=*)%s)' % MEMBER_FILTER, ['mifareIDHash', 'uid']):
+ for h in attrs['mifareIDHash']:
+ cards.add(shorthash((h, user)))
+ return cards
+
+if __name__ == "__main__":
+ url = argv[1] if len(argv) > 1 else options.url
+ token = get_token()
+ proto = Proto(url)
+
+ c = ldap.initialize('ldap://ldap.hackerspace.pl')
+ c.start_tls_s()
+ c.simple_bind_s('uid=%s,ou=People,dc=hackerspace,dc=pl' % (getpass.getuser(),), getpass.getpass('LDAP password: '))
+ target = get_target_cards(c)
+ cur = get_current_cards(token, proto)
+
+ to_remove = cur - target
+ to_add = target - cur
+ print 'current:', len(cur)
+ print 'target:', len(target)
+ pprint.pprint(target)
+
+ print 'to add:', len(to_add)
+ pprint.pprint(to_add)
+ print 'to remove:', len(to_remove)
+ pprint.pprint(to_remove)
+
+ max_cards = 140
+
+ print 'Memory utilization: %d / %d (%.2f%%)' % (
+ len(cur), max_cards, 100.0 * len(cur) / max_cards
+ )
+
+ print('Press y to confirm removal')
+
+ if raw_input().lower().strip() == 'y':
+ for h, u in to_remove:
+ print('Removing %s' % h)
+ revoke_hash(token, h, proto=proto)
+
+ for h, u in to_add:
+ print('Adding %s' % u)
+ add(token, h, proto=proto)
diff --git a/admin/lib/proto.py b/admin/lib/proto.py
index 16c0ae3..8ceb8d8 100644
--- a/admin/lib/proto.py
+++ b/admin/lib/proto.py
@@ -2,6 +2,8 @@ from time import sleep
from sys import stderr
import serial
+import socket
+import ssl
from command import Command
import options
@@ -14,20 +16,30 @@ class Proto(object):
kwa.update(options.serial)
kwa.update(kwargs)
url = url or options.url
- self.fd = serial.serial_for_url(url, **kwa)
+ sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+ sock.settimeout(20)
+ print ('wrapping..')
+ ctx = ssl.create_default_context()
+ self.sock = ssl.wrap_socket(sock)
+ print ('connecting')
+ self.sock.connect((url, 443))
+ self.sock.settimeout(60)
+ print ('done')
+
+ self.fd = self.sock.makefile()
+ #self.fd = serial.serial_for_url(url, **kwa)
sleep(options.init_sleep)
- self.fd.flushInput()
- self.fd.flushOutput()
+ ##self.fd.flushInput()
+ #self.fd.flushOutput()
print >> stderr, 'Serial port ready'
def send(self, command):
cmd = str(command) + '\n'
print cmd
for i in cmd:
- sleep(0.02)
- self.fd.write(i)
+ self.sock.send(i)
def recv(self):
line = self.fd.readline()
- print line
+ print (line)
if line[0] != '$':
return self.recv()
cmd = Command.from_str(line)
diff --git a/admin/options.py b/admin/options.py
index a8dc32a..b8c7025 100644
--- a/admin/options.py
+++ b/admin/options.py
@@ -1,4 +1,4 @@
-url = '/dev/ttyACM0'
+url = '10.8.0.119'
serial = dict(
baudrate = 19200,
timeout = 60,
@@ -21,4 +21,4 @@ hash_bytes = 64
mac_bytes = 64
-init_sleep = 3
+init_sleep = 0