From 8472b394ee44cd46cc36fd4fe0a4882364cab602 Mon Sep 17 00:00:00 2001 From: Sam Chudnick Date: Sat, 2 Jul 2022 15:35:50 -0400 Subject: Read options from config file Set a standardized configuration file location and read options from there. Allow for specifiying alternate location on command line. Options can still be specified on the command line, and any command line options take priority over those given in the configuration file. --- server/mfad.py | 73 ++++++++++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 64 insertions(+), 9 deletions(-) (limited to 'server') diff --git a/server/mfad.py b/server/mfad.py index d045e14..46fc0cc 100755 --- a/server/mfad.py +++ b/server/mfad.py @@ -7,6 +7,8 @@ import threading import pyotp import sqlite3 import re +import configparser +import argparse ## Listens for authentication request from PAM module ## Recevies connection from client @@ -16,7 +18,7 @@ import re ## Return pass or fail response to PAM moudle -DB_NAME = "mfa.db" +DB_NAME = "" HEADER_LENGTH = 64 KEY_LENGTH = 64 DISCONNECT_LENGTH = ACK_LENGTH = 3 @@ -41,6 +43,22 @@ CLIENT_SECRET_INDEX = 2 # key and a tuple of (socket,(addr,port)) as the value client_connections = dict() +def parse_arguments(): + parser = argparse.ArgumentParser() + parser.add_argument("--address",type=str,help="Bind Address") + parser.add_argument("--pam-port",type=int,help="Port to listen for PAM requests") + parser.add_argument("--client-port",type=int,help="Port for client connections") + parser.add_argument("--database",type=str,help="Path to alternate database file") + parser.add_argument("--config",type=str,help="Alternate config file location",\ + default="/etc/mfa/mfa.conf") + return parser.parse_args() + + +def read_config(config): + parser = configparser.ConfigParser(inline_comment_prefixes="#") + parser.read(config) + return parser + def eval_mfa(client_key, mfa_methods, client_response): print("response: " + client_response) @@ -228,14 +246,14 @@ def listen_pam(addr, port): ################################################################################ -def create_db(): - with sqlite3.connect(DB_NAME) as conn: +def create_db(db): + with sqlite3.connect(db) as conn: c = conn.cursor() c.execute("""CREATE TABLE applications ( username text, hostname text, service text, - client_key text, + alias text, mfa_methods text )""") c.execute("""CREATE TABLE clients ( @@ -243,16 +261,53 @@ def create_db(): key text, totp_secret text )""") + conn.commit() + + +def get_vars(args,confparser): + if not os.path.exists(args.config): + print("Unable to open config file") + sys.exit(1) + + bind_addr = None + client_port = None + pam_port = None + database = None + + # Set values from config file first + if confparser.has_section("mfad"): + bind_addr = confparser.get("mfad","address",fallback=None) + client_port = confparser.get("mfad","client-port",fallback=None) + pam_port = confparser.get("mfad","pam-port",fallback=None) + database = confparser.get("mfad","database",fallback=None) + + # Let command line args overwrite any values + if args.address: + bind_addr = args.address + if args.client_port: + client_port = args.client_port + if args.pam_port: + pam_port = args.pam_port + if args.database: + database = args.database + + # Exit if any value is null + if None in [bind_addr,client_port,pam_port,database]: + print("error: one or more items unspecified") + sys.exit(1) + + return bind_addr, int(client_port), int(pam_port), database def main(): - global connection_list - bind_addr = "127.0.0.1" - pam_port = 8000 - client_port = 8001 + args = parse_arguments() + confparser = read_config(args.config) + + bind_addr, client_port, pam_port, DB_NAME = get_vars(args,confparser) if not os.path.exists(DB_NAME): - create_db() + print("Creating DB") + create_db(DB_NAME) clients = threading.Thread(target=listen_client,args=(bind_addr,client_port)) pam = threading.Thread(target=listen_pam,args=(bind_addr,pam_port)) -- cgit v1.2.3