added support for a door indicator switch on pin 21 (closed->1; open->0) to detect manual openening of the door
This commit is contained in:
parent
6b4819092c
commit
bb093d4848
|
@ -0,0 +1,15 @@
|
||||||
|
Yubikey login:
|
||||||
|
^^^^^^^^^^^^^^
|
||||||
|
|
||||||
|
-please create /etc/udev/rules.d/92-yubikey.rules with the following content:
|
||||||
|
ACTION=="add", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0010", RUN+="/etc/door/door.sh"
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
SSH login:
|
||||||
|
^^^^^^^^^^
|
||||||
|
|
||||||
|
-in ~/.ssh/authorized_keys add to the first line:
|
||||||
|
no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty
|
||||||
|
|
||||||
|
-in /etc/passwd change the the default shell to door_ssh_login.sh
|
103
door.sh
103
door.sh
|
@ -1,28 +1,106 @@
|
||||||
#! /bin/sh
|
#! /bin/bash
|
||||||
|
|
||||||
cd /etc/door/
|
|
||||||
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
||||||
|
|
||||||
OPEN_INDICATOR=/tmp/door_status_open
|
OPEN_INDICATOR=/tmp/door_status_open
|
||||||
CLOSED_INDICATOR=/tmp/door_status_closed
|
CLOSED_INDICATOR=/tmp/door_status_closed
|
||||||
|
GPIO_SWITCH=21
|
||||||
|
WATCHDOG_PID=/tmp/door_watchdog_pid
|
||||||
|
|
||||||
|
DELAY=10
|
||||||
|
DATE_STRING="$(date +%s)#$(date +"%F %X")"
|
||||||
|
TIMEOUT=30
|
||||||
|
LOCKDIR="/var/lock"
|
||||||
|
|
||||||
|
lock_file() {
|
||||||
|
OUTFILE=$1
|
||||||
|
OUTFILE_LOCK="${LOCKDIR}/$(readlink -f $OUTFILE | sed -e "s/\//\!/g").lock"
|
||||||
|
TIMEOUT_LOCK=$TIMEOUT
|
||||||
|
while [ $(mkdir "$OUTFILE_LOCK" 2> /dev/null; echo $? ) -ne 0 -a $TIMEOUT_LOCK -gt 0 ]; do
|
||||||
|
TIMEOUT_LOCK=$(($TIMEOUT_LOCK-1))
|
||||||
|
if [ -f "$OUTFILE_LOCK/lastaction" -a ! -d "$OUTFILE_LOCK/timeout" ] >> /dev/null 2>&1; then
|
||||||
|
FILEAGE=$(($(date +%s) - $(stat -c '%Y' "$OUTFILE_LOCK/lastaction" || echo $(date +%s) 2> /dev/null )))
|
||||||
|
TIMEOUT_LOCK=$(($TIMEOUT-$FILEAGE))
|
||||||
|
fi
|
||||||
|
if [ $TIMEOUT_LOCK -le 0 ]; then
|
||||||
|
if [ $(mkdir "$OUTFILE_LOCK/timeout" >> /dev/null 2>&1; echo $? ) -ne 0 ]; then
|
||||||
|
TIMEOUTAGE_LOCK=$(($(date +%s) - $(stat -c '%Y' "$OUTFILE_LOCK/timeout")))
|
||||||
|
if [ $TIMEOUTAGE_LOCK -gt $TIMEOUT ]; then
|
||||||
|
if [ $(rm -rf "$OUTFILE_LOCK/timeout" >> /dev/null 2>&1; echo $? ) -ne 0 ]; then
|
||||||
|
TIMEOUT_LOCK=$TIMEOUT
|
||||||
|
else
|
||||||
|
TIMEOUT_LOCK=1
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
TIMEOUT_LOCK=$(($TIMEOUT-$TIMEOUTAGE_LOCK))
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
sleep 1
|
||||||
|
done
|
||||||
|
if [ $TIMEOUT_LOCK -le 0 ]; then
|
||||||
|
echo "Timeout! Ignoring old \"$OUTFILE_LOCK\"." >&2
|
||||||
|
fi
|
||||||
|
touch "$OUTFILE_LOCK/lastaction"
|
||||||
|
}
|
||||||
|
|
||||||
|
unlock_file() {
|
||||||
|
OUTFILE=${1}
|
||||||
|
OUTFILE_LOCK="${LOCKDIR}/$(readlink -f $OUTFILE | sed -e "s/\//\!/g").lock"
|
||||||
|
rm -rf "$OUTFILE_LOCK"
|
||||||
|
}
|
||||||
|
|
||||||
|
cd $(dirname $0) || {
|
||||||
|
echo "konnte verzeichniss nicht wechseln"
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
|
||||||
|
if ! kill -0 $(cat $WATCHDOG_PID 2> /dev/null) > /dev/null 2>&1; then
|
||||||
|
{
|
||||||
|
( while true; do
|
||||||
|
{
|
||||||
|
if [ $(cat /sys/class/gpio/gpio${GPIO_SWITCH}/value) -ne 1 -a -f $CLOSED_INDICATOR ]; then
|
||||||
|
{
|
||||||
|
lock_file $OPEN_INDICATOR
|
||||||
|
lock_file $CLOSED_INDICATOR
|
||||||
|
touch $OPEN_INDICATOR
|
||||||
|
rm -f $CLOSED_INDICATOR >> /dev/null 2>&1
|
||||||
|
unlock_file $OPEN_INDICATOR
|
||||||
|
unlock_file $CLOSED_INDICATOR
|
||||||
|
}
|
||||||
|
fi
|
||||||
|
sleep .5
|
||||||
|
}
|
||||||
|
done ) &
|
||||||
|
echo $! > $WATCHDOG_PID
|
||||||
|
cat $WATCHDOG_PID
|
||||||
|
}
|
||||||
|
fi
|
||||||
|
|
||||||
|
lock_file $OPEN_INDICATOR
|
||||||
|
lock_file $CLOSED_INDICATOR
|
||||||
if [ -f $OPEN_INDICATOR ]; then
|
if [ -f $OPEN_INDICATOR ]; then
|
||||||
LOCK_AGE=$(( $(date +%s)-$(stat -c %X $OPEN_INDICATOR) ))
|
LOCK_AGE=$(( $(date +%s)-$(stat -c %X $OPEN_INDICATOR) ))
|
||||||
elif [ -f $CLOSED_INDICATOR ]; then
|
elif [ -f $CLOSED_INDICATOR ]; then
|
||||||
LOCK_AGE=$(( $(date +%s)-$(stat -c %X $CLOSED_INDICATOR) ))
|
LOCK_AGE=$(( $(date +%s)-$(stat -c %X $CLOSED_INDICATOR) ))
|
||||||
else
|
else
|
||||||
LOCK_AGE=15
|
LOCK_AGE=$DELAY
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ $LOCK_AGE -lt 15 ]; then
|
if [ $LOCK_AGE -lt $DELAY ]; then
|
||||||
echo "please wait at least 15 seconds befor a second run of this script" >&2
|
echo "please wait at least $DELAY seconds before a second run of this script" >&2
|
||||||
|
unlock_file $OPEN_INDICATOR
|
||||||
|
unlock_file $CLOSED_INDICATOR
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
./door_verify.sh
|
if [ "$1" == "noverify" ]; then
|
||||||
STATUS=$?
|
STATUS=0
|
||||||
|
else
|
||||||
|
./door_verify.sh
|
||||||
|
STATUS=$?
|
||||||
|
fi
|
||||||
if [ $STATUS -eq 0 ]; then
|
if [ $STATUS -eq 0 ]; then
|
||||||
echo "opening door"
|
|
||||||
if [ -f $OPEN_INDICATOR ]; then
|
if [ -f $OPEN_INDICATOR ]; then
|
||||||
echo "closing door"
|
echo "closing door"
|
||||||
./door_lock.sh close
|
./door_lock.sh close
|
||||||
|
@ -34,8 +112,17 @@ if [ $STATUS -eq 0 ]; then
|
||||||
rm $CLOSED_INDICATOR
|
rm $CLOSED_INDICATOR
|
||||||
touch $OPEN_INDICATOR
|
touch $OPEN_INDICATOR
|
||||||
fi
|
fi
|
||||||
|
unlock_file $OPEN_INDICATOR
|
||||||
|
unlock_file $CLOSED_INDICATOR
|
||||||
exit 0
|
exit 0
|
||||||
else
|
else
|
||||||
echo "the lock won't move" >&2
|
echo "the lock won't move" >&2
|
||||||
|
if [ -f $OPEN_INDICATOR ]; then
|
||||||
|
touch $OPEN_INDICATOR
|
||||||
|
else
|
||||||
|
touch $CLOSED_INDICATOR
|
||||||
|
fi
|
||||||
|
unlock_file $OPEN_INDICATOR
|
||||||
|
unlock_file $CLOSED_INDICATOR
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
26
door_lock.sh
26
door_lock.sh
|
@ -3,13 +3,18 @@
|
||||||
GPIO_OPEN=23
|
GPIO_OPEN=23
|
||||||
GPIO_CLOSE=24
|
GPIO_CLOSE=24
|
||||||
GPIO_CLIP=22
|
GPIO_CLIP=22
|
||||||
SLEEP=2
|
GPIO_SWITCH=21
|
||||||
|
SLEEP=4
|
||||||
|
CLOSE_TIMEOUT=15
|
||||||
|
|
||||||
for i in $GPIO_OPEN $GPIO_CLOSE $GPIO_CLIP; do
|
for i in $GPIO_OPEN $GPIO_CLOSE $GPIO_CLIP; do
|
||||||
echo "$i" > /sys/class/gpio/export
|
echo "$i" > /sys/class/gpio/export
|
||||||
echo "out" > /sys/class/gpio/gpio${i}/direction
|
echo "out" > /sys/class/gpio/gpio${i}/direction
|
||||||
done
|
done
|
||||||
|
|
||||||
|
echo "$GPIO_SWITCH" > /sys/class/gpio/export
|
||||||
|
echo "in" > /sys/class/gpio/gpio${GPIO_SWITCH}/direction
|
||||||
|
|
||||||
case $1 in
|
case $1 in
|
||||||
open)
|
open)
|
||||||
echo "1" > /sys/class/gpio/gpio${GPIO_OPEN}/value
|
echo "1" > /sys/class/gpio/gpio${GPIO_OPEN}/value
|
||||||
|
@ -17,9 +22,22 @@ case $1 in
|
||||||
echo "0" > /sys/class/gpio/gpio${GPIO_OPEN}/value
|
echo "0" > /sys/class/gpio/gpio${GPIO_OPEN}/value
|
||||||
;;
|
;;
|
||||||
close)
|
close)
|
||||||
echo "1" > /sys/class/gpio/gpio${GPIO_CLOSE}/value
|
TIMER=$(($CLOSE_TIMEOUT*10))
|
||||||
sleep $SLEEP
|
while [ $TIMER -ge 0 ]; do
|
||||||
echo "0" > /sys/class/gpio/gpio${GPIO_CLOSE}/value
|
{
|
||||||
|
SWITCH=$(cat /sys/class/gpio/gpio${GPIO_SWITCH}/value)
|
||||||
|
if [ $SWITCH -eq 1 ]; then
|
||||||
|
{
|
||||||
|
echo "1" > /sys/class/gpio/gpio${GPIO_CLOSE}/value
|
||||||
|
sleep $SLEEP
|
||||||
|
echo "0" > /sys/class/gpio/gpio${GPIO_CLOSE}/value
|
||||||
|
break
|
||||||
|
}
|
||||||
|
fi
|
||||||
|
sleep .1
|
||||||
|
TIMER=$(($TIMER-1))
|
||||||
|
}
|
||||||
|
done
|
||||||
;;
|
;;
|
||||||
clip)
|
clip)
|
||||||
echo "1" > /sys/class/gpio/gpio${GPIO_CLIP}/value
|
echo "1" > /sys/class/gpio/gpio${GPIO_CLIP}/value
|
||||||
|
|
|
@ -0,0 +1,10 @@
|
||||||
|
#! /bin/bash --
|
||||||
|
|
||||||
|
ping -c1 -t3 $(echo $SSH_CONNECTION | cut -d" " -f 1) >> /dev/null 2>&1
|
||||||
|
STATUS=$?
|
||||||
|
if [ $STATUS -ne 0 ]; then
|
||||||
|
echo "come closer... ;-)"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
sudo $(dirname $0)/door.sh noverify
|
|
@ -20,9 +20,7 @@ aes_decrypt() {
|
||||||
echo "$1" | xxd -ps -r | openssl enc -aes256 -d -k "$2" >> /dev/null 2>&1
|
echo "$1" | xxd -ps -r | openssl enc -aes256 -d -k "$2" >> /dev/null 2>&1
|
||||||
DECRYPT_OK=$?
|
DECRYPT_OK=$?
|
||||||
DECRYPTED_TEXT="$(echo "$1" | xxd -ps -r | openssl enc -aes256 -d -k "$2" 2>&1)"
|
DECRYPTED_TEXT="$(echo "$1" | xxd -ps -r | openssl enc -aes256 -d -k "$2" 2>&1)"
|
||||||
if [ $DECRYPT_OK -ne 0 ]; then
|
[ $DECRYPT_OK -ne 0 ] && DECRYPTED_TEXT="DEADBEEF"
|
||||||
DECRYPTED_TEXT="DEADBEEF"
|
|
||||||
fi
|
|
||||||
echo $DECRYPTED_TEXT
|
echo $DECRYPTED_TEXT
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -35,7 +33,7 @@ if [ ! -f $KEYFILE ]; then
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ ! -f $LOGFILE ]; then
|
if [ ! -f "$LOGFILE" ]; then
|
||||||
echo "generating new logfile" >&2
|
echo "generating new logfile" >&2
|
||||||
echo "# DATE:ID:SIGNED_DATE:STATUS" > $LOGFILE
|
echo "# DATE:ID:SIGNED_DATE:STATUS" > $LOGFILE
|
||||||
chmod 600 $LOGFILE
|
chmod 600 $LOGFILE
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
ACTION=="add", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0010", RUN+="/etc/door/door.sh"
|
|
Loading…
Reference in New Issue