implement pgp support
add mechanisms to receive the door key through a pgp encrypted message. the client script checkes if it is nessesary to decrypt through pgp and does so elsewise. He detects this by comparing the first 4 bytes of the key, so there is a chance for a false hit, but the next run of the script will then ask for the pwd most likely. using hashes would be more secure but requires more client tools.
This commit is contained in:
parent
bca0f3a8e7
commit
5a079ed771
|
@ -0,0 +1,47 @@
|
|||
#!/usr/bin/env lua
|
||||
|
||||
require 'luasql.postgres'
|
||||
require 'md5'
|
||||
|
||||
require 'helper'
|
||||
require 'token'
|
||||
require 'config'
|
||||
|
||||
function fail(msg)
|
||||
print "Status: 423 Locked"
|
||||
print ""
|
||||
print("Error: " .. msg)
|
||||
end
|
||||
|
||||
print "Content-Type: text/plain"
|
||||
|
||||
prefix = os.getenv("QUERY_STRING")
|
||||
|
||||
env = luasql.postgres()
|
||||
con = env:connect(config.db)
|
||||
|
||||
if prefix == nil or prefix == "" then
|
||||
fail("No token given")
|
||||
else
|
||||
if prefix:sub(1, 2) == "t=" then
|
||||
prefix = prefix:sub(3)
|
||||
end
|
||||
|
||||
if prefix:len() == config.prefix_len then
|
||||
if not is_bruteforce(con) then
|
||||
msg, why = encrypt_key(prefix)
|
||||
if not msg then
|
||||
fail(why)
|
||||
end
|
||||
print("")
|
||||
print(msg)
|
||||
else
|
||||
fail("Stop bruteforcing, this box is too slow")
|
||||
end
|
||||
else
|
||||
fail("Invalid token")
|
||||
end
|
||||
end
|
||||
|
||||
con:close()
|
||||
env:close()
|
|
@ -0,0 +1,39 @@
|
|||
#!/usr/bin/env lua
|
||||
|
||||
require 'luasql.postgres'
|
||||
require 'helper'
|
||||
require 'config'
|
||||
require 'token'
|
||||
require 'base64'
|
||||
|
||||
function exit(env, con)
|
||||
con:close()
|
||||
env:close()
|
||||
os.exit()
|
||||
end
|
||||
|
||||
|
||||
|
||||
print "set gpg token ..."
|
||||
|
||||
env = luasql.postgres()
|
||||
con = env:connect(config.db)
|
||||
|
||||
io.stdout:write("enter prefix: ")
|
||||
prefix = io.stdin:read()
|
||||
|
||||
if prefix == "" then
|
||||
print "* action canceled"
|
||||
else
|
||||
local pgp_id = con:execute("select gpg_id from tokens where prefix='"..prefix.."';"):fetch()
|
||||
if pgp_id then
|
||||
print("current gpg_id: "..pgp_id)
|
||||
else
|
||||
print("current gpg_id: none")
|
||||
end
|
||||
edit_pgp(prefix)
|
||||
end
|
||||
|
||||
|
||||
exit(env,con)
|
||||
|
|
@ -0,0 +1 @@
|
|||
../door/magic_run
|
|
@ -0,0 +1,12 @@
|
|||
<html>
|
||||
<head>
|
||||
<link rel="stylesheet" type="text/css" href="./mole.css">
|
||||
</head>
|
||||
<body>
|
||||
Enter your prefix:
|
||||
<form action="recover" method="get"><input name="t" size="10" /><br/>
|
||||
<input type="submit" value="Recover key"></form><br/>
|
||||
<a href="/">Back</a><br/><br/>
|
||||
<small>Powered by<br/><img width="80" height="121" src="./mole_people.jpg" alt="Mole People" border="0"/>
|
||||
</body>
|
||||
</html>
|
Loading…
Reference in New Issue