2010-02-25 08:37:50 +01:00
#!/usr/bin/env lua
require ' luasql.postgres '
require ' config '
require ' base64 '
local base64 = enc
2010-04-23 20:18:13 +02:00
function generate_token ( old ) -- generates a new token (the next)
2010-02-25 08:37:50 +01:00
local len = config.key_len / 8 * 6
local f = io.open ( " /dev/urandom " , " r " )
2010-04-23 20:18:13 +02:00
while true do
local r = f : read ( len )
new = base64 ( r )
if old then
if string.sub ( new , 0 , config.check_len ) ~= string.sub ( old , 0 , config.check_len ) then
break
end
else
break
end
end
return new
2010-02-25 08:37:50 +01:00
end
2010-04-23 20:18:13 +02:00
function add_token ( con , token , gpg_id ) -- add token to the database
2010-02-25 08:37:50 +01:00
local now = os.time ( )
math.randomseed ( now )
2010-02-25 21:44:48 +01:00
local prefix = token : sub ( 1 , config.prefix_len )
2010-04-23 20:18:13 +02:00
if not gpg_id then
gpg_id = con : execute ( " select trim(gpg_id) from tokens where prefix=' " .. prefix .. " '; " ) : fetch ( )
2010-04-28 02:10:01 +02:00
if not gpg_id then
gpg_id = " "
end
2010-04-23 20:18:13 +02:00
end
2010-02-25 08:37:50 +01:00
local ttl = now + config.ttl + math.floor ( math.random ( ) * config.ruttl )
2010-02-25 21:44:48 +01:00
local update = " delete from tokens where prefix=' " .. prefix .. " '; "
2010-04-23 20:18:13 +02:00
local insert = " insert into tokens (prefix, token, ttl, gpg_id) values (' " .. prefix .. " ', ' " .. token .. " ', " .. ttl .. " , ' " .. gpg_id .. " '); "
local gravedigger = " insert into graveyard (prefix, token, ttrd, gpg_id) select prefix, token, ttl+ " .. config.ttrd .. " ,gpg_id from tokens where ttl< " .. now .. " ; "
2010-02-25 08:37:50 +01:00
local clean = " delete from tokens where ttl< " .. now .. " ; "
local dig = " delete from graveyard where ttrd< " .. now .. " ; "
2010-10-26 23:15:18 +02:00
-- con:execute(gravedigger .. clean .. dig .. update .. insert .. update .. insert)
con : execute ( gravedigger .. clean .. dig .. update .. insert )
2010-02-25 08:37:50 +01:00
end
2010-02-26 01:46:20 +01:00
function check_token ( con , token ) -- checks if the token is valid
2010-02-25 21:44:48 +01:00
if not is_base64 ( token ) then return false end
local result = true
local ttl = con : execute ( " select ttl from tokens where token=' " .. token .. " '; " ) : fetch ( )
if ttl == nil then result = false end
if type ( ttl ) == " number " then if tonumber ( ttl ) < os.time ( ) then result = false end end
2010-02-25 08:37:50 +01:00
return result
end
2010-04-23 20:18:13 +02:00
function set_prefix ( old , new ) -- sets the prefix from the old token to the new token
2010-02-25 21:44:48 +01:00
local prefix = old : sub ( 1 , config.prefix_len )
return prefix .. new : sub ( config.prefix_len + 1 )
end
2010-04-23 20:18:13 +02:00
function get_pgp_key ( prefix )
local pgp_id = con : execute ( " select gpg_id from tokens where prefix=' " .. prefix .. " '; " ) : fetch ( )
return pgp_id
end
function encrypt_key ( prefix )
if prefix : len ( ) ~= config.prefix_len then
return false
end
local token , pgp_id = con : execute ( " select token, gpg_id from tokens where prefix=' " .. prefix .. " '; " ) : fetch ( )
if not pgp_id or not token then
return false , " No pgp key "
end
local out = " "
local fp = io.popen ( " echo -n " .. token .. " | gpg --batch --logger-file /dev/null -a -e --recipient " .. pgp_id .. " " , " r " )
while true do
msg = fp : read ( )
if not msg then
break
end
out = out .. " \n " .. msg
end
if out == " " then
return false , " Could not build pgp msg "
end
return string.sub ( token , 0 , config.check_len ) .. " \n " .. out
end
function set_pgp ( prefix , gpg_id ) -- add token to the database
if not gpg_id then
gpg_id = " "
end
local update = " update tokens set gpg_id=' " .. gpg_id .. " ' where prefix=' " .. prefix .. " '; "
con : execute ( update )
end
function ask_pgp ( prefix , gpg_id ) -- add token to the database
if prefix == " " then
return
end
local buffer = " "
while true do
if string.len ( buffer ) == 0 then
io.stdout : write ( " enter gpg id or key: [] " )
end
gpg_id = io.stdin : read ( )
if string.len ( gpg_id ) == 0 and string.len ( buffer ) == 0 then
return false
end
if string.len ( gpg_id ) == 8 then
if os.execute ( " gpg --batch --recv-keys " .. gpg_id ) == 0 then
return gpg_id
-- test if already in db
elseif os.execute ( " gpg --batch --list-sigs " .. gpg_id ) == 0 then
return gpg_id
end
else
buffer = buffer .. " \n " .. gpg_id
if gpg_id == " -----END PGP PUBLIC KEY BLOCK----- " then
local tmp_name = os.tmpname ( )
fp = io.open ( tmp_name , " w " )
fp : write ( buffer )
io.close ( fp )
local fp , err = io.popen ( " gpg --import " .. tmp_name .. " 2>&1 " )
local out = fp : read ( )
for x in string.gmatch ( out , " gpg: key (%w+): " ) do
print ( " Found key: " .. x )
gpg_id = x
os.remove ( tmp_name )
return gpg_id
end
os.remove ( tmp_name )
end
end
end
end
function display_pgp ( pgp_id )
os.execute ( " gpg --list-sigs " .. pgp_id )
end
function trust_pgp ( pgp_id )
os.execute ( " gpg --edit-key " .. pgp_id .. " trust save " )
end
function edit_pgp ( prefix )
new_id = ask_pgp ( )
if new_id then
set_pgp ( prefix , new_id )
print ( " set to new id: " .. new_id )
else
new_id = get_pgp_key ( prefix )
end
display_pgp ( new_id )
trust_pgp ( new_id )
end