forked from webmin/webmin
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdisable-twofactor
executable file
·121 lines (88 loc) · 2.61 KB
/
disable-twofactor
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
#!/usr/bin/env perl
# disable-twofactor - Disable two-factor authentication for a user.
use strict;
use warnings;
BEGIN { $Pod::Usage::Formatter = 'Pod::Text::Color'; }
use 5.010; # Version in CentOS 6
use Getopt::Long;
use Pod::Usage;
use Term::ANSIColor qw(:constants);
sub main {
my %opt;
GetOptions(
'help|h' => \$opt{'help'},
'config|c=s' => \$opt{'config'},
'user|u=s' => \$opt{'user'}
);
pod2usage(0) if ( $opt{'help'} );
$opt{'config'} ||= "/etc/webmin";
# Boilerplate, boilerplate, boilerplate...
$ENV{'WEBMIN_CONFIG'} = $opt{'config'};
$ENV{'WEBMIN_VAR'} ||= "/var/webmin";
$ENV{'MINISERV_CONFIG'} = $ENV{'WEBMIN_CONFIG'} . "/miniserv.conf";
my $root = root($opt{'config'});
chdir($root);
$0 = "$root/bin/webmin";
push(@INC, $root);
eval 'use WebminCore'; ## no critic
init_config();
foreign_require('acl', 'acl-lib.pl');
our (%config);
# Get the user
my @users = acl::list_users();
my $user;
($user) = grep { $_->{'name'} eq $opt{'user'} } @users;
# Cancel twofactor authentication
$user->{'twofactor_provider'} = undef;
$user->{'twofactor_id'} = undef;
$user->{'twofactor_apikey'} = undef;
acl::modify_user($user->{'name'}, $user);
reload_miniserv();
webmin_log("onefactor", "user", $user->{'name'});
exit 0;
}
exit main( \@ARGV ) if !caller(0);
sub root {
my ($config) = @_;
open(my $CONF, "<", "$config/miniserv.conf") || die RED,
"Failed to open $config/miniserv.conf", RESET;
my $root;
while (<$CONF>) {
if (/^root=(.*)/) {
$root = $1;
}
}
close($CONF);
# Does the Webmin root exist?
if ( $root ) {
die "$root is not a directory. Is --config correct?" unless (-d $root);
} else {
die "Unable to determine Webmin installation directory from $ENV{'WEBMIN_CONFIG'}";
}
return $root;
}
1;
=pod
=head1 NAME
disable-twofactor
=head1 DESCRIPTION
Disable two factor authentication for a given user. Useful in cases where the
second factor (e.g. phone or USB key) has been lost.
=head1 SYNOPSIS
disable-twofactor --user username
=head1 OPTIONS
=over
=item --help, -h
Print this usage summary and exit.
=item --config, -c
Specify the full path to the Webmin configuration directory. Defaults to
C</etc/webmin>
=item --user, -u
Name of the user to disable two-factor authentication for.
=back
=head1 EXIT CODES
0 on successfully replacing configuration options
non-0 on error
=head1 LICENSE AND COPYRIGHT
Copyright 2018 Jamie Cameron <[email protected]>, Joe Cooper