CoCalc -- fido2-unprot.sh

GitHub Repository: freebsd/freebsd-src
Path: blob/main/contrib/libfido2/tools/fido2-unprot.sh
³⁹⁵⁰⁷ views
1
#!/bin/sh
2

3
# Copyright (c) 2020 Fabian Henneke.
4
# Use of this source code is governed by a BSD-style
5
# license that can be found in the LICENSE file.
6
# SPDX-License-Identifier: BSD-2-Clause
7

8

9
if [ $(uname) != "Linux" ] ; then
10
   echo "Can only run on Linux"
11
   exit 1
12
fi
13

14
TOKEN_VERSION=$(${FIDO_TOOLS_PREFIX}fido2-token -V 2>&1)
15
if [ $? -ne 0 ] ; then
16
    echo "Please install libfido2 1.5.0 or higher"
17
    exit
18
fi
19

20
TOKEN_VERSION_MAJOR=$(echo "$TOKEN_VERSION" | cut -d. -f1)
21
TOKEN_VERSION_MINOR=$(echo "$TOKEN_VERSION" | cut -d. -f2)
22
if [ $TOKEN_VERSION_MAJOR -eq 0 -o $TOKEN_VERSION_MAJOR -eq 1 -a $TOKEN_VERSION_MINOR -lt 5 ] ; then
23
    echo "Please install libfido2 1.5.0 or higher (current version: $TOKEN_VERSION)"
24
    exit 1
25
fi
26

27
set -e
28

29
TOKEN_OUTPUT=$(${FIDO_TOOLS_PREFIX}fido2-token -L)
30
DEV_PATH_NAMES=$(echo "$TOKEN_OUTPUT" | sed -r 's/^(.*): .*\((.*)\)$/\1 \2/g')
31
DEV_COUNT=$(echo "$DEV_PATH_NAMES" | wc -l)
32

33
for i in $(seq 1 $DEV_COUNT)
34
do
35
    DEV_PATH_NAME=$(echo "$DEV_PATH_NAMES" | sed "${i}q;d")
36
    DEV_PATH=$(echo "$DEV_PATH_NAME" | cut -d' ' -f1)
37
    DEV_NAME=$(echo "$DEV_PATH_NAME" | cut -d' ' -f1 --complement)
38
    DEV_PRETTY=$(echo "$DEV_NAME (at '$DEV_PATH')")
39
    if expr match "$(${FIDO_TOOLS_PREFIX}fido2-token -I $DEV_PATH)" ".* credMgmt.* clientPin.*\|.* clientPin.* credMgmt.*" > /dev/null ; then
40
        printf "Enter PIN for $DEV_PRETTY once (ignore further prompts): "
41
        stty -echo
42
        read PIN
43
        stty echo
44
        printf "\n"
45
        RESIDENT_RPS=$(echo "${PIN}\n" | setsid -w ${FIDO_TOOLS_PREFIX}fido2-token -L -r $DEV_PATH | cut -d' ' -f3)
46
        printf "\n"
47
        RESIDENT_RPS_COUNT=$(echo "$RESIDENT_RPS" | wc -l)
48
        FOUND=0
49
        for j in $(seq 1 $DEV_RESIDENT_RPS_COUNT)
50
        do
51
            RESIDENT_RP=$(echo "$RESIDENT_RPS" | sed "${j}q;d")
52
            UNPROT_CREDS=$(echo "${PIN}\n" | setsid -w ${FIDO_TOOLS_PREFIX}fido2-token -L -k $RESIDENT_RP $DEV_PATH | grep ' uvopt$' | cut -d' ' -f2,3,4)
53
            printf "\n"
54
            UNPROT_CREDS_COUNT=$(echo "$UNPROT_CREDS" | wc -l)
55
            if [ $UNPROT_CREDS_COUNT -gt 0 ] ; then
56
                FOUND=1
57
                echo "Unprotected credentials on $DEV_PRETTY for '$RESIDENT_RP':"
58
                echo "$UNPROT_CREDS"
59
            fi
60
        done
61
        if [ $FOUND -eq 0 ] ; then
62
            echo "No unprotected credentials on $DEV_PRETTY"
63
        fi
64
    else
65
        echo "$DEV_PRETTY cannot enumerate credentials"
66
        echo "Discovering unprotected SSH credentials only..."
67
        STUB_HASH=$(echo -n "" | openssl sha256 -binary | base64)
68
        printf "$STUB_HASH\nssh:\n" | ${FIDO_TOOLS_PREFIX}fido2-assert -G -r -t up=false $DEV_PATH 2> /dev/null || ASSERT_EXIT_CODE=$?
69
        if [ $ASSERT_EXIT_CODE -eq 0 ] ; then
70
            echo "Found an unprotected SSH credential on $DEV_PRETTY!"
71
        else
72
            echo "No unprotected SSH credentials (default settings) on $DEV_PRETTY"
73
        fi
74
    fi
75
    printf "\n"
76
done
77

78
Product

Resources

Company
