Pains-Perdus/ansible
3
1
Fork 0
Code Issues Pull requests 1 Releases Wiki Activity

add variables

Browse source
This commit is contained in:
Jean-Marie Mineau 2021-04-15 17:10:35 +02:00
parent a54a366adf
commit 58f67e4e86
3 changed files with 20 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
gen_otp.py
View file

@ -5,7 +5,7 @@
Generate an TOTP token (hex value for user.oath file and qrcode). Generate an TOTP token (hex value for user.oath file and qrcode).
usage: usage:
gen_otp.py [user [machine [periode]]] gen_otp.py [user [machine [periode [digits]]]]
dependancies: dependancies:
pip3 install qrcode pip3 install qrcode
@ -15,19 +15,28 @@ import base64
import binascii import binascii
import secrets import secrets
import sys import sys
import yaml
import qrcode import qrcode
USAGE = "gen_otp.py [user [machine [periode]]]" VAR_FILE = "group_vars/all/totp.yml"
with open(VAR_FILE) as f:
VARS = yaml.safe_load(f)
USAGE = "gen_otp.py [user [machine [periode [digits]]]]"
USER = "user" USER = "user"
MACHINE = "Pains-Perdus" MACHINE = VARS.get('totp_machine', 'machine')
PERIODE = 60 PERIODE = VARS.get('totp_periode', 60)
DIGITS = VARS.get('totp_digits', 6)
if len(sys.argv) == 2 and sys.argv[1] in ['-h', 'help', '--help']: if len(sys.argv) == 2 and sys.argv[1] in ['-h', 'help', '--help']:
print(USAGE) print(USAGE)
exit(0) exit(0)
if len(sys.argv) == 4: if len(sys.argv) == 5:
PERIODE = int(sys.argv) DIGITS = int(sys.argv[4])
if len(sys.argv) >= 4:
PERIODE = int(sys.argv[3])
if len(sys.argv) >= 3: if len(sys.argv) >= 3:
MACHINE = sys.argv[2] MACHINE = sys.argv[2]
if len(sys.argv) >= 2: if len(sys.argv) >= 2:
@ -36,10 +45,11 @@ if len(sys.argv) >= 2:
token = secrets.token_bytes(15) token = secrets.token_bytes(15)
token_hex = binascii.hexlify(token).decode('utf-8') token_hex = binascii.hexlify(token).decode('utf-8')
token_b32 = base64.b32encode(token).decode('utf-8') token_b32 = base64.b32encode(token).decode('utf-8')
uri = "otpauth://totp/{user}@{machine}?secret={secret}&period={periode}".format( uri = "otpauth://totp/{user}@{machine}?secret={secret}&digits={digits}&period={periode}".format(
user=USER, user=USER,
machine=MACHINE, machine=MACHINE,
secret=token_b32, secret=token_b32,
digits=DIGITS,
periode=PERIODE) periode=PERIODE)
print("hex:", token_hex) print("hex:", token_hex)

2
roles/base_totp/tasks/main.yml
View file

@ -13,7 +13,7 @@
lineinfile: lineinfile:
path: /etc/users.oath path: /etc/users.oath
regexp: "{{ item.name }}" regexp: "{{ item.name }}"
line: "HOTP/T60/6 {{ item.name }} - {{item.totp}}" line: "HOTP/T{{ totp_periode }}/{{ totp_digits }} {{ item.name }} - {{item.totp}}"
create: true create: true
group: root group: root
owner: root owner: root

4
roles/ssh_totp/tasks/main.yml
View file

@ -3,8 +3,8 @@
lineinfile: lineinfile:
path: /etc/pam.d/sshd path: /etc/pam.d/sshd
regexp: 'pam_oath.so' regexp: 'pam_oath.so'
line: "auth required pam_oath.so usersfile=/etc/users.oath window=60 digits=6" line: "auth required pam_oath.so usersfile=/etc/users.oath window={{totp_periode}} digits={{totp_digits}}"
insertbefore: BOF insertafter: "^# PAM configuration for the Secure Shell service"
- name: Set ChallengeResponseAuthentication in sshd conf - name: Set ChallengeResponseAuthentication in sshd conf
lineinfile: lineinfile: