From 868ce9fd49ecdd56c923fe57dca4c9e7a112a639 Mon Sep 17 00:00:00 2001
From: Jon Langseth <fishy@defcon.no>
Date: Tue, 6 Aug 2013 12:40:00 +0200
Subject: [PATCH] Remote reset of phones, using sipsak NOTIFY

---
 guc-clients/reset-tool | 222 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 222 insertions(+)
 create mode 100755 guc-clients/reset-tool

diff --git a/guc-clients/reset-tool b/guc-clients/reset-tool
new file mode 100755
index 0000000..3785667
--- /dev/null
+++ b/guc-clients/reset-tool
@@ -0,0 +1,222 @@
+#!/usr/bin/perl
+use strict;
+
+use Data::Dumper;
+
+#TODO: Add support for assigning phone number
+#TODO: Add support for overriding default domain ...
+
+use Getopt::Long;
+use Net::LDAP;
+use Net::LDAP::Control::Paged;
+use Net::LDAP::Constant qw( LDAP_CONTROL_PAGED );
+use LWP;
+use JSON;
+use AppConfig;
+use Text::Iconv;
+
+my $api_key;
+
+my $help;
+my $username;
+my $agent;
+my $file;
+my $proxy;
+my $sipsak;
+
+my $configfile = undef;
+my $format = 0;
+my ($g_ua, $session, $api_key, $auth_key, $data, $domain);
+
+my $config = AppConfig->new({ CREATE => 1 });
+
+$config->define("api_url=s");
+$config->define("api_keyfile=s");
+
+foreach ( 
+	"/usr/local/etc/hermes/hermes_config",
+	"/usr/local/etc/hermes/config",
+	"/etc/hermes/config",
+	$ENV{"HOME"} . "/.hermes/config",
+	$ENV{"HOME"} . "/.hermes_config",
+) { $configfile = $_ if ( -f $_ ); }
+
+GetOptions(
+	"help"		=> \$help,
+	"configfile=s" 	=> \$configfile,
+	"username=s"  	=> \$username,
+	"agent=s"	=> \$agent,
+	"file=s"	=> \$file,
+	"proxy=s"	=> \$proxy,
+	"sipsak=s"	=> \$sipsak,
+);
+
+if (
+	(not $agent) ||
+	(not $file) ||
+	(not $proxy) ||
+	(not $sipsak) ||
+	(not $username) ||
+	(not $configfile) ||
+	(( $configfile ) && ( not -f $configfile )) 
+)
+{
+	$help = 1;
+}
+
+$config->file( $configfile );
+
+if (    ( not  $config->api_url ) ||
+	( not  $config->api_keyfile ) ||
+	( $config->api_keyfile && not -f $config->api_keyfile ) 
+)
+{
+	$help = 1;
+}
+
+if ( $help ) {
+print <<END_HELP;
+Verify that the following options are set:
+	--username=s|--user|-u
+	--agent=s|-a     User agent to match
+	--file=s|-f      SIPSAK template file
+	--proxy=s|-p     SIP Proxy to send SIP messages to
+	--sipsak=s|-s    Path to sipsak executable
+	--configfile=s
+
+Verify the contents of the configuration file.
+Verify that the key-file exists.
+END_HELP
+exit; }
+
+open KEY, "<" . $config->api_keyfile;
+chomp( $api_key = <KEY> );
+close KEY;
+
+if ( not $username =~ m/\w+/ )
+{ print "Illegal username\n"; exit; }
+
+$g_ua = LWP::UserAgent->new;
+$g_ua->cookie_jar({}); # In-memory jar, look at HTTP::Cookies for persistant
+
+login_apikey();
+
+# First: fetch a supported domain from the API...
+$data = exec_apinode("domain/list", undef);
+if ( $data->{'response'} eq 'ok' )
+{
+	$domain = $data->{'list'}[0];
+}
+else
+{
+	printf("Unable to get domain name. Aborting\n");
+	logout();
+	exit;
+}
+
+if ( $username =~ /@/ ) 
+{
+	( $username, $domain ) = split /@/, $username;
+}
+
+$data = exec_apinode("user/location", { 'username' => $username, 'domain' => $domain });
+if ( not $data->{'response'} eq 'ok' )
+{
+	printf("Unable to fetch location: %s\n", $data->{'cause'});
+	exit;
+}
+my $t = $data->{'locations'};
+my @locations = @$t;
+
+foreach my $l ( @locations )
+{
+	if ( $l->{'useragent'} =~ m/$agent/ )
+	{
+		$l->{'contact'} =~ m/sip:(\w+)@(.*):(\d+)/;
+		my ( $user, $host, $port) = ( $1, $2, $3 );
+
+		$data = exec_apinode("user/get", { 'username' => $user, 'domain' => $domain });
+		if ( not $data->{'response'} eq 'ok' )
+		{
+			printf("Unable to fetch user: %s\n", $data->{'cause'});
+			exit;
+		}
+
+		my $sipuser = $data->{'user'};
+		my $pass = $data->{'user'}->{'password'};
+		#printf("Auth password.: %s\n", $sipuser->{'password'});
+
+		printf("%s -vvv -G -f %s -p %s -H %s -s sip:%s@%s -a %s\n",
+			$sipsak,
+			$file,
+			$proxy,
+			$host,
+			$user,
+			$domain,
+			$pass,
+		);
+	}
+}
+
+undef $data;
+
+logout();
+################################################################################################
+sub exec_apinode($$)
+{
+	my $node = shift;
+	my $param = shift;
+
+	my ( $response, $data );
+
+	$session = "" if not defined $session;
+	$auth_key = "" if not defined $auth_key;
+	my $url = $config->api_url . "/" . $node;
+
+	$param->{'session'} = $session;
+	$param->{'auth_key'} = $auth_key;
+
+	$response = $g_ua->post( $url, $param );
+	if ( $response->is_success )
+	{
+		if ( $response->content =~ m/\s*{/ )
+		{
+			$data = decode_json( $response->content);
+		}
+		else
+		{
+			$data = $response->content;
+		}
+
+	}
+	return $data;
+}
+
+sub login_apikey
+{
+	my $response = $g_ua->post( $config->api_url . "/auth/login",
+		[ "api_key" => $api_key ] );
+
+	my $data = decode_json( $response->content) if $response->is_success;
+	die("HTTP error") unless $response->is_success;
+
+	if ( $data->{'response'} eq "ok" )
+	{
+		$session = $data->{'session'};
+		$auth_key = $data->{'auth_key'};
+	}
+	else
+	{
+		print "Unable to log in to Hermes API\n";
+		exit;
+	}
+	undef $data; undef $response;
+}
+
+sub logout
+{
+	my $response = $g_ua->post( $config->api_url . "/auth/logout",
+		[ "session" => $session ] );
+	die("HTTP error") unless $response->is_success;
+	undef $session; undef $auth_key;
+}
-- 
2.39.2