From 58f67e4e86b99ff9de8ead216389b7ab42f699c8 Mon Sep 17 00:00:00 2001
From: Jean-Marie Mineau <mineau.jean.marie@gmail.com>
Date: Thu, 15 Apr 2021 17:10:35 +0200
Subject: [PATCH] add variables

---
 gen_otp.py                     | 24 +++++++++++++++++-------
 roles/base_totp/tasks/main.yml |  2 +-
 roles/ssh_totp/tasks/main.yml  |  4 ++--
 3 files changed, 20 insertions(+), 10 deletions(-)

diff --git a/gen_otp.py b/gen_otp.py
index bc7f876..5c47968 100755
--- a/gen_otp.py
+++ b/gen_otp.py
@@ -5,7 +5,7 @@
 Generate an TOTP token (hex value for user.oath file and qrcode).
 
 usage:
-gen_otp.py [user [machine [periode]]]
+gen_otp.py [user [machine [periode [digits]]]]
 
 dependancies:
 pip3 install qrcode
@@ -15,19 +15,28 @@ import base64
 import binascii
 import secrets
 import sys
+import yaml
 
 import qrcode
 
-USAGE = "gen_otp.py [user [machine [periode]]]"
+VAR_FILE = "group_vars/all/totp.yml"
+
+with open(VAR_FILE) as f:
+    VARS = yaml.safe_load(f)
+
+USAGE = "gen_otp.py [user [machine [periode [digits]]]]"
 USER = "user"
-MACHINE = "Pains-Perdus"
-PERIODE = 60
+MACHINE = VARS.get('totp_machine', 'machine')
+PERIODE = VARS.get('totp_periode', 60)
+DIGITS = VARS.get('totp_digits', 6)
 
 if len(sys.argv) == 2 and sys.argv[1] in ['-h', 'help', '--help']:
     print(USAGE)
     exit(0)
-if len(sys.argv) == 4:
-    PERIODE = int(sys.argv)
+if len(sys.argv) == 5:
+    DIGITS = int(sys.argv[4])
+if len(sys.argv) >= 4:
+    PERIODE = int(sys.argv[3])
 if len(sys.argv) >= 3:
     MACHINE = sys.argv[2]
 if len(sys.argv) >= 2:
@@ -36,10 +45,11 @@ if len(sys.argv) >= 2:
 token = secrets.token_bytes(15)
 token_hex = binascii.hexlify(token).decode('utf-8')
 token_b32 = base64.b32encode(token).decode('utf-8')
-uri = "otpauth://totp/{user}@{machine}?secret={secret}&period={periode}".format(
+uri = "otpauth://totp/{user}@{machine}?secret={secret}&digits={digits}&period={periode}".format(
     user=USER,
     machine=MACHINE,
     secret=token_b32,
+    digits=DIGITS,
     periode=PERIODE)
 
 print("hex:", token_hex)
diff --git a/roles/base_totp/tasks/main.yml b/roles/base_totp/tasks/main.yml
index cb3c7de..de187a4 100644
--- a/roles/base_totp/tasks/main.yml
+++ b/roles/base_totp/tasks/main.yml
@@ -13,7 +13,7 @@
   lineinfile:
     path: /etc/users.oath
     regexp: "{{ item.name }}"
-    line: "HOTP/T60/6 {{ item.name }} - {{item.totp}}"
+    line: "HOTP/T{{ totp_periode }}/{{ totp_digits }} {{ item.name }} - {{item.totp}}"
     create: true
     group: root
     owner: root
diff --git a/roles/ssh_totp/tasks/main.yml b/roles/ssh_totp/tasks/main.yml
index ae8e980..f313398 100644
--- a/roles/ssh_totp/tasks/main.yml
+++ b/roles/ssh_totp/tasks/main.yml
@@ -3,8 +3,8 @@
   lineinfile:
     path: /etc/pam.d/sshd
     regexp: 'pam_oath.so'
-    line: "auth	  required pam_oath.so usersfile=/etc/users.oath window=60 digits=6"
-    insertbefore: BOF
+    line: "auth	  required pam_oath.so usersfile=/etc/users.oath window={{totp_periode}} digits={{totp_digits}}"
+    insertafter: "^# PAM configuration for the Secure Shell service"
 
 - name: Set ChallengeResponseAuthentication in sshd conf
   lineinfile: