| |
@@ -11,13 +11,21 @@
|
| |
|
| |
# ykpersonalize -ofixed=ccccccccccci -afcaa0c5bf2e83ec040e4aeb7f8565293 -ouid=1e7f1da7d6d1
|
| |
from fedora.client import AccountSystem, AuthError
|
| |
- from getpass import getpass, getuser
|
| |
- import subprocess, sys, gettext
|
| |
+ from getpass import getpass
|
| |
+ import sys
|
| |
+ import gettext
|
| |
from optparse import OptionParser
|
| |
+ import yubico
|
| |
|
| |
t = gettext.translation('fas', '/usr/share/locale', fallback = True)
|
| |
_ = t.gettext
|
| |
|
| |
+ try:
|
| |
+ ykey = yubico.find_yubikey(False)
|
| |
+ except yubico.yubikey.YubiKeyError, ex:
|
| |
+ print 'Unable to get access to a yubikey: %s' % ex
|
| |
+ sys.exit(1)
|
| |
+
|
| |
parser = OptionParser(version = "0.1")
|
| |
parser.add_option('-u', '--username',
|
| |
dest = 'username',
|
| |
@@ -43,11 +51,6 @@
|
| |
parser.print_help()
|
| |
sys.exit(0)
|
| |
|
| |
- if not getuser() == 'root':
|
| |
- print _('''Please run this program as root as it will need to write
|
| |
- directly to the yubikey usb''')
|
| |
- sys.exit(5)
|
| |
-
|
| |
print _(
|
| |
'''
|
| |
Attention: You are about to reprogram your yubikey! Please ensure it is
|
| |
@@ -73,25 +76,18 @@
|
| |
opts = new_key['key'].split()
|
| |
|
| |
try:
|
| |
- retcode = subprocess.call(['/usr/bin/ykpersonalize',
|
| |
- '-%s' % slot,
|
| |
- '-ofixed=%s' % opts[0],
|
| |
- '-a%s' % opts[2],
|
| |
- '-ouid=%s' % opts[1],
|
| |
- '-o-static-ticket',
|
| |
- '-o-strong-pw1',
|
| |
- '-o-strong-pw2',
|
| |
- '-oserial-api-visible',
|
| |
- '-o-man-update'])
|
| |
- except KeyboardInterrupt:
|
| |
- print _('''
|
| |
- Burn attempt cancelled by user! Note: Even though the key did not get burned
|
| |
- onto your key, FAS did generate a new one. This just means that if you did
|
| |
- previously burn a different key, it will no longer work.
|
| |
- ''')
|
| |
- retcode=1
|
| |
-
|
| |
- if retcode:
|
| |
- print "There was an error writing to your yubi key"
|
| |
- else:
|
| |
+ ykconfig = ykey.init_config()
|
| |
+ ykconfig.mode_yubikey_otp('h:%s' % opts[1], 'h:%s' % opts[2])
|
| |
+ ykconfig.fixed_string(str('m:%s' % opts[0]))
|
| |
+ ykconfig.ticket_flag('APPEND_CR', True)
|
| |
+ ykconfig.config_flag('STATIC_TICKET', False)
|
| |
+ if ykey.version_num() >= (2, 1):
|
| |
+ ykconfig.config_flag('STRONG_PW1', False)
|
| |
+ ykconfig.config_flag('STRONG_PW2', False)
|
| |
+ ykconfig.config_flag('MAN_UPDATE', False)
|
| |
+ if ykey.version_num() >= (2, 2):
|
| |
+ ykconfig.extended_flag('SERIAL_API_VISIBLE', True)
|
| |
+ ykey.write_config(ykconfig, slot=int(slot))
|
| |
print "Success! Your Yubikey ID is %s" % opts[0]
|
| |
+ except yubico.yubikey.YubiKeyError, ex:
|
| |
+ print 'Yubikey error: %s' % ex
|
| |