Initial testing of PGP account recovery
ci/woodpecker/push/woodpecker Pipeline was successful
Details
ci/woodpecker/push/woodpecker Pipeline was successful
Details
Signed-off-by: Skylar "The Cobra" Widulski <cobra@vern.cc>
This commit is contained in:
parent
a636454568
commit
d3c2d0935b
|
@ -0,0 +1,138 @@
|
|||
#!/usr/bin/env -S bash -x
|
||||
saveIFS=$IFS
|
||||
IFS='=&'
|
||||
parm=($POST_STRING)
|
||||
IFS=$saveIFS
|
||||
for ((i=0; i<${#parm[@]}; i+=2))
|
||||
do
|
||||
declare arg_${parm[i]}=${parm[i+1]}
|
||||
done
|
||||
|
||||
urldecode() { : "${*//+/ }"; echo -e "${_//%/\\x}"; }
|
||||
sig="$(urldecode "$arg_signature")"
|
||||
key="$(urldecode "$arg_newkey")"
|
||||
if [[ $arg_username ]]; then
|
||||
keyid="$(gpg --import-options show-only --import "/vm/$arg_username/.pgp.asc" 2>&1 | grep '^ ' | xargs)"
|
||||
fi
|
||||
|
||||
generate_challenge() {
|
||||
if [[ -z "$arg_username" ]]; then
|
||||
nouser=1
|
||||
page=default
|
||||
return
|
||||
fi
|
||||
if ! gpg --import-options show-only --import "/vm/$arg_username/.pgp.asc" &> /dev/null; then
|
||||
nokey=1
|
||||
page=default
|
||||
return
|
||||
fi
|
||||
openssl rand -hex 32 > "/var/log/challenges/$arg_username"
|
||||
page=submit
|
||||
return
|
||||
}
|
||||
|
||||
submit_challenge() {
|
||||
if [[ -z "$arg_username" ]]; then
|
||||
nouser=1
|
||||
page=default
|
||||
return
|
||||
fi
|
||||
if [[ -z "$key" ]]; then
|
||||
nossh=1
|
||||
page=default
|
||||
return
|
||||
fi
|
||||
if ! ssh-keygen -l -f /dev/stdin <<< "$key" &> /dev/null; then
|
||||
badssh=1
|
||||
page=default
|
||||
return
|
||||
fi
|
||||
if ! gpg --import-options show-only --import "/vm/$arg_username/.pgp.asc" &> /dev/null; then
|
||||
nokey=1
|
||||
page=default
|
||||
return
|
||||
fi
|
||||
if [[ -z "$sig" ]]; then
|
||||
nosig=1
|
||||
page=default
|
||||
return
|
||||
fi
|
||||
echo "$sig" > "/var/log/challenges/$arg_username.gpg"
|
||||
gpg --homedir /var/log/challenges --import "/vm/$arg_username/.pgp.asc"
|
||||
if gpg --homedir /var/log/challenges \
|
||||
--trust-model always \
|
||||
--verify "/var/log/challenges/$arg_username.gpg" \
|
||||
"/var/log/challenges/$arg_username"; then
|
||||
if [[ "$(gpg --homedir /var/log/challenges \
|
||||
--trust-model always \
|
||||
--verify "/var/log/challenges/$arg_username.gpg" \
|
||||
"/var/log/challenges/$arg_username" 2>&1 |
|
||||
sed -n 's/.*using.*key \(.*\)/\1/p')" == \
|
||||
"$keyid" ]]; then
|
||||
echo "$key" >> "/vm/$username/.ssh/authorized_keys"
|
||||
page=success
|
||||
return
|
||||
else
|
||||
badsig=1
|
||||
page=submit
|
||||
return
|
||||
fi
|
||||
else
|
||||
badsig=1
|
||||
page=submit
|
||||
return
|
||||
fi
|
||||
exit
|
||||
}
|
||||
|
||||
nouser=0
|
||||
nokey=0
|
||||
nossh=0
|
||||
badssh=0
|
||||
nosig=0
|
||||
badsig=0
|
||||
|
||||
case "$arg_method" in
|
||||
generate)
|
||||
generate_challenge
|
||||
;;
|
||||
submit)
|
||||
submit_challenge
|
||||
;;
|
||||
esac
|
||||
|
||||
sedcmd=" -e 's/USERNAME/$arg_username/' -e 's/CHALLENGE/$(</var/log/challenges/$arg_username)/' -e 's/KEYID/$keyid/'"
|
||||
sedcmd="$sedcmd $(if [[ $nokey == 1 ]]; then
|
||||
printf '%s' '-e "s/NOKEY/This user has no <code>.pgp.asc</code> file/"'
|
||||
else
|
||||
printf '%s' '-e "s/NOKEY//"'
|
||||
fi)"
|
||||
sedcmd="$sedcmd $(if [[ $nouser == 1 ]]; then
|
||||
printf '%s' '-e "s/NOUSER/No such user/"'
|
||||
else
|
||||
printf '%s' '-e "s/NOUSER//"'
|
||||
fi)"
|
||||
sedcmd="$sedcmd $(if [[ $nossh == 1 ]]; then
|
||||
printf '%s' '-e "s/NOSSH/No SSH key(s) supplied/"'
|
||||
else
|
||||
printf '%s' '-e "s/NOSSH//"'
|
||||
fi)"
|
||||
sedcmd="$sedcmd $(if [[ $badssh == 1 ]]; then
|
||||
printf '%s' '-e "s/BADSSH/Invalid SSH keyfile/"'
|
||||
else
|
||||
printf '%s' '-e "s/BADSSH//"'
|
||||
fi)"
|
||||
sedcmd="$sedcmd $(if [[ $nosig == 1 ]]; then
|
||||
printf '%s' '-e "s/NOSIG/No signature supplied/"'
|
||||
else
|
||||
printf '%s' '-e "s/NOSIG//"'
|
||||
fi)"
|
||||
sedcmd="$sedcmd $(if [[ $badsig == 1 ]]; then
|
||||
printf '%s' '-e "s/BADSIG/Bad signature/"'
|
||||
else
|
||||
printf '%s' '-e "s/BADSIG//"'
|
||||
fi)"
|
||||
|
||||
sedcmd="${sedcmd:+sed$sedcmd}"
|
||||
|
||||
eval ${sedcmd:-cat} $(dirname $0)/recovery-scripts/pgp/"$page".html
|
|
@ -0,0 +1,25 @@
|
|||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta name="viewport" content="width=device-width">
|
||||
<meta charset="UTF-8">
|
||||
<meta name="description" content="~vern account recovery process">
|
||||
<meta name="keywords" content="~vern, vern, free software, privacy, tilde, tildeverse">
|
||||
<link rel="stylesheet" href="//gcdn.vern.cc/vernsite/style.css">
|
||||
<title>PGP-based Account Recovery | ~vern</title>
|
||||
</head>
|
||||
<body>
|
||||
<!--#include file="nav.php" -->
|
||||
<div class=h><h1 id=pgp-recovery>PGP-based Account Recovery</h1> <a aria-hidden=true href=#pgp-recovery>#pgp-recovery</a></div>
|
||||
<p>Fill out this form, and follow the steps given.</p>
|
||||
<form method="post" action="/en/recovery-challenge">
|
||||
<input hidden type=text name=method default="generate">
|
||||
<p>Username:
|
||||
<input type=text name=username>
|
||||
<span class=red>NOUSERNOKEY</span></p>
|
||||
<br>
|
||||
<span><input type=submit value=Submit style="width:100px;height:40px;font-size:20px"></span>
|
||||
</form>
|
||||
<!--#include file="footer.cgi" -->
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,32 @@
|
|||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta name="viewport" content="width=device-width">
|
||||
<meta charset="UTF-8">
|
||||
<meta name="description" content="~vern account recovery process">
|
||||
<meta name="keywords" content="~vern, vern, free software, privacy, tilde, tildeverse">
|
||||
<link rel="stylesheet" href="//gcdn.vern.cc/vernsite/style.css">
|
||||
<title>PGP-based Account Recovery | ~vern</title>
|
||||
</head>
|
||||
<body>
|
||||
<!--#include file="nav.php" -->
|
||||
<div class=h><h1 id=pgp-recovery>PGP-based Account Recovery</h1> <a aria-hidden=true href=#pgp-recovery>#pgp-recovery</a></div>
|
||||
<p>Generate your signature by going into a terminal and running the following:</p>
|
||||
<pre><code>echo 'CHALLENGE' | gpg -a --detach-sig --default-key KEYID</code></pre>
|
||||
<form method="post" action="/en/recovery-challenge">
|
||||
<input hidden type=text name=method default="submit">
|
||||
<p>Username:
|
||||
<input type=text name=username default=USERNAME>
|
||||
<span class=red>NOUSERNOKEY</span></p>
|
||||
|
||||
<p>New SSH key(s): <span class=red>NOSSHBADSSH</span>
|
||||
<textarea name=newkey rows=3 cols=50></textarea></p>
|
||||
<p>Signature: <span class=red>NOSIGBADSIG</span>
|
||||
<textarea name=singature rows=10 cols=50></textarea></p>
|
||||
|
||||
<br>
|
||||
<span><input type=submit value=Submit style="width:100px;height:40px;font-size:20px"></span>
|
||||
</form>
|
||||
<!--#include file="footer.cgi" -->
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,19 @@
|
|||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta name="viewport" content="width=device-width">
|
||||
<meta charset="UTF-8">
|
||||
<meta name="description" content="~vern account recovery process">
|
||||
<meta name="keywords" content="~vern, vern, free software, privacy, tilde, tildeverse">
|
||||
<link rel="stylesheet" href="//gcdn.vern.cc/vernsite/style.css">
|
||||
<meta http-equiv=refresh content='5;url=/en/' />
|
||||
<title>Success | ~vern</title>
|
||||
</head>
|
||||
<body>
|
||||
<!--#include file="nav.php" -->
|
||||
<div class=h><h1 id=pgp-recovery>PGP-based Account Recovery</h1> <a aria-hidden=true href=#pgp-recovery>#pgp-recovery</a></div>
|
||||
<p>Your new key has successfully been added.</p>
|
||||
<p>You will be redirected back <a href=/en/>home</a> in 5 seconds.</p>
|
||||
<!--#include file="footer.cgi" -->
|
||||
</body>
|
||||
</html>
|
Loading…
Reference in New Issue