From: Jon Langseth Date: Fri, 16 Aug 2013 12:48:16 +0000 (+0200) Subject: First stab at a naive permissions-tool X-Git-Url: https://git.defcon.no/?a=commitdiff_plain;h=HEAD;p=hermes First stab at a naive permissions-tool --- diff --git a/guc-clients/sippermissions b/guc-clients/sippermissions new file mode 100755 index 0000000..05b1029 --- /dev/null +++ b/guc-clients/sippermissions @@ -0,0 +1,238 @@ +#!/usr/bin/perl +use strict; + +use Data::Dumper; + +#TODO: Add support for assigning phone number +#TODO: Add support for overriding default domain ... + +use Getopt::Long; +use Net::LDAP; +use Net::LDAP::Control::Paged; +use Net::LDAP::Constant qw( LDAP_CONTROL_PAGED ); +use LWP; +use JSON; +use AppConfig; +use Text::Iconv; + +my $api_key; + +my $help; +my $username; +my $permission = undef; +my $configfile = undef; +my ($g_ua, $session, $api_key, $auth_key, $data, $domain); + +my $config = AppConfig->new({ CREATE => 1 }); + +$config->define("api_url=s"); +$config->define("api_keyfile=s"); + +$config->define("default_domain=s"); +$config->default_domain("hig.no"); + +$config->define("numbers_local_prefix=s"); +$config->define("numbers_local_series=s"); +$config->define("numbers_countrycode=s"); + +foreach ( + "/usr/local/etc/hermes/hermes_config", + "/usr/local/etc/hermes/config", + "/etc/hermes/config", + $ENV{"HOME"} . "/.hermes/config", + $ENV{"HOME"} . "/.hermes_config", +) { $configfile = $_ if ( -f $_ ); } + +GetOptions( + "help" => \$help, + "configfile=s" => \$configfile, + "username=s" => \$username, + "permission=s" => \$permission, +); + +if ( + (not $username) || + (not $configfile) || + (( $configfile ) && ( not -f $configfile )) +) +{ + $help = 1; +} + +$config->file( $configfile ); + +if ( ( not $config->api_url ) || + ( not $config->api_keyfile ) || + ( $config->api_keyfile && not -f $config->api_keyfile ) +) +{ + $help = 1; +} + +if ( $help ) { +print <api_keyfile; +chomp( $api_key = ); +close KEY; + +if ( not $username =~ m/\w+/ ) +{ print "Illegal username\n"; exit; } + +$g_ua = LWP::UserAgent->new; +$g_ua->cookie_jar({}); # In-memory jar, look at HTTP::Cookies for persistant + +login_apikey(); + +# First: fetch a supported domain from the API... +$data = exec_apinode("domain/list", undef); +if ( $data->{'response'} eq 'ok' ) +{ + $domain = $data->{'list'}[0]; +} +else +{ + printf("Unable to get domain name. Aborting\n"); + logout(); + exit; +} + +if ( $username =~ /@/ ) +{ + ( $username, $domain ) = split /@/, $username; +} + +$data = exec_apinode("user/available", { 'username' => $username, 'domain' => $domain }); +if ( $data->{'response'} eq 'ok' ) +{ + printf("Username is not registered.\n"); + logout(); + exit; +} + +if ( not $data->{'cause'} eq 'exists' ) +{ + printf("Username lookup failed, cause: %s.\n", $data->{'cause'}); + logout(); + exit; +} +undef $data; + +if ( not $permission ) +{ + + undef $data; + $data = exec_apinode("permissions/get", { 'username' => $username, 'domain' => $domain }); + if ( $data->{'response'} eq 'ok' ) + { + printf("Current permission number is %d\n", $data->{'permission'}); + logout(); + exit; + } + else + { + printf("Failed lookup. cause: %s\n", $data->{'cause'}); + logout(); + exit; + } +} +else +{ + if ( not $permission =~ m/^\d+$/ ) + { + printf("Provided permission not a number.\n"); + logout(); + exit; + } + if ( ($permission < 1) || ( $permission > 256 ) ) + { + printf("Provided permission is outside valid range.\n"); + logout(); + exit; + } + + undef $data; + $data = exec_apinode("permissions/set", { 'username' => $username, 'domain' => $domain, 'permission' => $permission }); + if ( $data->{'response'} eq 'ok' ) + { + printf("Set permission to: %d\n", $data->{'permission'}); + logout(); + exit; + } + else + { + printf("Failed setting permission cause: %s\n", $data->{'cause'}); + logout(); + exit; + } +} + +logout(); +################################################################################################ +sub exec_apinode($$) +{ + my $node = shift; + my $param = shift; + + my ( $response, $data ); + + $session = "" if not defined $session; + $auth_key = "" if not defined $auth_key; + my $url = $config->api_url . "/" . $node; + + $param->{'session'} = $session; + $param->{'auth_key'} = $auth_key; + + $response = $g_ua->post( $url, $param ); + if ( $response->is_success ) + { + if ( $response->content =~ m/\s*{/ ) + { + $data = decode_json( $response->content); + } + else + { + $data = $response->content; + } + + } + return $data; +} + +sub login_apikey +{ + my $response = $g_ua->post( $config->api_url . "/auth/login", + [ "api_key" => $api_key ] ); + + my $data = decode_json( $response->content) if $response->is_success; + die("HTTP error") unless $response->is_success; + + if ( $data->{'response'} eq "ok" ) + { + $session = $data->{'session'}; + $auth_key = $data->{'auth_key'}; + } + else + { + print "Unable to log in to Hermes API\n"; + exit; + } + undef $data; undef $response; +} + +sub logout +{ + my $response = $g_ua->post( $config->api_url . "/auth/logout", + [ "session" => $session ] ); + die("HTTP error") unless $response->is_success; + undef $session; undef $auth_key; +} +