mirror of
https://github.com/Yubico/yubikey-ksm.git
synced 2024-12-01 15:24:17 +01:00
Add.
This commit is contained in:
Simon Josefsson
parent
42bd2d68b0
commit
c84f635dd1
144
ykksm-upgrade.pl
Executable file
144
ykksm-upgrade.pl
Executable file
@ -0,0 +1,144 @@
|
||||
#!/usr/bin/perl
|
||||
|
||||
# Written by Simon Josefsson <simon@josefsson.org>.
|
||||
# Copyright (c) 2009 Yubico AB
|
||||
# All rights reserved.
|
||||
#
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions are
|
||||
# met:
|
||||
#
|
||||
# * Redistributions of source code must retain the above copyright
|
||||
# notice, this list of conditions and the following disclaimer.
|
||||
#
|
||||
# * Redistributions in binary form must reproduce the above
|
||||
# copyright notice, this list of conditions and the following
|
||||
# disclaimer in the documentation and/or other materials provided
|
||||
# with the distribution.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
use strict;
|
||||
use DBI;
|
||||
use POSIX qw(strftime);
|
||||
|
||||
sub usage {
|
||||
print "Usage: $0 [--help]\n";
|
||||
print " [--database DBI] [--db-user USER] [--db-passwd PASSWD]\n";
|
||||
print " [--creator CREATOR]\n";
|
||||
print "\n";
|
||||
print "Tool to upgrade data in database based on special format.\n";
|
||||
print "\n";
|
||||
print " --database DBI: Database identifier, see http://dbi.perl.org/\n";
|
||||
print " defaults to a MySQL database ykksm on localhost,\n";
|
||||
print " i.e., DBI::mysql:ykksm.\n";
|
||||
print "\n";
|
||||
print " --db-user USER: Database username to use, defaults to empty string.\n";
|
||||
print "\n";
|
||||
print " --db-passwd PASSWD: Database password to use, defaults to empty string.\n";
|
||||
print "\n";
|
||||
print " --creator CREATOR: Short string with creator info.\n";
|
||||
print " Defaults to using the PGP signer key id, normally.\n";
|
||||
print " you don't change this.\n";
|
||||
print "\n";
|
||||
print "Usage example:\n";
|
||||
print "\n";
|
||||
print " $0 < keys.txt\n";
|
||||
print "\n";
|
||||
exit 1;
|
||||
}
|
||||
|
||||
my $creator;
|
||||
my $db = "dbi:mysql:ykksm";
|
||||
my $dbuser;
|
||||
my $dbpasswd;
|
||||
while ($ARGV[0] =~ m/^-(.*)/) {
|
||||
my $cmd = shift @ARGV;
|
||||
if (($cmd eq "-h") || ($cmd eq "--help")) {
|
||||
usage();
|
||||
} elsif ($cmd eq "--creator") {
|
||||
$creator = shift;
|
||||
} elsif ($cmd eq "--database") {
|
||||
$db = shift;
|
||||
} elsif ($cmd eq "--db-user") {
|
||||
$dbuser = shift;
|
||||
} elsif ($cmd eq "--db-passwd") {
|
||||
$dbpasswd = shift;
|
||||
}
|
||||
}
|
||||
|
||||
if ($#ARGV>=0) {
|
||||
usage();
|
||||
}
|
||||
|
||||
my $infilename = "tmp.$$";
|
||||
my $verify_status;
|
||||
my $encrypted_to;
|
||||
my $signed_by;
|
||||
|
||||
# Read input into temporary file.
|
||||
open TMPFILE, ">$infilename"
|
||||
or die "Cannot open $infilename for writing";
|
||||
while (<>) {
|
||||
print TMPFILE $_;
|
||||
}
|
||||
close TMPFILE;
|
||||
|
||||
END { unlink $infilename; }
|
||||
|
||||
# Get status
|
||||
open(GPGV, "gpg --status-fd 1 --output /dev/null < $infilename 2>&1 |")
|
||||
or die "Cannot launch gpg";
|
||||
while (<GPGV>) {
|
||||
$verify_status .= $_;
|
||||
$encrypted_to = $1 if m,^\[GNUPG:\] ENC_TO ([0-9A-F]+) ,;
|
||||
$signed_by = $1 if m,^\[GNUPG:\] VALIDSIG ([0-9A-F]+) ,;
|
||||
}
|
||||
close GPGV;
|
||||
|
||||
print "Verification output:\n" . $verify_status;
|
||||
print "encrypted to: " . $encrypted_to . "\n";
|
||||
print "signed by: " . $signed_by . "\n";
|
||||
|
||||
die "Input not signed?" if !$signed_by;
|
||||
|
||||
my $dbh = DBI->connect($db, $dbuser, $dbpasswd, {'RaiseError' => 1});
|
||||
my $inserth = $dbh->prepare_cached(qq{
|
||||
INSERT INTO yubikeys (creator, created, serialNr,
|
||||
publicName, internalName, aesKey, lockCode)
|
||||
VALUES (?, NOW(), 0, ?, ?, ?, '000000000000')
|
||||
})
|
||||
or die "Couldn't prepare statement: " . $dbh->errstr;
|
||||
|
||||
$creator = $signed_by if !$creator;
|
||||
|
||||
open(GPGV, "gpg < $infilename 2>/dev/null |")
|
||||
or die "Cannot launch gpg";
|
||||
while (<GPGV>) {
|
||||
next if m:^#:;
|
||||
my ($publicName, $aesKey, $internalName) =
|
||||
m%^id ([cbdefghijklnrtuv]+) key ([0-9a-f]+) uid ([0-9a-f]+)%;
|
||||
print "line: $_";
|
||||
print "\tpublicName $publicName internalName $internalName aesKey $aesKey eol\n";
|
||||
|
||||
my $rows_changed = $dbh->do(q{UPDATE yubikeys SET publicName = ? WHERE publicName = ?}, undef, ("old-" . $publicName, $publicName))
|
||||
or die "Cannot update database: " . $dbh->errstr;
|
||||
|
||||
$inserth->execute($creator, $publicName, $internalName, $aesKey)
|
||||
or die "Database insert error: " . $dbh->errstr;
|
||||
}
|
||||
|
||||
close GPGV;
|
||||
$dbh->disconnect();
|
||||
|
||||
exit 0;
|
||||
Loading…
Reference in New Issue
Block a user