mehmeteribol/kilit - Change UDJOVOXLWQ7NV53TKV74ZRUPOBURKJOA54G6B3BLJODXBEXC4T2QC

First push for kilit

Created by 8DLwXB6S2i9B9SmFpsBqMLrxCFqtfRD7gRvguLB657S9 on February 21, 2024

UDJOVOXLWQ7NV53TKV74ZRUPOBURKJOA54G6B3BLJODXBEXC4T2QC

Dependencies

[2] U6FRILIWSYD64RYPE5ERZKUWQ7THW6YCAC7EIQ5JSMYJJQF4DFIQC

In channels

main

Change contents

File addition: src (d--x------)
[2.1]

File addition: main.rs (----------)

[0.15]

#![allow(unused)]
use std::env;
use std::fs;
use std::{
    io::{BufRead, BufReader, Error, Read, Stdin, Stdout, Write},
    path::{Path, PathBuf},
    process::{Command, Stdio},
    thread::{self, sleep},
    time::{Duration, Instant},
};
use devices::get_devices;
use keys::create_password;
use rsa::Pkcs1v15Encrypt;
use crate::devices::list_devices;
use log::{debug, error, info, log_enabled, Level};
mod devices;
mod keys;
fn main() {
    env_logger::init();
    //env_logger::builder().format_level(write);
    let mut priv_key = keys::get_priv_key();
    let args: Vec<String> = env::args().collect();
    if let Some(arg) = args.get(1) {
        match arg.as_ref() {
            "-a" => {
                let mut devices = devices::get_devices();
                devices.retain(|d| d.is_mounted());
                list_devices(&devices);
                println!("Bir disk seçin");
                let mut buffer = String::new();
                std::io::stdin().read_line(&mut buffer).unwrap();
                let selected_disk = buffer.trim().parse::<usize>().unwrap();
                if selected_disk <= devices.len() {
                    let d = devices[selected_disk - 1].clone();
                    d.write_pub_key(&priv_key);
                }
                return ();
            }
            "-c" => {
                create_password(priv_key);
            }
            "-d" => {
                get_devices();
            }
            _ => {
                println!("invalid arg");
                return ();
            }
        }
    } else {
        start_loop(priv_key);
    }
}
fn start_loop(priv_key: rsa::RsaPrivateKey) {
    let schoold_id = env::var("SCHOOL_ID").unwrap();
    let lock_time = env::var("LOCK").unwrap().parse::<u64>().unwrap();
    let mut rng = rand::thread_rng();
    let mut est_time = Instant::now();
    //let mut status_changed = false;
    loop {
        let mut is_unlock = std::sync::Arc::new(std::sync::Mutex::new(LockState::Locked));
        if est_time.elapsed().as_secs() >= lock_time
            && *is_unlock.lock().unwrap() != LockState::Locked
        {
            shutdown();
        }
        let priv_key = priv_key.clone();
        let is_unlock2 = std::sync::Arc::clone(&is_unlock);
        thread::spawn(move || {
            let is_unlock = std::sync::Arc::clone(&is_unlock);
            let mut devices = devices::get_devices();
            for device in &devices {
                if device.read_key(&priv_key.clone()) {
                    *is_unlock.lock().unwrap() = LockState::Unlocked(UnlockedState::Usb);
                    break;
                }
            }
            if *is_unlock.lock().unwrap() != LockState::Locked {
                est_time = Instant::now();
            } else {
                log::info!("0 {}", lock_time - est_time.elapsed().as_secs());
            }
        });
        thread::spawn(move || {
            let is_unlock = std::sync::Arc::clone(&is_unlock2);
            if *is_unlock.lock().unwrap() == LockState::Locked && confirm_key() {
                *is_unlock.lock().unwrap() = LockState::Unlocked(UnlockedState::Key);
                thread::sleep(Duration::from_secs(40 * 60));
                log::info!("1 3");
                *is_unlock.lock().unwrap() == LockState::Locked;
                est_time = Instant::now();
                log::info!("0 {}", lock_time - est_time.elapsed().as_secs());
            }
        });
        thread::sleep(Duration::from_millis(1000));
    }
}
fn confirm_key() -> bool {
    let key = std::fs::read_to_string("/tmp/etapkilit");
    if let Ok(key) = key {
        let agent: ureq::Agent = ureq::AgentBuilder::new()
            .timeout_read(Duration::from_secs(5))
            .timeout_write(Duration::from_secs(5))
            .build();
        let body: u16 = agent
            .get("https://192.168.1.101/confirm")
            .call()
            .unwrap()
            .status();
        return body == 200;
    }
    false
}
fn shutdown() {
    let a = Command::new("shutdown")
        .arg("-h")
        .arg("now")
        .spawn()
        .unwrap();
}
#[derive(Debug, Clone, PartialEq)]
enum LockState {
    Locked,
    Unlocked(UnlockedState),
}
#[derive(Debug, Clone, PartialEq)]
enum UnlockedState {
    Usb,
    Key,
}

File addition: keys.rs (----------)

[0.15]

use std::fs;
use rand::thread_rng;
use rsa::Pkcs1v15Encrypt;
use rsa::{RsaPrivateKey, RsaPublicKey, pkcs8::DecodePublicKey};
use rsa::pkcs8::{LineEnding, EncodePrivateKey, DecodePrivateKey, };
pub fn get_priv_key()->RsaPrivateKey{
    let priv_key = RsaPrivateKey::read_pkcs8_der_file("/etc/etapkilit/etapkilit.der");
    if let Ok(p_key) = priv_key{
        println!("priv bulundu");
        return p_key
    }
    let mut rng = rand::thread_rng();
    let priv_key = RsaPrivateKey::new(&mut rng, 2048).unwrap();
    priv_key.write_pkcs8_der_file("/etc/etapkilit/etapkilit.der").unwrap();
    priv_key
}
fn get_priv_from_file()->Result<RsaPrivateKey, rsa::pkcs8::Error>{
    RsaPrivateKey::read_pkcs8_der_file("/etc/etapkilit/etapkilit.der")
}
pub fn create_password(priv_key: rsa::RsaPrivateKey){
    let mut passwd1 = String::new();
    println!("Şifreyi giriniz");
    std::io::stdin().read_line(&mut passwd1).unwrap();
    passwd1.trim();
    let mut passwd2 = String::new();
    println!("Şifreyi giriniz(tekrar)");
    std::io::stdin().read_line(&mut passwd2).unwrap();
    passwd2.trim();
    if passwd1 == passwd2{
        let pub_key = RsaPublicKey::from(priv_key);
        let dec_data = pub_key.encrypt(&mut thread_rng(), Pkcs1v15Encrypt, &passwd1[..].as_bytes());
        write_pub_key(dec_data.unwrap());
    };
}
pub fn get_passwd_key()->Vec<u8>{
    fs::read("/etc/etapkilit/password.key").unwrap()
}
fn write_pub_key(passwd: Vec<u8>){
    std::fs::write("/etc/etapkilit/password.key", passwd);
}

File addition: devices.rs (----------)

[0.15]

use std::{
    collections::HashSet,
    fs,
    io::{Read, Write},
    path::PathBuf,
    process::{Command, Stdio},
};
use rsa::{Pkcs1v15Encrypt, RsaPrivateKey, RsaPublicKey};
use crate::keys::get_passwd_key;
fn is_usb(devices: &mut Vec<MyDevices>) {
    let mut i = 0;
    while i < devices.len() {
        if !pipe(&devices[i].serial_number) {
            devices.remove(i);
            continue;
        }
        i += 1;
    }
}
pub fn get_trusted_devices() -> HashSet<String> {
    let mut trusted_devices: HashSet<String> = HashSet::new();
    let serial_number = fs::read_to_string("/etc/etapkilit/trusted_devices.txt");
    match serial_number {
        Ok(lines) => {
            lines.trim().lines().for_each(|line| {
                trusted_devices.insert(line.to_string());
            });
        }
        Err(_) => (),
    }
    trusted_devices
}
fn is_device_trusted(serial_number: &String, trusted_devices: HashSet<String>) -> bool {
    trusted_devices.get(serial_number).is_some()
}
fn add_trusted_device(serial_number: &String) {
    let mut file = fs::OpenOptions::new()
        .write(true)
        .append(true)
        .open("/etc/etapkilit/trusted_devices.txt")
        .unwrap();
    writeln!(file, "{serial_number}");
}
pub fn get_devices() -> Vec<MyDevices> {
    let stdout_reader = String::from_utf8(lsblk_output()).unwrap();
    //let stdout_lines: Vec<String> = stdout_reader.lines().map(|l| l.unwrap()).collect();
    let stdout_lines = stdout_reader.lines();
    let mut devices = Vec::new();
    for l in stdout_lines {
        let device: Vec<&str> = l.split(" ").collect();
        let disk = device[0];
        if disk.len() == 3 {
            let new_device = MyDevices {
                vendor: device[3].to_string(),
                model: device[2].to_string(),
                name: disk.to_string(),
                serial_number: get_serial_number(disk),
                mountpoint: Vec::new(),
            };
            devices.push(new_device);
        } else {
            let last_disk = devices.last_mut().unwrap();
            let mount = device[1];
            if mount.len() > 0 {
                last_disk.mountpoint.push(mount.to_string());
            }
        }
    }
    is_usb(&mut devices);
    devices
}
fn get_serial_number(disk: &str) -> String {
    let mut cmd_ls = Command::new("udevadm")
        .args(["info", "--query=all"])
        .arg(format!("--name={}", disk))
        .stdout(Stdio::piped())
        .spawn()
        .unwrap();
    let mut cmd_grep = Command::new("grep")
        .arg("ID_SERIAL_SHORT")
        .stdin(Stdio::piped())
        .stdout(Stdio::piped())
        .spawn()
        .unwrap();
    if let Some(ref mut stdout) = cmd_ls.stdout {
        if let Some(ref mut stdin) = cmd_grep.stdin {
            let mut buf: Vec<u8> = Vec::new();
            stdout.read_to_end(&mut buf).unwrap();
            stdin.write_all(&buf).unwrap();
        }
    }
    let res = cmd_grep.wait_with_output().unwrap().stdout;
    let res = String::from_utf8(res).unwrap();
    let res = res.trim().split("=").collect::<Vec<&str>>();
    //println!("{res:?}");
    res[1].to_string()
}
fn lsblk_output() -> Vec<u8> {
    let a = Command::new("lsblk")
        .arg("-o")
        .arg("name,mountpoInt,model,vendor")
        .args(["-n", "-r", "-i"])
        .stdout(Stdio::piped())
        .output()
        .unwrap();
    a.stdout
}
fn pipe(s: &String) -> bool {
    let mut cmd_ls = Command::new("usb-devices")
        .stdout(Stdio::piped())
        .spawn()
        .unwrap();
    let mut cmd_grep = Command::new("grep")
        .arg(s)
        .stdin(Stdio::piped())
        .stdout(Stdio::piped())
        .spawn()
        .unwrap();
    if let Some(ref mut stdout) = cmd_ls.stdout {
        if let Some(ref mut stdin) = cmd_grep.stdin {
            let mut buf: Vec<u8> = Vec::new();
            stdout.read_to_end(&mut buf).unwrap();
            stdin.write_all(&buf).unwrap();
        }
    }
    let res = cmd_grep.wait_with_output().unwrap().stdout;
    let res = String::from_utf8(res).unwrap();
    res.trim().len() != 0
}
pub fn list_devices(devices: &Vec<MyDevices>) {
    for d in devices.iter().enumerate() {
        d.1.list_device(d.0 + 1);
    }
}
#[derive(Debug, Clone)]
pub struct MyDevices {
    vendor: String,
    model: String,
    name: String,
    serial_number: String,
    mountpoint: Vec<String>,
}
impl MyDevices {
    pub fn is_mounted(&self) -> bool {
        self.mountpoint.len() > 0
    }
    pub fn write_pub_key(&self, key: &RsaPrivateKey) {
        let pub_key = RsaPublicKey::from(key);
        let serial_number = pub_key.encrypt(
            &mut rand::thread_rng(),
            Pkcs1v15Encrypt,
            &self.serial_number.as_bytes(),
        );
        let mut path = PathBuf::new();
        path.push(self.mountpoint[0].clone());
        path.push(".etapkilit.key");
        std::fs::write(path.as_path(), serial_number.unwrap());
        println!("etap kilit oluşturuldu");
    }
    pub fn read_key(&self, priv_key: &rsa::RsaPrivateKey) -> bool {
        //println!("okumaya başlandı");
        let mut trusted_devices = get_trusted_devices();
        let serial_number = &self.serial_number;
        if is_device_trusted(serial_number, trusted_devices) {
            log::info!("1 0");
            return true;
        }
        for m in &self.mountpoint {
            let mut path = PathBuf::new();
            path.push(&m);
            path.push(".etapkilit.key");
            let enc_data = fs::read(path.as_path());
            if let Ok(e_data) = enc_data {
                if let Ok(dec_data) = priv_key.decrypt(Pkcs1v15Encrypt, &e_data) {
                    if dec_data == serial_number.as_bytes() {
                        add_trusted_device(serial_number);
                        log::info!("1 1");
                        return true;
                    }
                }
            } else {
                let mut path = PathBuf::new();
                path.push(&m);
                path.push(".password.key");
                let enc_data = fs::read(path.as_path());
                println!("{enc_data:?}");
                if let Ok(e_data) = enc_data {
                    if let Ok(dec_data) = priv_key.decrypt(Pkcs1v15Encrypt, &e_data) {
                        let passwd = get_passwd_key();
                        if let Ok(passwd) = priv_key.decrypt(Pkcs1v15Encrypt, &passwd) {
                            let dec_data = String::from_utf8(dec_data).unwrap();
                            let passwd = String::from_utf8(passwd).unwrap();
                            if dec_data == passwd || dec_data == passwd.trim() {
                                add_trusted_device(serial_number);
                                fs::remove_file(path.as_path());
                                log::info!("1 2");
                                return true;
                            }
                        }
                    }
                }
            }
        }
        false
    }
    fn list_device(&self, index: usize) {
        println!(
            "{}- {} {} {}",
            index,
            self.vendor.replace("\\x20", ""),
            &self.model,
            &self.serial_number
        );
    }
}

File addition: Cargo.toml (----------)

[2.1]

[package]
name = "etapkilit"
version = "0.1.0"
edition = "2021"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[dependencies]
rsa = {version="*"}
rand = "*"
env_logger = "*"
log = { version = "0.4.8",  features = ["max_level_debug", "release_max_level_info", "std"] }
ureq = "*"
#clap = { version = "*", features = ["derive"] }

First push for kilit

Dependencies

In channels

Change contents

File addition: src (d--x------)

File addition: main.rs (----------)

File addition: keys.rs (----------)

File addition: devices.rs (----------)

File addition: Cargo.toml (----------)