From 82693fd85ad1299d920763d630356e770feaccdf Mon Sep 17 00:00:00 2001
From: Elia Marcinkiewicz <elia@marcinkiewicz.me>
Date: Fri, 28 Jul 2023 23:29:29 +0200
Subject: [PATCH] add tools/get_hashes python script, update README

---
 README.md        | 54 +++++++++++++++++++++---------------------------
 tools/get_hashes | 28 +++++++++++++++++++++++++
 2 files changed, 51 insertions(+), 31 deletions(-)
 create mode 100755 tools/get_hashes

diff --git a/README.md b/README.md
index 012809d..87a762d 100644
--- a/README.md
+++ b/README.md
@@ -3,40 +3,32 @@
 - `esp32/` contains the micropython source which talks w/ NFC module and keypad over UART (two channels)
 - `keypad/` has some magical Arduino code (sorry)
 
+## scanning new cards
+
+connect USB cable, use `mpremote` or any serial termnal to listen to logs, read card hash from logs
+
+example:
+
+```
+$ mpremote 
+Connected to MicroPython at /dev/ttyUSB1
+Use Ctrl-] or Ctrl-x to exit this shell
+PN532: No response from PN532!
+PN532: No response from PN532!
+PN532: No response from PN532!
+Card UUID: 403dcb1e
+Card hash: dfe9bedbf230cf67dfa65249a7517af81175496642724a18ac728ecac7c90862
+Unknown hash, ignoring
+PN532: No response from PN532!
+PN532: No response from PN532!
+$
+```
+
 ## syncing data from LDAP
 
 big TODO; currently, you need to:
-1. clone the old doorman repo and patch the `doorman_ldap_sync` file (see my shitty patch attached below)
-
-```
---- a/admin/bin/doorman_ldap_sync
-+++ b/admin/bin/doorman_ldap_sync
-@@ -63,14 +63,18 @@ def get_target_cards(c):
- 
- if __name__ == "__main__":
-     url = argv[1] if len(argv) > 1 else options.url
--    token = get_token()
--    proto = Proto(url)
-+    #token = get_token()
-+    #proto = Proto(url)
- 
-     c = ldap.initialize('ldap://ldap.hackerspace.pl')
-     c.start_tls_s()
--    c.simple_bind_s('uid=%s,ou=People,dc=hackerspace,dc=pl' % (getpass.getuser(),), getpass.getpass('LDAP password: '))
-+    c.simple_bind_s('uid=%s,ou=People,dc=hackerspace,dc=pl' % ('sdomi',), getpass.getpass('LDAP password: '))
-     target = get_target_cards(c)
--    cur = get_current_cards(token, proto)
-+    pprint.pprint(target)
-+    for h, u in target:
-+        print(h)
-+
-+    #cur = get_current_cards(token, proto)
- 
-     to_remove = cur - target
-     to_add = target - cur
-```
-
-2. launch the script, copy all the lines with the hashes and save them a file
+1. use the `tools/get_hashes` python script to pull card hashes from LDAP (requires python-ldap)
+2. put the output in a `hashes` file
 3. `mpremote fs cp hashes :hashes`
 
 plans: web UI like vuko's design
diff --git a/tools/get_hashes b/tools/get_hashes
new file mode 100755
index 0000000..d4755ba
--- /dev/null
+++ b/tools/get_hashes
@@ -0,0 +1,28 @@
+#!/usr/bin/env python3
+
+import ldap
+import getpass
+import pprint
+
+from sys import argv
+
+MEMBER_FILTER = ('(|'
+    '(memberOf=cn=starving,ou=Group,dc=hackerspace,dc=pl)'
+    '(memberOf=cn=fatty,ou=Group,dc=hackerspace,dc=pl)'
+    '(memberOf=cn=potato,ou=Group,dc=hackerspace,dc=pl)'
+    ')')
+
+def get_target_cards(c):
+    cards = set()
+    for user, attrs in c.search_s('ou=People,dc=hackerspace,dc=pl',ldap.SCOPE_SUBTREE,'(&(mifareIDHash=*)%s)' % MEMBER_FILTER, ['mifareIDHash', 'uid']):
+        for h in attrs['mifareIDHash']:
+            cards.add(h.decode('ascii'))
+    return cards
+
+if __name__ == "__main__":
+    c = ldap.initialize('ldap://ldap.hackerspace.pl')
+    c.start_tls_s()
+    c.simple_bind_s('uid=%s,ou=People,dc=hackerspace,dc=pl' % (getpass.getuser(),), getpass.getpass('LDAP password: '))
+    target = get_target_cards(c)
+    for h in target:
+        print(h)