Chaospott/foodoord
8
1
Fork 0
Code Issues Pull Requests Releases 9 Wiki Activity

Compare commits

base: Chaospott:72b2276603f2e0b05fff27dafaed1c3296014ca0
Branches Tags
Chaospott:master Chaospott:LukasLenCP-patch-1 Chaospott:debian
Chaospott:3.3.3 Chaospott:3.3.1 Chaospott:3.3.0 Chaospott:3.2.0 Chaospott:3.1.0 Chaospott:v3.0.4 Chaospott:v3.0.3 Chaospott:v3.0.1 Chaospott:v3.0.0 Chaospott:v2 Chaospott:v1
..
compare: Chaospott:LukasLenCP-patch-1
Branches Tags
Chaospott:master Chaospott:LukasLenCP-patch-1 Chaospott:debian
Chaospott:3.3.3 Chaospott:3.3.1 Chaospott:3.3.0 Chaospott:3.2.0 Chaospott:3.1.0 Chaospott:v3.0.4 Chaospott:v3.0.3 Chaospott:v3.0.1 Chaospott:v3.0.0 Chaospott:v2 Chaospott:v1

1 Commits
72b2276603 ... LukasLenCP

Author SHA1 Message Date
LukasLenCP
e623d7f21a ed25519 support 
My attempt to get ed25519 support for the doors in the script.
Please check function and syntax!
 2020-05-21 20:11:56 +02:00
7 changed files with 39 additions and 189 deletions
Expand all files Collapse all files

28
foodoor
View File

@ -9,29 +9,15 @@ if [ ! -e $PIPE_PATH ]
exit 1 exit 1
fi fi
action="$1" case $1 in
isTriggerActivated="0" close)
echo close > $PIPE_PATH
if [ -z "$action" ]
then
action="$SSH_ORIGINAL_COMMAND"
isTriggerActivated="1"
fi
case $action in
close|open)
echo $action | tee $PIPE_PATH |sed 's/open/UNLOCKED/;s/close/LOCKED/' > /state
;; ;;
status) open)
echo open > $PIPE_PATH
;; ;;
*) *)
echo "Usage: $(basename $0) { close, open, status }" echo "Usage: $(basename $0) { close, open}"
exit 1 exit 1
;; ;;
esac esac
if [ $isTriggerActivated -eq 1 ]
then
cat /state
sleep 2
fi

2
foodoor-ssh-wrapper Executable file
View File

@ -0,0 +1,2 @@
#!/bin/sh
ssh -i /root/.ssh/id_rsa_gitlab_deploy $1 $2

94
foodoor-update-keydb
View File

@ -2,82 +2,40 @@
set -e set -e
export PATH="/usr/bin:/bin:/usr/sbin:/sbin" export PATH="/usr/bin:/bin:/usr/sbin:/sbin"
export GIT_SSH="/usr/sbin/foodoor-ssh-wrapper"
dest=/var/run/foodoor-keys dest=/var/run/foodoor-keys
temp_outfile="$dest.tmp"
if [ ! -e "${dest}/.git/config" ] if [ ! -e "${dest}/.git/config" ]
then then
#echo "Repo does not exist, trying to clone..." #echo "Repo does not exist, trying to clone..."
( cd /var/run && git clone --quiet --single-branch --depth=1 ssh://git.chaospott.de/Keyverwaltung/foodoor-keys.git "${dest}" ) ( cd /var/run && git clone --quiet --single-branch --depth=1 ssh://git.chaospott.de/Chaospott/foodoor-keys.git "${dest}" )
else else
#echo "Repo exists, updating..." #echo "Repo exists, updating..."
( cd "${dest}" && git fetch --quiet && git merge --quiet origin/master master ) ( cd "${dest}" && git fetch --quiet && git merge --quiet origin/master master )
fi fi
rm -f ${temp_outfile} for action in open close
find "${dest}/keys" -name '*.pub' | sort | \ do
while read keyfile outfile="${dest}/authorized_keys.${action}"
do rm -f ${outfile}
find "${dest}/keys" -name '*.pub' | sort | \
while read keyfile
do
ssh-keygen -l -f ${keyfile} &> /dev/null ssh-keygen -l -f ${keyfile} &> /dev/null
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
valid=false key_length=`ssh-keygen -l -f ${keyfile} | cut -d" " -f1`
keyinfo=$(ssh-keygen -l -f ${keyfile}) # The whole key information if ssh-keygen -l -f id_ed25519.pub| cut -d" " -f4 == "(ED25519)"; then
crypto=$(echo "${keyinfo}" | cut -d" " -f4) # Looks like "(RSA)" or "(ED25519)" key_length += 3840
key_length=$(echo "${keyinfo}" | cut -d" " -f1) if [ ${key_length} -lt 4096 ]; then
echo "Key size of key ${keyfile} not equal to 4096. Not adding it to key database." >&2
if [ "${crypto}" == "(RSA)" ]; then continue
fi
if [ ${key_length} -lt 4096 ]; then fi
echo "Key size of key ${keyfile} not equal to 4096. Not adding it to key database." >&2 printf "command=\"/usr/sbin/foodoor ${action}\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding " >> ${outfile}
continue cat "${keyfile}" >> ${outfile}
else echo >> ${outfile}
valid=true done
fi install -d -o ${action} -g nogroup -m 0700 /var/lib/foodoor/${action}/.ssh
install -b -S .last -o ${action} -g nogroup -m 0600 ${outfile} /var/lib/foodoor/${action}/.ssh/authorized_keys
elif [ "${crypto}" == "(ED25519)" ]; then
valid=true
fi
if [ "$valid" = true ]; then
echo "command=\"/usr/sbin/foodoor \$action \",no-port-forwarding,no-X11-forwarding,no-agent-forwarding $(cat ${keyfile})" >> ${temp_outfile}
fi
fi
done
for appendix in open close door
do
action="$appendix"
if [ "$action" = "door" ]
then
action=""
fi
export action
outfile="${dest}/authorized_keys.${appendix}"
cat ${temp_outfile} |envsubst > ${outfile}
# Oben
if [ "$(hostname)" = "foodoor" ]; then
install -d -o ${appendix} -g nogroup -m 0700 /var/lib/foodoor/${appendix}/.ssh
install -b -S .last -o ${appendix} -g nogroup -m 0600 ${outfile} /var/lib/foodoor/${appendix}/.ssh/authorized_keys
fi
# Unten
if [ "$(hostname)" = "kellertuer" ]; then
if [ "${action}" = "open" ]; then
owner="unlock"
elif [ "${action}" = "close" ]; then
owner="lock"
fi
install -d -o ${owner} -g nogroup -m 0700 /var/lib/foodoor/${action}/.ssh
install -b -S .last -o ${owner} -g nogroup -m 0600 ${outfile} /var/lib/foodoor/${action}/.ssh/authorized_keys
if [ "${appendix}" = "door" ]; then
install -d -o ${appendix} -g nogroup -m 0700 /var/lib/foodoor/${appendix}/.ssh
install -b -S .last -o ${appendix} -g nogroup -m 0600 ${outfile} /var/lib/foodoor/${appendix}/.ssh/authorized_keys
fi
fi
done done

0
foodoord_oben → foodoord
View File

7
foodoord.conf
View File

@ -1,4 +1,5 @@
[doorstatus] [door_firstlevel_old]
status_url = status_url =
key =
secret = [door_firstlevel]
status_url =

0
foodoord_initd Executable file → Normal file
View File

97
foodoord_unten
View File

@ -1,97 +0,0 @@
#! /usr/bin/python
import os
import stat
import time
import urllib2
import signal
import sys
import RPi.GPIO as gpio
import grp
from ConfigParser import SafeConfigParser
#Read config
parser = SafeConfigParser()
parser.read('/etc/foodoord.conf')
doorapi = parser.get('doorstatus', 'status_url')
consumerkey = parser.get('doorstatus', 'key')
consumersecret = parser.get('doorstatus', 'secret')
#Definitions for output
LED_RED=6
LED_GREEN=7
RELAYS_LOCK=0
RELAYS_UNLOCK=1
PIN_OPEN=24
PIN_CLOSE=27
#Definitions for input
DOOR_BELL=0
REED_RELAYS=1 #not implementet yet
#Definitions for LEDcolor
RED=1
GREEN=2
ORANGE=3
def write_state(state):
try:
handle = open("/tmp/door_state", "w")
handle.write(state)
handle.close()
except:
pass
def update_api(locked):
try:
os.system("/usr/bin/curl -XPOST --header 'Content-Type: application/json' --data '{ \"consumer_key\": \"" + consumerkey + "\", \"consumer_secret\": \"" + consumersecret + "\", \"cellar\": " + str(locked).lower() + " }' '" + doorapi + "' ")
except:
pass
if __name__ == "__main__":
#Startsettings
STATUS=False
gpio.setmode(gpio.BCM)
gpio.setup(PIN_OPEN, gpio.OUT)
gpio.setup(PIN_CLOSE, gpio.OUT)
#Setting up FiFo to get sshd-output
try:
os.mkfifo("/var/run/foodoord.pipe")
os.chown("/var/run/foodoord.pipe", -1, grp.getgrnam('foodoor')[2])
os.chmod("/var/run/foodoord.pipe", stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP | stat.S_IWGRP)
except OSError:
pass
with open("/var/run/foodoord.pipe", "r") as ssh_input:
while 1:
#Read sshd-output from pipe
Pipe = ssh_input.readline()[:-1]
if (Pipe == "close"):
gpio.output(PIN_CLOSE,1)
time.sleep(1)
gpio.output(PIN_CLOSE,0)
write_state("closed")
update_api(True)
elif (Pipe == "open"):
#Locking
gpio.output(PIN_OPEN,1)
time.sleep(1)
gpio.output(PIN_OPEN,0)
#Save State
write_state("open")
#Status Update
update_api(False)
time.sleep(0.2)