Browse Source

Setup install file

master
Burathar 4 years ago
parent
commit
041f4434fa
  1. 1
      config_example.ini
  2. 1
      debian/91-usbftdi.rules
  3. 21
      debian/yubilock.service
  4. 72
      install.sh
  5. 0
      uninstall.sh
  6. 5
      xscreensaver_yubilock.py

1
config_example.ini

@ -4,4 +4,5 @@ yubikey_serial = 12345678
[HOSTCONFIG] [HOSTCONFIG]
logfile = log.log logfile = log.log
loglevel = 10
remove_sudo_timestamp_when_locking = true remove_sudo_timestamp_when_locking = true

1
debian/91-usbftdi.rules vendored

@ -0,0 +1 @@
SUBSYSTEM=="usb", ATTRS{idVendor}=="1050", GROUP="yubilock" MODE="0664"

21
debian/yubilock.service vendored

@ -0,0 +1,21 @@
[Unit]
Description=Yubikey activated xscreensaver locker/unlocker
After=syslog.target multi-user.target lightdm.service
Requires=lightdm.service
#Requires=syslog.socket
#Documentation=man:rsyslogd(8)
#Documentation=https://www.rsyslog.com/doc/
[Service]
#Type=simple
ExecStart=/opt/yublilock/venv/bin/python /opt/yubilock/xscreensaver_yubilock.py -v
User=yubilock
#StandardOutput=null
#Restart=on-failure
# Increase the default a bit in order to allow many simultaneous
# files to be monitored, we might need a lot of fds.
#LimitNOFILE=16384
[Install]
WantedBy=multi-user.target

72
install.sh

@ -0,0 +1,72 @@
#! /bin/bash
install_dir='/opt/yubilock/'
logging_dir='/var/log/yubilock/'
script_dir="$(dirname $(readlink -f $0))"
# exit when any command fails
set -e
# Make sure running as root
if [ `id -u` -ne 0 ]; then
echo 'Please run as root'
exit 1
fi
echo "Create yubilock user"
adduser --system --home "$install_dir" --shell "/usr/sbin/nologin" --group --gecos "xscreensaver yubilock daemon" -q 'yubilock'
echo "Making sure python3 and virtualenv are installed"
python3 --version || apt-get install python3
python3 -m venv -h >/dev/null 2>&1 || apt-get install python3-venv
echo "Create virualenv"
[ -f "$install_dir/venv/bin/activate" ] || python3 -m venv "$install_dir/venv"
. "$install_dir/venv/bin/activate"
pip install setuptools wheel
pip install -r "$script_dir/requirements.txt"
echo "Copy over application files"
cp "$script_dir/xscreensaver_yubilock.py" "$install_dir"
cp "$script_dir/uninstall.sh" "$install_dir"
cp "$script_dir/config_example.ini" "$install_dir/config.ini"
# Remove first line from config
sed -i '1d' "$install_dir/config.ini"
chown -R yubilock:yubilock "$install_dir"
chown root:yubilock "$install_dir"
chmod 775 "$install_dir"
echo "Create logging directory"
mkdir -p "$logging_dir"
chown --from=root:root root:yubilock "$logging_dir"
chmod 775 "$logging_dir"
sed -i "s+^logfile\ =.*+logfile\ =\ ${logging_dir}daemon.log+g" "$install_dir/config.ini"
echo "Allow yubilock user access to X host"
touch "$install_dir/.Xauthority"
chown yubilock:yubilock "$install_dir/.Xauthority"
hexkey=`sudo -u link xauth list | cut -d ' ' -f 5`
export XAUTHORITY="/opt/yubilock/.Xauthority"
echo sudo -u yubilock xauth add \":0\" . "$hexkey"
sudo -u yubilock xauth add ":0" . "$hexkey"
echo "Fix udev usb rights for yubilock"
cp "$script_dir/debian/91-usbftdi.rules" '/etc/udev/rules.d/'
chown root:root '/etc/udev/rules.d/91-usbftdi.rules'
udevadm control --reload-rules
echo "Enable as systemd service"
cp "$script_dir/debian/yubilock.service" "/etc/systemd/system"
sed -i "s+^ExecStart=.*+ExecStart=${install_dir}venv/bin/python ${install_dir}xscreensaver_yubilock.py+g" '/etc/systemd/system/yubilock.service'
systemctl enable yubilock.service
#(Uninstall script)

0
uninstall.sh

5
xscreensaver_yubilock.py

@ -3,6 +3,7 @@
#TODO: #TODO:
# - resolve exploit where key is plugged in and out quickly, resulting in an unlocked state # - resolve exploit where key is plugged in and out quickly, resulting in an unlocked state
import os
import sys import sys
import subprocess import subprocess
import argparse import argparse
@ -16,8 +17,10 @@ import logzero
from logzero import logger from logzero import logger
from usb.core import USBError from usb.core import USBError
script_dir = os.path.dirname(os.path.realpath(__file__))
config = ConfigParser() config = ConfigParser()
config.read("config.ini") config.read(f"{script_dir}/config.ini")
yubikey_serials = config["USERCONFIG"]["yubikey_serial"].split(',') yubikey_serials = config["USERCONFIG"]["yubikey_serial"].split(',')
# Convert stringlist to intlist # Convert stringlist to intlist

Loading…
Cancel
Save