From 5a079ed7713035dd2bcdfa4a3f588d39491a2bbf Mon Sep 17 00:00:00 2001
From: Daniel Poelzleithner <git@poelzi.org>
Date: Fri, 23 Apr 2010 20:09:57 +0200
Subject: [PATCH] implement pgp support

add mechanisms to receive the door key through a pgp encrypted message.
the client script checkes if it is nessesary to decrypt through pgp and does so elsewise.
He detects this by comparing the first 4 bytes of the key, so there is a chance for a false hit, but the next run of the script will then ask for the pwd most likely. using hashes would be more secure but requires more client tools.
---
 door/recover.lua | 47 +++++++++++++++++++++++++++++++++++++++++++++++
 door/setpgp.lua  | 39 +++++++++++++++++++++++++++++++++++++++
 setpgp           |  1 +
 www/recover      |  1 +
 www/recover.html | 12 ++++++++++++
 5 files changed, 100 insertions(+)
 create mode 100644 door/recover.lua
 create mode 100644 door/setpgp.lua
 create mode 120000 setpgp
 create mode 120000 www/recover
 create mode 100644 www/recover.html

diff --git a/door/recover.lua b/door/recover.lua
new file mode 100644
index 0000000..e7f2ac5
--- /dev/null
+++ b/door/recover.lua
@@ -0,0 +1,47 @@
+#!/usr/bin/env lua
+
+require 'luasql.postgres'
+require 'md5'
+
+require 'helper'
+require 'token'
+require 'config'
+
+function fail(msg)
+    print "Status: 423 Locked"
+    print ""
+    print("Error: " .. msg)
+end
+
+print "Content-Type: text/plain"
+
+prefix = os.getenv("QUERY_STRING")
+
+env = luasql.postgres()
+con = env:connect(config.db)
+
+if prefix == nil or prefix == "" then
+  fail("No token given")
+else
+  if prefix:sub(1, 2) == "t=" then
+    prefix = prefix:sub(3)
+  end
+
+  if prefix:len() == config.prefix_len then
+    if not is_bruteforce(con) then
+      msg, why = encrypt_key(prefix)
+      if not msg then
+        fail(why)
+      end
+      print("")
+      print(msg)
+    else
+      fail("Stop bruteforcing, this box is too slow")
+    end
+  else
+    fail("Invalid token")
+  end
+end
+
+con:close()
+env:close()
diff --git a/door/setpgp.lua b/door/setpgp.lua
new file mode 100644
index 0000000..3b4c9e8
--- /dev/null
+++ b/door/setpgp.lua
@@ -0,0 +1,39 @@
+#!/usr/bin/env lua
+
+require 'luasql.postgres'
+require 'helper'
+require 'config'
+require 'token'
+require 'base64'
+
+function exit(env, con)
+  con:close()
+  env:close()
+  os.exit()
+end
+
+
+
+print "set gpg token ..."
+
+env = luasql.postgres()
+con = env:connect(config.db)
+
+io.stdout:write("enter prefix: ")
+prefix = io.stdin:read()
+
+if prefix == "" then
+    print "* action canceled"
+else
+    local pgp_id = con:execute("select gpg_id from tokens where prefix='"..prefix.."';"):fetch() 
+    if pgp_id then
+        print("current gpg_id: "..pgp_id)
+    else
+        print("current gpg_id: none")
+    end
+    edit_pgp(prefix)
+end
+
+
+exit(env,con)
+
diff --git a/setpgp b/setpgp
new file mode 120000
index 0000000..67d2c45
--- /dev/null
+++ b/setpgp
@@ -0,0 +1 @@
+door/magic_run
\ No newline at end of file
diff --git a/www/recover b/www/recover
new file mode 120000
index 0000000..4098bb4
--- /dev/null
+++ b/www/recover
@@ -0,0 +1 @@
+../door/magic_run
\ No newline at end of file
diff --git a/www/recover.html b/www/recover.html
new file mode 100644
index 0000000..649cab2
--- /dev/null
+++ b/www/recover.html
@@ -0,0 +1,12 @@
+<html>
+	<head>
+	<link rel="stylesheet" type="text/css" href="./mole.css">
+	</head>
+	<body>
+		Enter your prefix:
+		<form action="recover" method="get"><input name="t" size="10" /><br/>
+		<input type="submit" value="Recover key"></form><br/>
+        <a href="/">Back</a><br/><br/>
+		<small>Powered by<br/><img width="80" height="121" src="./mole_people.jpg" alt="Mole People" border="0"/>
+	</body>
+</html>