-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathlaseruser
executable file
·104 lines (77 loc) · 2.97 KB
/
laseruser
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
#!/bin/bash -e
# Exit codes:
# 1: failure to supply correct information when calling the script
# 2: user did not want to continue processing the script (e.g., entering "n")
# 3: command failed to run
GOOGLE_AUTH=$(which google-authenticator)
NFC_ADD=$(which pam-nfc-add)
NFC_LIST=$(which nfc-list)
# Make sure we're using only one username
if [ $# != 1 ]; then
printf "Please specify only a single username to create for the laser\n"
exit 1
fi
USER=$1
# Verify that we're about to do this
printf "About to create user %s, " "$USER"
read -n 1 -r -p "press space to continue " KEY
if [ "$KEY" != "" ]; then
exit 2
fi
adduser --conf /etc/laseruser.conf $USER || exit 3
# Let's do the security stuff!
printf "User %s has been created by %s, " "$USER" "$(whoami)"
read -n 1 -r -p "press space to continue to security" KEY
if [ "$KEY" != "" ]; then
exit 2
fi
printf "\nMake sure that the user has their phone/laptop out and ready to receive their TOTP key.\n"
read -n 1 -r -p "Press space to continue." KEY
if [ "$KEY" != "" ]; then
exit 2
fi
printf "\nRunning google_authenticator as %s\n" "$USER"
su $USER -c "$GOOGLE_AUTH -t -D -u -w 17" || exit 3
printf "\n\n\nTOTP should be setup now.\nNow give %s an NFC tag and have it against the reader.\n" "$USER"
read -n 1 -r -p "Press space ready. " KEY
if [ "$KEY" != "" ]; then
exit 2
fi
printf "The output of the next command should resemble something like the following:\n"
printf "+--------------------------------------------------\n"
printf "nfc-list uses libnfc 1.7.1\nNFC device: pn532_spi:/dev/spidev0.0 opened\n1 ISO14443A passive target(s) found:\nISO/IEC 14443A (1
06 kbps) target:\n ATQA (SENS_RES): 00 04 \n UID (NFCID1): \e[32ma2 53 c3 59\e[0m \n SAK (SEL_RES): 08 \n"
printf "+--------------------------------------------------\n"
printf "Where the green text is the ID of the NFC tag\n"
printf "(your text will not be green, but will be in the same location)\n"
sleep 1
printf "Scanning for an NFC tag now...\n"
ISTAG=""
while [[ "$ISTAG" != "y" ]]; do
TAG=""
while [[ "$TAG" != *"NFCID1"* ]]; do
TAG=$( $NFC_LIST -t 1 )
done
printf "\n\nIs this your tag?\n\n%s\n\n" "$TAG"
read -n 1 -r -p "[y/N]? " ISTAG
done
$NFC_ADD $USER || printf "Failed to add NFC. You need to do it manually now.\n"
printf "\n\n %s should have an NFC card associated with them now\n\n" "$USER"
printf "Is %s an admin account? " "$USER"
read -n 1 -r -p "Press y/n " KEY
if [ "$KEY" = "y" ]; then
printf "\n"
adduser $USER adm || exit 3
else
printf "\nUser not admin account\n"
fi
printf "\n\nDoes %s require SSH access? (Recommended for admin accounts)\n" "$USER"
printf "NOTE: As password login is disabled, the user will need to find another\nway to copy their public key into ~/.ssh/authorized_keys\n"
read -n 1 -r -p "Press y/n " KEY
if [ "$KEY" = "y" ]; then
printf "\n"
adduser $USER ssh || exit 3
else
printf "\nUser not given SSH access\n"
fi
printf "\n\n%s is now created and has access to the laser!\n" "$USER"