projects / mirror / userdir-ldap.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add support for setting a TOTP seed
[mirror/userdir-ldap.git] / ud-generate
diff --git a/ud-generate b/ud-generate
index a4a74b5..9dcf0a3 100755 (executable)
--- a/ud-generate
+++ b/ud-generate
@@ -449,6 +449,28 @@ def GenRtcPassword(accounts, File):
       Die(File, None, F)
       raise
 
+# Generate the TOTP auth file
+def GenTOTPSeed(accounts, File):
+   F = None
+   try:
+      OldMask = os.umask(0077)
+      F = open(File, "w", 0600)
+      os.umask(OldMask)
+
+      F.write("# Option User Prefix Seed\n")
+      for a in accounts:
+         if a.is_guest_account(): continue
+         if not 'totpSeed' in a: continue
+         if not a.pw_active(): continue
+
+         Line = "HOTP/T30/6 %s - %s" % (a['uid'], a['totpSeed'])
+         Line = Sanitize(Line) + "\n"
+         F.write("%s" % (Line))
+   except:
+      Die(File, None, F)
+      raise
+
+
 def GenSSHtarballs(global_dir, userlist, ssh_userkeys, grouprevmap, target, current_host):
    OldMask = os.umask(0077)
    tf = tarfile.open(name=os.path.join(global_dir, 'ssh-keys-%s.tar.gz' % current_host), mode='w:gz')
@@ -1126,7 +1148,7 @@ def get_accounts(ldap_conn):
                     "mailGreylisting", "mailCallout", "mailRBL", "mailRHSBL",\
                     "mailWhitelist", "sudoPassword", "objectClass", "accountStatus",\
                     "mailContentInspectionAction", "webPassword", "rtcPassword",\
-                    "bATVToken"])
+                    "bATVToken", "totpSeed"])
 
    if passwd_attrs is None:
       raise UDEmptyList, "No Users"
@@ -1214,6 +1236,7 @@ def generate_all(global_dir, ldap_conn):
    GenMailList(accounts, global_dir + "mail-whitelist", "mailWhitelist")
    GenWebPassword(accounts, global_dir + "web-passwords")
    GenRtcPassword(accounts, global_dir + "rtc-passwords")
+   GenTOTPSeed(accounts, global_dir + "users.oath")
    GenKeyrings(global_dir)
 
    # Compatibility.
@@ -1344,6 +1367,9 @@ def generate_host(host, global_dir, all_accounts, all_hosts, ssh_userkeys):
    if 'RTC-PASSWORDS' in ExtraList:
       DoLink(global_dir, OutDir, "rtc-passwords")
 
+   if 'TOTP' in ExtraList:
+      DoLink(global_dir, OutDir, "users.oath")
+
    if 'KEYRING' in ExtraList:
       for k in Keyrings:
          bn = os.path.basename(k)
Mirror of Debian's userdir-ldap repository